Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my firewall wont turn on and other pc problems


  • This topic is locked This topic is locked
28 replies to this topic

#1 jcarlos100

jcarlos100

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:05:29 PM

Posted 11 June 2012 - 12:24 PM

My family uses a shared computer my dad and sis use it daily while i usually once a week i have a tablet so yea don't use the pc a lot. a few days ago my dad said something about the windows firewall being down i tried turning it back on nope it wouldnt do it i got an error saying "0x80070424" i went online and tried a Microsoft solution it wouldn't work so i decided to do a system restore i highlighted up the oldest date i could get just to be safe it was june 7 2012. something odd happened i got another error saying system restore has failed sorry so i tried again i couldn't go to the 7th anymore so stopped trying to do a system restore. I read online that it might have to do something with the registry and also when i rebooted the pc i got an error saying "alienware door controller has stopped working" i thought to my self my alienware doesn't have a motorized door they said to just run cc cleaner and reboot the error should go away it didn't.
i think this might have to do with some virus that i quarantined and deleted it was called 'n" and even before that there was a virus that made my dad go to some shady anti virus website and put in his personal info to get rid of the virus the thing is we can get control back of the pc unless we rebooted and paid non attention to the fake pop ops i even tried runing a full scan with mcafee nothing it didnt pick it up and i couldnt find a sure way to delete the virus online so decided to do a system restore it worked the system was back to normal at that time system restore did work.

i have already sun some software iv run malware bytes i did find some spyware it was deleted i uninstalled it later on it took too long
i used super anti spyware did a quick scan in 20 min found alot of spyware but just cookies deleted them just to be safe nothing changed all the problem still there
i also did another full scan with McAfee nothing found

more into detail about the errors:
there are actually 2 errors i get from alienware when i boot up my pc
first-
alienware alienfx controller
System.IO.FileNotFoundException: The specified module could not be found. (Exception from HRESULT: 0x8007007E)
at System.Management.ThreadDispatch.Start()
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementEventWatcher.Initialize()
at System.Management.ManagementEventWatcher.Start()
at AlienLabs.AlienFX.DeviceDiscovery.Classes.DeviceWatcherClass.StartHidDeviceInsertedWatcher()
at AlienLabs.AlienFX.DeviceDiscovery.Classes.DeviceWatcherClass.Start()
at AlienLabs.AlienFX.DeviceDiscovery.Classes.AlienFXDeviceDiscoveryService.RegisterForDevicesEvents()
at AlienLabs.AlienFX.DeviceDiscovery.ObjectFactory.NewAlienFXDeviceDiscovery()
at AlienLabs.AlienFX.Tools.Classes.ObjectFactory.get_DiscoveryService()
at AlienLabs.AlienFX.Tools.Classes.ObjectFactory.NewAlienFXDeviceRepository()
at AlienLabs.AlienFX.Tools.Classes.ObjectFactory.get_AlienFXDeviceRepository()
at AlienLabs.AlienFX.Controller.LightsZoneController..ctor()
at AlienLabs.AlienFX.Controller.ControllerMainForm.initializeLightController()
at AlienLabs.AlienFX.Controller.ControllerMainForm..ctor()
at AlienLabs.AlienFX.Controller.Program.Main(String[] args)


second-
thermal controller
System.IO.FileNotFoundException: The specified module could not be found. (Exception from HRESULT: 0x8007007E)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementEventWatcher.Initialize()
at System.Management.ManagementEventWatcher.Start()
at AlienLabs.ThermalControls.DeviceDiscovery.Classes.DeviceWatcherClass.Start()
at AlienLabs.ThermalControls.DeviceDiscovery.ObjectFactory.NewThermalControlsDeviceDiscovery()
at AlienLabs.ThermalControls.Domain.ObjectFactory.get_DiscoveryService()
at AlienLabs.ThermalControls.Controller.Main..ctor()
at AlienLabs.ThermalControls.Controller.App.AppStartup(Object sender, StartupEventArgs args)
at System.Windows.Application.<.ctor>b__1(Object unused)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

i also cant acces the comand center tried to unistall and reinstall didnt work ill give it another try tho and also read it might have to do with some drivers i dont know or the microft NET framework

Windows firewall-
try to turn on nothing happens there used to be an error comes up saying 0x8007024
not anymore strange but its still off the cc cleaner migt have doe this or spyware deleted

restore point-
cant create a restore point an error saying 0x80070241

*did use cc cleaner as said before and i did make aback up but a day later the pc is ok
*the pc runs fine even with all these problems
*o yea did try a win 7 install repair didnt work maybe i did it wrong
*the pc does get a blue screen but it might just be overheating inside will clean out all the dust inside its been a yr n a half since we have started using it so really dusty inside

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 PM

Posted 11 June 2012 - 01:14 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jcarlos100

jcarlos100
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:05:29 PM

Posted 11 June 2012 - 02:42 PM

1. the logs

DDS log-
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by juan c at 15:18:30 on 2012-06-11
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://www.alienware.com/
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
uURLSearchHooks: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - C:\Program Files (x86)\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll
uURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
uURLSearchHooks: H - No File
mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
mURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - C:\Program Files (x86)\midicairUSA\prxtbmidi.dll
mWinlogon: Userinit=userinit.exe,
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - C:\Program Files (x86)\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120609153017.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
BHO: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - C:\Program Files (x86)\midicairUSA\prxtbmidi.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - C:\Program Files (x86)\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll
TB: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - C:\Program Files (x86)\midicairUSA\prxtbmidi.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [Easy-Hide-IP] C:\Program Files (x86)\Easy-Hide-IP\easy-hide-ip.exe
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\ds3\DS3_Tool.exe -mini
uRun: [Akamai NetSession Interface] "C:\Users\juan c\AppData\Local\Akamai\netsession_win.exe"
uRun: [Rim.DesktopHelper.exe] C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Spotify Web Helper] "C:\Users\juan c\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\JUANC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~2.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\JUANC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{BA18B0CE-2F49-4F80-9F0A-85196BF0C235} : DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120609153017.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll
BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO-X64: Google Gears Helper - No File
BHO-X64: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
BHO-X64: D-Link Toolbar Loader - No File
BHO-X64: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - C:\Program Files (x86)\midicairUSA\prxtbmidi.dll
BHO-X64: midicairUSA - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll
TB-X64: The Weather Channel Toolbar: {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll
TB-X64: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - C:\Program Files (x86)\midicairUSA\prxtbmidi.dll
TB-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB-X64: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\juan c\AppData\Roaming\Mozilla\Firefox\Profiles\8o0aunq9.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\juan c\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-06-11 19:06:09 -------- d-----w- C:\Users\juan c\AppData\Local\{E51D8A02-F9BB-4B82-B896-EB91637925D0}
2012-06-11 19:05:17 -------- d-----w- C:\Users\juan c\AppData\Local\{A565177D-ABC9-495F-A930-CD4D9C1F25A0}
2012-06-11 12:22:19 -------- d-----w- C:\Users\juan c\AppData\Local\{6736B1B7-2F1C-49D7-8390-FACC5DEB58E2}
2012-06-11 12:18:27 -------- d-----w- C:\Users\juan c\AppData\Local\{2065E9E4-9B5C-461F-9D86-66D7B7BB3AE9}
2012-06-11 12:18:05 -------- d-----w- C:\Users\juan c\AppData\Local\{8EF371DA-9A7A-4927-939E-9BC66F1201E1}
2012-06-11 03:02:32 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
2012-06-11 03:02:24 -------- d-----w- C:\ProgramData\iolo
2012-06-11 00:47:47 -------- d-----w- C:\$WINDOWS.~LS
2012-06-10 19:30:00 -------- d-----w- C:\Program Files\CCleaner
2012-06-10 18:39:31 -------- d-----w- C:\Users\juan c\AppData\Local\{89EF0060-C21E-4400-B7D2-CB367EF709F9}
2012-06-10 18:39:17 -------- d-----w- C:\Users\juan c\AppData\Local\{1FFD49F4-010A-4BCB-87BF-9F0D0006CB42}
2012-06-10 01:51:30 -------- d-----w- C:\Users\juan c\AppData\Roaming\SUPERAntiSpyware.com
2012-06-10 01:51:18 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-10 01:51:18 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-09 20:28:56 -------- d-----w- C:\Users\juan c\AppData\Local\{F4077507-E451-4F5E-97BE-D49CA86C4214}
2012-06-09 20:28:37 -------- d-----w- C:\Users\juan c\AppData\Local\{6CBC7563-5503-419F-83A1-BDE1B72DD141}
2012-06-09 19:37:34 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2012-06-09 19:37:32 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2012-06-09 19:37:31 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2012-06-09 19:37:26 71800 ----a-w- C:\Windows\System32\drivers\McPvDrv.sys
2012-06-09 19:30:39 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-06-09 19:30:17 29272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-06-09 19:30:16 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-06-09 19:30:15 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-06-09 19:30:07 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-06-09 19:30:07 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-06-09 19:30:07 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-06-09 19:30:07 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-06-09 19:30:07 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-06-09 19:30:07 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-06-09 19:30:03 -------- d-----w- C:\Program Files\McAfee.com
2012-06-09 19:27:55 162192 ----a-w- C:\Windows\System32\mfevtps.exe
2012-06-09 13:03:01 -------- d-----w- C:\Windows\en
2012-06-09 12:57:09 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\611fb0f71cd463f01\DSETUP.dll
2012-06-09 12:57:09 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\611fb0f71cd463f01\DXSETUP.exe
2012-06-09 12:57:09 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\611fb0f71cd463f01\dsetup32.dll
2012-06-08 00:11:55 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-01 13:25:29 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52F8E371-53ED-4BE7-8957-99B14D52BAF8}\mpengine.dll
2012-05-29 14:58:43 -------- d-----w- C:\Users\juan c\AppData\Local\{21FC2D0F-DA79-46B9-B827-0AC10FDB76C3}
2012-05-29 14:58:27 -------- d-----w- C:\Users\juan c\AppData\Local\{4BAB5D32-63A9-47A9-899E-0CFA4F6B19A1}
2012-05-29 14:07:18 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-29 14:07:18 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-29 14:02:55 -------- d-----w- C:\Users\juan c\AppData\Local\{3AAC02A6-F60C-4F1B-A5BA-C15E48DABC82}
2012-05-29 14:02:40 -------- d-----w- C:\Users\juan c\AppData\Local\{035B88BC-B6C3-4CF0-8C37-3ABD4C6594A7}
2012-05-29 11:59:49 -------- d-----w- C:\Users\juan c\AppData\Local\{AF30453C-A4B5-4C71-BDC3-60A4C29D6A2D}
2012-05-29 11:59:33 -------- d-----w- C:\Users\juan c\AppData\Local\{DB37F043-F731-4607-8398-8EA203C36D5A}
2012-05-24 15:55:48 -------- d-----w- C:\Users\juan c\AppData\Local\{5120E7E9-57E8-420A-8FD4-37E5908E6F5C}
2012-05-24 15:55:36 -------- d-----w- C:\Users\juan c\AppData\Local\{3E9975C8-5FCB-49AC-B4B6-0D820B19B164}
2012-05-19 18:29:01 -------- d-----w- C:\Users\juan c\AppData\Local\{EBC4DD20-798E-4EF8-A9AE-0044E4FC568E}
2012-05-19 18:28:46 -------- d-----w- C:\Users\juan c\AppData\Local\{A361B324-1F19-42BB-B2F0-118987276BE5}
2012-05-18 18:35:52 -------- d-----w- C:\Users\juan c\AppData\Local\{90DAC818-4674-4033-8B78-6317158B7B4D}
2012-05-18 18:35:37 -------- d-----w- C:\Users\juan c\AppData\Local\{D0875A0F-0CCA-453B-9DEB-17CDA6A5B55E}
2012-05-17 12:51:30 -------- d-----w- C:\Users\juan c\AppData\Local\{3C0C62B1-7B47-4901-B238-3755DBB57A74}
2012-05-17 12:50:56 -------- d-----w- C:\Users\juan c\AppData\Local\{A4EBEEEC-554F-455A-A37F-B98FFB0D3BE0}
2012-05-16 17:51:58 -------- d-----w- C:\Users\juan c\AppData\Local\{FC43F1A9-BFA7-4422-8311-62743D56CD09}
2012-05-16 17:51:31 -------- d-----w- C:\Users\juan c\AppData\Local\{E610BC9F-6051-4F00-9BF2-2D2F2DD9CE05}
2012-05-16 01:49:55 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-05-15 18:28:32 -------- d-----w- C:\Users\juan c\AppData\Local\{647AD36F-9579-4FF2-B82F-02CADA92A54A}
2012-05-15 18:28:21 -------- d-----w- C:\Users\juan c\AppData\Local\{AB22D31D-B92D-4512-B4F7-571043D98249}
2012-05-14 16:37:58 -------- d-----w- C:\Users\juan c\AppData\Local\{AA3CE180-BDB3-42B1-BEB4-248BBF1FC1CE}
2012-05-14 16:37:43 -------- d-----w- C:\Users\juan c\AppData\Local\{78C62209-56CD-4C75-B427-4F6ED17DFAD2}
2012-05-13 23:15:41 -------- d-----w- C:\Users\juan c\AppData\Local\{6FF0B2AB-BCF9-4236-A51D-1CE0699ED7D6}
2012-05-13 23:15:18 -------- d-----w- C:\Users\juan c\AppData\Local\{A4CE5E4E-705F-4ABF-988D-3D97D753A972}
.
==================== Find3M ====================
.
2012-05-04 19:39:13 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 19:39:13 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 19:39:07 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 02:54:46 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-05-03 02:54:46 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 15:20:18.82 ===============





