Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ugh, infected with Trojan.Dropper.BCMiner


  • This topic is locked This topic is locked
22 replies to this topic

#1 kelvin6

kelvin6

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 11 June 2012 - 11:28 PM

About a week ago I was surfing and realized that my google searches were being redirected. I immediately ran Malwarebytes and found a trojan (Trojan.Dropper.BCMiner) and ran spybot search and destroy (which found nothing). After having Malwarebytes supposedly fix the problem it reoccurs after reboot and rescan.

Here is the Malwarebytes log:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.08.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kelvin :: KELVIN-PC [administrator]

6/11/2012 9:02:00 PM
mbam-log-2012-06-11 (21-09-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 282738
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.

(end)



Here is the aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 21:26:13
-----------------------------
21:26:13.000 OS Version: Windows x64 6.1.7601 Service Pack 1
21:26:13.000 Number of processors: 8 586 0x1A05
21:26:13.001 ComputerName: KELVIN-PC UserName: Kelvin
21:26:18.679 Initialize success
21:34:02.466 AVAST engine defs: 12061001
21:37:05.221 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:37:05.223 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
21:37:05.241 Disk 0 MBR read successfully
21:37:05.242 Disk 0 MBR scan
21:37:05.245 Disk 0 Windows 7 default MBR code
21:37:05.255 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:37:05.268 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1430697 MB offset 206848
21:37:05.296 Disk 0 scanning C:\Windows\system32\drivers
21:37:17.464 Service scanning
21:37:19.072 Service 32894078 C:\Windows\system32\drivers\71845747.sys **HIDDEN**
21:37:38.420 Modules scanning
21:37:38.425 Disk 0 trace - called modules:
21:37:38.443 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:37:38.768 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a187790]
21:37:38.772 3 CLASSPNP.SYS[fffff880019a343f] -> nt!IofCallDriver -> [0xfffffa8009f3e520]
21:37:38.775 5 ACPI.sys[fffff88000f437a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8009f35060]
21:37:45.786 AVAST engine scan C:\Windows
21:37:50.566 AVAST engine scan C:\Windows\system32
21:39:35.508 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:39:37.638 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:40:48.342 AVAST engine scan C:\Windows\system32\drivers
21:41:04.797 AVAST engine scan C:\Users\Kelvin
21:45:33.880 File: C:\Users\Kelvin\AppData\Local\{436c7596-7953-29b7-f639-6e087d1d793a}\n **INFECTED** Win32:Sirefef-PL [Rtk]
22:04:45.568 AVAST engine scan C:\ProgramData
22:08:19.433 Scan finished successfully
22:08:53.942 Disk 0 MBR has been saved successfully to "C:\Users\Kelvin\Desktop\MBR.dat"
22:08:53.945 The log file has been saved successfully to "C:\Users\Kelvin\Desktop\aswMBR.txt"


DDS Log:

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Kelvin at 21:17:42 on 2012-06-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.3929 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files (x86)\WinTV\Ir.exe
C:\Program Files (x86)\HP Button Manager\BM.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Timmmoore\MCE 2005 STB Controller\MyTray.exe
C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\ATI\Catalyst Media Center\CMCService.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://my.juno.com/s/search?r=minisearch
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://my.juno.com/s/search?r=minisearch
mDefault_Search_URL = hxxp://my.juno.com/s/search?r=minisearch
mSearch Page = hxxp://my.juno.com/s/search?r=minisearch
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
mSearchAssistant = hxxp://my.juno.com/s/search?r=minisearch
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - C:\Program Files (x86)\JunoInternet\SearchEnh1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - C:\Program Files (x86)\JunoInternet\qsacc\X1IEBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Juno Toolbar Helper: {fe3098b1-04a3-41fd-8ca9-bea39cb14c87} - C:\Program Files (x86)\JunoInternet\ucreg.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun: [CMCService] "C:\Program Files (x86)\ATI\Catalyst Media Center\CMCService.exe"
mRun: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Kelvin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Kelvin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOST~1.LNK - C:\Program Files (x86)\WinTV\Ir.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPBUTT~1.LNK - C:\Program Files (x86)\HP Button Manager\BM.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MyTray.lnk - C:\Windows\Installer\{685C742F-B837-42A7-80B5-98CF94F621AE}\_CD6D31DBF7077B4577E4B6.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINTVR~1.LNK - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Display All Images with Full Quality - "C:\Program Files (x86)\JunoInternet\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "C:\Program Files (x86)\JunoInternet\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: juno.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E117FF1F-990E-409A-BFFA-186D1FC8D5E1} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files (x86)\Juno\bin\jmsgpph.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Pop-up Blocker: {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files (x86)\JunoInternet\qsacc\X1IEBHO.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Juno Toolbar Helper: {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files (x86)\JunoInternet\ucreg.dll
BHO-X64: Juno Toolbar Helper - No File
TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun-x64: [CMCService] "C:\Program Files (x86)\ATI\Catalyst Media Center\CMCService.exe"
mRun-x64: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun-x64: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\76gxupsr.default\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kelvin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-1-8 490840]
R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [2010-9-14 21880]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-5 296808]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-21 2348352]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-3 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2012-5-14 104960]
R2 UsbService;ASUS Virtual MFP Service;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2012-6-10 326144]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vuhub;Virtual Usb Hub;C:\Windows\system32\DRIVERS\vuhub.sys --> C:\Windows\system32\DRIVERS\vuhub.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-24 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-24 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-21 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-11 03:16:27 47616 ----a-w- C:\Windows\System32\drivers\vuhub.sys
2012-06-08 03:57:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-07 03:15:14 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-07 02:30:28 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3CED6768-C5FB-41F1-96C3-EE5C0CE74019}\mpengine.dll
2012-06-06 02:11:18 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-25 03:20:54 -------- d-----w- C:\simcity
2012-05-23 16:20:27 -------- d-----w- C:\Users\Kelvin\AppData\Local\{8B8852B0-9738-4D84-8691-3594902B9DB3}
2012-05-23 16:20:16 -------- d-----w- C:\Users\Kelvin\AppData\Local\{3DA31336-A649-4DB8-9313-EB81E315ADAD}
2012-05-23 16:19:09 -------- d-----w- C:\Windows\en
2012-05-23 16:15:19 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3f09871d1cd38ff01\DXSETUP.exe
2012-05-23 16:15:19 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3f09871d1cd38ff01\dsetup32.dll
2012-05-23 16:15:18 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3f09871d1cd38ff01\DSETUP.dll
2012-05-23 16:06:59 -------- d-----w- C:\Users\Kelvin\AppData\Local\{F3439B14-4496-4EC9-9D30-C18145C444D4}
2012-05-23 16:03:29 -------- d-----w- C:\Users\Kelvin\AppData\Local\{1EA01BF6-F5AC-4191-8236-5036D3D98736}
2012-05-23 16:03:16 -------- d-----w- C:\Users\Kelvin\AppData\Local\{3C2F3016-211C-4AEA-B742-93D2E5BD367F}
2012-05-23 00:48:34 -------- d-----w- C:\Users\Kelvin\AppData\Roaming\Nuance
2012-05-23 00:44:01 -------- d-----w- C:\Users\Kelvin\AppData\Roaming\FLEXnet
2012-05-23 00:42:44 -------- d-----w- C:\Program Files (x86)\Common Files\IVA
2012-05-23 00:42:21 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance
2012-05-23 00:39:53 -------- d-----w- C:\ProgramData\Nuance
2012-05-23 00:39:53 -------- d-----w- C:\Program Files (x86)\Nuance
2012-05-22 04:03:33 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-22 04:03:31 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-22 04:03:31 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-17 03:35:12 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2012-05-17 03:34:49 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2012-05-14 23:22:39 36921 ------w- C:\Windows\SysWow64\hcwutl32_priv.dll
2012-05-14 23:20:19 -------- d-----w- C:\Hauppauge
2012-05-14 23:02:41 38672 ----a-w- C:\Windows\SysWow64\pcleUtil.dll
2012-05-14 23:02:36 -------- d-----w- C:\Program Files (x86)\WinTV
2012-05-14 23:02:34 142337 ----a-w- C:\Windows\SysWow64\Wait.exe
2012-05-14 23:02:34 -------- d-----w- C:\ProgramData\Hauppauge
2012-05-14 23:02:22 831554 ----a-w- C:\Windows\SysWow64\hcwtvwnd.dll
2012-05-14 23:02:22 36921 ----a-w- C:\Windows\SysWow64\hcwutl32.dll
2012-05-14 23:02:22 323640 ----a-w- C:\Windows\SysWow64\hcwpnp32.dll
2012-05-14 23:02:22 118849 ----a-w- C:\Windows\SysWow64\hcwi2c32.dll
2012-05-14 22:38:40 -------- d-----w- C:\Program Files (x86)\HP Button Manager
2012-05-14 22:37:56 -------- d-----w- C:\Users\Kelvin\AppData\Local\Programs
2012-05-14 22:37:17 -------- d-----w- C:\Users\Kelvin\AppData\Local\ArcSoft
2012-05-14 22:36:01 -------- d-----w- C:\ProgramData\ArcSoft
2012-05-14 22:34:22 245408 ----a-w- C:\Windows\SysWow64\unicows.dll
2012-05-14 22:34:20 212480 ----a-w- C:\Windows\SysWow64\PCDLIB32.DLL
2012-05-14 22:34:12 55808 ----a-w- C:\Windows\system\ArcSoftKsUFilter.dll
2012-05-14 22:34:12 19968 ----a-w- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys
2012-05-14 17:13:30 -------- d-----w- C:\Users\Kelvin\AppData\Local\{9851DD65-4305-4066-BF44-A0E3CFFCE8B1}
.
==================== Find3M ====================
.
2012-05-22 04:16:45 33792 ----a-w- C:\Windows\System32\drivers\hcw85cir3.sys
2012-05-22 04:16:45 1905808 ----a-w- C:\Windows\System32\drivers\HCW85BDA.sys
2012-05-22 04:16:45 139776 ----a-w- C:\Windows\System32\hcw85enc.ax
2012-05-22 04:16:45 110592 ----a-w- C:\Windows\System32\hcw85prop.ax
2012-05-09 15:17:38 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 15:17:38 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 21:21:22.93 ===============





I also ran TDSS Killer, but for some reason, I forgot to save the log and now it doesn't find or recognize the trojan. I will also admit I tried to run combo fix but it just crashes and closes (it reaches about the 75% point and just suddenly closes). I know you'll probably realize that i'm also running a old version of Java (which might have been the cause of contracting this trojan), but I specifically run this version for my work (radiology PACS admin work).

