Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess rootkit


  • This topic is locked This topic is locked
18 replies to this topic

#1 EdgarM

EdgarM

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 11 June 2012 - 02:44 PM

I seemed to be infected by a ZeroAccess rootkit, I started a new topic here as requested by the person helping me in the my first topic; link is Here.
I have tried various virus/malware scanners and tried various tools to help, such as: Eset, Rkill, Kaspersky Rescue Disk 10, Emsisoft Emergency Kit, Avast, Malwarebytes, SuperAntiSpyware, FSS, MiniToolBox, SecurityCheck, and aswMBR. I had also used combofix before I found these forums as followed by someone else's advice. Malwarebytes detects infected items, but it freezes and cannot complete scans or get logs. Im getting warnings from avast every 5 to 20 minutes and programs freeze that never used to. These are the block warnings I get: Win32:DNSChanger-VJ[Trj] and Win32:Malware-gen.

Here are the errors or problems I received from tools or trying to create logs:
When running MiniToolbarBox it gave me an error message during the scan: nslookup.exe - Ordinal Not Found \ The ordinal 1108 could be located in the dynamic link library WSOCK32.dll.
aswMBR freezes and crashes during the scan after "AVAST engine scan C:\Users\Antonio". So I saved a log before it crashes. Also I wasn't able to come up with a Malwarebytes log because it still freezes during scan.

Log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32
Run by Antonio at 14:11:05 on 2012-06-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7416.5013 [GMT -5:00]
.
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\vds.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Antonio\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuToerror.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuToerror.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuToerror.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuToerror.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AdobeBridge]
uRun: [DIMDownloading your update...1300677038363] "c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe" "c:\programdata\corel\downloads\540215253_410003\1300677038363\dim_params.xml" -Launch=3 -uibase="c:\users\antonio\appdata\roaming\corel\messages\540215253_410003\en\messagecache2\workflow"
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [90F965C60EAEAD777CBE4F3948EA1869D6916F18._service_run] "C:\Users\Antonio\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Spotify Web Helper] "C:\Users\Antonio\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with &Shareaza - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F394725B-9FEF-4826-B731-7884F6210245} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F394725B-9FEF-4826-B731-7884F6210245}\33330383 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuToerror.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuToerror.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\8v1m39ie.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=102868&gct=hp
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\8v1m39ie.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\WINNT-32\MinimizeToTrayPlus.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Antonio\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Antonio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?]
R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\Antonio\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-6-10 23208]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-5-21 55096]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-5-21 297048]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 aksdf;aksdf;\??\C:\Windows\system32\drivers\aksdf.sys --> C:\Windows\system32\drivers\aksdf.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-6-10 44768]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-6-10 134920]
R2 DigiNet;Digidesign Ethernet Support;C:\Windows\system32\DRIVERS\diginet.sys --> C:\Windows\system32\DRIVERS\diginet.sys [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-8-19 192512]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]
R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-1-7 218112]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-11 654408]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-12-1 517632]
R2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-5-21 976728]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-13 135664]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-4-5 8192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 dalwdmservice;dal service;C:\Windows\system32\drivers\dalwdm.sys --> C:\Windows\system32\drivers\dalwdm.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-13 135664]
S3 MBX2DFU;MBX2DFU;C:\Windows\system32\DRIVERS\MBX2DFU.sys --> C:\Windows\system32\DRIVERS\MBX2DFU.sys [?]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\Windows\system32\drivers\mbx2midk.sys --> C:\Windows\system32\drivers\mbx2midk.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
.
=============== Created Last 30 ================
.
2012-06-11 16:44:23 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-11 16:44:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-11 16:10:44 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-06-11 00:11:19 141144 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-06-11 00:10:52 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-06-11 00:10:52 258904 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-06-11 00:10:48 28504 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-06-11 00:10:47 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-06-11 00:10:44 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-06-11 00:10:24 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
2012-06-11 00:09:46 41184 ----a-w- C:\Windows\avastSS.scr
2012-06-11 00:09:27 -------- d-----w- C:\ProgramData\AVAST Software
2012-06-11 00:09:27 -------- d-----w- C:\Program Files\AVAST Software
2012-06-10 23:34:14 98816 ----a-w- C:\Windows\sed.exe
2012-06-10 23:34:14 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-10 23:34:14 256000 ----a-w- C:\Windows\PEV.exe
2012-06-10 23:34:14 208896 ----a-w- C:\Windows\MBR.exe
2012-06-10 23:34:01 -------- d-s---w- C:\ComboFix
2012-06-10 03:27:36 -------- d-----w- C:\Users\Antonio\AppData\Roaming\Malwarebytes
2012-06-10 03:27:33 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-09 11:45:43 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-09 04:14:12 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-09 03:57:16 -------- d-----w- C:\Users\Antonio\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 03:56:47 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-09 03:56:47 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-09 03:35:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-08 23:16:41 -------- d-----w- C:\Program Files\Bitdefender
2012-06-08 23:05:27 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2012-06-08 22:55:41 -------- d-----w- C:\Users\Antonio\AppData\Local\liQeNSoft
2012-06-08 22:50:30 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-08 22:49:33 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-08 22:49:03 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-08 22:49:03 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-08 21:37:21 -------- d-----w- C:\ProgramData\BDLogging
2012-06-08 21:29:52 -------- d-----w- C:\Users\Antonio\AppData\Roaming\QuickScan
2012-06-08 21:26:58 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2012-06-08 21:07:51 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-08 21:03:04 -------- d-----w- C:\Program Files (x86)\Iceberg Interactive
2012-06-08 09:58:06 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E0AAFC42-581B-4313-AEE4-F7308C42ADA2}\mpengine.dll
2012-06-05 00:38:27 -------- d-----w- C:\Program Files (x86)\Maxis
2012-06-03 21:47:19 -------- d-----w- C:\Users\Antonio\AppData\Local\CRE
2012-06-03 21:47:17 -------- d-----w- C:\Users\Antonio\AppData\Local\Conduit
2012-06-03 21:47:17 -------- d-----w- C:\Program Files (x86)\Conduit
2012-06-03 21:47:16 -------- d-----w- C:\Program Files (x86)\uTorrentControl2
2012-06-01 12:31:25 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-31 04:27:41 -------- d-----w- C:\Users\Antonio\AppData\Roaming\Mount&Blade
2012-05-25 03:45:53 -------- d-----w- C:\Users\Antonio\AppData\Roaming\Mount&Blade Warband
2012-05-25 03:40:52 -------- d-----w- C:\Program Files (x86)\Mount&Blade Warband
2012-05-21 21:11:25 -------- d-----w- C:\Program Files (x86)\Paradox Entertainment
2012-05-16 02:09:33 -------- d-----w- C:\Program Files\iPod
2012-05-16 02:09:32 -------- d-----w- C:\Program Files\iTunes
2012-05-16 02:09:32 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-06-11 16:35:16 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2012-06-11 16:10:35 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-21 12:19:16 101400 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-01 17:06:50 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-01 17:06:50 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 14:12:33.47 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 12 June 2012 - 06:30 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 EdgarM

EdgarM
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 12 June 2012 - 09:44 AM

Thanks for replying!


Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 32
Java™ 6 Update 3
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 11.2.202.228
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (9.0.1)
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 12 June 2012 - 10:09 AM

greetings

let me have the combofix report when it is complete


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 EdgarM

EdgarM
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 12 June 2012 - 10:25 AM

I tried to but combofix only loaded its components and it wouldn't open.
I had disabled avast and malwarebytes, like instructed.
Now it's going crazy, it keeps opening and closing many black and blue windows.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 12 June 2012 - 10:45 AM

are you running it from an account with admin privileges?



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 EdgarM

EdgarM
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 12 June 2012 - 10:57 AM

Yes, I only use one account on my pc.

#8 EdgarM

EdgarM
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 12 June 2012 - 11:05 AM

Okay I finally managed to get it to run, it's going through the stages right now. I'll post back with the log in a bit.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 12 June 2012 - 11:14 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 EdgarM

EdgarM
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 12 June 2012 - 11:47 AM