Attach log-
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Leawo MP4 Converter version 5.0.0.0
µTorrent
7-Zip 4.65
Adobe AIR
Adobe Download Manager
Adobe Reader X (10.1.3)
Advertising Center
AIM 7
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Akamai NetSession Interface
Akamai NetSession Interface Service
Alien Swarm
Alliance of Valiant Arms
Apple Application Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
ATI Catalyst Control Center
Audacity 1.2.6
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Banctec Service Agreement
Battlefield Play4Free
Big Fish Games: Game Manager
Bing Bar
Bing Rewards Client Installer
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
BlackBerry Device Software v6.0.0 for the BlackBerry 9780 smartphone
BufferChm
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CL-Eye Driver
Command Center
Conduit Engine
Copy
CopyTrans Suite Remove Only
D-Link Toolbar
D3DX10
DAEMON Tools Lite
Dead Island
Dealio Toolbar v4.6
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Driver Download Manager
Destinations
DeviceDiscovery
Diner Dash
Diner Dash 5: Boom
Diner Dash Flo on the Go
DivX Setup
DocProc
Download Manager 2.3.10
Download Updater (AOL LLC)
Dropbox
DVD Audio Extractor 6.0.2
EASEUS Partition Master 8.0.1 Home Edition
Fallen Earth
Fantasy CardMaker
Fax
Feedback Tool
Folder Size 2.0.0.0
Free Audio CD Burner version 1.4.7
Free DVD Video Burner version 3.0.1.305
Free DVD Video Converter version 1.5.12.305
Free Video to iPod Converter version 4.2.16.305
Free YouTube to iPod Converter version 3.9.28
Free YouTube to MP3 Converter version 3.9.35.324
GameSpy Arcade
Global Agenda
Google Chrome
Google Earth
Google Gears
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HTC BMP USB Driver
HTC Driver Installer
iCopyExpert 3.1.2
ImagXpress
ImgBurn
Intel Extreme Tuning Utility
Intel® Control Center
Intel® Rapid Storage Technology
Internet TV for Windows Media Center
Iron Grip: Marauders
Java Auto Updater
Java™ 6 Update 22
Junk Mail filter update
K-Lite Codec Pack 7.9.0 (Basic)
LogMeIn Hamachi
MarketResearch
Mavis Beacon Teaches Typing Platinum 20
McAfee Online Backup
McAfee Total Protection
Men of War: Assault Squad - Demo
Messenger Companion
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Web Publishing Wizard 1.52
Microsoft XML Parser
midicairUSA Toolbar
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
myBabylon English Toolbar
Nation Red
Nemesis of the Roman Empire (remove only)
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero Rescue Agent
Nero RescueAgent Help
Nero StartSmart
Nero StartSmart Help
NeroExpress
neroxml
Netflix in Windows Media Center
NVIDIA PhysX
ooVoo
OpenOffice.org 3.3
PC Gamer
PdaNet for Android 2.42
Portforward Static IP Address 1.0.45
PowerDVD DX
QuickTime
Rainmeter
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sid Meier's Civilization IV
Sid Meier's Civilization V
Skins
SmartWebPrinting
SolutionCenter
SpeedFan (remove only)
Spotify
Status
Steam
System Requirements Lab for Intel
Team Fortress 2
TeamViewer 6
The Weather Channel App
The Weather Channel Toolbar
THX TruStudio PC
TightVNC 1.3.10
Tom Clancy's Splinter Cell Conviction
Toolbox
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
TrayApp
Trillian
Ubisoft Game Launcher
Uninstall 1.0.0.1
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.6195
Veoh Giraffic Video Accelerator
Veoh Web Player
Videora iPod Converter 6
VirtualBreadboard
VMware Workstation
War Inc. Battlezone
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Silverlight
Xfire (remove only)
Xvid Video Codec
Yahoo! Detect
.
==== End Of File ===========================


2. I wasnt able to run Security check
i pressed any button then it stopped at preparing
a pop up window appeared called autoIt error it said
line -1:

error: variable must be of type
"Object"

also no notepad document opened up automatically

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 PM

Posted 11 June 2012 - 02:58 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jcarlos100