I appreciate any help! Thanks!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 12 June 2012 - 07:07 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kelvin6

kelvin6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 12 June 2012 - 11:09 PM

Thanks for the reply and help! Here is the log you requested (from FRST64):

Scan result of Farbar Recovery Scan Tool Version: 12-06-2012 02
Ran by SYSTEM at 12-06-2012 20:55:38
Running from D:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [36864 2009-06-29] ()
HKLM-x32\...\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" [5391872 2009-05-25] ()
HKLM-x32\...\Run: [CMCService] "C:\Program Files (x86)\ATI\Catalyst Media Center\CMCService.exe" [172032 2007-08-02] (CyberLink Corp.)
HKLM-x32\...\Run: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [240992 2010-02-12] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [465536 2010-05-10] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe [271736 2010-09-14] (American Power Conversion Corporation)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446760 2012-01-06] (Garmin)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini" [366 2012-06-12] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Bernice\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\James\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Kelvin\...\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent [1242448 2011-08-01] (Valve Corporation)
HKU\Kelvin\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [306088 2010-01-28] (Take-Two Interactive Software, Inc.)
HKU\Kelvin\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [1647448 2011-11-12] (IObit)
HKU\Kelvin\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Kelvin\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2011-06-05] (Acresso Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}\n. ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Air Mouse.lnk
ShortcutTarget: Air Mouse.lnk -> C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Button Manager.lnk
ShortcutTarget: HP Button Manager.lnk -> C:\Program Files (x86)\HP Button Manager\BM.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\MyTray.lnk
ShortcutTarget: MyTray.lnk -> C:\Windows\Installer\{685C742F-B837-42A7-80B5-98CF94F621AE}\_CD6D31DBF7077B4577E4B6.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\WinTV Recording Status.lnk
ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\Bernice\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\James\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Kelvin\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kelvin\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ======