ComboFix 12-06-12.01 - Antonio 06/12/2012 11:01:52.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7416.5623 [GMT -5:00]
Running from: c:\users\Antonio\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Downloaded Installers
c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}
c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome.manifest
c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome\questbrowse.jar
c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults\preferences\prefs.js
c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\install.rdf
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{250bd5c5-c088-3980-c735-ec6eba089561}\@
c:\windows\Installer\{250bd5c5-c088-3980-c735-ec6eba089561}\L\00000004.@
c:\windows\Installer\{250bd5c5-c088-3980-c735-ec6eba089561}\L\1afb2d56
c:\windows\Installer\{250bd5c5-c088-3980-c735-ec6eba089561}\L\201d3dde
c:\windows\Installer\{250bd5c5-c088-3980-c735-ec6eba089561}\U\00000004.@
c:\windows\Installer\{250bd5c5-c088-3980-c735-ec6eba089561}\U\00000008.@
c:\windows\Installer\{250bd5c5-c088-3980-c735-ec6eba089561}\U\000000cb.@
c:\windows\Installer\{250bd5c5-c088-3980-c735-ec6eba089561}\U\80000000.@
c:\windows\Installer\{250bd5c5-c088-3980-c735-ec6eba089561}\U\80000032.@
c:\windows\Installer\{250bd5c5-c088-3980-c735-ec6eba089561}\U\80000064.@
c:\windows\XSxS
.
---- Previous Run -------
.
c:\programdata\1339190846.bdinstall.bin
c:\programdata\1339196739.bdinstall.bin
c:\programdata\1339196923.bdinstall.bin
c:\programdata\1339197108.bdinstall.bin
c:\programdata\1339197696.bdinstall.bin
c:\programdata\1339198988.bdinstall.bin
c:\programdata\1339199115.bdinstall.bin
c:\programdata\E81F2E8243.sys
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\uninstall.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))
.
.
2012-06-12 16:21 . 2012-06-12 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-12 01:22 . 2012-06-12 01:22 -------- d-----w- c:\program files (x86)\Bioware
2012-06-12 01:21 . 2012-06-12 01:21 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0AAFC42-581B-4313-AEE4-F7308C42ADA2}\offreg.dll
2012-06-11 16:44 . 2012-06-11 16:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-11 16:44 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-11 16:10 . 2012-06-11 16:10 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-11 00:11 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-11 00:11 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-11 00:11 . 2012-03-06 23:04 141144 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-06-11 00:10 . 2012-03-06 23:03 258904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-06-11 00:10 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-11 00:10 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-11 00:10 . 2012-03-06 23:02 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-06-11 00:10 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-11 00:10 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-11 00:10 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-11 00:10 . 2012-03-06 22:44 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-06-11 00:09 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-11 00:09 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-06-11 00:09 . 2012-06-11 00:09 -------- d-----w- c:\programdata\AVAST Software
2012-06-11 00:09 . 2012-06-11 00:09 -------- d-----w- c:\program files\AVAST Software
2012-06-10 03:27 . 2012-06-10 03:27 -------- d-----w- c:\users\Antonio\AppData\Roaming\Malwarebytes
2012-06-10 03:27 . 2012-06-10 03:27 -------- d-----w- c:\programdata\Malwarebytes
2012-06-09 11:45 . 2012-06-09 21:34 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-09 04:14 . 2012-06-09 04:14 -------- d-----w- c:\program files (x86)\ESET
2012-06-09 03:57 . 2012-06-09 03:57 -------- d-----w- c:\users\Antonio\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 03:56 . 2012-06-09 08:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-09 03:56 . 2012-06-09 03:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-09 03:35 . 2012-06-09 03:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-08 23:16 . 2012-06-08 23:47 -------- d-----w- c:\program files\Bitdefender
2012-06-08 23:05 . 2012-06-08 23:05 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2012-06-08 22:55 . 2012-06-09 08:43 -------- d-----w- c:\users\Antonio\AppData\Local\liQeNSoft
2012-06-08 22:50 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-08 22:50 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-08 22:50 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-08 22:50 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-08 22:49 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-08 22:49 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-08 22:49 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-08 22:49 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-08 22:49 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-08 21:37 . 2012-06-08 21:37 -------- d-----w- c:\programdata\BDLogging
2012-06-08 21:29 . 2012-06-08 21:29 -------- d-----w- c:\users\Antonio\AppData\Roaming\QuickScan
2012-06-08 21:26 . 2012-06-08 23:46 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-06-08 21:07 . 2012-06-09 08:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-08 21:03 . 2012-06-08 21:03 -------- d-----w- c:\program files (x86)\Iceberg Interactive
2012-06-08 09:58 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0AAFC42-581B-4313-AEE4-F7308C42ADA2}\mpengine.dll
2012-06-05 00:38 . 2012-06-05 00:38 -------- d-----w- c:\program files (x86)\Maxis
2012-06-03 21:47 . 2012-06-03 21:47 -------- d-----w- c:\users\Antonio\AppData\Local\CRE
2012-06-03 21:47 . 2012-06-03 21:47 -------- d-----w- c:\users\Antonio\AppData\Local\Conduit
2012-06-03 21:47 . 2012-06-03 21:47 -------- d-----w- c:\program files (x86)\Conduit
2012-06-03 21:47 . 2012-06-09 08:43 -------- d-----w- c:\program files (x86)\uTorrentControl2
2012-06-01 12:31 . 2012-06-01 12:31 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-31 04:27 . 2012-05-31 05:17 -------- d-----w- c:\users\Antonio\AppData\Roaming\Mount&Blade
2012-05-25 03:45 . 2012-05-25 03:46 -------- d-----w- c:\users\Antonio\AppData\Roaming\Mount&Blade Warband
2012-05-25 03:40 . 2012-06-09 08:43 -------- d-----w- c:\program files (x86)\Mount&Blade Warband
2012-05-21 21:11 . 2012-05-21 21:11 -------- d-----w- c:\program files (x86)\Paradox Entertainment
2012-05-16 02:09 . 2012-05-16 02:09 -------- d-----w- c:\program files\iPod
2012-05-16 02:09 . 2012-06-09 08:43 -------- d-----w- c:\program files (x86)\iTunes
2012-05-16 02:09 . 2012-06-09 08:43 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 15:01 . 2012-04-28 02:34 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2012-06-11 16:10 . 2010-06-14 19:06 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-21 12:19 . 2011-03-31 20:25 101400 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-01 17:06 . 2012-04-01 17:06 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-01 17:06 . 2011-10-26 18:06 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-31 06:05 . 2012-05-09 08:22 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-09 08:22 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 08:22 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-09 08:22 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-09 08:21 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-09 08:21 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuToerror.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuToerror.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuToerror.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DIMDownloading your update...1300677038363"="c:\program files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe" [2010-01-13 95592]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Spotify Web Helper"="c:\users\Antonio\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-04 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2008-12-04 77824]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 01:55 49208 ----a-w- c:\program files (x86)\hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2008-11-20 17:47 62768 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-03-11 00:16 98304 ----a-w- c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut]
2009-05-20 05:16 222504 ------w- c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 ATIXPGAA;ATIXPGAA; [x]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dump_wmimmc;dump_wmimmc; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys [x]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Antonio\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-06-10 23208]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-05-21 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-05-21 297048]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-06 134920]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-01-07 218112]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-08-14 517632]
S2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-05-21 976728]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 17:06]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 08:48]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 08:48]
.
2012-06-11 c:\windows\Tasks\HPCeeScheduleForAntonio.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 10:22]
.
2012-06-04 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files (x86)\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\8v1m39ie.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=102868&gct=hp
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-90F965C60EAEAD777CBE4F3948EA1869D6916F18._service_run - c:\users\Antonio\AppData\Local\Google\Chrome\Application\chrome.exe
MSConfigStartUp-HP Remote Solution - %ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
AddRemove-HaaliMkx - c:\windows\system32\uninstall.exe
AddRemove-UnityWebPlayer - c:\users\Antonio\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-12 11:25:26
ComboFix-quarantined-files.txt 2012-06-12 16:25
.
Pre-Run: 155,417,677,824 bytes free
Post-Run: 155,064,967,168 bytes free
.
- - End Of File - - 8D855B8FD6DC65E52739FA3AE492124E

I'm not getting anymore virus blocks from avast so far. Malwarebytes still freezes during scan but I think that may be something different.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 12 June 2012 - 11:55 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 EdgarM

EdgarM
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 12 June 2012 - 12:50 PM