jcarlos100
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:05:29 PM

Posted 11 June 2012 - 05:13 PM

Combofix log

ComboFix 12-06-11.04 - juan c 06/11/2012 17:22:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4083 [GMT -4:00]
Running from: c:\users\juan c\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Dealio Toolbar
c:\program files (x86)\Dealio Toolbar\IE\4.6\config.ini
c:\program files (x86)\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll
c:\program files (x86)\Dealio Toolbar\Res\amazon.gif
c:\program files (x86)\Dealio Toolbar\Res\apple.gif
c:\program files (x86)\Dealio Toolbar\Res\barnes.gif
c:\program files (x86)\Dealio Toolbar\Res\bestbuy.gif
c:\program files (x86)\Dealio Toolbar\Res\dealio_logo.gif
c:\program files (x86)\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files (x86)\Dealio Toolbar\Res\ebay.gif
c:\program files (x86)\Dealio Toolbar\Res\icon_settings.gif
c:\program files (x86)\Dealio Toolbar\Res\macys.gif
c:\program files (x86)\Dealio Toolbar\Res\newegg.gif
c:\program files (x86)\Dealio Toolbar\Res\overstock.gif
c:\program files (x86)\Dealio Toolbar\Res\search-button-hover.gif
c:\program files (x86)\Dealio Toolbar\Res\search-button.gif
c:\program files (x86)\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files (x86)\Dealio Toolbar\Res\search-chevron.gif
c:\program files (x86)\Dealio Toolbar\Res\search_amazon.gif
c:\program files (x86)\Dealio Toolbar\Res\search_dealio.gif
c:\program files (x86)\Dealio Toolbar\Res\search_ebay.gif
c:\program files (x86)\Dealio Toolbar\Res\search_yahoo.gif
c:\program files (x86)\Dealio Toolbar\Res\target.gif
c:\program files (x86)\Dealio Toolbar\Res\walmart.gif
c:\program files (x86)\Dealio Toolbar\Res\widgets.xml
c:\program files (x86)\Dealio Toolbar\WidgiHelper.exe
c:\users\juan c\AppData\Local\Microsoft\Windows\Temporary Internet Files\getSilverlight.ashx
c:\users\juan c\AppData\Roaming\mm
c:\users\juan c\AppData\Roaming\PriceGong
c:\users\juan c\AppData\Roaming\PriceGong\Data\1.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\a.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\b.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\c.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\d.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\e.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\f.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\g.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\h.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\i.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\J.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\k.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\l.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\m.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\n.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\o.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\p.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\q.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\r.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\s.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\t.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\u.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\v.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\w.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\x.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\y.xml
c:\users\juan c\AppData\Roaming\PriceGong\Data\z.xml
c:\users\Martinez\AppData\Roaming\dvdae
c:\users\Martinez\AppData\Roaming\dvdae\dvdae.config
c:\users\Martinez\AppData\Roaming\dvdae\dvdae.lic
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{d9018fd6-092d-8773-68df-bb93f5a17b61}
c:\windows\Installer\{d9018fd6-092d-8773-68df-bb93f5a17b61}\n
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\devil.dll
.
---- Previous Run -------
.
c:\windows\Installer\{d9018fd6-092d-8773-68df-bb93f5a17b61}\@
c:\windows\Installer\{d9018fd6-092d-8773-68df-bb93f5a17b61}\L\00000004.@
c:\windows\Installer\{d9018fd6-092d-8773-68df-bb93f5a17b61}\L\1afb2d56
c:\windows\Installer\{d9018fd6-092d-8773-68df-bb93f5a17b61}\U\00000004.@
c:\windows\Installer\{d9018fd6-092d-8773-68df-bb93f5a17b61}\U\000000cb.@
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-11 21:41 . 2012-06-11 21:41 -------- d-----w- c:\users\Martinez\AppData\Local\temp
2012-06-11 21:41 . 2012-06-11 21:41 -------- d-----w- c:\users\gaby\AppData\Local\temp
2012-06-11 21:41 . 2012-06-11 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-11 21:41 . 2012-06-11 21:41 -------- d-----w- c:\users\carmen\AppData\Local\temp
2012-06-11 14:46 . 2012-06-11 14:46 -------- d-----w- c:\users\juan c\AppData\Roaming\ImgBurn
2012-06-11 03:02 . 2012-06-11 03:02 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2012-06-11 03:02 . 2012-06-11 03:19 -------- d-----w- c:\programdata\iolo
2012-06-11 00:47 . 2012-06-11 00:47 -------- d-----w- C:\$WINDOWS.~LS
2012-06-10 21:20 . 2012-06-10 21:28 -------- d-----w- c:\users\Martinez\AppData\Roaming\ImgBurn
2012-06-10 21:18 . 2012-06-10 21:18 -------- d-----w- c:\program files (x86)\ImgBurn
2012-06-10 19:30 . 2012-06-10 19:30 -------- d-----w- c:\program files\CCleaner
2012-06-10 17:36 . 2012-06-10 17:36 -------- d-----w- c:\users\Martinez\AppData\Roaming\SUPERAntiSpyware.com
2012-06-10 01:51 . 2012-06-10 01:51 -------- d-----w- c:\users\juan c\AppData\Roaming\SUPERAntiSpyware.com
2012-06-10 01:51 . 2012-06-10 17:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-10 01:51 . 2012-06-10 01:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-09 19:37 . 2012-06-09 19:37 -------- d-----w- c:\program files (x86)\McAfeeMOBK
2012-06-09 19:37 . 2010-04-14 00:10 66040 ----a-w- c:\windows\system32\drivers\MOBK.sys
2012-06-09 19:37 . 2012-06-09 19:37 -------- d-----w- c:\program files (x86)\McAfee Online Backup
2012-06-09 19:37 . 2011-04-11 18:29 71800 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2012-06-09 19:30 . 2012-06-09 19:30 -------- d-----w- c:\program files (x86)\McAfee.com
2012-06-09 19:30 . 2012-03-20 17:06 29272 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
2012-06-09 19:30 . 2012-02-22 17:29 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-06-09 19:30 . 2012-06-09 19:30 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-06-09 19:30 . 2012-02-22 17:29 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-06-09 19:30 . 2012-02-22 17:29 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-06-09 19:30 . 2012-02-22 17:29 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-06-09 19:30 . 2012-02-22 17:29 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-06-09 19:30 . 2012-02-22 17:29 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-06-09 19:30 . 2012-02-22 17:29 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-06-09 19:30 . 2012-06-09 19:30 -------- d-----w- c:\program files\McAfee.com
2012-06-09 19:27 . 2012-03-20 17:11 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-06-09 13:03 . 2012-06-09 13:03 -------- d-----w- c:\windows\en
2012-06-09 13:00 . 2012-06-09 13:00 -------- d-----w- c:\program files\Windows Live
2012-06-09 12:57 . 2012-06-09 12:57 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\611fb0f71cd463f01\DSETUP.dll
2012-06-09 12:57 . 2012-06-09 12:57 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\611fb0f71cd463f01\DXSETUP.exe
2012-06-09 12:57 . 2012-06-09 12:57 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\611fb0f71cd463f01\dsetup32.dll
2012-06-08 20:43 . 2012-06-10 21:07 -------- d-----w- c:\users\Martinez\AppData\Roaming\DAEMON Tools Lite
2012-06-08 00:12 . 2012-06-08 00:12 -------- d-----w- c:\users\Martinez\AppData\Roaming\Malwarebytes
2012-06-08 00:11 . 2012-06-08 00:11 -------- d-----w- c:\programdata\Malwarebytes
2012-05-29 14:07 . 2012-05-29 14:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-29 14:07 . 2012-05-29 14:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-17 04:52 . 2012-05-17 04:52 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-17 04:52 . 2012-05-17 04:52 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-16 01:49 . 2011-02-27 20:21 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-05-15 01:26 . 2012-05-15 01:26 -------- d-----w- c:\users\Martinez\AppData\Local\{00E9082E-9E2D-11E1-826F-B8AC6F996F26}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 21:17 . 2012-06-11 21:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52F8E371-53ED-4BE7-8957-99B14D52BAF8}\offreg.dll
2012-06-10 23:35 . 2010-12-28 06:18 165232 ---ha-w- c:\users\Martinez\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2012-05-08 17:02 . 2012-06-01 13:25 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52F8E371-53ED-4BE7-8957-99B14D52BAF8}\mpengine.dll
2012-05-04 19:39 . 2012-04-21 20:18 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 19:39 . 2011-05-23 10:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 19:39 . 2012-04-21 20:39 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:54 . 2012-05-03 02:54 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-03-31 06:05 . 2012-05-09 11:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-09 11:48 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 11:48 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-09 11:48 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-09 11:48 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-09 11:48 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files (x86)\myBabylon_English\tbmyB1.dll" [2010-10-05 2735200]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-10-05 04:01 2735200 ----a-w- c:\program files (x86)\myBabylon_English\tbmyB1.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-12-14 20:51 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f3902028-4a21-4793-8e05-793e183d51c2}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\midicairUSA\prxtbmidi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files (x86)\myBabylon_English\tbmyB1.dll" [2010-10-05 2735200]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{f3902028-4a21-4793-8e05-793e183d51c2}"= "c:\program files (x86)\midicairUSA\prxtbmidi.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\juan c\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\juan c\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\juan c\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-06-30 2648184]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\ds3\DS3_Tool.exe" [2011-07-25 110352]
"Akamai NetSession Interface"="c:\users\juan c\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]
"Rim.DesktopHelper.exe"="c:\program files (x86)\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe" [2011-06-07 744280]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-05-19 10555904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-10 4786048]
"Spotify Web Helper"="c:\users\juan c\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-06 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2011-03-01 144616]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-13 296056]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-12-14 1398440]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\users\juan c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2012-5-2 3553176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 AFS;AFS; [x]
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-05-02 15296]
R2 CLKMSVC10_1628BCEA;CyberLink Product - 2011/04/25 21:50;c:\program files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-03-01 240360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-12 136176]
R2 RDMPLocalService;RDM+ Local Service;c:\program files (x86)\RDM+\rdmpserv.exe [x]
R2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2009-07-27 30944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-12 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-07 129976]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 SaiHF51A;SaiHF51A;c:\windows\system32\DRIVERS\SaiHF51A.sys [x]
R3 SaiUF51A;SaiUF51A;c:\windows\system32\DRIVERS\SaiUF51A.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/04/25 21:50];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 21:35 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-10-27 117608]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS [2009-07-09 27096]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_1628BCEA
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 19:39]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-12 01:44]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-12 01:44]
.
2012-06-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1bcf7b0b-f4d0-48cd-b85f-49561da13da6.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-06-11 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task bcf0f4bc-cf7d-4210-9ca8-0c82a64e8e13.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\juan c\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\juan c\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\juan c\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2011-05-02 69584]
"Thermal Controller"="c:\program files\Alienware\Command Center\ThermalController.exe" [2011-05-02 171960]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-06-04 347648]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-06-04 194560]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
"McAfeeWrapperApplication"="c:\program files (x86)\McAfeeMOBK\WrapperTrayIcon.exe" [2010-11-01 453344]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-05-02 13256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\juan c\AppData\Roaming\Mozilla\Firefox\Profiles\8o0aunq9.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
Wow6432Node-HKCU-Run-Easy-Hide-IP - c:\program files (x86)\Easy-Hide-IP\easy-hide-ip.exe
Wow6432Node-HKCU-Run-JumiController - c:\program files (x86)\Jumi\jumi.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-(Default) - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2012-06-11 17:56:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-11 21:56
.
Pre-Run: 161,959,014,400 bytes free
Post-Run: 167,154,446,336 bytes free
.
- - End Of File - - 9FFFB6531A01BBBAE90AFD53680F5C91





problems i had kinda weird well here goes
a blue box came up saying it was trying to create a new system restore point then it said it couldnt sorry it had to restart the pc also
i got an announcement from McAfee about a Trojan i quarantined and deleted it i had to restart the pc i did and i ran combo fix this time it ran smoothly



how is the computer doing now?
well good news my firewall is working with mcafee and is up and running
my alienware lights work and command center work now
The only thing i haven't tested yet is to try to create a new restore point should i try that now?
also the pop up box that says "Door controller has stopped working" is still there

Edited by jcarlos100, 11 June 2012 - 05:14 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 PM

Posted 11 June 2012 - 05:44 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jcarlos100