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [490840 2011-11-10] (IObit)
2 APC Data Service; "C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe" [21880 2010-09-14] (American Power Conversion Corporation)
2 APC UPS Service; "C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe" [705912 2010-09-14] (American Power Conversion Corporation)
2 DragonSvc; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [296808 2011-06-05] (Nuance Communications, Inc.)
3 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [326144 2010-02-10] ()
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)
0 AiCharger; C:\Windows\System32\Drivers\AiCharger.sys [14592 2010-05-05] (ASUSTek Computer Inc.)
3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-04] ()
1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [13368 2009-07-06] ()
3 ATIAVPCI; C:\Windows\System32\DRIVERS\atinavrr.sys [1557376 2009-11-04] (ATI Technologies Inc.)
3 Dot4Print; C:\Windows\System32\DRIVERS\Dot4Prt.sys [19968 2010-11-20] (Microsoft Corporation)
3 grmnusb; C:\Windows\System32\Drivers\grmnusb.sys [20520 2009-05-08] (GARMIN Corp.)
3 HCW85BDA; C:\Windows\System32\Drivers\HCW85BDA.sys [1905808 2012-05-21] (Hauppauge Computer Works)
0 JRAID; C:\Windows\System32\Drivers\JRAID.sys [104408 2009-06-29] (JMicron Technology Corp.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
3 vuhub; C:\Windows\System32\Drivers\vuhub.sys [47616 2007-12-16] ()
3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO64.SYS [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-12 19:48 - 2012-06-12 19:48 - 01402157 ____A C:\Users\Kelvin\Downloads\FRST64.exe
2012-06-12 18:13 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 18:13 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 18:13 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-12 18:13 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 18:13 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 18:13 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-12 18:13 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 18:13 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 18:13 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 18:13 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-12 18:13 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 18:13 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 18:13 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 18:13 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 18:13 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-12 18:13 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-12 18:13 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-12 18:13 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-12 18:13 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-12 18:13 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-12 18:13 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-12 18:13 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-12 18:13 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-12 18:13 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-12 18:13 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-12 18:13 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-12 18:13 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-12 18:13 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-12 18:09 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 18:09 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 18:09 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-12 18:09 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 18:09 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 18:09 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-06-12 18:09 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 18:09 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 18:09 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 18:09 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 18:09 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 18:09 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 18:09 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 18:09 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 18:09 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-12 18:09 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-12 18:09 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 18:09 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 18:09 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-11 20:23 - 2012-06-11 20:23 - 00024384 ____A C:\Users\Kelvin\Desktop\Attach.txt
2012-06-11 20:17 - 2012-06-11 20:17 - 00607260 ____R (Swearware) C:\Users\Kelvin\Downloads\dds.scr
2012-06-11 20:09 - 2012-06-11 20:11 - 00253236 ____A C:\TDSSKiller.2.7.36.0_11.06.2012_21.09.59_log.txt
2012-06-11 20:09 - 2012-06-11 20:09 - 00002036 ____A C:\Users\Kelvin\Desktop\mbam-log-2012-06-11 (21-09-31).txt
2012-06-11 20:09 - 2012-06-11 20:09 - 00002036 ____A C:\Users\Kelvin\Desktop\mbam-log-2012-06-11 (21-09-08).txt
2012-06-11 20:02 - 2012-06-11 20:02 - 00000162 ___AH C:\Users\Kelvin\Desktop\~$User.docx
2012-06-11 18:38 - 2012-06-12 19:26 - 00000224 ____A C:\Windows\setupact.log
2012-06-11 18:38 - 2012-06-11 18:38 - 00000000 ____A C:\Windows\setuperr.log
2012-06-10 21:08 - 2012-06-10 21:08 - 00002362 ____A C:\Users\Kelvin\Desktop\aswMBR.txt
2012-06-10 21:08 - 2012-06-10 21:08 - 00000512 ____A C:\Users\Kelvin\Desktop\MBR.dat
2012-06-10 20:25 - 2012-06-10 20:26 - 04731392 ____A (AVAST Software) C:\Users\Kelvin\Downloads\aswMBR.exe
2012-06-10 19:17 - 2012-06-10 19:19 - 00130354 ____A C:\TDSSKiller.2.7.36.0_10.06.2012_20.17.53_log.txt
2012-06-10 19:16 - 2007-12-16 18:25 - 00047616 ____A C:\Windows\System32\Drivers\vuhub.sys
2012-06-09 21:07 - 2012-06-09 21:08 - 00127552 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_22.07.53_log.txt
2012-06-08 07:40 - 2012-06-07 11:24 - 03072947 ____A C:\Users\Kelvin\Desktop\KNG_7798.JPG
2012-06-07 21:34 - 2012-06-07 21:35 - 00127552 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_22.34.28_log.txt
2012-06-07 21:29 - 2012-06-07 21:30 - 00129198 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_22.29.16_log.txt
2012-06-07 21:24 - 2012-06-07 21:25 - 00129176 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_22.24.27_log.txt
2012-06-07 21:21 - 2012-06-07 21:21 - 00338059 ____A C:\Users\Kelvin\Downloads\FSS.exe
2012-06-07 20:08 - 2012-06-07 20:09 - 00127552 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_21.08.19_log.txt
2012-06-07 20:04 - 2012-06-07 20:05 - 00129176 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_21.04.24_log.txt
2012-06-07 19:57 - 2012-06-10 19:19 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-07 19:55 - 2012-06-07 20:01 - 00407196 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_20.55.10_log.txt