12:00:39.0673 3012 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
12:00:41.0686 3012 ============================================================
12:00:41.0686 3012 Current date / time: 2012/06/12 12:00:41.0686
12:00:41.0686 3012 SystemInfo:
12:00:41.0686 3012
12:00:41.0686 3012 OS Version: 6.1.7601 ServicePack: 1.0
12:00:41.0686 3012 Product type: Workstation
12:00:41.0686 3012 ComputerName: RUBEN-PC
12:00:41.0686 3012 UserName: Antonio
12:00:41.0686 3012 Windows directory: C:\Windows
12:00:41.0686 3012 System windows directory: C:\Windows
12:00:41.0686 3012 Running under WOW64
12:00:41.0686 3012 Processor architecture: Intel x64
12:00:41.0686 3012 Number of processors: 4
12:00:41.0686 3012 Page size: 0x1000
12:00:41.0686 3012 Boot type: Normal boot
12:00:41.0686 3012 ============================================================
12:00:42.0637 3012 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:00:42.0668 3012 ============================================================
12:00:42.0668 3012 \Device\Harddisk0\DR0:
12:00:42.0668 3012 MBR partitions:
12:00:42.0668 3012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:00:42.0668 3012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72E26000
12:00:42.0668 3012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72E58800, BlocksNum 0x18AD800
12:00:42.0668 3012 ============================================================
12:00:42.0700 3012 C: <-> \Device\Harddisk0\DR0\Partition1
12:00:42.0762 3012 D: <-> \Device\Harddisk0\DR0\Partition2
12:00:42.0762 3012 ============================================================
12:00:42.0762 3012 Initialize success
12:00:42.0762 3012 ============================================================
12:01:03.0307 5656 ============================================================
12:01:03.0307 5656 Scan started
12:01:03.0307 5656 Mode: Manual;
12:01:03.0307 5656 ============================================================
12:01:04.0009 5656 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:01:04.0025 5656 !SASCORE - ok
12:01:04.0165 5656 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:01:04.0165 5656 1394ohci - ok
12:01:04.0321 5656 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Users\Antonio\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys
12:01:04.0321 5656 A2DDA - ok
12:01:04.0368 5656 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:01:04.0384 5656 ACPI - ok
12:01:04.0431 5656 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:01:04.0431 5656 AcpiPmi - ok
12:01:04.0540 5656 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:01:04.0540 5656 AdobeFlashPlayerUpdateSvc - ok
12:01:04.0587 5656 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:01:04.0587 5656 adp94xx - ok
12:01:04.0633 5656 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:01:04.0633 5656 adpahci - ok
12:01:04.0649 5656 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:01:04.0665 5656 adpu320 - ok
12:01:04.0680 5656 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:01:04.0680 5656 AeLookupSvc - ok
12:01:04.0743 5656 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:01:04.0743 5656 AFD - ok
12:01:04.0774 5656 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:01:04.0774 5656 agp440 - ok
12:01:04.0805 5656 ahcix64s (3327e85cadb3b65ee36016e35bcc0adc) C:\Windows\system32\DRIVERS\ahcix64s.sys
12:01:04.0805 5656 ahcix64s - ok
12:01:04.0867 5656 aksdf (95bc4330fa44240ca00c641a73c7e62d) C:\Windows\system32\drivers\aksdf.sys
12:01:04.0867 5656 aksdf - ok
12:01:04.0899 5656 akshasp (a56f1b0f967aef8a82d7771e6d166def) C:\Windows\system32\DRIVERS\akshasp.sys
12:01:04.0899 5656 akshasp - ok
12:01:04.0945 5656 aksusb (a9a09bc526e614ce9f29bb23c2a76ced) C:\Windows\system32\DRIVERS\aksusb.sys
12:01:04.0945 5656 aksusb - ok
12:01:04.0961 5656 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:01:04.0961 5656 ALG - ok
12:01:04.0977 5656 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:01:04.0977 5656 aliide - ok
12:01:05.0023 5656 AMD External Events Utility (998021e7c3de3e97e441abace498ffb6) C:\Windows\system32\atiesrxx.exe
12:01:05.0023 5656 AMD External Events Utility - ok
12:01:05.0039 5656 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:01:05.0039 5656 amdide - ok
12:01:05.0055 5656 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:01:05.0055 5656 AmdK8 - ok
12:01:05.0429 5656 amdkmdag (250d5b746fff9b7d88591ee60b63b3e4) C:\Windows\system32\DRIVERS\atikmdag.sys
12:01:05.0538 5656 amdkmdag - ok
12:01:05.0772 5656 amdkmdap (781daec0c3e63950cca53d193582f2e8) C:\Windows\system32\DRIVERS\atikmpag.sys
12:01:05.0772 5656 amdkmdap - ok
12:01:05.0803 5656 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:01:05.0803 5656 AmdPPM - ok
12:01:05.0850 5656 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:01:05.0850 5656 amdsata - ok
12:01:05.0881 5656 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:01:05.0881 5656 amdsbs - ok
12:01:05.0897 5656 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:01:05.0897 5656 amdxata - ok
12:01:05.0991 5656 AMD_RAIDXpert (b01289cc07a2e21c4efca722d1efb243) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
12:01:05.0991 5656 AMD_RAIDXpert - ok
12:01:06.0037 5656 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:01:06.0037 5656 AppID - ok
12:01:06.0053 5656 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:01:06.0053 5656 AppIDSvc - ok
12:01:06.0100 5656 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:01:06.0100 5656 Appinfo - ok
12:01:06.0225 5656 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:01:06.0225 5656 Apple Mobile Device - ok
12:01:06.0256 5656 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:01:06.0256 5656 arc - ok
12:01:06.0271 5656 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:01:06.0271 5656 arcsas - ok
12:01:06.0396 5656 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:01:06.0396 5656 aspnet_state - ok
12:01:06.0427 5656 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
12:01:06.0427 5656 aswFsBlk - ok
12:01:06.0474 5656 aswFW (ffe56ac75a257141561daf42c3f7d16b) C:\Windows\system32\drivers\aswFW.sys
12:01:06.0474 5656 aswFW - ok
12:01:06.0537 5656 aswKbd (316271cc32fdfffcdb30677684906d5e) C:\Windows\system32\drivers\aswKbd.sys
12:01:06.0537 5656 aswKbd - ok
12:01:06.0583 5656 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
12:01:06.0599 5656 aswMonFlt - ok
12:01:06.0630 5656 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
12:01:06.0630 5656 aswNdis - ok
12:01:06.0646 5656 aswNdis2 (36dbcb80e0af1dc228f495faf00a4bc8) C:\Windows\system32\drivers\aswNdis2.sys
12:01:06.0646 5656 aswNdis2 - ok
12:01:06.0677 5656 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
12:01:06.0677 5656 aswRdr - ok
12:01:06.0724 5656 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
12:01:06.0739 5656 aswSnx - ok
12:01:06.0802 5656 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
12:01:06.0802 5656 aswSP - ok
12:01:06.0817 5656 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
12:01:06.0817 5656 aswTdi - ok
12:01:06.0864 5656 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:01:06.0864 5656 AsyncMac - ok
12:01:06.0895 5656 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:01:06.0895 5656 atapi - ok
12:01:06.0989 5656 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\Windows\system32\DRIVERS\athrx.sys
12:01:07.0020 5656 athr - ok
12:01:07.0129 5656 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
12:01:07.0145 5656 AtiHdmiService - ok
12:01:07.0488 5656 atikmdag (250d5b746fff9b7d88591ee60b63b3e4) C:\Windows\system32\DRIVERS\atikmdag.sys
12:01:07.0535 5656 atikmdag - ok
12:01:07.0613 5656 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
12:01:07.0613 5656 AtiPcie - ok
12:01:07.0644 5656 ATIXPGAA - ok
12:01:07.0707 5656 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:01:07.0722 5656 AudioEndpointBuilder - ok
12:01:07.0738 5656 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:01:07.0738 5656 AudioSrv - ok
12:01:07.0831 5656 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:01:07.0831 5656 avast! Antivirus - ok
12:01:07.0878 5656 avast! Firewall (7d465549dfb0eca6601e9609c72cd20a) C:\Program Files\AVAST Software\Avast\afwServ.exe
12:01:07.0878 5656 avast! Firewall - ok
12:01:07.0925 5656 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:01:07.0925 5656 AxInstSV - ok
12:01:07.0987 5656 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:01:07.0987 5656 b06bdrv - ok
12:01:08.0034 5656 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:01:08.0034 5656 b57nd60a - ok
12:01:08.0065 5656 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:01:08.0065 5656 BDESVC - ok
12:01:08.0081 5656 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:01:08.0081 5656 Beep - ok
12:01:08.0159 5656 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:01:08.0175 5656 BFE - ok
12:01:08.0237 5656 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:01:08.0253 5656 BITS - ok
12:01:08.0299 5656 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:01:08.0315 5656 blbdrive - ok
12:01:08.0440 5656 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:01:08.0440 5656 Bonjour Service - ok
12:01:08.0487 5656 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:01:08.0487 5656 bowser - ok
12:01:08.0518 5656 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:01:08.0518 5656 BrFiltLo - ok
12:01:08.0533 5656 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:01:08.0533 5656 BrFiltUp - ok
12:01:08.0549 5656 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:01:08.0549 5656 BridgeMP - ok
12:01:08.0596 5656 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:01:08.0596 5656 Browser - ok
12:01:08.0627 5656 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:01:08.0627 5656 Brserid - ok
12:01:08.0643 5656 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:01:08.0658 5656 BrSerWdm - ok
12:01:08.0674 5656 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:01:08.0674 5656 BrUsbMdm - ok
12:01:08.0674 5656 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:01:08.0674 5656 BrUsbSer - ok
12:01:08.0705 5656 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:01:08.0705 5656 BTHMODEM - ok
12:01:08.0736 5656 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:01:08.0736 5656 bthserv - ok
12:01:08.0752 5656 catchme - ok
12:01:08.0783 5656 CBDisk (b99d91e4cd9017f213645aa2e80eb425) C:\Windows\system32\drivers\CBDisk.sys
12:01:08.0783 5656 CBDisk - ok
12:01:08.0830 5656 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:01:08.0830 5656 cdfs - ok
12:01:08.0877 5656 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:01:08.0877 5656 cdrom - ok
12:01:08.0939 5656 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:01:08.0939 5656 CertPropSvc - ok
12:01:08.0970 5656 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:01:08.0970 5656 circlass - ok