jcarlos100
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:05:29 PM

Posted 11 June 2012 - 06:06 PM

ok no problems running the programs

tdsskiller log
18:56:26.0052 5264 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
18:56:28.0054 5264 ============================================================
18:56:28.0054 5264 Current date / time: 2012/06/11 18:56:28.0054
18:56:28.0054 5264 SystemInfo:
18:56:28.0054 5264
18:56:28.0054 5264 OS Version: 6.1.7601 ServicePack: 1.0
18:56:28.0054 5264 Product type: Workstation
18:56:28.0054 5264 ComputerName: MARTINEZ-PC
18:56:28.0054 5264 UserName: juan c
18:56:28.0054 5264 Windows directory: C:\Windows
18:56:28.0054 5264 System windows directory: C:\Windows
18:56:28.0054 5264 Running under WOW64
18:56:28.0054 5264 Processor architecture: Intel x64
18:56:28.0055 5264 Number of processors: 4
18:56:28.0055 5264 Page size: 0x1000
18:56:28.0055 5264 Boot type: Normal boot
18:56:28.0055 5264 ============================================================
18:56:28.0553 5264 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:56:28.0566 5264 ============================================================
18:56:28.0566 5264 \Device\Harddisk0\DR0:
18:56:28.0566 5264 MBR partitions:
18:56:28.0566 5264 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x100D000
18:56:28.0566 5264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1021000, BlocksNum 0x39364000
18:56:28.0566 5264 ============================================================
18:56:28.0590 5264 C: <-> \Device\Harddisk0\DR0\Partition1
18:56:28.0590 5264 ============================================================
18:56:28.0590 5264 Initialize success
18:56:28.0590 5264 ============================================================
18:57:24.0160 7768 ============================================================
18:57:24.0160 7768 Scan started
18:57:24.0160 7768 Mode: Manual;
18:57:24.0160 7768 ============================================================
18:57:24.0400 7768 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:57:24.0401 7768 !SASCORE - ok
18:57:24.0568 7768 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:57:24.0570 7768 1394ohci - ok
18:57:24.0625 7768 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:57:24.0628 7768 ACPI - ok
18:57:24.0676 7768 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:57:24.0676 7768 AcpiPmi - ok
18:57:24.0818 7768 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:57:24.0819 7768 AdobeARMservice - ok
18:57:24.0957 7768 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:57:24.0958 7768 AdobeFlashPlayerUpdateSvc - ok
18:57:25.0009 7768 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:57:25.0016 7768 adp94xx - ok
18:57:25.0054 7768 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:57:25.0057 7768 adpahci - ok
18:57:25.0078 7768 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:57:25.0080 7768 adpu320 - ok
18:57:25.0092 7768 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:57:25.0093 7768 AeLookupSvc - ok
18:57:25.0160 7768 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:57:25.0164 7768 AFD - ok
18:57:25.0171 7768 AFS - ok
18:57:25.0222 7768 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:57:25.0223 7768 agp440 - ok
18:57:25.0456 7768 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
18:57:25.0456 7768 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
18:57:25.0458 7768 Akamai ( HiddenFile.Multi.Generic ) - warning
18:57:25.0458 7768 Akamai - detected HiddenFile.Multi.Generic (1)
18:57:25.0535 7768 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:57:25.0536 7768 ALG - ok
18:57:25.0605 7768 AlienFusionService (976d409a347340c907cd854fb9a9b252) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
18:57:25.0605 7768 AlienFusionService - ok
18:57:25.0712 7768 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:57:25.0729 7768 aliide - ok
18:57:25.0782 7768 AMD External Events Utility (0bde3222789749571c3d706f0181203d) C:\Windows\system32\atiesrxx.exe
18:57:25.0783 7768 AMD External Events Utility - ok
18:57:25.0796 7768 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:57:25.0796 7768 amdide - ok
18:57:25.0838 7768 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:57:25.0839 7768 AmdK8 - ok
18:57:26.0122 7768 amdkmdag (75bbd04f450ce109031a215fd4ec667a) C:\Windows\system32\DRIVERS\atikmdag.sys
18:57:26.0235 7768 amdkmdag - ok
18:57:26.0344 7768 amdkmdap (adb8ee976ce4a47c54d39f2581593c03) C:\Windows\system32\DRIVERS\atikmpag.sys
18:57:26.0345 7768 amdkmdap - ok
18:57:26.0360 7768 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:57:26.0361 7768 AmdPPM - ok
18:57:26.0408 7768 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:57:26.0409 7768 amdsata - ok
18:57:26.0441 7768 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:57:26.0443 7768 amdsbs - ok
18:57:26.0452 7768 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:57:26.0453 7768 amdxata - ok
18:57:26.0506 7768 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:57:26.0507 7768 AppID - ok
18:57:26.0522 7768 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:57:26.0523 7768 AppIDSvc - ok
18:57:26.0569 7768 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:57:26.0570 7768 Appinfo - ok
18:57:26.0693 7768 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:57:26.0694 7768 Apple Mobile Device - ok
18:57:26.0735 7768 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:57:26.0736 7768 arc - ok
18:57:26.0747 7768 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:57:26.0749 7768 arcsas - ok
18:57:26.0894 7768 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:57:26.0895 7768 aspnet_state - ok
18:57:26.0903 7768 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:57:26.0904 7768 AsyncMac - ok
18:57:26.0943 7768 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:57:26.0944 7768 atapi - ok
18:57:27.0002 7768 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
18:57:27.0003 7768 AtiHDAudioService - ok
18:57:27.0018 7768 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
18:57:27.0019 7768 AtiHdmiService - ok
18:57:27.0087 7768 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:57:27.0089 7768 AudioEndpointBuilder - ok
18:57:27.0093 7768 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:57:27.0096 7768 AudioSrv - ok
18:57:27.0186 7768 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:57:27.0187 7768 AxInstSV - ok
18:57:27.0221 7768 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:57:27.0244 7768 b06bdrv - ok
18:57:27.0278 7768 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:57:27.0283 7768 b57nd60a - ok
18:57:27.0413 7768 BBSvc (dbf43db0c648db9101d61041e00df5c4) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:57:27.0415 7768 BBSvc - ok
18:57:27.0439 7768 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:57:27.0440 7768 BDESVC - ok
18:57:27.0458 7768 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:57:27.0459 7768 Beep - ok
18:57:27.0527 7768 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:57:27.0531 7768 BFE - ok
18:57:27.0628 7768 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:57:27.0632 7768 BITS - ok
18:57:27.0719 7768 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:57:27.0720 7768 blbdrive - ok
18:57:27.0824 7768 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:57:27.0826 7768 Bonjour Service - ok
18:57:27.0896 7768 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:57:27.0897 7768 bowser - ok
18:57:27.0940 7768 BPowMon (cd6d4b6583f56f03f9c6971cff159314) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
18:57:27.0941 7768 BPowMon - ok
18:57:27.0959 7768 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:57:27.0960 7768 BrFiltLo - ok
18:57:27.0974 7768 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:57:27.0975 7768 BrFiltUp - ok
18:57:28.0006 7768 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:57:28.0007 7768 BridgeMP - ok
18:57:28.0063 7768 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:57:28.0065 7768 Browser - ok
18:57:28.0092 7768 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:57:28.0094 7768 Brserid - ok
18:57:28.0110 7768 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:57:28.0111 7768 BrSerWdm - ok
18:57:28.0119 7768 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:57:28.0120 7768 BrUsbMdm - ok
18:57:28.0128 7768 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:57:28.0129 7768 BrUsbSer - ok
18:57:28.0182 7768 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:57:28.0183 7768 BthEnum - ok
18:57:28.0197 7768 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:57:28.0198 7768 BTHMODEM - ok
18:57:28.0219 7768 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:57:28.0221 7768 BthPan - ok
18:57:28.0280 7768 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
18:57:28.0303 7768 BTHPORT - ok
18:57:28.0335 7768 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:57:28.0336 7768 bthserv - ok
18:57:28.0352 7768 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
18:57:28.0353 7768 BTHUSB - ok
18:57:28.0389 7768 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
18:57:28.0390 7768 btwaudio - ok
18:57:28.0410 7768 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
18:57:28.0411 7768 btwavdt - ok
18:57:28.0524 7768 btwdins (d65aa164acd0f6706dbcfbbcc9731584) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:57:28.0528 7768 btwdins - ok
18:57:28.0564 7768 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
18:57:28.0566 7768 btwl2cap - ok
18:57:28.0607 7768 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
18:57:28.0608 7768 btwrchid - ok
18:57:28.0617 7768 catchme - ok
18:57:28.0653 7768 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:57:28.0654 7768 cdfs - ok
18:57:28.0714 7768 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:57:28.0716 7768 cdrom - ok
18:57:28.0748 7768 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:57:28.0749 7768 CertPropSvc - ok
18:57:28.0809 7768 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
18:57:28.0809 7768 cfwids - ok
18:57:28.0822 7768 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:57:28.0823 7768 circlass - ok
18:57:28.0859 7768 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:57:28.0862 7768 CLFS - ok
18:57:28.0970 7768 CLKMSVC10_1628BCEA (de48552360fa8bdf569d83f07cb1b566) C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe
18:57:30.0333 7768 CLKMSVC10_1628BCEA - ok
18:57:30.0373 7768 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:57:30.0376 7768 clr_optimization_v2.0.50727_32 - ok
18:57:30.0406 7768 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:57:30.0409 7768 clr_optimization_v2.0.50727_64 - ok
18:57:30.0516 7768 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:57:30.0517 7768 clr_optimization_v4.0.30319_32 - ok
18:57:30.0586 7768 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:57:30.0588 7768 clr_optimization_v4.0.30319_64 - ok
18:57:30.0684 7768 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:57:30.0685 7768 CmBatt - ok
18:57:30.0726 7768 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:57:30.0727 7768 cmdide - ok
18:57:30.0792 7768 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:57:30.0796 7768 CNG - ok
18:57:30.0809 7768 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:57:30.0810 7768 Compbatt - ok
18:57:30.0868 7768 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:57:30.0869 7768 CompositeBus - ok
18:57:30.0879 7768 COMSysApp - ok
18:57:30.0892 7768 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:57:30.0893 7768 crcdisk - ok
18:57:30.0948 7768 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:57:30.0950 7768 CryptSvc - ok
18:57:30.0991 7768 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:57:30.0994 7768 DcomLaunch - ok
18:57:31.0055 7768 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:57:31.0058 7768 defragsvc - ok
18:57:31.0111 7768 dfmirage (178a6e9a0dce42959fc5ad129f60cba9) C:\Windows\system32\DRIVERS\dfmirage.sys
18:57:31.0112 7768 dfmirage - ok
18:57:31.0166 7768 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:57:31.0167 7768 DfsC - ok
18:57:31.0222 7768 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:57:31.0224 7768 Dhcp - ok
18:57:31.0234 7768 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:57:31.0235 7768 discache - ok
18:57:31.0242 7768 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:57:31.0243 7768 Disk - ok
18:57:31.0292 7768 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:57:31.0293 7768 Dnscache - ok
18:57:31.0343 7768 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:57:31.0345 7768 dot3svc - ok
18:57:31.0393 7768 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
18:57:31.0395 7768 Dot4 - ok
18:57:31.0438 7768 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
18:57:31.0438 7768 Dot4Print - ok
18:57:31.0491 7768 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
18:57:31.0492 7768 dot4usb - ok
18:57:31.0539 7768 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:57:31.0540 7768 DPS - ok
18:57:31.0560 7768 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:57:31.0561 7768 drmkaud - ok
18:57:31.0594 7768 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:57:31.0596 7768 dtsoftbus01 - ok
18:57:31.0670 7768 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:57:31.0674 7768 DXGKrnl - ok
18:57:31.0720 7768 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:57:31.0721 7768 EapHost - ok
18:57:31.0827 7768 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:57:31.0869 7768 ebdrv - ok
18:57:31.0981 7768 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:57:31.0982 7768 EFS - ok