2012-06-07 19:54 - 2012-06-07 19:55 - 00000000 ____D C:\Users\Kelvin\Desktop\TDSS Killer
2012-06-07 08:14 - 2012-06-07 08:14 - 00000000 ____D C:\Qoobox
2012-06-07 08:13 - 2012-06-11 18:38 - 00000000 ___SD C:\32788R22FWJFW
2012-06-07 08:13 - 2012-06-07 08:15 - 04538022 ____R (Swearware) C:\Users\Kelvin\Desktop\ComboFix.exe
2012-06-06 19:15 - 2012-06-06 19:15 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-06 09:50 - 2012-06-06 09:53 - 10806669 ____A C:\Users\Kelvin\Desktop\E5145_RT_N13U_Manual.zip
2012-06-05 18:15 - 2012-06-05 18:15 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-05 18:14 - 2012-06-05 18:15 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-30 09:03 - 2012-05-30 09:11 - 85258240 ____A C:\Users\Kelvin\Downloads\avg_arl_cdi_all_120_120126a4973.iso
2012-05-24 19:20 - 2012-05-24 19:30 - 00000000 ____D C:\simcity
2012-05-24 19:19 - 2012-05-24 19:20 - 05768279 ____A C:\Users\Kelvin\Downloads\simcity-2000.zip
2012-05-24 15:19 - 2012-05-24 18:38 - 996269500 ____A (Acresso Software Inc.) C:\Users\Kelvin\Downloads\TS3_1.33.2.0150xx_update (1).exe
2012-05-24 15:03 - 2012-05-24 18:29 - 996269500 ____A (Acresso Software Inc.) C:\Users\Kelvin\Downloads\TS3_1.33.2.0150xx_update.exe.dw70rrd.partial
2012-05-23 08:21 - 2012-05-23 08:24 - 416049091 ____A C:\Users\Kelvin\Desktop\Campsite Tour.wmv
2012-05-23 08:20 - 2012-05-23 08:20 - 00000000 ____D C:\Users\Kelvin\AppData\Local\{8B8852B0-9738-4D84-8691-3594902B9DB3}
2012-05-23 08:20 - 2012-05-23 08:20 - 00000000 ____D C:\Users\Kelvin\AppData\Local\{3DA31336-A649-4DB8-9313-EB81E315ADAD}
2012-05-23 08:19 - 2012-05-23 08:19 - 00000000 ____D C:\Windows\en
2012-05-23 08:12 - 2012-05-23 08:16 - 416049091 ____A C:\Users\Kelvin\Desktop\~PIC10.tmp
2012-05-23 08:06 - 2012-05-23 08:07 - 00000000 ____D C:\Users\Kelvin\AppData\Local\{F3439B14-4496-4EC9-9D30-C18145C444D4}
2012-05-23 08:03 - 2012-05-23 08:03 - 00000000 ____D C:\Users\Kelvin\AppData\Local\{3C2F3016-211C-4AEA-B742-93D2E5BD367F}
2012-05-23 08:03 - 2012-05-23 08:03 - 00000000 ____D C:\Users\Kelvin\AppData\Local\{1EA01BF6-F5AC-4191-8236-5036D3D98736}
2012-05-22 17:03 - 2012-05-23 22:35 - 00002239 ____A C:\Users\Kelvin\AppData\Roaming\SAS7_000.DAT
2012-05-22 16:48 - 2012-05-22 16:48 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Nuance
2012-05-22 16:44 - 2012-05-22 16:44 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\FLEXnet
2012-05-22 16:43 - 2012-05-22 16:43 - 00002799 ____A C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.5.lnk
2012-05-22 16:39 - 2012-05-22 16:39 - 00000000 ____D C:\Users\All Users\Nuance
2012-05-22 16:39 - 2012-05-22 16:39 - 00000000 ____D C:\Users\All Users\FLEXnet
2012-05-22 16:39 - 2012-05-22 16:39 - 00000000 ____D C:\Program Files (x86)\Nuance
2012-05-21 20:16 - 2012-05-21 20:23 - 00006074 ____A C:\hcwDriverInstall.txt
2012-05-21 20:16 - 2012-05-21 20:16 - 00000000 ____D C:\Users\Kelvin\Documents\85drv_29272
2012-05-21 20:03 - 2012-05-21 20:03 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-21 20:03 - 2012-05-21 20:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-17 21:04 - 2012-05-17 21:05 - 10424345 ____A C:\Users\Kelvin\Downloads\etc1.pdf
2012-05-16 19:35 - 2012-05-08 17:34 - 00032600 ____A (IObit) C:\Windows\System32\SmartDefragBootTime.exe
2012-05-16 19:34 - 2010-11-26 17:02 - 00017720 ____A C:\Windows\System32\Drivers\SmartDefragDriver.sys
2012-05-15 20:03 - 2012-05-15 20:03 - 00000000 ____D C:\Users\Kelvin\Documents\AIMLogger
2012-05-14 15:22 - 2006-10-10 15:47 - 00036921 ____N (Hauppauge Computer Works) C:\Windows\SysWOW64\hcwutl32_priv.dll
2012-05-14 15:20 - 2012-05-14 15:20 - 00000609 ____A C:\Users\Public\Desktop\Install WinTV v7.x CD 2.5c.lnk
2012-05-14 15:20 - 2012-05-14 15:20 - 00000000 ____D C:\Hauppauge
2012-05-14 15:13 - 2012-05-14 15:13 - 00000528 ____A C:\Windows\eReg.dat
2012-05-14 15:03 - 2012-05-14 15:22 - 00037639 ____A C:\Windows\Irremote.ini
2012-05-14 15:03 - 2012-05-14 15:22 - 00001087 ____A C:\Users\Public\Desktop\WinTV 7.lnk
2012-05-14 15:03 - 2012-05-14 15:22 - 00000209 ____A C:\Windows\ODBCINST.INI
2012-05-14 15:03 - 2012-05-14 15:22 - 00000175 ____A C:\Users\Kelvin\Desktop\Program Guide.url
2012-05-14 15:03 - 2012-05-14 15:22 - 00000135 ____A C:\Windows\ODBC.INI
2012-05-14 15:02 - 2012-05-14 15:22 - 00000000 ____D C:\Users\Public\WinTV
2012-05-14 15:02 - 2012-05-14 15:22 - 00000000 ____D C:\Program Files (x86)\WinTV
2012-05-14 15:02 - 2012-05-14 15:21 - 00005142 ____A C:\Windows\HCWPNP.INI
2012-05-14 15:02 - 2012-05-14 15:04 - 00000000 ____D C:\Users\All Users\Hauppauge
2012-05-14 15:02 - 2011-01-13 11:43 - 00118849 ____A (Hauppauge Computer Works, Inc.) C:\Windows\SysWOW64\hcwi2c32.dll
2012-05-14 15:02 - 2011-01-07 15:31 - 00323640 ____A (Hauppauge Computer Works) C:\Windows\SysWOW64\hcwpnp32.dll
2012-05-14 15:02 - 2009-08-12 10:37 - 00038672 ____A (PCTV Systems S.ŕ r.l.) C:\Windows\SysWOW64\pcleUtil.dll
2012-05-14 15:02 - 2009-02-16 22:09 - 00831554 ____A (Hauppauge Computer Works) C:\Windows\SysWOW64\hcwtvwnd.dll
2012-05-14 15:02 - 2009-01-28 10:52 - 00142337 ____A C:\Windows\SysWOW64\Wait.exe
2012-05-14 15:02 - 2006-10-10 16:47 - 00036921 ____A (Hauppauge Computer Works) C:\Windows\SysWOW64\hcwutl32.dll
2012-05-14 14:46 - 2012-05-14 14:46 - 00000000 ____D C:\Users\Kelvin\Documents\WebCam Media
2012-05-14 14:38 - 2012-05-14 14:38 - 00000175 ____A C:\BMSetup.log
2012-05-14 14:38 - 2012-05-14 14:38 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\InstallShield
2012-05-14 14:38 - 2012-05-14 14:38 - 00000000 ____D C:\Program Files (x86)\HP Button Manager
2012-05-14 14:37 - 2012-05-14 14:37 - 00002004 ____A C:\Users\Public\Desktop\WebCam Companion 3.lnk
2012-05-14 14:37 - 2012-05-14 14:37 - 00000000 ____D C:\Users\Kelvin\AppData\Local\ArcSoft
2012-05-14 14:36 - 2012-05-14 14:46 - 00000000 ____D C:\Users\All Users\ArcSoft
2012-05-14 14:36 - 2012-05-14 14:36 - 00001964 ____A C:\Users\Public\Desktop\HP Webcam User's Guide.lnk
2012-05-14 14:36 - 2012-05-14 14:36 - 00000294 ____A C:\Users\Public\Desktop\Download Windows Live Photo Gallery.url
2012-05-14 14:34 - 2012-05-14 14:36 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2012-05-14 14:34 - 2012-05-14 14:34 - 00002265 ____A C:\Users\Public\Desktop\Magic-i Visual Effects 2.lnk
2012-05-14 14:34 - 2009-05-26 13:32 - 00019968 ____A (ArcSoft, Inc.) C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys
2012-05-14 14:34 - 2005-04-27 15:36 - 00245408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2012-05-14 14:34 - 1995-07-31 12:44 - 00212480 ____A (Eastman Kodak) C:\Windows\SysWOW64\PCDLIB32.DLL
2012-05-14 14:02 - 2012-05-14 14:02 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_hcw85cir3_01005.Wdf
2012-05-14 09:13 - 2012-05-14 09:13 - 00000000 ____D C:\Users\Kelvin\AppData\Local\{9851DD65-4305-4066-BF44-A0E3CFFCE8B1}