12:01:09.0001 5656 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:01:09.0001 5656 CLFS - ok
12:01:09.0064 5656 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:01:09.0079 5656 clr_optimization_v2.0.50727_32 - ok
12:01:09.0095 5656 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:01:09.0095 5656 clr_optimization_v2.0.50727_64 - ok
12:01:09.0204 5656 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:01:09.0204 5656 clr_optimization_v4.0.30319_32 - ok
12:01:09.0282 5656 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:01:09.0282 5656 clr_optimization_v4.0.30319_64 - ok
12:01:09.0345 5656 clwvd (e13a438f9e51dd034730678e33b73290) C:\Windows\system32\DRIVERS\clwvd.sys
12:01:09.0345 5656 clwvd - ok
12:01:09.0376 5656 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:01:09.0376 5656 CmBatt - ok
12:01:09.0407 5656 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:01:09.0407 5656 cmdide - ok
12:01:09.0454 5656 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:01:09.0454 5656 CNG - ok
12:01:09.0485 5656 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:01:09.0485 5656 Compbatt - ok
12:01:09.0516 5656 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:01:09.0516 5656 CompositeBus - ok
12:01:09.0532 5656 COMSysApp - ok
12:01:09.0563 5656 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:01:09.0563 5656 crcdisk - ok
12:01:09.0594 5656 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:01:09.0610 5656 CryptSvc - ok
12:01:09.0657 5656 dalwdmservice (20b51198df64dd6ced07be75abc4df93) C:\Windows\system32\drivers\dalwdm.sys
12:01:09.0657 5656 dalwdmservice - ok
12:01:09.0672 5656 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
12:01:09.0688 5656 dc3d - ok
12:01:09.0719 5656 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:01:09.0735 5656 DcomLaunch - ok
12:01:09.0766 5656 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:01:09.0781 5656 defragsvc - ok
12:01:09.0813 5656 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:01:09.0813 5656 DfsC - ok
12:01:09.0891 5656 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:01:09.0891 5656 Dhcp - ok
12:01:09.0937 5656 DigiNet (faa97c2e28a2a7afbb156b78ff30f710) C:\Windows\system32\DRIVERS\diginet.sys
12:01:09.0937 5656 DigiNet - ok
12:01:10.0047 5656 DigiRefresh - ok
12:01:10.0125 5656 digiSPTIService (52e112e8b13522352db42b78ac9bab0c) C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe
12:01:10.0125 5656 digiSPTIService - ok
12:01:10.0156 5656 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:01:10.0156 5656 discache - ok
12:01:10.0203 5656 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:01:10.0203 5656 Disk - ok
12:01:10.0249 5656 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:01:10.0265 5656 Dnscache - ok
12:01:10.0296 5656 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:01:10.0296 5656 dot3svc - ok
12:01:10.0343 5656 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
12:01:10.0359 5656 Dot4 - ok
12:01:10.0390 5656 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:01:10.0390 5656 Dot4Print - ok
12:01:10.0421 5656 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
12:01:10.0421 5656 dot4usb - ok
12:01:10.0452 5656 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:01:10.0452 5656 DPS - ok
12:01:10.0483 5656 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:01:10.0483 5656 drmkaud - ok
12:01:10.0530 5656 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:01:10.0546 5656 dtsoftbus01 - ok
12:01:10.0561 5656 dump_wmimmc - ok
12:01:10.0624 5656 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:01:10.0624 5656 DXGKrnl - ok
12:01:10.0686 5656 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:01:10.0686 5656 EapHost - ok
12:01:10.0873 5656 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:01:10.0920 5656 ebdrv - ok
12:01:11.0029 5656 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:01:11.0029 5656 EFS - ok
12:01:11.0092 5656 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:01:11.0107 5656 ehRecvr - ok
12:01:11.0123 5656 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:01:11.0139 5656 ehSched - ok
12:01:11.0217 5656 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:01:11.0217 5656 elxstor - ok
12:01:11.0248 5656 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:01:11.0248 5656 ErrDev - ok
12:01:11.0279 5656 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:01:11.0279 5656 EventSystem - ok
12:01:11.0310 5656 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:01:11.0326 5656 exfat - ok
12:01:11.0341 5656 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:01:11.0341 5656 fastfat - ok
12:01:11.0404 5656 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:01:11.0419 5656 Fax - ok
12:01:11.0466 5656 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:01:11.0466 5656 fdc - ok
12:01:11.0482 5656 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:01:11.0482 5656 fdPHost - ok
12:01:11.0482 5656 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:01:11.0482 5656 FDResPub - ok
12:01:11.0513 5656 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:01:11.0513 5656 FileInfo - ok
12:01:11.0529 5656 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:01:11.0529 5656 Filetrace - ok
12:01:11.0669 5656 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:01:11.0685 5656 FLEXnet Licensing Service - ok
12:01:11.0716 5656 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:01:11.0716 5656 flpydisk - ok
12:01:11.0747 5656 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:01:11.0763 5656 FltMgr - ok
12:01:11.0825 5656 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:01:11.0841 5656 FontCache - ok
12:01:11.0903 5656 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:01:11.0919 5656 FontCache3.0.0.0 - ok
12:01:11.0934 5656 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:01:11.0934 5656 FsDepends - ok
12:01:11.0965 5656 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:01:11.0965 5656 Fs_Rec - ok
12:01:11.0997 5656 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:01:11.0997 5656 fvevol - ok
12:01:12.0012 5656 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:01:12.0012 5656 gagp30kx - ok
12:01:12.0059 5656 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
12:01:12.0059 5656 GameConsoleService - ok
12:01:12.0121 5656 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:01:12.0121 5656 GEARAspiWDM - ok
12:01:12.0184 5656 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:01:12.0199 5656 gpsvc - ok
12:01:12.0293 5656 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:01:12.0293 5656 gupdate - ok
12:01:12.0309 5656 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:01:12.0309 5656 gupdatem - ok
12:01:12.0355 5656 hardlock (78fad9117e4527f2ca82259da10f40bd) C:\Windows\system32\drivers\hardlock.sys
12:01:12.0371 5656 hardlock - ok
12:01:12.0387 5656 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:01:12.0387 5656 hcw85cir - ok
12:01:12.0433 5656 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:01:12.0433 5656 HDAudBus - ok
12:01:12.0449 5656 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:01:12.0449 5656 HidBatt - ok
12:01:12.0496 5656 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:01:12.0496 5656 HidBth - ok
12:01:12.0511 5656 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:01:12.0511 5656 HidIr - ok
12:01:12.0543 5656 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:01:12.0543 5656 hidserv - ok
12:01:12.0589 5656 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:01:12.0589 5656 HidUsb - ok
12:01:12.0621 5656 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:01:12.0621 5656 hkmsvc - ok
12:01:12.0652 5656 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:01:12.0667 5656 HomeGroupListener - ok
12:01:12.0699 5656 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:01:12.0699 5656 HomeGroupProvider - ok
12:01:12.0823 5656 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
12:01:12.0823 5656 HP Support Assistant Service - ok
12:01:12.0839 5656 HPBtnSrv (deab3bf5aefbdc3f9ac0e020926ec81d) C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
12:01:12.0839 5656 HPBtnSrv - ok
12:01:12.0901 5656 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
12:01:12.0901 5656 HPDrvMntSvc.exe - ok
12:01:12.0995 5656 hpqcxs08 (97aac45a375168c6a2297beeb9692e31) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:01:12.0995 5656 hpqcxs08 - ok
12:01:13.0026 5656 hpqddsvc (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:01:13.0026 5656 hpqddsvc - ok
12:01:13.0089 5656 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
12:01:13.0089 5656 hpqwmiex - ok
12:01:13.0198 5656 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:01:13.0213 5656 HpSAMD - ok
12:01:13.0276 5656 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:01:13.0291 5656 HPSLPSVC - ok
12:01:13.0385 5656 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:01:13.0416 5656 HTTP - ok
12:01:13.0463 5656 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:01:13.0463 5656 hwpolicy - ok
12:01:13.0510 5656 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:01:13.0525 5656 i8042prt - ok
12:01:13.0572 5656 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:01:13.0572 5656 iaStorV - ok
12:01:13.0681 5656 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:01:13.0681 5656 idsvc - ok
12:01:13.0728 5656 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:01:13.0728 5656 iirsp - ok
12:01:13.0775 5656 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:01:13.0806 5656 IKEEXT - ok
12:01:13.0931 5656 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
12:01:13.0947 5656 IntcAzAudAddService - ok
12:01:13.0978 5656 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:01:13.0978 5656 intelide - ok
12:01:14.0009 5656 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:01:14.0025 5656 intelppm - ok
12:01:14.0071 5656 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:01:14.0071 5656 IPBusEnum - ok
12:01:14.0103 5656 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:01:14.0103 5656 IpFilterDriver - ok
12:01:14.0165 5656 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:01:14.0181 5656 iphlpsvc - ok
12:01:14.0227 5656 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:01:14.0227 5656 IPMIDRV - ok
12:01:14.0259 5656 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:01:14.0259 5656 IPNAT - ok
12:01:14.0383 5656 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
12:01:14.0383 5656 iPod Service - ok
12:01:14.0415 5656 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:01:14.0415 5656 IRENUM - ok
12:01:14.0446 5656 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:01:14.0446 5656 isapnp - ok
12:01:14.0477 5656 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:01:14.0477 5656 iScsiPrt - ok