18:57:32.0073 7768 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:57:32.0085 7768 ehRecvr - ok
18:57:32.0114 7768 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:57:32.0115 7768 ehSched - ok
18:57:32.0184 7768 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:57:32.0189 7768 elxstor - ok
18:57:32.0232 7768 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
18:57:32.0233 7768 epmntdrv - ok
18:57:32.0267 7768 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:57:32.0268 7768 ErrDev - ok
18:57:32.0283 7768 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
18:57:32.0284 7768 EuGdiDrv - ok
18:57:32.0318 7768 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:57:32.0320 7768 EventSystem - ok
18:57:32.0347 7768 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:57:32.0349 7768 exfat - ok
18:57:32.0374 7768 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:57:32.0392 7768 fastfat - ok
18:57:32.0465 7768 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:57:32.0475 7768 Fax - ok
18:57:32.0492 7768 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:57:32.0492 7768 fdc - ok
18:57:32.0498 7768 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:57:32.0499 7768 fdPHost - ok
18:57:32.0506 7768 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:57:32.0507 7768 FDResPub - ok
18:57:32.0518 7768 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:57:32.0519 7768 FileInfo - ok
18:57:32.0528 7768 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:57:32.0528 7768 Filetrace - ok
18:57:32.0609 7768 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:57:32.0666 7768 FLEXnet Licensing Service - ok
18:57:32.0678 7768 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:57:32.0679 7768 flpydisk - ok
18:57:32.0735 7768 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:57:32.0738 7768 FltMgr - ok
18:57:32.0811 7768 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:57:32.0815 7768 FontCache - ok
18:57:32.0888 7768 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:57:32.0924 7768 FontCache3.0.0.0 - ok
18:57:32.0974 7768 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:57:32.0975 7768 FsDepends - ok
18:57:33.0019 7768 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:57:33.0052 7768 Fs_Rec - ok
18:57:33.0118 7768 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:57:33.0120 7768 fvevol - ok
18:57:33.0133 7768 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:57:33.0134 7768 gagp30kx - ok
18:57:33.0158 7768 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:57:33.0158 7768 GEARAspiWDM - ok
18:57:33.0257 7768 Giraffic - ok
18:57:33.0326 7768 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:57:33.0329 7768 gpsvc - ok
18:57:33.0453 7768 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:57:33.0453 7768 gupdate - ok
18:57:33.0468 7768 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:57:33.0468 7768 gupdatem - ok
18:57:33.0518 7768 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:57:33.0555 7768 gusvc - ok
18:57:33.0594 7768 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
18:57:33.0594 7768 hamachi - ok
18:57:33.0768 7768 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
18:57:33.0777 7768 Hamachi2Svc - ok
18:57:33.0878 7768 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:57:33.0879 7768 hcw85cir - ok
18:57:33.0933 7768 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:57:33.0934 7768 HDAudBus - ok
18:57:33.0949 7768 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:57:33.0950 7768 HidBatt - ok
18:57:33.0964 7768 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:57:33.0966 7768 HidBth - ok
18:57:33.0971 7768 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:57:33.0972 7768 HidIr - ok
18:57:33.0989 7768 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:57:33.0990 7768 hidserv - ok
18:57:34.0034 7768 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:57:34.0034 7768 HidUsb - ok
18:57:34.0073 7768 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:57:34.0074 7768 hkmsvc - ok
18:57:34.0127 7768 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:57:34.0129 7768 HomeGroupListener - ok
18:57:34.0174 7768 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:57:34.0176 7768 HomeGroupProvider - ok
18:57:34.0346 7768 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:57:34.0348 7768 hpqcxs08 - ok
18:57:34.0361 7768 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:57:34.0362 7768 hpqddsvc - ok
18:57:34.0381 7768 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:57:34.0382 7768 HpSAMD - ok
18:57:34.0488 7768 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:57:34.0492 7768 HPSLPSVC - ok
18:57:34.0533 7768 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:57:34.0533 7768 HTCAND64 - ok
18:57:34.0582 7768 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
18:57:34.0583 7768 htcnprot - ok
18:57:34.0660 7768 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:57:34.0667 7768 HTTP - ok
18:57:34.0713 7768 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:57:34.0714 7768 hwpolicy - ok
18:57:34.0761 7768 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:57:34.0762 7768 i8042prt - ok
18:57:34.0808 7768 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
18:57:34.0810 7768 iaStor - ok
18:57:34.0887 7768 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:57:34.0887 7768 IAStorDataMgrSvc - ok
18:57:34.0950 7768 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:57:34.0960 7768 iaStorV - ok
18:57:35.0044 7768 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:57:35.0085 7768 IDriverT - ok
18:57:35.0197 7768 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:57:35.0240 7768 idsvc - ok
18:57:35.0329 7768 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:57:35.0330 7768 iirsp - ok
18:57:35.0417 7768 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:57:35.0420 7768 IKEEXT - ok
18:57:35.0520 7768 IntcAzAudAddService (697c927e0de2abaf1a5f455033f687cd) C:\Windows\system32\drivers\RTKVHD64.sys
18:57:35.0528 7768 IntcAzAudAddService - ok
18:57:35.0610 7768 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:57:35.0611 7768 intelide - ok
18:57:35.0621 7768 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:57:35.0621 7768 intelppm - ok
18:57:35.0677 7768 IOCBIOS (0e3a39c18c9c7a25d363e2d5889cb5a2) C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS
18:57:35.0678 7768 IOCBIOS - ok
18:57:35.0704 7768 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:57:35.0705 7768 IPBusEnum - ok
18:57:35.0747 7768 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:57:35.0748 7768 IpFilterDriver - ok
18:57:35.0831 7768 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:57:35.0833 7768 iphlpsvc - ok
18:57:35.0872 7768 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:57:35.0874 7768 IPMIDRV - ok
18:57:35.0904 7768 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:57:35.0905 7768 IPNAT - ok
18:57:36.0001 7768 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
18:57:36.0004 7768 iPod Service - ok
18:57:36.0015 7768 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:57:36.0015 7768 IRENUM - ok
18:57:36.0049 7768 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:57:36.0050 7768 isapnp - ok
18:57:36.0103 7768 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:57:36.0105 7768 iScsiPrt - ok
18:57:36.0166 7768 jumi (ccb39c7006d436d238ac75d2abfde1fe) C:\Windows\system32\DRIVERS\jumi.sys
18:57:36.0168 7768 jumi - ok
18:57:36.0207 7768 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
18:57:36.0208 7768 k57nd60a - ok
18:57:36.0246 7768 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:57:36.0246 7768 kbdclass - ok
18:57:36.0287 7768 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:57:36.0288 7768 kbdhid - ok
18:57:36.0322 7768 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:57:36.0323 7768 KeyIso - ok
18:57:36.0363 7768 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:57:36.0364 7768 KSecDD - ok
18:57:36.0408 7768 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:57:36.0409 7768 KSecPkg - ok
18:57:36.0421 7768 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:57:36.0422 7768 ksthunk - ok
18:57:36.0460 7768 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:57:36.0476 7768 KtmRm - ok
18:57:36.0540 7768 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:57:36.0542 7768 LanmanServer - ok
18:57:36.0584 7768 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:57:36.0585 7768 LanmanWorkstation - ok
18:57:36.0599 7768 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:57:36.0600 7768 lltdio - ok
18:57:36.0629 7768 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:57:36.0643 7768 lltdsvc - ok
18:57:36.0652 7768 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:57:36.0653 7768 lmhosts - ok
18:57:36.0683 7768 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:57:36.0684 7768 LSI_FC - ok
18:57:36.0699 7768 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:57:36.0700 7768 LSI_SAS - ok
18:57:36.0716 7768 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:57:36.0717 7768 LSI_SAS2 - ok
18:57:36.0737 7768 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:57:36.0739 7768 LSI_SCSI - ok
18:57:36.0756 7768 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:57:36.0758 7768 luafv - ok
18:57:36.0882 7768 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:57:36.0883 7768 McAfee SiteAdvisor Service - ok
18:57:36.0905 7768 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:57:36.0906 7768 McMPFSvc - ok
18:57:36.0913 7768 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:57:36.0914 7768 mcmscsvc - ok
18:57:36.0917 7768 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:57:36.0918 7768 McNaiAnn - ok
18:57:36.0942 7768 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:57:36.0944 7768 McNASvc - ok
18:57:37.0017 7768 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
18:57:37.0019 7768 McODS - ok
18:57:37.0021 7768 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:57:37.0022 7768 McProxy - ok
18:57:37.0067 7768 McPvDrv (a0c364079e7ae6c3127bee8e196f00e5) C:\Windows\system32\drivers\McPvDrv.sys
18:57:37.0067 7768 McPvDrv - ok
18:57:37.0158 7768 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:57:37.0159 7768 McShield - ok
18:57:37.0212 7768 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:57:37.0238 7768 Mcx2Svc - ok
18:57:37.0248 7768 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:57:37.0249 7768 megasas - ok
18:57:37.0270 7768 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:57:37.0273 7768 MegaSR - ok
18:57:37.0312 7768 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
18:57:37.0312 7768 mfeapfk - ok
18:57:37.0363 7768 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
18:57:37.0364 7768 mfeavfk - ok
18:57:37.0385 7768 mfeavfk01 - ok
18:57:37.0433 7768 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:57:37.0434 7768 mfefire - ok
18:57:37.0492 7768 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
18:57:37.0494 7768 mfefirek - ok
18:57:37.0542 7768 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
18:57:37.0547 7768 mfehidk - ok
18:57:37.0600 7768 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
18:57:37.0601 7768 mfenlfk - ok
18:57:37.0622 7768 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
18:57:37.0623 7768 mferkdet - ok
18:57:37.0659 7768 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
18:57:37.0661 7768 mfevtp - ok
18:57:37.0715 7768 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
18:57:37.0718 7768 mfewfpk - ok
18:57:37.0736 7768 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:57:37.0737 7768 MMCSS - ok
18:57:37.0850 7768 MOBKbackup (8cc001c65c31633171991fa72a551d43) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
18:57:37.0851 7768 MOBKbackup - ok
18:57:37.0888 7768 MOBKFilter (3800c23d0d90c59aafcdefdc82b5c4af) C:\Windows\system32\DRIVERS\MOBK.sys
18:57:37.0888 7768 MOBKFilter - ok
18:57:37.0910 7768 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:57:37.0910 7768 Modem - ok
18:57:37.0929 7768 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:57:37.0930 7768 monitor - ok
18:57:37.0974 7768 MotioninJoyXFilter (fc44ad48746ffa5fd640ef1260ab5ec2) C:\Windows\system32\DRIVERS\MijXfilt.sys
18:57:37.0976 7768 MotioninJoyXFilter - ok
18:57:38.0025 7768 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:57:38.0025 7768 mouclass - ok
18:57:38.0046 7768 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:57:38.0047 7768 mouhid - ok
18:57:38.0089 7768 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:57:38.0090 7768 mountmgr - ok
18:57:38.0137 7768 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:57:38.0138 7768 MozillaMaintenance - ok
18:57:38.0174 7768 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:57:38.0176 7768 mpio - ok
18:57:38.0191 7768 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:57:38.0192 7768 mpsdrv - ok
18:57:38.0272 7768 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:57:38.0276 7768 MpsSvc - ok
18:57:38.0331 7768 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:57:38.0333 7768 MRxDAV - ok
18:57:38.0372 7768 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:57:38.0374 7768 mrxsmb - ok
18:57:38.0423 7768 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:57:38.0426 7768 mrxsmb10 - ok
18:57:38.0440 7768 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:57:38.0442 7768 mrxsmb20 - ok
18:57:38.0478 7768 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:57:38.0479 7768 msahci - ok
18:57:38.0517 7768 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:57:38.0519 7768 msdsm - ok