============ 3 Months Modified Files and Folders =============

2012-06-12 20:55 - 2012-06-12 20:55 - 00000000 ____D C:\FRST
2012-06-12 19:52 - 2011-02-18 01:04 - 00058560 ____A C:\Windows\SysWOW64\PCPELog.txt
2012-06-12 19:52 - 2010-01-08 16:15 - 01755253 ____A C:\Windows\WindowsUpdate.log
2012-06-12 19:48 - 2012-06-12 19:48 - 01402157 ____A C:\Users\Kelvin\Downloads\FRST64.exe
2012-06-12 19:33 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-12 19:33 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-12 19:27 - 2010-07-24 15:34 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-12 19:27 - 2010-01-23 22:32 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-12 19:26 - 2012-06-11 18:38 - 00000224 ____A C:\Windows\setupact.log
2012-06-12 19:26 - 2010-01-08 16:19 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-12 19:26 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-12 19:25 - 2009-07-13 20:45 - 05000128 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-12 19:21 - 2010-07-24 15:35 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-12 18:22 - 2010-01-08 16:19 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-12 18:21 - 2009-07-13 21:13 - 00743758 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-12 18:19 - 2011-02-23 18:52 - 00000055 ____A C:\Windows\mail.ini
2012-06-12 18:18 - 2010-01-13 10:08 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-11 20:37 - 2010-02-08 18:49 - 00000036 ___AH C:\Windows\SysWOW64\f9t.dat
2012-06-11 20:23 - 2012-06-11 20:23 - 00024384 ____A C:\Users\Kelvin\Desktop\Attach.txt
2012-06-11 20:17 - 2012-06-11 20:17 - 00607260 ____R (Swearware) C:\Users\Kelvin\Downloads\dds.scr
2012-06-11 20:11 - 2012-06-11 20:09 - 00253236 ____A C:\TDSSKiller.2.7.36.0_11.06.2012_21.09.59_log.txt
2012-06-11 20:09 - 2012-06-11 20:09 - 00002036 ____A C:\Users\Kelvin\Desktop\mbam-log-2012-06-11 (21-09-31).txt
2012-06-11 20:09 - 2012-06-11 20:09 - 00002036 ____A C:\Users\Kelvin\Desktop\mbam-log-2012-06-11 (21-09-08).txt
2012-06-11 20:02 - 2012-06-11 20:02 - 00000162 ___AH C:\Users\Kelvin\Desktop\~$User.docx
2012-06-11 19:45 - 2010-01-13 10:30 - 00001065 ____A C:\Windows\winamp.ini
2012-06-11 19:45 - 2010-01-13 10:30 - 00000000 ____D C:\Program Files (x86)\Winamp
2012-06-11 19:12 - 2011-12-19 20:42 - 00154424 ____A C:\Users\Kelvin\Desktop\Emageon.log
2012-06-11 19:03 - 2011-04-22 17:08 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\AMICAS
2012-06-11 18:38 - 2012-06-11 18:38 - 00000000 ____A C:\Windows\setuperr.log
2012-06-11 18:38 - 2012-06-07 08:13 - 00000000 ___SD C:\32788R22FWJFW
2012-06-10 22:08 - 2010-01-16 20:13 - 00000000 ____D C:\Windows\Minidump
2012-06-10 21:08 - 2012-06-10 21:08 - 00002362 ____A C:\Users\Kelvin\Desktop\aswMBR.txt
2012-06-10 21:08 - 2012-06-10 21:08 - 00000512 ____A C:\Users\Kelvin\Desktop\MBR.dat
2012-06-10 21:00 - 2010-11-11 14:07 - 00000410 ____A C:\Windows\Tasks\SmartDefrag.job
2012-06-10 20:26 - 2012-06-10 20:25 - 04731392 ____A (AVAST Software) C:\Users\Kelvin\Downloads\aswMBR.exe
2012-06-10 19:19 - 2012-06-10 19:17 - 00130354 ____A C:\TDSSKiller.2.7.36.0_10.06.2012_20.17.53_log.txt
2012-06-10 19:19 - 2012-06-07 19:57 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-10 19:16 - 2010-01-13 09:55 - 00000000 ____D C:\Program Files (x86)\ASUS
2012-06-09 22:02 - 2011-08-20 23:36 - 00000147 ____A C:\Users\Kelvin\AppData\Roaming\default.rss
2012-06-09 22:00 - 2011-08-20 23:31 - 00000069 ____A C:\Windows\NeroDigital.ini
2012-06-09 21:08 - 2012-06-09 21:07 - 00127552 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_22.07.53_log.txt
2012-06-07 21:46 - 2009-07-13 21:08 - 00032606 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-07 21:35 - 2012-06-07 21:34 - 00127552 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_22.34.28_log.txt
2012-06-07 21:30 - 2012-06-07 21:29 - 00129198 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_22.29.16_log.txt
2012-06-07 21:25 - 2012-06-07 21:24 - 00129176 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_22.24.27_log.txt
2012-06-07 21:21 - 2012-06-07 21:21 - 00338059 ____A C:\Users\Kelvin\Downloads\FSS.exe
2012-06-07 21:21 - 2010-01-17 17:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-07 20:09 - 2012-06-07 20:08 - 00127552 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_21.08.19_log.txt
2012-06-07 20:05 - 2012-06-07 20:04 - 00129176 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_21.04.24_log.txt
2012-06-07 20:01 - 2012-06-07 19:55 - 00407196 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_20.55.10_log.txt
2012-06-07 19:55 - 2012-06-07 19:54 - 00000000 ____D C:\Users\Kelvin\Desktop\TDSS Killer
2012-06-07 19:55 - 2010-01-13 10:10 - 00000177 ____H C:\dvmexp.idx
2012-06-07 11:24 - 2012-06-08 07:40 - 03072947 ____A C:\Users\Kelvin\Desktop\KNG_7798.JPG
2012-06-07 08:17 - 2011-07-17 21:18 - 01278976 __ASH C:\Users\Kelvin\Desktop\Thumbs.db
2012-06-07 08:15 - 2012-06-07 08:13 - 04538022 ____R (Swearware) C:\Users\Kelvin\Desktop\ComboFix.exe
2012-06-07 08:14 - 2012-06-07 08:14 - 00000000 ____D C:\Qoobox
2012-06-06 23:16 - 2012-01-03 00:23 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-06 22:44 - 2012-01-28 11:18 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-06 22:44 - 2010-01-16 19:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-06 19:15 - 2012-06-06 19:15 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-06 09:53 - 2012-06-06 09:50 - 10806669 ____A C:\Users\Kelvin\Desktop\E5145_RT_N13U_Manual.zip
2012-06-06 09:26 - 2010-11-17 10:25 - 00001855 ____A C:\Users\Public\Desktop\Juno Internet.lnk
2012-06-06 09:26 - 2010-11-17 10:23 - 00000000 ____D C:\Users\All Users\Juno
2012-06-06 09:26 - 2010-11-17 10:23 - 00000000 ____D C:\JunoInstaller
2012-06-05 18:15 - 2012-06-05 18:15 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-05 18:15 - 2012-06-05 18:14 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-30 09:11 - 2012-05-30 09:03 - 85258240 ____A C:\Users\Kelvin\Downloads\avg_arl_cdi_all_120_120126a4973.iso
2012-05-24 19:31 - 2011-03-27 22:18 - 00000000 ____D C:\Program Files (x86)\DOSBox-0.74
2012-05-24 19:30 - 2012-05-24 19:20 - 00000000 ____D C:\simcity
2012-05-24 19:27 - 2011-03-27 22:18 - 00000000 ____D C:\Users\Kelvin\AppData\Local\DOSBox
2012-05-24 19:20 - 2012-05-24 19:19 - 05768279 ____A C:\Users\Kelvin\Downloads\simcity-2000.zip
2012-05-24 18:38 - 2012-05-24 15:19 - 996269500 ____A (Acresso Software Inc.) C:\Users\Kelvin\Downloads\TS3_1.33.2.0150xx_update (1).exe
2012-05-24 18:29 - 2012-05-24 15:03 - 996269500 ____A (Acresso Software Inc.) C:\Users\Kelvin\Downloads\TS3_1.33.2.0150xx_update.exe.dw70rrd.partial
2012-05-23 22:35 - 2012-05-22 17:03 - 00002239 ____A C:\Users\Kelvin\AppData\Roaming\SAS7_000.DAT
2012-05-23 08:27 - 2011-10-01 13:46 - 00000000 ____D C:\Users\Kelvin\Desktop\Veronica's Wedding
2012-05-23 08:24 - 2012-05-23 08:21 - 416049091 ____A C:\Users\Kelvin\Desktop\Campsite Tour.wmv
2012-05-23 08:20 - 2012-05-23 08:20 - 00000000 ____D C:\Users\Kelvin\AppData\Local\{8B8852B0-9738-4D84-8691-3594902B9DB3}
2012-05-23 08:20 - 2012-05-23 08:20 - 00000000 ____D C:\Users\Kelvin\AppData\Local\{3DA31336-A649-4DB8-9313-EB81E315ADAD}
2012-05-23 08:19 - 2012-05-23 08:19 - 00000000 ____D C:\Windows\en
2012-05-23 08:18 - 2010-01-26 23:49 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-05-23 08:16 - 2012-05-23 08:12 - 416049091 ____A C:\Users\Kelvin\Desktop\~PIC10.tmp
2012-05-23 08:07 - 2012-05-23 08:06 - 00000000 ____D C:\Users\Kelvin\AppData\Local\{F3439B14-4496-4EC9-9D30-C18145C444D4}
2012-05-23 08:03 - 2012-05-23 08:03 - 00000000 ____D C:\Users\Kelvin\AppData\Local\{3C2F3016-211C-4AEA-B742-93D2E5BD367F}
2012-05-23 08:03 - 2012-05-23 08:03 - 00000000 ____D C:\Users\Kelvin\AppData\Local\{1EA01BF6-F5AC-4191-8236-5036D3D98736}
2012-05-22 16:48 - 2012-05-22 16:48 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Nuance
2012-05-22 16:44 - 2012-05-22 16:44 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\FLEXnet
2012-05-22 16:43 - 2012-05-22 16:43 - 00002799 ____A C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.5.lnk
2012-05-22 16:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Speech
2012-05-22 16:39 - 2012-05-22 16:39 - 00000000 ____D C:\Users\All Users\Nuance
2012-05-22 16:39 - 2012-05-22 16:39 - 00000000 ____D C:\Users\All Users\FLEXnet
2012-05-22 16:39 - 2012-05-22 16:39 - 00000000 ____D C:\Program Files (x86)\Nuance
2012-05-21 20:23 - 2012-05-21 20:16 - 00006074 ____A C:\hcwDriverInstall.txt
2012-05-21 20:16 - 2012-05-21 20:16 - 00000000 ____D C:\Users\Kelvin\Documents\85drv_29272
2012-05-21 20:16 - 2011-09-29 09:21 - 01905808 ____A (Hauppauge Computer Works) C:\Windows\System32\Drivers\HCW85BDA.sys
2012-05-21 20:16 - 2011-09-29 09:20 - 00139776 ____A (Hauppauge Computer Works) C:\Windows\System32\hcw85enc.ax
2012-05-21 20:16 - 2011-09-29 09:20 - 00110592 ____A (Hauppauge Computer Works) C:\Windows\System32\hcw85prop.ax
2012-05-21 20:16 - 2011-09-29 09:20 - 00033792 ____A (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir3.sys
2012-05-21 20:03 - 2012-05-21 20:03 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-21 20:03 - 2012-05-21 20:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-21 18:59 - 2010-01-15 09:31 - 00000000 ____D C:\Users\Kelvin\AppData\Local\ElevatedDiagnostics
2012-05-18 14:42 - 2012-04-13 19:29 - 00000051 ____A C:\Windows\entpack.ini
2012-05-17 21:05 - 2012-05-17 21:04 - 10424345 ____A C:\Users\Kelvin\Downloads\etc1.pdf