12:01:14.0508 5656 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:01:14.0508 5656 kbdclass - ok
12:01:14.0539 5656 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:01:14.0539 5656 kbdhid - ok
12:01:14.0586 5656 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:01:14.0586 5656 KeyIso - ok
12:01:14.0586 5656 KMService - ok
12:01:14.0617 5656 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:01:14.0617 5656 KSecDD - ok
12:01:14.0649 5656 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:01:14.0649 5656 KSecPkg - ok
12:01:14.0664 5656 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:01:14.0664 5656 ksthunk - ok
12:01:14.0680 5656 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:01:14.0695 5656 KtmRm - ok
12:01:14.0727 5656 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:01:14.0727 5656 LanmanServer - ok
12:01:14.0773 5656 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:01:14.0773 5656 LanmanWorkstation - ok
12:01:14.0867 5656 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:01:14.0867 5656 LightScribeService - ok
12:01:14.0898 5656 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:01:14.0898 5656 lltdio - ok
12:01:14.0929 5656 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:01:14.0929 5656 lltdsvc - ok
12:01:14.0961 5656 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:01:14.0961 5656 lmhosts - ok
12:01:15.0007 5656 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:01:15.0007 5656 LSI_FC - ok
12:01:15.0023 5656 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:01:15.0039 5656 LSI_SAS - ok
12:01:15.0054 5656 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:01:15.0054 5656 LSI_SAS2 - ok
12:01:15.0085 5656 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:01:15.0101 5656 LSI_SCSI - ok
12:01:15.0117 5656 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:01:15.0117 5656 luafv - ok
12:01:15.0179 5656 M4LIC (543080d7653128b1fa7cd8f7db22badb) C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
12:01:15.0179 5656 M4LIC - ok
12:01:15.0288 5656 MacDrive8Service (82162d1310f648a297ba565f6186501f) C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
12:01:15.0288 5656 MacDrive8Service - ok
12:01:15.0351 5656 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
12:01:15.0351 5656 ManyCam - ok
12:01:15.0397 5656 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
12:01:15.0397 5656 MBAMProtector - ok
12:01:15.0475 5656 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:01:15.0491 5656 MBAMService - ok
12:01:15.0522 5656 MBX2DFU (8246015402271e38e91d3aa49dbc5f5c) C:\Windows\system32\DRIVERS\MBX2DFU.sys
12:01:15.0522 5656 MBX2DFU - ok
12:01:15.0538 5656 MBX2MIDK (a8e67055e039356f81c29d25357f22f2) C:\Windows\system32\drivers\mbx2midk.sys
12:01:15.0538 5656 MBX2MIDK - ok
12:01:15.0647 5656 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
12:01:15.0647 5656 McciCMService - ok
12:01:15.0725 5656 McciCMService64 (859e5a32485178daeca06b52e2bb44b2) C:\Program Files\Common Files\Motive\McciCMService.exe
12:01:15.0725 5656 McciCMService64 - ok
12:01:15.0787 5656 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
12:01:15.0787 5656 mcdbus - ok
12:01:15.0819 5656 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:01:15.0819 5656 Mcx2Svc - ok
12:01:15.0865 5656 MDFSYSNT (72040607e6e4115c154d730219bafab3) C:\Windows\system32\drivers\MDFSYSNT.sys
12:01:15.0881 5656 MDFSYSNT - ok
12:01:15.0912 5656 MDPMGRNT (f2ef49c3e47bd3fb6ee71371e7eee0af) C:\Windows\system32\DRIVERS\MDPMGRNT.SYS
12:01:15.0912 5656 MDPMGRNT - ok
12:01:15.0928 5656 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:01:15.0928 5656 megasas - ok
12:01:15.0975 5656 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:01:15.0975 5656 MegaSR - ok
12:01:16.0068 5656 Microsoft SharePoint Workspace Audit Service - ok
12:01:16.0099 5656 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:01:16.0099 5656 MMCSS - ok
12:01:16.0131 5656 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:01:16.0131 5656 Modem - ok
12:01:16.0177 5656 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:01:16.0177 5656 monitor - ok
12:01:16.0224 5656 MotioninJoyXFilter (5fec1ff5bb9a1fa5c9cf4544d19d6d5d) C:\Windows\system32\DRIVERS\MijXfilt.sys
12:01:16.0224 5656 MotioninJoyXFilter - ok
12:01:16.0255 5656 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:01:16.0255 5656 mouclass - ok
12:01:16.0287 5656 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:01:16.0302 5656 mouhid - ok
12:01:16.0333 5656 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:01:16.0333 5656 mountmgr - ok
12:01:16.0396 5656 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:01:16.0396 5656 mpio - ok
12:01:16.0411 5656 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:01:16.0411 5656 mpsdrv - ok
12:01:16.0583 5656 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:01:16.0614 5656 MpsSvc - ok
12:01:16.0692 5656 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
12:01:16.0692 5656 MREMP50 - ok
12:01:16.0739 5656 MREMP50a64 - ok
12:01:16.0739 5656 MREMPR5 - ok
12:01:16.0739 5656 MRENDIS5 - ok
12:01:16.0755 5656 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
12:01:16.0755 5656 MRESP50 - ok
12:01:16.0770 5656 MRESP50a64 - ok
12:01:16.0817 5656 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:01:16.0817 5656 MRxDAV - ok
12:01:16.0848 5656 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:01:16.0848 5656 mrxsmb - ok
12:01:16.0895 5656 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:01:16.0895 5656 mrxsmb10 - ok
12:01:16.0926 5656 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:01:16.0926 5656 mrxsmb20 - ok
12:01:16.0957 5656 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:01:16.0957 5656 msahci - ok
12:01:16.0973 5656 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:01:16.0973 5656 msdsm - ok
12:01:17.0004 5656 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:01:17.0004 5656 MSDTC - ok
12:01:17.0020 5656 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:01:17.0020 5656 Msfs - ok
12:01:17.0051 5656 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:01:17.0051 5656 mshidkmdf - ok
12:01:17.0082 5656 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:01:17.0082 5656 msisadrv - ok
12:01:17.0113 5656 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:01:17.0113 5656 MSiSCSI - ok
12:01:17.0113 5656 msiserver - ok
12:01:17.0129 5656 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:01:17.0129 5656 MSKSSRV - ok
12:01:17.0145 5656 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:01:17.0145 5656 MSPCLOCK - ok
12:01:17.0160 5656 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:01:17.0160 5656 MSPQM - ok
12:01:17.0207 5656 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:01:17.0207 5656 MsRPC - ok
12:01:17.0223 5656 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:01:17.0223 5656 mssmbios - ok
12:01:17.0316 5656 MSSQL$INFLOWSQL - ok
12:01:17.0410 5656 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:01:17.0410 5656 MSSQLServerADHelper - ok
12:01:17.0425 5656 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:01:17.0425 5656 MSTEE - ok
12:01:17.0441 5656 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:01:17.0441 5656 MTConfig - ok
12:01:17.0472 5656 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:01:17.0472 5656 Mup - ok
12:01:17.0535 5656 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:01:17.0535 5656 napagent - ok
12:01:17.0566 5656 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:01:17.0566 5656 NativeWifiP - ok
12:01:17.0628 5656 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:01:17.0675 5656 NDIS - ok
12:01:17.0691 5656 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:01:17.0691 5656 NdisCap - ok
12:01:17.0722 5656 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:01:17.0722 5656 NdisTapi - ok
12:01:17.0753 5656 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:01:17.0769 5656 Ndisuio - ok
12:01:17.0800 5656 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:01:17.0800 5656 NdisWan - ok
12:01:17.0831 5656 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:01:17.0831 5656 NDProxy - ok
12:01:17.0909 5656 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
12:01:17.0909 5656 Net Driver HPZ12 - ok
12:01:17.0925 5656 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:01:17.0925 5656 NetBIOS - ok
12:01:17.0971 5656 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:01:17.0971 5656 NetBT - ok
12:01:18.0018 5656 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:01:18.0018 5656 Netlogon - ok
12:01:18.0049 5656 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:01:18.0065 5656 Netman - ok
12:01:18.0174 5656 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:01:18.0174 5656 NetMsmqActivator - ok
12:01:18.0190 5656 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:01:18.0190 5656 NetPipeActivator - ok
12:01:18.0221 5656 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:01:18.0221 5656 netprofm - ok
12:01:18.0221 5656 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:01:18.0221 5656 NetTcpActivator - ok
12:01:18.0221 5656 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:01:18.0237 5656 NetTcpPortSharing - ok
12:01:18.0283 5656 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:01:18.0283 5656 nfrd960 - ok
12:01:18.0330 5656 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:01:18.0330 5656 NlaSvc - ok
12:01:18.0346 5656 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:01:18.0346 5656 Npfs - ok
12:01:18.0361 5656 npggsvc - ok
12:01:18.0361 5656 NPPTNT2 - ok
12:01:18.0377 5656 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:01:18.0377 5656 nsi - ok
12:01:18.0393 5656 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:01:18.0393 5656 nsiproxy - ok
12:01:18.0486 5656 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:01:18.0502 5656 Ntfs - ok
12:01:18.0611 5656 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
12:01:18.0611 5656 NuidFltr - ok
12:01:18.0627 5656 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:01:18.0627 5656 Null - ok
12:01:18.0658 5656 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:01:18.0658 5656 nvraid - ok
12:01:18.0705 5656 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:01:18.0705 5656 nvstor - ok
12:01:18.0720 5656 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:01:18.0736 5656 nv_agp - ok
12:01:18.0767 5656 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:01:18.0767 5656 ohci1394 - ok
12:01:18.0861 5656 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:01:18.0876 5656 ose - ok
12:01:19.0126 5656 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:01:19.0157 5656 osppsvc - ok
12:01:19.0219 5656 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:01:19.0219 5656 p2pimsvc - ok