18:57:38.0536 7768 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:57:38.0540 7768 MSDTC - ok
18:57:38.0559 7768 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:57:38.0559 7768 Msfs - ok
18:57:38.0577 7768 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:57:38.0577 7768 mshidkmdf - ok
18:57:38.0617 7768 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:57:38.0618 7768 msisadrv - ok
18:57:38.0644 7768 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:57:38.0649 7768 MSiSCSI - ok
18:57:38.0651 7768 msiserver - ok
18:57:38.0789 7768 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:57:38.0790 7768 MSK80Service - ok
18:57:38.0802 7768 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:57:38.0803 7768 MSKSSRV - ok
18:57:38.0805 7768 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:57:38.0806 7768 MSPCLOCK - ok
18:57:38.0811 7768 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:57:38.0811 7768 MSPQM - ok
18:57:38.0861 7768 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:57:38.0864 7768 MsRPC - ok
18:57:38.0878 7768 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:57:38.0878 7768 mssmbios - ok
18:57:38.0891 7768 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:57:38.0891 7768 MSTEE - ok
18:57:38.0900 7768 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:57:38.0901 7768 MTConfig - ok
18:57:38.0912 7768 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:57:38.0913 7768 Mup - ok
18:57:38.0969 7768 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:57:38.0984 7768 napagent - ok
18:57:39.0018 7768 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:57:39.0021 7768 NativeWifiP - ok
18:57:39.0069 7768 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:57:39.0076 7768 NDIS - ok
18:57:39.0106 7768 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:57:39.0107 7768 NdisCap - ok
18:57:39.0125 7768 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:57:39.0126 7768 NdisTapi - ok
18:57:39.0169 7768 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:57:39.0170 7768 Ndisuio - ok
18:57:39.0217 7768 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:57:39.0219 7768 NdisWan - ok
18:57:39.0256 7768 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:57:39.0257 7768 NDProxy - ok
18:57:39.0402 7768 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
18:57:39.0406 7768 Nero BackItUp Scheduler 4.0 - ok
18:57:39.0490 7768 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
18:57:39.0491 7768 Net Driver HPZ12 - ok
18:57:39.0496 7768 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:57:39.0497 7768 NetBIOS - ok
18:57:39.0547 7768 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:57:39.0549 7768 NetBT - ok
18:57:39.0581 7768 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:57:39.0582 7768 Netlogon - ok
18:57:39.0624 7768 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:57:39.0626 7768 Netman - ok
18:57:39.0750 7768 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:57:39.0752 7768 NetMsmqActivator - ok
18:57:39.0765 7768 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:57:39.0766 7768 NetPipeActivator - ok
18:57:39.0795 7768 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:57:39.0797 7768 netprofm - ok
18:57:39.0822 7768 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:57:39.0823 7768 NetTcpActivator - ok
18:57:39.0825 7768 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:57:39.0826 7768 NetTcpPortSharing - ok
18:57:39.0887 7768 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:57:39.0888 7768 nfrd960 - ok
18:57:39.0935 7768 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:57:39.0937 7768 NlaSvc - ok
18:57:40.0032 7768 nosGetPlusHelper (0e58f99692802c501454eac3d2ac3394) C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
18:57:41.0767 7768 nosGetPlusHelper - ok
18:57:41.0780 7768 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:57:41.0781 7768 Npfs - ok
18:57:41.0815 7768 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:57:41.0816 7768 nsi - ok
18:57:41.0827 7768 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:57:41.0827 7768 nsiproxy - ok
18:57:41.0924 7768 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:57:41.0936 7768 Ntfs - ok
18:57:41.0974 7768 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:57:41.0974 7768 Null - ok
18:57:42.0021 7768 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:57:42.0022 7768 nvraid - ok
18:57:42.0036 7768 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:57:42.0038 7768 nvstor - ok
18:57:42.0092 7768 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:57:42.0094 7768 nv_agp - ok
18:57:42.0133 7768 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:57:42.0134 7768 ohci1394 - ok
18:57:42.0157 7768 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:57:42.0159 7768 p2pimsvc - ok
18:57:42.0190 7768 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:57:42.0199 7768 p2psvc - ok
18:57:42.0216 7768 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:57:42.0217 7768 Parport - ok
18:57:42.0259 7768 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:57:42.0260 7768 partmgr - ok
18:57:42.0351 7768 PassThru Service (5fbcc9eeefaca3019d5bd5979618f298) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
18:57:42.0351 7768 PassThru Service - ok
18:57:42.0479 7768 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys
18:57:42.0479 7768 pbfilter - ok
18:57:42.0502 7768 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:57:42.0503 7768 PcaSvc - ok
18:57:42.0519 7768 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:57:42.0521 7768 pci - ok
18:57:42.0563 7768 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:57:42.0563 7768 pciide - ok
18:57:42.0583 7768 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:57:42.0585 7768 pcmcia - ok
18:57:42.0599 7768 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:57:42.0599 7768 pcw - ok
18:57:42.0635 7768 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:57:42.0662 7768 PEAUTH - ok
18:57:42.0744 7768 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:57:42.0745 7768 PerfHost - ok
18:57:42.0874 7768 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:57:42.0885 7768 pla - ok
18:57:42.0960 7768 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:57:42.0962 7768 PlugPlay - ok
18:57:43.0033 7768 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
18:57:43.0034 7768 Pml Driver HPZ12 - ok
18:57:43.0118 7768 pnetmdm (06841f5cd8410b6bdc0b5a631b8f8787) C:\Windows\system32\DRIVERS\pnetmdm64.sys
18:57:43.0119 7768 pnetmdm - ok
18:57:43.0126 7768 PnkBstrA - ok
18:57:43.0143 7768 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:57:43.0144 7768 PNRPAutoReg - ok
18:57:43.0165 7768 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:57:43.0167 7768 PNRPsvc - ok
18:57:43.0197 7768 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:57:43.0199 7768 PolicyAgent - ok
18:57:43.0223 7768 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:57:43.0225 7768 Power - ok
18:57:43.0268 7768 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:57:43.0270 7768 PptpMiniport - ok
18:57:43.0291 7768 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:57:43.0292 7768 Processor - ok
18:57:43.0320 7768 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:57:43.0322 7768 ProfSvc - ok
18:57:43.0364 7768 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:57:43.0365 7768 ProtectedStorage - ok
18:57:43.0424 7768 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:57:43.0425 7768 Psched - ok
18:57:43.0499 7768 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:57:43.0513 7768 ql2300 - ok
18:57:43.0619 7768 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:57:43.0620 7768 ql40xx - ok
18:57:43.0653 7768 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:57:43.0656 7768 QWAVE - ok
18:57:43.0665 7768 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:57:43.0666 7768 QWAVEdrv - ok
18:57:43.0674 7768 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:57:43.0675 7768 RasAcd - ok
18:57:43.0696 7768 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:57:43.0697 7768 RasAgileVpn - ok
18:57:43.0707 7768 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:57:43.0709 7768 RasAuto - ok
18:57:43.0760 7768 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:57:43.0761 7768 Rasl2tp - ok
18:57:43.0823 7768 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:57:43.0834 7768 RasMan - ok
18:57:43.0848 7768 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:57:43.0850 7768 RasPppoe - ok
18:57:43.0861 7768 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:57:43.0862 7768 RasSstp - ok
18:57:43.0917 7768 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:57:43.0920 7768 rdbss - ok
18:57:43.0944 7768 RDMPLocalService - ok
18:57:43.0954 7768 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:57:43.0955 7768 rdpbus - ok
18:57:43.0961 7768 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:57:43.0962 7768 RDPCDD - ok
18:57:43.0975 7768 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:57:43.0975 7768 RDPENCDD - ok
18:57:43.0984 7768 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:57:43.0985 7768 RDPREFMP - ok
18:57:44.0034 7768 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:57:44.0036 7768 RDPWD - ok
18:57:44.0088 7768 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:57:44.0090 7768 rdyboost - ok
18:57:44.0121 7768 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:57:44.0123 7768 RemoteAccess - ok
18:57:44.0143 7768 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:57:44.0145 7768 RemoteRegistry - ok
18:57:44.0178 7768 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:57:44.0180 7768 RFCOMM - ok
18:57:44.0225 7768 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:57:44.0226 7768 RimUsb - ok
18:57:44.0270 7768 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
18:57:44.0271 7768 RimVSerPort - ok
18:57:44.0293 7768 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
18:57:44.0293 7768 ROOTMODEM - ok
18:57:44.0309 7768 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:57:44.0310 7768 RpcEptMapper - ok
18:57:44.0316 7768 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:57:44.0317 7768 RpcLocator - ok
18:57:44.0382 7768 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:57:44.0385 7768 RpcSs - ok
18:57:44.0414 7768 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:57:44.0415 7768 rspndr - ok
18:57:44.0462 7768 SaiHF51A (6571f3e998dbfed96b2e00902657b7dd) C:\Windows\system32\DRIVERS\SaiHF51A.sys
18:57:44.0464 7768 SaiHF51A - ok
18:57:44.0487 7768 SaiMini (b9c2c015b7cf063f8cada9ee570fe978) C:\Windows\system32\DRIVERS\SaiMini.sys
18:57:44.0487 7768 SaiMini - ok
18:57:44.0520 7768 SaiNtBus (ff9db6fe97041a819d1863e67aedd9c3) C:\Windows\system32\drivers\SaiBus.sys
18:57:44.0521 7768 SaiNtBus - ok
18:57:44.0565 7768 SaiUF51A (eabba7b9299a07bcc36c8f814c2a2bc5) C:\Windows\system32\DRIVERS\SaiUF51A.sys
18:57:44.0566 7768 SaiUF51A - ok
18:57:44.0597 7768 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:57:44.0598 7768 SamSs - ok
18:57:44.0684 7768 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:57:44.0684 7768 SASDIFSV - ok
18:57:44.0699 7768 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:57:44.0699 7768 SASKUTIL - ok
18:57:44.0744 7768 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:57:44.0745 7768 sbp2port - ok
18:57:44.0770 7768 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:57:44.0772 7768 SCardSvr - ok
18:57:44.0818 7768 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:57:44.0819 7768 scfilter - ok
18:57:44.0894 7768 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:57:44.0899 7768 Schedule - ok
18:57:44.0949 7768 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:57:44.0950 7768 SCPolicySvc - ok
18:57:44.0996 7768 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:57:44.0998 7768 SDRSVC - ok
18:57:45.0107 7768 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:57:45.0108 7768 SeaPort - ok
18:57:45.0166 7768 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:57:45.0167 7768 secdrv - ok
18:57:45.0200 7768 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:57:45.0202 7768 seclogon - ok
18:57:45.0222 7768 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:57:45.0223 7768 SENS - ok
18:57:45.0228 7768 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:57:45.0229 7768 SensrSvc - ok
18:57:45.0240 7768 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:57:45.0241 7768 Serenum - ok
18:57:45.0253 7768 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:57:45.0254 7768 Serial - ok
18:57:45.0305 7768 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:57:45.0306 7768 sermouse - ok
18:57:45.0356 7768 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:57:45.0358 7768 SessionEnv - ok
18:57:45.0396 7768 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:57:45.0397 7768 sffdisk - ok
18:57:45.0409 7768 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:57:45.0410 7768 sffp_mmc - ok
18:57:45.0416 7768 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:57:45.0417 7768 sffp_sd - ok
18:57:45.0431 7768 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:57:45.0432 7768 sfloppy - ok
18:57:45.0524 7768 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
18:57:45.0526 7768 SftService - ok
18:57:45.0617 7768 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:57:45.0628 7768 SharedAccess - ok
18:57:45.0686 7768 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:57:45.0688 7768 ShellHWDetection - ok
18:57:45.0755 7768 SI3132 (0f498dee92fd73dd999bae4d506367f5) C:\Windows\system32\DRIVERS\SI3132.sys