2012-05-17 18:47 - 2012-06-12 18:13 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-12 18:13 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-12 18:13 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-12 18:13 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-12 18:13 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-12 18:13 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-12 18:13 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-12 18:13 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-12 18:13 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-12 18:13 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-12 18:13 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-12 18:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-12 18:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-12 18:13 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-12 18:13 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-12 18:13 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-12 18:13 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-12 18:13 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-12 18:13 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-12 18:13 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-12 18:13 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-12 18:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-12 18:13 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-12 18:13 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-12 18:13 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-12 18:13 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-12 18:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-12 18:13 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 20:03 - 2012-05-15 20:03 - 00000000 ____D C:\Users\Kelvin\Documents\AIMLogger
2012-05-14 23:31 - 2012-05-06 22:30 - 00000000 ____D C:\Users\Kelvin\Desktop\Summer Retreat 2012
2012-05-14 17:32 - 2012-06-12 18:09 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 15:22 - 2012-05-14 15:03 - 00037639 ____A C:\Windows\Irremote.ini
2012-05-14 15:22 - 2012-05-14 15:03 - 00001087 ____A C:\Users\Public\Desktop\WinTV 7.lnk
2012-05-14 15:22 - 2012-05-14 15:03 - 00000209 ____A C:\Windows\ODBCINST.INI
2012-05-14 15:22 - 2012-05-14 15:03 - 00000175 ____A C:\Users\Kelvin\Desktop\Program Guide.url
2012-05-14 15:22 - 2012-05-14 15:03 - 00000135 ____A C:\Windows\ODBC.INI
2012-05-14 15:22 - 2012-05-14 15:02 - 00000000 ____D C:\Users\Public\WinTV
2012-05-14 15:22 - 2012-05-14 15:02 - 00000000 ____D C:\Program Files (x86)\WinTV
2012-05-14 15:22 - 2010-01-08 16:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-14 15:21 - 2012-05-14 15:02 - 00005142 ____A C:\Windows\HCWPNP.INI
2012-05-14 15:20 - 2012-05-14 15:20 - 00000609 ____A C:\Users\Public\Desktop\Install WinTV v7.x CD 2.5c.lnk
2012-05-14 15:20 - 2012-05-14 15:20 - 00000000 ____D C:\Hauppauge
2012-05-14 15:13 - 2012-05-14 15:13 - 00000528 ____A C:\Windows\eReg.dat
2012-05-14 15:04 - 2012-05-14 15:02 - 00000000 ____D C:\Users\All Users\Hauppauge
2012-05-14 14:46 - 2012-05-14 14:46 - 00000000 ____D C:\Users\Kelvin\Documents\WebCam Media
2012-05-14 14:46 - 2012-05-14 14:36 - 00000000 ____D C:\Users\All Users\ArcSoft
2012-05-14 14:46 - 2010-01-17 23:42 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Arcsoft
2012-05-14 14:38 - 2012-05-14 14:38 - 00000175 ____A C:\BMSetup.log
2012-05-14 14:38 - 2012-05-14 14:38 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\InstallShield
2012-05-14 14:38 - 2012-05-14 14:38 - 00000000 ____D C:\Program Files (x86)\HP Button Manager
2012-05-14 14:37 - 2012-05-14 14:37 - 00002004 ____A C:\Users\Public\Desktop\WebCam Companion 3.lnk
2012-05-14 14:37 - 2012-05-14 14:37 - 00000000 ____D C:\Users\Kelvin\AppData\Local\ArcSoft
2012-05-14 14:36 - 2012-05-14 14:36 - 00001964 ____A C:\Users\Public\Desktop\HP Webcam User's Guide.lnk
2012-05-14 14:36 - 2012-05-14 14:36 - 00000294 ____A C:\Users\Public\Desktop\Download Windows Live Photo Gallery.url
2012-05-14 14:36 - 2012-05-14 14:34 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2012-05-14 14:34 - 2012-05-14 14:34 - 00002265 ____A C:\Users\Public\Desktop\Magic-i Visual Effects 2.lnk
2012-05-14 14:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system
2012-05-14 14:02 - 2012-05-14 14:02 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_hcw85cir3_01005.Wdf
2012-05-14 09:13 - 2012-05-14 09:13 - 00000000 ____D C:\Users\Kelvin\AppData\Local\{9851DD65-4305-4066-BF44-A0E3CFFCE8B1}
2012-05-14 09:13 - 2010-10-27 17:37 - 00000000 ____D C:\Users\Kelvin\AppData\Local\Windows Live
2012-05-09 18:31 - 2012-05-09 18:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-09 18:31 - 2012-05-09 18:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-09 07:24 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-09 07:17 - 2012-05-09 07:17 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-09 07:17 - 2011-06-07 09:48 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-08 18:41 - 2012-05-08 18:41 - 00004206 ____A C:\iPhone Contacts.csv
2012-05-08 18:18 - 2011-04-13 18:31 - 00000247 ____A C:\Windows\ParrotFlashWiz.INI
2012-05-08 17:34 - 2012-05-16 19:35 - 00032600 ____A (IObit) C:\Windows\System32\SmartDefragBootTime.exe
2012-05-04 03:06 - 2012-06-12 18:09 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-12 18:09 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-12 18:09 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 18:09 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-12 18:09 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-04-30 21:40 - 2012-06-12 18:09 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-12 18:09 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 07:47 - 2011-01-25 20:09 - 00001945 ____A C:\Windows\epplauncher.mif
2012-04-26 07:47 - 2011-01-25 20:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-04-26 07:46 - 2012-04-26 07:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-26 07:46 - 2011-01-25 20:09 - 00743538 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-25 21:41 - 2012-06-12 18:09 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 18:09 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 18:09 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 19:40 - 2012-04-24 19:40 - 02420281 ____A C:\Users\Kelvin\Desktop\Electrolux Washer Manual.pdf
2012-04-24 15:23 - 2012-04-24 15:23 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-24 15:23 - 2012-04-24 15:23 - 00000000 ____D C:\Program Files\iTunes
2012-04-24 15:23 - 2012-04-24 15:23 - 00000000 ____D C:\Program Files\iPod
2012-04-24 15:23 - 2012-04-24 15:23 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-04-23 21:37 - 2012-06-12 18:09 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 18:09 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 18:09 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 18:09 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 18:09 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 18:09 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-21 12:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-04-20 09:31 - 2011-12-14 23:02 - 00001972 ____A C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
2012-04-18 19:56 - 2012-04-18 19:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 19:56 - 2012-04-18 19:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-15 20:52 - 2012-01-11 11:08 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-15 12:21 - 2011-06-17 23:24 - 00000000 ____D C:\Users\Kelvin\Documents\Summer Retreat 2011 Files
2012-04-15 08:49 - 2012-04-15 08:49 - 04083024 ____A C:\Users\Kelvin\Desktop\SP0375-2008-07-02.pdf
2012-04-13 19:28 - 2005-10-02 14:00 - 00118784 ____A C:\Users\Kelvin\Desktop\ski32.exe
2012-04-09 22:01 - 2010-01-16 22:20 - 00000000 ____D C:\Users\Kelvin\Desktop\Photos
2012-04-07 04:31 - 2012-06-12 18:09 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-12 18:09 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-04 20:16 - 2012-04-04 20:15 - 05914436 ____A C:\Users\Kelvin\Desktop\Olivia Ong - Fly Me To The Moon.mp3
2012-04-04 20:11 - 2012-04-04 20:09 - 07910609 ____A C:\Users\Kelvin\Desktop\Olivia Ong - Sometimes When We Touch.mp3
2012-04-04 14:56 - 2010-01-16 19:55 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 08:11 - 2010-02-15 19:47 - 00000000 ____D C:\Users\Kelvin\Documents\TurboTax
2012-03-30 20:34 - 2012-03-30 20:33 - 09314116 ____A C:\Users\Kelvin\Desktop\Olivia Ong - Ill Get Back To You.mp3
2012-03-30 03:35 - 2012-05-09 07:13 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 23:09 - 2012-03-29 23:09 - 00000000 ____D C:\Users\Kelvin\Downloads\Miss Ariana
2012-03-29 22:51 - 2012-03-29 22:39 - 61054502 ____A C:\Users\Kelvin\Downloads\Miss Ariana.zip
2012-03-22 20:19 - 2012-03-22 20:19 - 00519024 ____A C:\Users\Kelvin\Documents\Important conversion.html
2012-03-21 22:32 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-03-21 22:31 - 2012-03-21 22:31 - 00007606 ____A C:\Users\Kelvin\AppData\Local\Resmon.ResmonCfg
2012-03-20 19:44 - 2010-10-24 21:25 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 19:44 - 2009-06-18 18:48 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-18 21:09 - 2012-03-18 21:08 - 00000000 ____D C:\Users\Kelvin\Documents\xtranormal
2012-03-18 20:15 - 2012-03-18 20:14 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\xtranormal
2012-03-18 20:14 - 2012-03-18 20:14 - 00000000 ____D C:\Users\Kelvin\AppData\Local\xtranormal
2012-03-18 20:14 - 2012-03-18 20:14 - 00000000 ____D C:\Users\Kelvin\AppData\Local\Unity
2012-03-18 20:14 - 2012-03-18 20:13 - 00000000 ____D C:\Program Files (x86)\Xtranormal
2012-03-18 20:13 - 2012-03-18 20:13 - 00001143 ____A C:\Users\Public\Desktop\Xtranormal Desktop.lnk
2012-03-18 20:13 - 2012-03-18 20:13 - 00000000 ____D C:\Program Files (x86)\Xiph.Org
2012-03-16 23:58 - 2012-05-09 07:13 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-15 20:34 - 2010-01-13 10:14 - 00000000 ____D C:\Users\Kelvin\Desktop\MP3