12:01:19.0266 5656 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:01:19.0266 5656 p2psvc - ok
12:01:19.0313 5656 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:01:19.0313 5656 Parport - ok
12:01:19.0344 5656 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:01:19.0344 5656 partmgr - ok
12:01:19.0360 5656 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:01:19.0375 5656 PcaSvc - ok
12:01:19.0375 5656 PcdrNdisuio - ok
12:01:19.0422 5656 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:01:19.0422 5656 pci - ok
12:01:19.0438 5656 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:01:19.0438 5656 pciide - ok
12:01:19.0453 5656 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:01:19.0469 5656 pcmcia - ok
12:01:19.0485 5656 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:01:19.0485 5656 pcw - ok
12:01:19.0531 5656 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:01:19.0531 5656 PEAUTH - ok
12:01:19.0609 5656 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:01:19.0625 5656 PerfHost - ok
12:01:19.0734 5656 PinnacleUpdateSvc (0015113a604b94769ab5159e8dcfc6e6) C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
12:01:19.0750 5656 PinnacleUpdateSvc - ok
12:01:19.0859 5656 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:01:19.0875 5656 pla - ok
12:01:19.0984 5656 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:01:19.0984 5656 PlugPlay - ok
12:01:20.0046 5656 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
12:01:20.0046 5656 Pml Driver HPZ12 - ok
12:01:20.0062 5656 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:01:20.0062 5656 PNRPAutoReg - ok
12:01:20.0093 5656 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:01:20.0093 5656 PNRPsvc - ok
12:01:20.0140 5656 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
12:01:20.0140 5656 Point64 - ok
12:01:20.0187 5656 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:01:20.0187 5656 PolicyAgent - ok
12:01:20.0218 5656 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:01:20.0218 5656 Power - ok
12:01:20.0249 5656 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:01:20.0249 5656 PptpMiniport - ok
12:01:20.0280 5656 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:01:20.0296 5656 Processor - ok
12:01:20.0311 5656 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:01:20.0327 5656 ProfSvc - ok
12:01:20.0358 5656 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:01:20.0358 5656 ProtectedStorage - ok
12:01:20.0389 5656 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:01:20.0389 5656 Psched - ok
12:01:20.0467 5656 PSI_SVC_2 (0b6dea0a1662cab8f2bf339dc0752ef4) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
12:01:20.0467 5656 PSI_SVC_2 - ok
12:01:20.0545 5656 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:01:20.0577 5656 ql2300 - ok
12:01:20.0655 5656 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:01:20.0655 5656 ql40xx - ok
12:01:20.0686 5656 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:01:20.0686 5656 QWAVE - ok
12:01:20.0717 5656 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:01:20.0717 5656 QWAVEdrv - ok
12:01:20.0873 5656 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
12:01:20.0873 5656 RapportCerberus_34302 - ok
12:01:20.0935 5656 RapportEI64 (5e5b11eaaaa460f133fb35e7fe9402ca) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
12:01:20.0935 5656 RapportEI64 - ok
12:01:20.0982 5656 RapportKE64 (dd3291b208c6f1e26f7834066ddb4a27) C:\Windows\system32\Drivers\RapportKE64.sys
12:01:20.0982 5656 RapportKE64 - ok
12:01:21.0029 5656 RapportMgmtService (ecc41c2310997a800bebb218aaf1590d) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
12:01:21.0045 5656 RapportMgmtService - ok
12:01:21.0076 5656 RapportPG64 (a35434680a7083a67eb87de9e7d90569) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
12:01:21.0076 5656 RapportPG64 - ok
12:01:21.0123 5656 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:01:21.0123 5656 RasAcd - ok
12:01:21.0154 5656 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:01:21.0154 5656 RasAgileVpn - ok
12:01:21.0169 5656 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:01:21.0169 5656 RasAuto - ok
12:01:21.0201 5656 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:01:21.0216 5656 Rasl2tp - ok
12:01:21.0247 5656 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:01:21.0263 5656 RasMan - ok
12:01:21.0279 5656 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:01:21.0279 5656 RasPppoe - ok
12:01:21.0294 5656 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:01:21.0294 5656 RasSstp - ok
12:01:21.0341 5656 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:01:21.0341 5656 rdbss - ok
12:01:21.0357 5656 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:01:21.0357 5656 rdpbus - ok
12:01:21.0388 5656 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:01:21.0388 5656 RDPCDD - ok
12:01:21.0403 5656 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:01:21.0403 5656 RDPENCDD - ok
12:01:21.0435 5656 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:01:21.0435 5656 RDPREFMP - ok
12:01:21.0481 5656 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:01:21.0481 5656 RDPWD - ok
12:01:21.0544 5656 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:01:21.0544 5656 rdyboost - ok
12:01:21.0575 5656 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:01:21.0575 5656 RemoteAccess - ok
12:01:21.0591 5656 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:01:21.0606 5656 RemoteRegistry - ok
12:01:21.0700 5656 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
12:01:21.0700 5656 Revoflt - ok
12:01:21.0731 5656 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
12:01:21.0731 5656 RimUsb - ok
12:01:21.0747 5656 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:01:21.0747 5656 RpcEptMapper - ok
12:01:21.0762 5656 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:01:21.0762 5656 RpcLocator - ok
12:01:21.0809 5656 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:01:21.0825 5656 RpcSs - ok
12:01:21.0840 5656 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:01:21.0840 5656 rspndr - ok
12:01:21.0871 5656 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:01:21.0871 5656 RTL8167 - ok
12:01:21.0918 5656 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:01:21.0918 5656 SamSs - ok
12:01:21.0996 5656 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:01:21.0996 5656 SASDIFSV - ok
12:01:22.0012 5656 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:01:22.0012 5656 SASKUTIL - ok
12:01:22.0043 5656 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:01:22.0059 5656 sbp2port - ok
12:01:22.0074 5656 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:01:22.0074 5656 SCardSvr - ok
12:01:22.0105 5656 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:01:22.0105 5656 scfilter - ok
12:01:22.0183 5656 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:01:22.0199 5656 Schedule - ok
12:01:22.0230 5656 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:01:22.0230 5656 SCPolicySvc - ok
12:01:22.0277 5656 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:01:22.0277 5656 SDRSVC - ok
12:01:22.0324 5656 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:01:22.0324 5656 secdrv - ok
12:01:22.0355 5656 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:01:22.0371 5656 seclogon - ok
12:01:22.0386 5656 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:01:22.0386 5656 SENS - ok
12:01:22.0402 5656 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:01:22.0402 5656 SensrSvc - ok
12:01:22.0433 5656 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:01:22.0433 5656 Serenum - ok
12:01:22.0464 5656 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:01:22.0464 5656 Serial - ok
12:01:22.0495 5656 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:01:22.0495 5656 sermouse - ok
12:01:22.0542 5656 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:01:22.0542 5656 SessionEnv - ok
12:01:22.0573 5656 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:01:22.0573 5656 sffdisk - ok
12:01:22.0589 5656 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:01:22.0589 5656 sffp_mmc - ok
12:01:22.0605 5656 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:01:22.0605 5656 sffp_sd - ok
12:01:22.0636 5656 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:01:22.0636 5656 sfloppy - ok
12:01:22.0698 5656 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:01:22.0698 5656 SharedAccess - ok
12:01:22.0745 5656 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:01:22.0761 5656 ShellHWDetection - ok
12:01:22.0792 5656 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:01:22.0792 5656 SiSRaid2 - ok
12:01:22.0823 5656 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:01:22.0823 5656 SiSRaid4 - ok
12:01:22.0839 5656 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:01:22.0839 5656 Smb - ok
12:01:22.0870 5656 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:01:22.0885 5656 SNMPTRAP - ok
12:01:22.0885 5656 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:01:22.0885 5656 spldr - ok
12:01:22.0948 5656 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:01:22.0963 5656 Spooler - ok
12:01:23.0135 5656 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:01:23.0151 5656 sppsvc - ok
12:01:23.0229 5656 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:01:23.0229 5656 sppuinotify - ok
12:01:23.0338 5656 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
12:01:23.0369 5656 sptd - ok
12:01:23.0525 5656 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:01:23.0525 5656 SQLBrowser - ok
12:01:23.0587 5656 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:01:23.0587 5656 SQLWriter - ok
12:01:23.0665 5656 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:01:23.0665 5656 srv - ok
12:01:23.0728 5656 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:01:23.0728 5656 srv2 - ok
12:01:23.0759 5656 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:01:23.0759 5656 srvnet - ok
12:01:23.0790 5656 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:01:23.0806 5656 SSDPSRV - ok
12:01:23.0806 5656 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:01:23.0821 5656 SstpSvc - ok
12:01:23.0837 5656 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:01:23.0837 5656 stexstor - ok
12:01:23.0915 5656 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:01:23.0931 5656 stisvc - ok
12:01:23.0977 5656 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:01:23.0977 5656 swenum - ok
12:01:24.0102 5656 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:01:24.0102 5656 SwitchBoard - ok
12:01:24.0133 5656 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:01:24.0149 5656 swprv - ok
12:01:24.0258 5656 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:01:24.0305 5656 SysMain - ok