18:57:45.0756 7768 SI3132 - ok
18:57:45.0766 7768 SiFilter (127ce10e01f53f2edaca7fe42e5631ea) C:\Windows\system32\DRIVERS\SiWinAcc.sys
18:57:45.0767 7768 SiFilter - ok
18:57:45.0774 7768 SiRemFil (b742c37002b8ebef6e230df9b4b28546) C:\Windows\system32\DRIVERS\SiRemFil.sys
18:57:45.0774 7768 SiRemFil - ok
18:57:45.0790 7768 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:57:45.0791 7768 SiSRaid2 - ok
18:57:45.0807 7768 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:57:45.0808 7768 SiSRaid4 - ok
18:57:45.0830 7768 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:57:45.0831 7768 Smb - ok
18:57:45.0857 7768 smbusp (14a6c16f523be06ba307cb68597eaa82) C:\Windows\system32\DRIVERS\intelsmb.sys
18:57:45.0858 7768 smbusp - ok
18:57:45.0887 7768 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:57:45.0888 7768 SNMPTRAP - ok
18:57:45.0986 7768 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
18:57:46.0020 7768 speedfan - ok
18:57:46.0052 7768 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:57:46.0052 7768 spldr - ok
18:57:46.0112 7768 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:57:46.0115 7768 Spooler - ok
18:57:46.0256 7768 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:57:46.0269 7768 sppsvc - ok
18:57:46.0337 7768 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:57:46.0338 7768 sppuinotify - ok
18:57:46.0432 7768 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
18:57:46.0445 7768 sptd - ok
18:57:46.0500 7768 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:57:46.0508 7768 srv - ok
18:57:46.0538 7768 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:57:46.0546 7768 srv2 - ok
18:57:46.0563 7768 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:57:46.0565 7768 srvnet - ok
18:57:46.0597 7768 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:57:46.0599 7768 SSDPSRV - ok
18:57:46.0610 7768 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:57:46.0612 7768 SstpSvc - ok
18:57:46.0663 7768 Steam Client Service - ok
18:57:46.0681 7768 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:57:46.0682 7768 stexstor - ok
18:57:46.0755 7768 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:57:46.0758 7768 stisvc - ok
18:57:46.0802 7768 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:57:46.0802 7768 swenum - ok
18:57:46.0834 7768 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:57:46.0840 7768 swprv - ok
18:57:46.0932 7768 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:57:46.0943 7768 SysMain - ok
18:57:47.0041 7768 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:57:47.0044 7768 TabletInputService - ok
18:57:47.0095 7768 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:57:47.0106 7768 TapiSrv - ok
18:57:47.0117 7768 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:57:47.0119 7768 TBS - ok
18:57:47.0252 7768 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:57:47.0266 7768 Tcpip - ok
18:57:47.0361 7768 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:57:47.0368 7768 TCPIP6 - ok
18:57:47.0424 7768 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:57:47.0425 7768 tcpipreg - ok
18:57:47.0439 7768 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:57:47.0440 7768 TDPIPE - ok
18:57:47.0482 7768 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:57:47.0483 7768 TDTCP - ok
18:57:47.0526 7768 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:57:47.0528 7768 tdx - ok
18:57:47.0707 7768 TeamViewer6 (7c2f4d20af8267605607b483d88c8302) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
18:57:47.0715 7768 TeamViewer6 - ok
18:57:47.0774 7768 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:57:47.0775 7768 TermDD - ok
18:57:47.0846 7768 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:57:47.0872 7768 TermService - ok
18:57:47.0895 7768 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:57:47.0897 7768 Themes - ok
18:57:47.0919 7768 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:57:47.0920 7768 THREADORDER - ok
18:57:47.0938 7768 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:57:47.0940 7768 TrkWks - ok
18:57:48.0005 7768 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:57:48.0006 7768 TrustedInstaller - ok
18:57:48.0032 7768 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:57:48.0033 7768 tssecsrv - ok
18:57:48.0097 7768 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:57:48.0098 7768 TsUsbFlt - ok
18:57:48.0152 7768 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:57:48.0153 7768 tunnel - ok
18:57:48.0177 7768 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:57:48.0178 7768 uagp35 - ok
18:57:48.0235 7768 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:57:48.0238 7768 udfs - ok
18:57:48.0258 7768 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:57:48.0259 7768 UI0Detect - ok
18:57:48.0311 7768 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:57:48.0312 7768 uliagpkx - ok
18:57:48.0375 7768 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:57:48.0376 7768 umbus - ok
18:57:48.0389 7768 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:57:48.0390 7768 UmPass - ok
18:57:48.0423 7768 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:57:48.0425 7768 upnphost - ok
18:57:48.0478 7768 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:57:48.0479 7768 USBAAPL64 - ok
18:57:48.0529 7768 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:57:48.0531 7768 usbaudio - ok
18:57:48.0575 7768 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:57:48.0577 7768 usbccgp - ok
18:57:48.0615 7768 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:57:48.0616 7768 usbcir - ok
18:57:48.0657 7768 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:57:48.0658 7768 usbehci - ok
18:57:48.0685 7768 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:57:48.0688 7768 usbhub - ok
18:57:48.0702 7768 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:57:48.0703 7768 usbohci - ok
18:57:48.0713 7768 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:57:48.0713 7768 usbprint - ok
18:57:48.0758 7768 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:57:48.0759 7768 usbscan - ok
18:57:48.0777 7768 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:57:48.0779 7768 USBSTOR - ok
18:57:48.0792 7768 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
18:57:48.0792 7768 usbuhci - ok
18:57:48.0852 7768 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
18:57:48.0853 7768 usb_rndisx - ok
18:57:48.0871 7768 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:57:48.0874 7768 UxSms - ok
18:57:48.0900 7768 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:57:48.0902 7768 VaultSvc - ok
18:57:48.0975 7768 VBoxDrv (6372eaa7cc0e8a2fc4be7b3f2de1ed62) C:\Windows\system32\DRIVERS\VBoxDrv.sys
18:57:48.0976 7768 VBoxDrv - ok
18:57:49.0025 7768 VBoxNetAdp (b996117f6202464a56901cbc13999fe2) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
18:57:49.0027 7768 VBoxNetAdp - ok
18:57:49.0048 7768 VBoxNetFlt (89835a2f779979f1d545e40f36d737e0) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
18:57:49.0049 7768 VBoxNetFlt - ok
18:57:49.0109 7768 VBoxUSBMon (f9bd6cff0376d1daddb1cb2f794d9bc7) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
18:57:49.0110 7768 VBoxUSBMon - ok
18:57:49.0162 7768 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:57:49.0162 7768 vdrvroot - ok
18:57:49.0235 7768 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:57:49.0238 7768 vds - ok
18:57:49.0267 7768 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:57:49.0268 7768 vga - ok
18:57:49.0283 7768 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:57:49.0283 7768 VgaSave - ok
18:57:49.0331 7768 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:57:49.0333 7768 vhdmp - ok
18:57:49.0370 7768 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:57:49.0371 7768 viaide - ok
18:57:49.0393 7768 VMnetAdapter - ok
18:57:49.0438 7768 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:57:49.0439 7768 volmgr - ok
18:57:49.0493 7768 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:57:49.0496 7768 volmgrx - ok
18:57:49.0546 7768 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:57:49.0548 7768 volsnap - ok
18:57:49.0567 7768 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:57:49.0568 7768 vsmraid - ok
18:57:49.0662 7768 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:57:49.0668 7768 VSS - ok
18:57:49.0782 7768 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:57:49.0782 7768 vwifibus - ok
18:57:49.0820 7768 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:57:49.0828 7768 W32Time - ok
18:57:49.0857 7768 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:57:49.0858 7768 WacomPen - ok
18:57:49.0877 7768 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:57:49.0878 7768 WANARP - ok
18:57:49.0880 7768 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:57:49.0881 7768 Wanarpv6 - ok
18:57:49.0965 7768 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:57:50.0048 7768 WatAdminSvc - ok
18:57:50.0134 7768 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:57:50.0140 7768 wbengine - ok
18:57:50.0177 7768 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:57:50.0180 7768 WbioSrvc - ok
18:57:50.0236 7768 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:57:50.0245 7768 wcncsvc - ok
18:57:50.0260 7768 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:57:50.0262 7768 WcsPlugInService - ok
18:57:50.0285 7768 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:57:50.0286 7768 Wd - ok
18:57:50.0323 7768 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:57:50.0328 7768 Wdf01000 - ok
18:57:50.0343 7768 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:57:50.0344 7768 WdiServiceHost - ok
18:57:50.0346 7768 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:57:50.0347 7768 WdiSystemHost - ok
18:57:50.0395 7768 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:57:50.0398 7768 WebClient - ok
18:57:50.0426 7768 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:57:50.0430 7768 Wecsvc - ok
18:57:50.0443 7768 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:57:50.0445 7768 wercplsupport - ok
18:57:50.0468 7768 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:57:50.0470 7768 WerSvc - ok
18:57:50.0496 7768 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:57:50.0497 7768 WfpLwf - ok
18:57:50.0539 7768 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
18:57:50.0541 7768 WimFltr - ok
18:57:50.0558 7768 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:57:50.0558 7768 WIMMount - ok
18:57:50.0593 7768 WinDefend - ok
18:57:50.0609 7768 WinHttpAutoProxySvc - ok
18:57:50.0661 7768 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:57:50.0662 7768 Winmgmt - ok
18:57:50.0769 7768 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:57:50.0786 7768 WinRM - ok
18:57:50.0895 7768 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
18:57:50.0896 7768 WinUSB - ok
18:57:50.0949 7768 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:57:50.0953 7768 Wlansvc - ok
18:57:51.0136 7768 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:57:51.0144 7768 wlidsvc - ok
18:57:51.0214 7768 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:57:51.0215 7768 WmiAcpi - ok
18:57:51.0269 7768 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:57:51.0271 7768 wmiApSrv - ok
18:57:51.0336 7768 WMPNetworkSvc - ok
18:57:51.0340 7768 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:57:51.0342 7768 WPCSvc - ok
18:57:51.0385 7768 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:57:51.0387 7768 WPDBusEnum - ok
18:57:51.0407 7768 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:57:51.0407 7768 ws2ifsl - ok
18:57:51.0428 7768 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:57:51.0430 7768 wscsvc - ok
18:57:51.0432 7768 WSearch - ok
18:57:51.0559 7768 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:57:51.0592 7768 wuauserv - ok
18:57:51.0671 7768 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:57:51.0673 7768 WudfPf - ok
18:57:51.0698 7768 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:57:51.0700 7768 WUDFRd - ok
18:57:51.0744 7768 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:57:51.0746 7768 wudfsvc - ok
18:57:51.0764 7768 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:57:51.0767 7768 WwanSvc - ok
18:57:51.0804 7768 XTUService (ac6b43f32e452e358bdc5ecabf894452) C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
18:57:51.0804 7768 XTUService - ok
18:57:51.0849 7768 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
18:57:51.0850 7768 xusb21 - ok
18:57:51.0906 7768 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
18:57:51.0907 7768 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
18:57:51.0924 7768 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
18:57:52.0087 7768 \Device\Harddisk0\DR0 - ok
18:57:52.0088 7768 Boot (0x1200) (ef305b67601603bcb2199243db0d33c0) \Device\Harddisk0\DR0\Partition0
18:57:52.0089 7768 \Device\Harddisk0\DR0\Partition0 - ok
18:57:52.0115 7768 Boot (0x1200) (60fb98d10a4f896c97e89e34ee11f365) \Device\Harddisk0\DR0\Partition1
18:57:52.0117 7768 \Device\Harddisk0\DR0\Partition1 - ok
18:57:52.0117 7768 ============================================================
18:57:52.0117 7768 Scan finished
18:57:52.0117 7768 ============================================================
18:57:52.0123 5160 Detected object count: 1
18:57:52.0123 5160 Actual detected object count: 1
18:59:15.0885 5160 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
18:59:15.0885 5160 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip





aswMBR log
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-11 19:02:03
-----------------------------
19:02:03.983 OS Version: Windows x64 6.1.7601 Service Pack 1
19:02:03.983 Number of processors: 4 586 0x1A05
19:02:03.984 ComputerName: MARTINEZ-PC UserName: juan c
19:02:05.183 Initialize success
19:02:59.204 AVAST engine defs: 12061101
19:03:40.334 The log file has been saved successfully to "C:\Users\juan c\Desktop\aswMBR.txt"

Edited by jcarlos100, 11 June 2012 - 06:06 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 PM

Posted 11 June 2012 - 06:32 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\myBabylon_English
c:\program files (x86)\uTorrentBar
c:\program files (x86)\ConduitEngine
c:\program files (x86)\Ask.com
c:\program files (x86)\Veoh Networks

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jcarlos100

jcarlos100
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:05:29 PM

Posted 11 June 2012 - 07:45 PM

well no problems at all no more error box about "Door controller has stopped working"
and the computers fine im pretty sure everything is fixed now
what was the problem? if io may ask
and any tips or programs i should hear/get? so my pc can be more safe from now on

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 PM

Posted 12 June 2012 - 07:58 AM

Hello

and any tips or programs i should hear/get? so my pc can be more safe from now on

I will get into this very soon

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Ask Toolbar
Ask Toolbar Updater
Bing Bar
Bing Rewards Client Installer
Conduit Engine
Java™ 6 Update 22
uTorrentBar Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jcarlos100

jcarlos100
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:05:29 PM

Posted 12 June 2012 - 04:24 PM

1. log from MBAM
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
juan c :: MARTINEZ-PC [administrator]

6/12/2012 4:48:09 PM
mbam-log-2012-06-12 (16-48-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288144
Time elapsed: 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





2. report from hijack this
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:46:52 PM, on 6/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Users\juan c\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe
C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Users\juan c\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Users\juan c\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: D-Link Toolbar Search Class - {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (file missing)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120609153017.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll (file missing)
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: D-Link Toolbar Loader - {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
O2 - BHO: midicairUSA - {f3902028-4a21-4793-8e05-793e183d51c2} - C:\Program Files (x86)\midicairUSA\prxtbmidi.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll (file missing)
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (file missing)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (file missing)
O3 - Toolbar: D-Link Toolbar - {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
O3 - Toolbar: midicairUSA Toolbar - {f3902028-4a21-4793-8e05-793e183d51c2} - C:\Program Files (x86)\midicairUSA\prxtbmidi.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\ds3\DS3_Tool.exe -mini
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\juan c\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Rim.DesktopHelper.exe] C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe
O4 - HKCU\..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\juan c\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BPowMon\BPowMon.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CyberLink Product - 2011/04/25 21:50:31 (CLKMSVC10_1628BCEA) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) - Unknown owner - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files (x86)\RDM+\rdmpserv.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® Extreme Tuning Utility (XTUService) - Intel Corporation - C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

--
End of file - 21029 bytes




3. problems i did run into some problems
first installing java it was up to the part "installing java fx 2.1.1 components" that's when everything froze on my PC including the time. All i could do was move my mouse i had to reboot my pc by pressing and holding the power button on my tower. After that i opened Firefox and 2 tabs came up this forum and verifying java it said i needed to update it so i did while installing some errors came up a pop up saying error 1101. error reading from file. another pop up window that said C:\config.MSI\366445.rbs. Verify that it exist and can access it. i pressed ok then another pop up came up that said error 1712. one more of the files required to restore your computer to its previous state could not be found. Restoration not possible i pressed ok then it just installed successfully.

4. the computers fine it seems faster i was wondering if i really need to uninstall u torrent? and also pop up window that says "Door controller has stopped working" came back i think it might just have to do with an update the command center had gotten i will uninstall it and reinstall it later. I am not sure have you ever heard of this pop up window?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 PM

Posted 12 June 2012 - 08:45 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\ds3\DS3_Tool.exe -mini
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\juan c\AppData\Local\Akamai\netsession_win.exe"
      O4 - HKCU\..\Run: [Rim.DesktopHelper.exe] C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe
      O4 - HKCU\..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
      O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\juan c\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
      O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
      O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 PM

Posted 14 June 2012 - 11:42 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 jcarlos100

jcarlos100
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:05:29 PM

Posted 17 June 2012 - 05:59 PM

sorry for the huge delay
when i booted up my pc i got a blue screen then when i logged into my name this pop up came up that showed the problem details:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: FFFFF8800953580E
BCP3: FFFFF8800C714A80
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\061712-25911-01.dmp
C:\Users\juan c\AppData\Local\Temp\WER-84911-0.sysdata.xml



and here is the log from eset-

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\tom clancy conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\Program Files (x86)\tom clancy conviction\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll.vir a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll.vir Win32/OpenCandy application
C:\Qoobox\Quarantine\C\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlipso-qlipso-silent-us.exe.vir a variant of Win32/Toolbar.Zugo application
C:\Users\juan c\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe Win32/OpenCandy application
C:\Users\juan c\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.6.windows.exe Win32/OpenCandy application
C:\Users\juan c\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.4.windows.exe Win32/OpenCandy application
C:\Users\juan c\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.5.windows.exe Win32/OpenCandy application
C:\Users\juan c\Downloads\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application
C:\Users\juan c\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Users\juan c\Saved Games\Tom.Clancys.Splinter.Cell.Conviction-SKIDROW\sr-tcscc.iso a variant of Win32/Packed.VMProtect.AAA trojan
C:\Users\Martinez\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MKNPAPW4\Signon[1].htm HTML/Phishing.Chase.A trojan
C:\Users\Martinez\AppData\Local\{00E9082E-9E2D-11E1-826F-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe Win32/OpenCandy application
C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe Win32/OpenCandy application
C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application
C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe Win32/OpenCandy application
C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.4.windows.exe Win32/OpenCandy application
C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.5.windows.exe Win32/OpenCandy application
C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.2.3.windows.exe Win32/OpenCandy application
C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.3.windows.exe Win32/OpenCandy application
C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.4.windows.exe Win32/OpenCandy application
C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.5.windows.exe Win32/OpenCandy application
C:\Users\Martinez\FrostWire\Saved\frostwire-4.21.6.windows.exe Win32/OpenCandy application
C:\Windows\Installer\2df8ee5.msi a variant of Win32/Toolbar.Widgi application

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 PM

Posted 17 June 2012 - 06:37 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Program Files (x86)\tom clancy conviction\src\system\ubiorbitapi_r2.dll"
    del /f /s /q "C:\Program Files (x86)\tom clancy conviction\system\ubiorbitapi_r2.dll"
    del /f /s /q "C:\Users\juan c\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe"
    del /f /s /q "C:\Users\juan c\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.6.windows.exe"
    del /f /s /q "C:\Users\juan c\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.4.windows.exe"
    del /f /s /q "C:\Users\juan c\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.5.windows.exe"
    del /f /s /q "C:\Users\juan c\Downloads\Unlocker1.9.1.exe"
    del /f /s /q "C:\Users\juan c\Downloads\vlcmediaplayer-setup.exe"
    del /f /s /q "C:\Users\juan c\Saved Games\Tom.Clancys.Splinter.Cell.Conviction-SKIDROW\sr-tcscc.iso"
    del /f /s /q "C:\Users\Martinez\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MKNPAPW4\Signon[1].htm"
    del /f /s /q "C:\Users\Martinez\AppData\Local\{00E9082E-9E2D-11E1-826F-B8AC6F996F26}\chrome\content\browser.xul"
    del /f /s /q "C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe"
    del /f /s /q "C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe"
    del /f /s /q "C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe"
    del /f /s /q "C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe"
    del /f /s /q "C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.4.windows.exe"
    del /f /s /q "C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.5.windows.exe"
    del /f /s /q "C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.2.3.windows.exe"
    del /f /s /q "C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.3.windows.exe"
    del /f /s /q "C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.4.windows.exe"
    del /f /s /q "C:\Users\Martinez\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.5.windows.exe"
    del /f /s /q "C:\Users\Martinez\FrostWire\Saved\frostwire-4.21.6.windows.exe"
    del /f /s /q "C:\Windows\Installer\2df8ee5.msi"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.


:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users