ZeroAccess:
C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}
C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}\@
C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}\L
C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}\n
C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}\U
C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}\L\00000004.@
C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}\L\1afb2d56
C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}\L\201d3dde
C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}\U\00000004.@
C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}\U\00000008.@
C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}\U\000000cb.@
C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}\U\80000000.@
C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}\U\80000032.@
C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}\U\80000064.@

ZeroAccess:
C:\Users\Kelvin\AppData\Local\{436c7596-7953-29b7-f639-6e087d1d793a}
C:\Users\Kelvin\AppData\Local\{436c7596-7953-29b7-f639-6e087d1d793a}\@
C:\Users\Kelvin\AppData\Local\{436c7596-7953-29b7-f639-6e087d1d793a}\L
C:\Users\Kelvin\AppData\Local\{436c7596-7953-29b7-f639-6e087d1d793a}\n
C:\Users\Kelvin\AppData\Local\{436c7596-7953-29b7-f639-6e087d1d793a}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 6135.12 MB
Available physical RAM: 5375.63 MB
Total Pagefile: 6133.27 MB
Available Pagefile: 5360.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:1397.17 GB) (Free:1125.77 GB) NTFS
2 Drive d: () (Removable) (Total:3.76 GB) (Free:3.76 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1397 GB 0 B
Disk 1 Online 3861 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 1397 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 1397 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3856 MB 4568 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D FAT32 Removable 3856 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-29 11:36

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 12 June 2012 - 11:22 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}
C:\Users\Kelvin\AppData\Local\{436c7596-7953-29b7-f639-6e087d1d793a} 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kelvin6

kelvin6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 13 June 2012 - 12:10 AM

Just ran the fixlist on FRST64 and here are the results:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 12-06-2012 02
Ran by SYSTEM at 2012-06-12 22:01:15 Run:1
Running from J:\

==============================================

C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a} moved successfully.
C:\Users\Kelvin\AppData\Local\{436c7596-7953-29b7-f639-6e087d1d793a} moved successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 13 June 2012 - 01:09 AM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kelvin6

kelvin6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 13 June 2012 - 02:02 AM

Here is the combofix log:

ComboFix 12-06-12.03 - Kelvin 06/12/2012 23:26:50.1.8 - x64
Running from: c:\users\Kelvin\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Images
c:\images\DirCfg.ini
c:\users\Kelvin\AppData\Roaming\.#
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 06:33 . 2012-06-13 06:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-13 06:33 . 2012-06-13 06:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-13 06:33 . 2012-06-13 06:33 -------- d-----w- c:\users\James\AppData\Local\temp
2012-06-13 06:33 . 2012-06-13 06:33 -------- d-----w- c:\users\Bernice\AppData\Local\temp
2012-06-13 04:55 . 2012-06-13 04:56 -------- d-----w- C:\FRST
2012-06-13 02:09 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-11 03:16 . 2007-12-17 02:25 47616 ----a-w- c:\windows\system32\drivers\vuhub.sys
2012-06-08 03:57 . 2012-06-11 03:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-07 03:15 . 2012-06-07 03:15 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-25 03:20 . 2012-05-25 03:30 -------- d-----w- C:\simcity
2012-05-23 16:19 . 2012-05-23 16:19 -------- d-----w- c:\windows\en
2012-05-23 16:15 . 2012-05-23 16:15 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3f09871d1cd38ff01\DXSETUP.exe
2012-05-23 16:15 . 2012-05-23 16:15 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3f09871d1cd38ff01\dsetup32.dll
2012-05-23 16:15 . 2012-05-23 16:15 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3f09871d1cd38ff01\DSETUP.dll
2012-05-23 00:48 . 2012-05-23 00:48 -------- d-----w- c:\users\Kelvin\AppData\Roaming\Nuance
2012-05-23 00:44 . 2012-05-23 00:44 -------- d-----w- c:\users\Kelvin\AppData\Roaming\FLEXnet
2012-05-23 00:42 . 2012-05-23 00:42 -------- d-----w- c:\program files (x86)\Common Files\IVA
2012-05-23 00:42 . 2012-05-23 00:42 -------- d-----w- c:\program files (x86)\Common Files\Nuance
2012-05-23 00:39 . 2012-05-23 00:39 -------- d-----w- c:\programdata\Nuance
2012-05-23 00:39 . 2012-05-23 00:39 -------- d-----w- c:\programdata\FLEXnet
2012-05-23 00:39 . 2012-05-23 00:39 -------- d-----w- c:\program files (x86)\Nuance
2012-05-22 04:03 . 2012-05-22 04:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-22 04:03 . 2012-05-22 04:03 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-22 04:03 . 2012-05-22 04:03 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-17 03:35 . 2012-05-09 01:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-05-17 03:34 . 2010-11-27 01:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-05-14 23:22 . 2006-10-10 23:47 36921 ------w- c:\windows\SysWow64\hcwutl32_priv.dll
2012-05-14 23:20 . 2012-05-14 23:20 -------- d-----w- C:\Hauppauge
2012-05-14 23:02 . 2009-08-12 18:37 38672 ----a-w- c:\windows\SysWow64\pcleUtil.dll
2012-05-14 23:02 . 2012-05-14 23:22 -------- d-----w- c:\program files (x86)\WinTV
2012-05-14 23:02 . 2012-05-14 23:22 -------- d-----w- c:\users\Public\WinTV
2012-05-14 23:02 . 2012-05-14 23:04 -------- d-----w- c:\programdata\Hauppauge
2012-05-14 23:02 . 2011-01-13 19:43 118849 ----a-w- c:\windows\SysWow64\hcwi2c32.dll
2012-05-14 23:02 . 2011-01-07 23:31 323640 ----a-w- c:\windows\SysWow64\hcwpnp32.dll
2012-05-14 23:02 . 2009-02-17 06:09 831554 ----a-w- c:\windows\SysWow64\hcwtvwnd.dll
2012-05-14 23:02 . 2006-10-11 00:47 36921 ----a-w- c:\windows\SysWow64\hcwutl32.dll
2012-05-14 22:38 . 2012-05-14 22:38 -------- d-----w- c:\program files (x86)\HP Button Manager
2012-05-14 22:38 . 2012-05-14 22:38 -------- d-----w- c:\users\Kelvin\AppData\Roaming\InstallShield
2012-05-14 22:37 . 2012-05-14 22:37 -------- d-----w- c:\users\Kelvin\AppData\Local\Programs
2012-05-14 22:37 . 2012-05-14 22:37 -------- d-----w- c:\users\Kelvin\AppData\Local\ArcSoft
2012-05-14 22:36 . 2012-05-14 22:46 -------- d-----w- c:\programdata\ArcSoft
2012-05-14 22:34 . 1995-07-31 20:44 212480 ----a-w- c:\windows\SysWow64\PCDLIB32.DLL
2012-05-14 22:34 . 2009-05-26 21:32 19968 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2012-05-14 22:34 . 2008-09-05 00:06 55808 ----a-w- c:\windows\system\ArcSoftKsUFilter.dll
2012-05-14 22:34 . 2012-05-14 22:34 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2012-05-14 22:34 . 2012-05-14 22:36 -------- d-----w- c:\program files (x86)\ArcSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 04:16 . 2011-09-29 17:21 1905808 ----a-w- c:\windows\system32\drivers\HCW85BDA.sys
2012-05-22 04:16 . 2011-09-29 17:20 33792 ----a-w- c:\windows\system32\drivers\hcw85cir3.sys
2012-05-22 04:16 . 2011-09-29 17:20 139776 ----a-w- c:\windows\system32\hcw85enc.ax
2012-05-22 04:16 . 2011-09-29 17:20 110592 ----a-w- c:\windows\system32\hcw85prop.ax
2012-05-18 02:17 . 2010-03-23 00:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-18 02:17 . 2010-03-23 00:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-18 02:16 . 2010-06-03 01:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-17 22:35 . 2012-06-13 02:13 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-09 15:17 . 2012-05-09 15:17 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-09 15:17 . 2011-06-07 17:48 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:02 . 2012-06-07 02:30 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3CED6768-C5FB-41F1-96C3-EE5C0CE74019}\mpengine.dll
2012-05-08 17:02 . 2012-06-06 02:11 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-04 09:59 . 2012-06-13 02:09 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-04 22:56 . 2010-01-17 03:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-09 15:13 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-21 03:44 . 2010-10-25 05:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2009-06-19 02:48 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 07:58 . 2012-05-09 15:13 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-02 1242448]
"RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2010-01-29 306088]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-06-30 36864]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-05-25 5391872]
"CMCService"="c:\program files (x86)\ATI\Catalyst Media Center\CMCService.exe" [2007-08-03 172032]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\Bernice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648]
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]
AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2012-5-14 117344]
HP Button Manager.lnk - c:\program files (x86)\HP Button Manager\BM.exe [2012-5-14 266240]
MyTray.lnk - c:\windows\Installer\{685C742F-B837-42A7-80B5-98CF94F621AE}\_CD6D31DBF7077B4577E4B6.exe [2012-1-16 10134]
WinTV Recording Status.lnk - c:\program files (x86)\WinTV\WinTV7\WinTVTray.exe [2012-5-14 146944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-22 129976]
R3 NDSPCIIO;NDSPCIIO;c:\windows\system32\DRIVERS\NDSPCIIO64.SYS [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-11 490840]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [2010-09-15 21880]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-06 296808]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UsbService;ASUS Virtual MFP Service;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [2010-02-11 326144]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 23:33]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 23:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
IE: Display All Images with Full Quality - "c:\program files (x86)\JunoInternet\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files (x86)\JunoInternet\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
Trusted Zone: juno.com
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\76gxupsr.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-SwitchBoard - c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SafeBoot-01819068.sys
SafeBoot-32894078.sys
SafeBoot-69537327.sys
SafeBoot-74954939.sys
SafeBoot-75850490.sys
SafeBoot-MsMpSvc
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-605799253-4213787052-3513490261-1001\Software\SecuROM\License information*]
"datasecu"=hex:41,db,89,e5,c5,10,11,7d,0a,6b,11,24,33,3c,fc,f3,f2,87,b9,af,09,
47,94,85,46,e4,d6,ae,0a,f2,fb,2f,92,34,b6,17,ab,2c,26,22,be,02,d5,16,f8,1f,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\Timmmoore\MCE 2005 STB Controller\MyTray.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
.
**************************************************************************
.
Completion time: 2012-06-12 23:46:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-13 06:46
.
Pre-Run: 1,200,111,190,016 bytes free
Post-Run: 1,209,825,173,504 bytes free
.
- - End Of File - - E943D3B2B5369A886FF97CCC98F0B3FD