12:01:24.0414 5656 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:01:24.0414 5656 TabletInputService - ok
12:01:24.0461 5656 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:01:24.0461 5656 TapiSrv - ok
12:01:24.0492 5656 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:01:24.0492 5656 TBS - ok
12:01:24.0617 5656 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:01:24.0664 5656 Tcpip - ok
12:01:24.0773 5656 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:01:24.0789 5656 TCPIP6 - ok
12:01:24.0851 5656 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:01:24.0851 5656 tcpipreg - ok
12:01:24.0882 5656 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:01:24.0882 5656 TDPIPE - ok
12:01:24.0913 5656 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:01:24.0913 5656 TDTCP - ok
12:01:24.0960 5656 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:01:24.0960 5656 tdx - ok
12:01:24.0976 5656 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:01:24.0976 5656 TermDD - ok
12:01:25.0023 5656 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:01:25.0038 5656 TermService - ok
12:01:25.0054 5656 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:01:25.0069 5656 Themes - ok
12:01:25.0085 5656 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:01:25.0085 5656 THREADORDER - ok
12:01:25.0132 5656 Tpkd (7cace8801848966b7541e664000e4ee4) C:\Windows\system32\drivers\Tpkd.sys
12:01:25.0132 5656 Tpkd - ok
12:01:25.0147 5656 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:01:25.0147 5656 TrkWks - ok
12:01:25.0194 5656 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:01:25.0194 5656 TrustedInstaller - ok
12:01:25.0225 5656 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:01:25.0225 5656 tssecsrv - ok
12:01:25.0272 5656 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:01:25.0272 5656 TsUsbFlt - ok
12:01:25.0335 5656 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:01:25.0335 5656 tunnel - ok
12:01:25.0366 5656 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:01:25.0366 5656 uagp35 - ok
12:01:25.0413 5656 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:01:25.0413 5656 udfs - ok
12:01:25.0428 5656 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:01:25.0444 5656 UI0Detect - ok
12:01:25.0459 5656 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:01:25.0459 5656 uliagpkx - ok
12:01:25.0491 5656 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:01:25.0491 5656 umbus - ok
12:01:25.0522 5656 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:01:25.0522 5656 UmPass - ok
12:01:25.0553 5656 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:01:25.0569 5656 upnphost - ok
12:01:25.0600 5656 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
12:01:25.0600 5656 USBAAPL64 - ok
12:01:25.0678 5656 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:01:25.0678 5656 usbaudio - ok
12:01:25.0693 5656 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:01:25.0693 5656 usbccgp - ok
12:01:25.0756 5656 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:01:25.0756 5656 usbcir - ok
12:01:25.0771 5656 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:01:25.0771 5656 usbehci - ok
12:01:25.0803 5656 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
12:01:25.0803 5656 usbfilter - ok
12:01:25.0834 5656 UsbFltr (68bad03835873d4bbbde95cbb135a395) C:\Windows\system32\Drivers\UsbFltr.sys
12:01:25.0834 5656 UsbFltr - ok
12:01:25.0865 5656 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:01:25.0865 5656 usbhub - ok
12:01:25.0881 5656 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
12:01:25.0881 5656 usbohci - ok
12:01:25.0912 5656 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:01:25.0912 5656 usbprint - ok
12:01:25.0943 5656 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:01:25.0943 5656 usbscan - ok
12:01:25.0959 5656 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:01:25.0959 5656 USBSTOR - ok
12:01:25.0974 5656 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:01:25.0974 5656 usbuhci - ok
12:01:26.0021 5656 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
12:01:26.0021 5656 usbvideo - ok
12:01:26.0037 5656 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:01:26.0037 5656 UxSms - ok
12:01:26.0083 5656 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:01:26.0083 5656 VaultSvc - ok
12:01:26.0083 5656 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:01:26.0083 5656 vdrvroot - ok
12:01:26.0146 5656 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:01:26.0146 5656 vds - ok
12:01:26.0193 5656 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:01:26.0193 5656 vga - ok
12:01:26.0208 5656 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:01:26.0208 5656 VgaSave - ok
12:01:26.0239 5656 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:01:26.0255 5656 vhdmp - ok
12:01:26.0286 5656 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:01:26.0286 5656 viaide - ok
12:01:26.0302 5656 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:01:26.0302 5656 volmgr - ok
12:01:26.0349 5656 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:01:26.0349 5656 volmgrx - ok
12:01:26.0380 5656 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:01:26.0380 5656 volsnap - ok
12:01:26.0411 5656 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:01:26.0427 5656 vsmraid - ok
12:01:26.0505 5656 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:01:26.0536 5656 VSS - ok
12:01:26.0614 5656 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:01:26.0614 5656 vwifibus - ok
12:01:26.0645 5656 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:01:26.0645 5656 vwififlt - ok
12:01:26.0692 5656 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:01:26.0692 5656 vwifimp - ok
12:01:26.0723 5656 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:01:26.0739 5656 W32Time - ok
12:01:26.0770 5656 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:01:26.0770 5656 WacomPen - ok
12:01:26.0801 5656 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:01:26.0801 5656 WANARP - ok
12:01:26.0801 5656 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:01:26.0801 5656 Wanarpv6 - ok
12:01:26.0895 5656 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:01:26.0941 5656 WatAdminSvc - ok
12:01:27.0019 5656 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:01:27.0051 5656 wbengine - ok
12:01:27.0097 5656 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:01:27.0113 5656 WbioSrvc - ok
12:01:27.0160 5656 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:01:27.0160 5656 wcncsvc - ok
12:01:27.0175 5656 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:01:27.0175 5656 WcsPlugInService - ok
12:01:27.0207 5656 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:01:27.0207 5656 Wd - ok
12:01:27.0238 5656 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:01:27.0253 5656 Wdf01000 - ok
12:01:27.0285 5656 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:01:27.0285 5656 WdiServiceHost - ok
12:01:27.0285 5656 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:01:27.0285 5656 WdiSystemHost - ok
12:01:27.0331 5656 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:01:27.0347 5656 WebClient - ok
12:01:27.0347 5656 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:01:27.0363 5656 Wecsvc - ok
12:01:27.0378 5656 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:01:27.0378 5656 wercplsupport - ok
12:01:27.0394 5656 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:01:27.0394 5656 WerSvc - ok
12:01:27.0425 5656 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:01:27.0425 5656 WfpLwf - ok
12:01:27.0441 5656 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:01:27.0441 5656 WIMMount - ok
12:01:27.0472 5656 WinDefend - ok
12:01:27.0472 5656 WinHttpAutoProxySvc - ok
12:01:27.0534 5656 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:01:27.0534 5656 Winmgmt - ok
12:01:27.0643 5656 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:01:27.0675 5656 WinRM - ok
12:01:27.0784 5656 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:01:27.0784 5656 WinUsb - ok
12:01:27.0846 5656 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:01:27.0862 5656 Wlansvc - ok
12:01:28.0018 5656 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:01:28.0033 5656 wlidsvc - ok
12:01:28.0096 5656 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:01:28.0111 5656 WmiAcpi - ok
12:01:28.0127 5656 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:01:28.0127 5656 wmiApSrv - ok
12:01:28.0143 5656 WMPNetworkSvc - ok
12:01:28.0236 5656 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
12:01:28.0236 5656 WMZuneComm - ok
12:01:28.0252 5656 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:01:28.0267 5656 WPCSvc - ok
12:01:28.0283 5656 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:01:28.0299 5656 WPDBusEnum - ok
12:01:28.0314 5656 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:01:28.0330 5656 ws2ifsl - ok
12:01:28.0330 5656 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:01:28.0330 5656 wscsvc - ok
12:01:28.0345 5656 WSearch - ok
12:01:28.0470 5656 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:01:28.0501 5656 wuauserv - ok
12:01:28.0611 5656 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:01:28.0611 5656 WudfPf - ok
12:01:28.0626 5656 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:01:28.0626 5656 WUDFRd - ok
12:01:28.0673 5656 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:01:28.0673 5656 wudfsvc - ok
12:01:28.0704 5656 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:01:28.0704 5656 WwanSvc - ok
12:01:28.0751 5656 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
12:01:28.0751 5656 xusb21 - ok
12:01:29.0079 5656 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
12:01:29.0125 5656 ZuneNetworkSvc - ok
12:01:29.0172 5656 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
12:01:29.0172 5656 ZuneWlanCfgSvc - ok
12:01:29.0219 5656 MBR (0x1B8) (d903658e313289c7e22a468124057bec) \Device\Harddisk0\DR0
12:01:29.0391 5656 \Device\Harddisk0\DR0 - ok
12:01:29.0406 5656 Boot (0x1200) (4a33f1701d59accaf95a959c61e74e15) \Device\Harddisk0\DR0\Partition0
12:01:29.0406 5656 \Device\Harddisk0\DR0\Partition0 - ok
12:01:29.0422 5656 Boot (0x1200) (43937668241aa4355caf9d2efdfe1143) \Device\Harddisk0\DR0\Partition1
12:01:29.0422 5656 \Device\Harddisk0\DR0\Partition1 - ok
12:01:29.0453 5656 Boot (0x1200) (72245fcf58949617d735cbfc956978df) \Device\Harddisk0\DR0\Partition2
12:01:29.0453 5656 \Device\Harddisk0\DR0\Partition2 - ok
12:01:29.0453 5656 ============================================================
12:01:29.0453 5656 Scan finished
12:01:29.0453 5656 ============================================================
12:01:29.0453 1764 Detected object count: 0
12:01:29.0453 1764 Actual detected object count: 0

#13 EdgarM

EdgarM
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 12 June 2012 - 12:53 PM

I still can't complete this scan. It crashes during one of the scans, I saved this log file before it crashes.
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-12 12:04:02
-----------------------------
12:04:02.646 OS Version: Windows x64 6.1.7601 Service Pack 1
12:04:02.646 Number of processors: 4 586 0x402
12:04:02.647 ComputerName: RUBEN-PC UserName: Antonio
12:04:04.820 Initialize success
12:04:04.914 AVAST engine defs: 12061200
12:04:43.212 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000079
12:04:43.212 Disk 0 Vendor: WDC_____ 01.0 Size: 953869MB BusType: 8
12:04:43.228 Disk 0 MBR read successfully
12:04:43.228 Disk 0 MBR scan
12:04:43.228 Disk 0 unknown MBR code
12:04:43.243 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:04:43.259 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941132 MB offset 206848
12:04:43.290 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12635 MB offset 1927645184
12:04:43.321 Disk 0 scanning C:\Windows\system32\drivers
12:04:51.589 Service scanning
12:05:10.013 Modules scanning
12:05:10.013 Disk 0 trace - called modules:
12:05:10.044 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
12:05:10.044 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80074de060]
12:05:10.044 3 CLASSPNP.SYS[fffff880015c543f] -> nt!IofCallDriver -> \Device\00000079[0xfffffa8006c729c0]
12:05:11.464 AVAST engine scan C:\Windows
12:05:14.662 AVAST engine scan C:\Windows\system32
12:07:32.223 AVAST engine scan C:\Windows\system32\drivers
12:07:44.890 AVAST engine scan C:\Users\Antonio
12:17:03.973 Disk 0 MBR has been saved successfully to "C:\Users\Antonio\Desktop\MBR.dat"
12:17:03.988 The log file has been saved successfully to "C:\Users\Antonio\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 12 June 2012 - 01:07 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Antonio\AppData\Local\Conduit
c:\program files (x86)\Conduit
c:\program files (x86)\uTorrentControl2

Firefox::
FF - ProfilePath - c:\users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\8v1m39ie.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=102868&gct=hp
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 4

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 EdgarM

EdgarM
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 12 June 2012 - 02:33 PM

The avast warnings seemed to have stopped completely now. No programs are crashing. No redirects. Malwarebytes still freezes, but oh well. I hope my computer if finally clean.

ComboFix 12-06-12.01 - Antonio 06/12/2012 14:03:23.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7416.5003 [GMT -5:00]
Running from: c:\users\Antonio\Desktop\ComboFix.exe
Command switches used :: c:\users\Antonio\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alerterror.dll
c:\users\Antonio\AppData\Local\Conduit
.
.
((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))
.
.
2012-06-12 19:19 . 2012-06-12 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-12 18:45 . 2012-06-12 18:45 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0AAFC42-581B-4313-AEE4-F7308C42ADA2}\offreg.dll
2012-06-12 01:22 . 2012-06-12 01:22 -------- d-----w- c:\program files (x86)\Bioware
2012-06-11 16:44 . 2012-06-11 16:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-11 16:44 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-11 16:10 . 2012-06-11 16:10 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-11 00:11 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-11 00:11 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-11 00:11 . 2012-03-06 23:04 141144 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-06-11 00:10 . 2012-03-06 23:03 258904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-06-11 00:10 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-11 00:10 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-11 00:10 . 2012-03-06 23:02 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-06-11 00:10 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-11 00:10 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-11 00:10 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-11 00:10 . 2012-03-06 22:44 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-06-11 00:09 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-11 00:09 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-06-11 00:09 . 2012-06-11 00:09 -------- d-----w- c:\programdata\AVAST Software
2012-06-11 00:09 . 2012-06-11 00:09 -------- d-----w- c:\program files\AVAST Software
2012-06-10 03:27 . 2012-06-10 03:27 -------- d-----w- c:\users\Antonio\AppData\Roaming\Malwarebytes
2012-06-10 03:27 . 2012-06-10 03:27 -------- d-----w- c:\programdata\Malwarebytes
2012-06-09 11:45 . 2012-06-09 21:34 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-09 04:14 . 2012-06-09 04:14 -------- d-----w- c:\program files (x86)\ESET
2012-06-09 03:57 . 2012-06-09 03:57 -------- d-----w- c:\users\Antonio\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 03:56 . 2012-06-09 08:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-09 03:56 . 2012-06-09 03:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-09 03:35 . 2012-06-09 03:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-08 23:16 . 2012-06-08 23:47 -------- d-----w- c:\program files\Bitdefender
2012-06-08 23:05 . 2012-06-08 23:05 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2012-06-08 22:55 . 2012-06-09 08:43 -------- d-----w- c:\users\Antonio\AppData\Local\liQeNSoft
2012-06-08 22:50 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-08 22:50 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-08 22:50 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-08 22:50 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-08 22:49 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-08 22:49 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-08 22:49 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-08 22:49 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-08 22:49 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-08 21:37 . 2012-06-08 21:37 -------- d-----w- c:\programdata\BDLogging
2012-06-08 21:29 . 2012-06-08 21:29 -------- d-----w- c:\users\Antonio\AppData\Roaming\QuickScan
2012-06-08 21:26 . 2012-06-08 23:46 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-06-08 21:07 . 2012-06-09 08:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-08 21:03 . 2012-06-08 21:03 -------- d-----w- c:\program files (x86)\Iceberg Interactive
2012-06-08 09:58 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0AAFC42-581B-4313-AEE4-F7308C42ADA2}\mpengine.dll
2012-06-05 00:38 . 2012-06-05 00:38 -------- d-----w- c:\program files (x86)\Maxis
2012-06-03 21:47 . 2012-06-03 21:47 -------- d-----w- c:\users\Antonio\AppData\Local\CRE
2012-06-01 12:31 . 2012-06-01 12:31 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-31 04:27 . 2012-05-31 05:17 -------- d-----w- c:\users\Antonio\AppData\Roaming\Mount&Blade
2012-05-25 03:45 . 2012-05-25 03:46 -------- d-----w- c:\users\Antonio\AppData\Roaming\Mount&Blade Warband
2012-05-25 03:40 . 2012-06-09 08:43 -------- d-----w- c:\program files (x86)\Mount&Blade Warband
2012-05-21 21:11 . 2012-05-21 21:11 -------- d-----w- c:\program files (x86)\Paradox Entertainment
2012-05-16 02:09 . 2012-05-16 02:09 -------- d-----w- c:\program files\iPod
2012-05-16 02:09 . 2012-06-09 08:43 -------- d-----w- c:\program files (x86)\iTunes
2012-05-16 02:09 . 2012-06-09 08:43 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 15:01 . 2012-04-28 02:34 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2012-06-11 16:10 . 2010-06-14 19:06 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-21 12:19 . 2011-03-31 20:25 101400 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-01 17:06 . 2012-04-01 17:06 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-01 17:06 . 2011-10-26 18:06 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-31 06:05 . 2012-05-09 08:22 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-09 08:22 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 08:22 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-09 08:22 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-09 08:21 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-09 08:21 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-12_16.21.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-19 09:14 . 2012-06-12 16:33 89052 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-12 16:33 41836 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-11-10 00:47 . 2012-06-12 16:00 29080 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3167769859-3844674664-2329766532-1000_UserData.bin
+ 2009-11-10 00:47 . 2012-06-12 16:33 29080 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3167769859-3844674664-2329766532-1000_UserData.bin
- 2009-11-10 00:52 . 2012-06-12 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-10 00:52 . 2012-06-12 19:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-10 00:52 . 2012-06-12 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-10 00:52 . 2012-06-12 19:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-12 15:56 . 2012-06-12 15:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-12 16:30 . 2012-06-12 16:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-12 16:30 . 2012-06-12 16:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-12 15:56 . 2012-06-12 15:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-06-12 15:57 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-12 16:32 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-06-12 15:55 847776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-12 16:29 847776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-06-12 15:57 4980736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-12 16:32 4980736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-12 15:57 1916928 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-12 16:32 1916928 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DIMDownloading your update...1300677038363"="c:\program files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe" [2010-01-13 95592]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Spotify Web Helper"="c:\users\Antonio\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-04 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2008-12-04 77824]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 01:55 49208 ----a-w- c:\program files (x86)\hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2008-11-20 17:47 62768 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-03-11 00:16 98304 ----a-w- c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut]
2009-05-20 05:16 222504 ------w- c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
R2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 ATIXPGAA;ATIXPGAA; [x]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dump_wmimmc;dump_wmimmc; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys [x]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Antonio\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-06-10 23208]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-05-21 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-05-21 297048]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-06 134920]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-01-07 218112]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-08-14 517632]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-05-21 976728]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 45703761
*Deregistered* - 45703761
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 17:06]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 08:48]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 08:48]
.
2012-06-11 c:\windows\Tasks\HPCeeScheduleForAntonio.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 10:22]
.
2012-06-04 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files (x86)\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\8v1m39ie.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
MSConfigStartUp-HP Remote Solution - %ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
AddRemove-HaaliMkx - c:\windows\system32\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-12 14:22:34
ComboFix-quarantined-files.txt 2012-06-12 19:22
ComboFix2.txt 2012-06-12 16:25
.
Pre-Run: 155,161,505,792 bytes free
Post-Run: 155,096,629,248 bytes free
.
- - End Of File - - A67FBF0481C296E9F5CC5DF283C41315




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users