The computer so far seems infection free. I re-ran MalwareBytes (updated the definitions) and it found no infections! If there is any odd behavior with the computer I will report back, but so far so good! Thank you so very much!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 13 June 2012 - 03:18 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 kelvin6

kelvin6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 13 June 2012 - 08:51 PM

Here is the logs:

08:01:21.0443 5020 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:01:22.0013 5020 ============================================================
08:01:22.0013 5020 Current date / time: 2012/06/13 08:01:22.0013
08:01:22.0013 5020 SystemInfo:
08:01:22.0013 5020
08:01:22.0013 5020 OS Version: 6.1.7601 ServicePack: 1.0
08:01:22.0013 5020 Product type: Workstation
08:01:22.0013 5020 ComputerName: KELVIN-PC
08:01:22.0013 5020 UserName: Kelvin
08:01:22.0013 5020 Windows directory: C:\Windows
08:01:22.0013 5020 System windows directory: C:\Windows
08:01:22.0013 5020 Running under WOW64
08:01:22.0013 5020 Processor architecture: Intel x64
08:01:22.0013 5020 Number of processors: 8
08:01:22.0013 5020 Page size: 0x1000
08:01:22.0013 5020 Boot type: Normal boot
08:01:22.0013 5020 ============================================================
08:01:23.0013 5020 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:01:23.0033 5020 ============================================================
08:01:23.0033 5020 \Device\Harddisk0\DR0:
08:01:23.0033 5020 MBR partitions:
08:01:23.0033 5020 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:01:23.0033 5020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAEA54800
08:01:23.0033 5020 ============================================================
08:01:23.0073 5020 C: <-> \Device\Harddisk0\DR0\Partition1
08:01:23.0073 5020 ============================================================
08:01:23.0073 5020 Initialize success
08:01:23.0073 5020 ============================================================
08:01:37.0614 2932 ============================================================
08:01:37.0614 2932 Scan started
08:01:37.0614 2932 Mode: Manual; SigCheck; TDLFS;
08:01:37.0614 2932 ============================================================
08:01:39.0034 2932 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:01:39.0144 2932 1394ohci - ok
08:01:39.0194 2932 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
08:01:39.0244 2932 61883 - ok
08:01:39.0364 2932 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:01:39.0394 2932 ACDaemon - ok
08:01:39.0414 2932 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:01:39.0434 2932 ACPI - ok
08:01:39.0454 2932 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:01:39.0484 2932 AcpiPmi - ok
08:01:39.0524 2932 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:01:39.0544 2932 adp94xx - ok
08:01:39.0564 2932 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:01:39.0584 2932 adpahci - ok
08:01:39.0614 2932 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:01:39.0624 2932 adpu320 - ok
08:01:39.0684 2932 AdvancedSystemCareService5 (e690647ae0b4111e3d82fce27fdfd9b4) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
08:01:39.0704 2932 AdvancedSystemCareService5 - ok
08:01:39.0714 2932 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:01:39.0814 2932 AeLookupSvc - ok
08:01:39.0854 2932 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:01:39.0914 2932 AFD - ok
08:01:39.0934 2932 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:01:39.0954 2932 agp440 - ok
08:01:39.0984 2932 AiCharger (254a19686e9c8e1b59ac06b7fd1e753c) C:\Windows\system32\DRIVERS\AiCharger.sys
08:01:39.0994 2932 AiCharger - ok
08:01:39.0994 2932 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:01:40.0044 2932 ALG - ok
08:01:40.0054 2932 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:01:40.0074 2932 aliide - ok
08:01:40.0104 2932 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:01:40.0114 2932 amdide - ok
08:01:40.0144 2932 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:01:40.0164 2932 AmdK8 - ok
08:01:40.0184 2932 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:01:40.0204 2932 AmdPPM - ok
08:01:40.0264 2932 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:01:40.0274 2932 amdsata - ok
08:01:40.0304 2932 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:01:40.0314 2932 amdsbs - ok
08:01:40.0334 2932 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:01:40.0344 2932 amdxata - ok
08:01:40.0394 2932 APC Data Service (378a326ba649e01aac767355aab9e90c) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
08:01:40.0394 2932 APC Data Service - ok
08:01:40.0434 2932 APC UPS Service (84a1a403d2dd63ef941674cc87ff503c) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
08:01:40.0464 2932 APC UPS Service - ok
08:01:40.0494 2932 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:01:40.0604 2932 AppID - ok
08:01:40.0634 2932 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:01:40.0694 2932 AppIDSvc - ok
08:01:40.0714 2932 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:01:40.0774 2932 Appinfo - ok
08:01:40.0844 2932 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:01:40.0854 2932 Apple Mobile Device - ok
08:01:40.0884 2932 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:01:40.0904 2932 arc - ok
08:01:40.0914 2932 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:01:40.0934 2932 arcsas - ok
08:01:41.0094 2932 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
08:01:41.0104 2932 ArcSoftKsUFilter - ok
08:01:41.0164 2932 AsIO (a82c01606dc27d05d9d3bfb6bb807e32) C:\Windows\syswow64\drivers\AsIO.sys
08:01:41.0174 2932 AsIO - ok
08:01:41.0204 2932 AsUpIO (26d66e32e78d3059715b3a17bc679cd9) C:\Windows\syswow64\drivers\AsUpIO.sys
08:01:41.0214 2932 AsUpIO - ok
08:01:41.0224 2932 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:01:41.0384 2932 AsyncMac - ok
08:01:41.0404 2932 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:01:41.0414 2932 atapi - ok
08:01:41.0484 2932 ATIAVPCI (2fdf783e6285c3765de5520296df1cab) C:\Windows\system32\DRIVERS\atinavrr.sys
08:01:41.0564 2932 ATIAVPCI - ok
08:01:41.0664 2932 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:01:41.0724 2932 AudioEndpointBuilder - ok
08:01:41.0724 2932 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:01:41.0754 2932 AudioSrv - ok
08:01:41.0824 2932 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
08:01:41.0854 2932 Avc - ok
08:01:41.0884 2932 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:01:41.0974 2932 AxInstSV - ok
08:01:42.0014 2932 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:01:42.0044 2932 b06bdrv - ok
08:01:42.0074 2932 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:01:42.0094 2932 b57nd60a - ok
08:01:42.0124 2932 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:01:42.0164 2932 BDESVC - ok
08:01:42.0184 2932 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:01:42.0234 2932 Beep - ok
08:01:42.0314 2932 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:01:42.0374 2932 BFE - ok
08:01:42.0424 2932 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
08:01:42.0474 2932 BITS - ok
08:01:42.0514 2932 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:01:42.0534 2932 blbdrive - ok
08:01:42.0604 2932 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
08:01:42.0624 2932 Bonjour Service - ok
08:01:42.0664 2932 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:01:42.0684 2932 bowser - ok
08:01:42.0704 2932 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:01:42.0724 2932 BrFiltLo - ok
08:01:42.0754 2932 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:01:42.0764 2932 BrFiltUp - ok
08:01:42.0784 2932 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:01:42.0834 2932 BridgeMP - ok
08:01:42.0864 2932 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:01:42.0914 2932 Browser - ok
08:01:42.0944 2932 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:01:42.0984 2932 Brserid - ok
08:01:43.0004 2932 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:01:43.0034 2932 BrSerWdm - ok
08:01:43.0044 2932 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:01:43.0064 2932 BrUsbMdm - ok
08:01:43.0074 2932 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:01:43.0104 2932 BrUsbSer - ok
08:01:43.0124 2932 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
08:01:43.0154 2932 BthEnum - ok
08:01:43.0164 2932 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:01:43.0194 2932 BTHMODEM - ok
08:01:43.0224 2932 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
08:01:43.0244 2932 BthPan - ok
08:01:43.0264 2932 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
08:01:43.0284 2932 BTHPORT - ok
08:01:43.0324 2932 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:01:43.0364 2932 bthserv - ok
08:01:43.0384 2932 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
08:01:43.0394 2932 BTHUSB - ok
08:01:43.0504 2932 catchme - ok
08:01:43.0524 2932 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:01:43.0574 2932 cdfs - ok
08:01:43.0614 2932 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:01:43.0624 2932 cdrom - ok
08:01:43.0654 2932 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:01:43.0714 2932 CertPropSvc - ok
08:01:43.0744 2932 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:01:43.0774 2932 circlass - ok
08:01:43.0794 2932 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:01:43.0814 2932 CLFS - ok
08:01:43.0854 2932 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:01:43.0874 2932 clr_optimization_v2.0.50727_32 - ok
08:01:43.0904 2932 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:01:43.0914 2932 clr_optimization_v2.0.50727_64 - ok
08:01:43.0964 2932 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:01:44.0004 2932 clr_optimization_v4.0.30319_32 - ok
08:01:44.0034 2932 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:01:44.0044 2932 clr_optimization_v4.0.30319_64 - ok
08:01:44.0054 2932 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:01:44.0084 2932 CmBatt - ok
08:01:44.0094 2932 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:01:44.0114 2932 cmdide - ok
08:01:44.0154 2932 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:01:44.0194 2932 CNG - ok
08:01:44.0204 2932 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:01:44.0224 2932 Compbatt - ok
08:01:44.0224 2932 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:01:44.0264 2932 CompositeBus - ok
08:01:44.0264 2932 COMSysApp - ok
08:01:44.0274 2932 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:01:44.0294 2932 crcdisk - ok
08:01:44.0324 2932 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:01:44.0364 2932 CryptSvc - ok
08:01:44.0394 2932 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
08:01:44.0404 2932 dc3d - ok
08:01:44.0454 2932 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:01:44.0514 2932 DcomLaunch - ok
08:01:44.0544 2932 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:01:44.0594 2932 defragsvc - ok
08:01:44.0614 2932 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:01:44.0654 2932 DfsC - ok
08:01:44.0674 2932 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:01:44.0724 2932 Dhcp - ok
08:01:44.0744 2932 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:01:44.0774 2932 discache - ok
08:01:44.0784 2932 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:01:44.0794 2932 Disk - ok
08:01:44.0824 2932 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:01:44.0874 2932 Dnscache - ok
08:01:44.0904 2932 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:01:44.0954 2932 dot3svc - ok
08:01:44.0984 2932 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
08:01:45.0014 2932 Dot4 - ok
08:01:45.0024 2932 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
08:01:45.0054 2932 Dot4Print - ok
08:01:45.0084 2932 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
08:01:45.0104 2932 dot4usb - ok
08:01:45.0134 2932 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:01:45.0194 2932 DPS - ok
08:01:45.0294 2932 DragonSvc (d5761dd586c54bf710174e992fa83eaa) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
08:01:45.0314 2932 DragonSvc - ok
08:01:45.0324 2932 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:01:45.0354 2932 drmkaud - ok
08:01:45.0414 2932 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:01:45.0434 2932 DXGKrnl - ok
08:01:45.0454 2932 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:01:45.0484 2932 EapHost - ok
08:01:45.0584 2932 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:01:45.0664 2932 ebdrv - ok
08:01:45.0744 2932 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:01:45.0794 2932 EFS - ok
08:01:45.0844 2932 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:01:45.0894 2932 ehRecvr - ok
08:01:45.0924 2932 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:01:45.0954 2932 ehSched - ok
08:01:45.0984 2932 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:01:46.0014 2932 elxstor - ok
08:01:46.0054 2932 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:01:46.0084 2932 ErrDev - ok
08:01:46.0144 2932 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:01:46.0204 2932 EventSystem - ok
08:01:46.0224 2932 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:01:46.0274 2932 exfat - ok
08:01:46.0294 2932 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:01:46.0334 2932 fastfat - ok
08:01:46.0384 2932 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:01:46.0424 2932 Fax - ok
08:01:46.0434 2932 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:01:46.0454 2932 fdc - ok
08:01:46.0474 2932 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:01:46.0524 2932 fdPHost - ok
08:01:46.0534 2932 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:01:46.0574 2932 FDResPub - ok
08:01:46.0584 2932 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:01:46.0594 2932 FileInfo - ok
08:01:46.0604 2932 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:01:46.0634 2932 Filetrace - ok
08:01:46.0644 2932 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:01:46.0654 2932 flpydisk - ok
08:01:46.0694 2932 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:01:46.0714 2932 FltMgr - ok
08:01:46.0764 2932 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:01:46.0824 2932 FontCache - ok
08:01:46.0874 2932 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:01:46.0884 2932 FontCache3.0.0.0 - ok
08:01:46.0914 2932 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:01:46.0924 2932 FsDepends - ok
08:01:46.0954 2932 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:01:46.0964 2932 Fs_Rec - ok
08:01:47.0024 2932 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:01:47.0044 2932 fvevol - ok
08:01:47.0064 2932 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:01:47.0084 2932 gagp30kx - ok
08:01:47.0114 2932 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:01:47.0124 2932 GEARAspiWDM - ok
08:01:47.0174 2932 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:01:47.0244 2932 gpsvc - ok
08:01:47.0284 2932 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
08:01:47.0294 2932 grmnusb - ok
08:01:47.0354 2932 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:01:47.0374 2932 gupdate - ok
08:01:47.0384 2932 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:01:47.0394 2932 gupdatem - ok
08:01:47.0484 2932 HCW85BDA (eadbb46445d527377d4ae3efbeea25bb) C:\Windows\system32\drivers\HCW85BDA.sys
08:01:47.0514 2932 HCW85BDA - ok
08:01:47.0615 2932 hcw85cir (0eaec96e8c845f79de0a861a2ad6bcca) C:\Windows\system32\drivers\hcw85cir3.sys
08:01:47.0645 2932 hcw85cir - ok
08:01:47.0695 2932 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:01:47.0715 2932 HdAudAddService - ok
08:01:47.0755 2932 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:01:47.0785 2932 HDAudBus - ok
08:01:47.0815 2932 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:01:47.0845 2932 HidBatt - ok
08:01:47.0865 2932 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:01:47.0895 2932 HidBth - ok
08:01:47.0915 2932 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:01:47.0945 2932 HidIr - ok
08:01:47.0975 2932 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:01:48.0025 2932 hidserv - ok
08:01:48.0055 2932 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:01:48.0075 2932 HidUsb - ok
08:01:48.0105 2932 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:01:48.0175 2932 hkmsvc - ok
08:01:48.0215 2932 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:01:48.0245 2932 HomeGroupListener - ok
08:01:48.0275 2932 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:01:48.0305 2932 HomeGroupProvider - ok
08:01:48.0335 2932 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:01:48.0355 2932 HpSAMD - ok
08:01:48.0395 2932 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:01:48.0465 2932 HTTP - ok
08:01:48.0475 2932 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:01:48.0485 2932 hwpolicy - ok
08:01:48.0495 2932 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:01:48.0505 2932 i8042prt - ok
08:01:48.0545 2932 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:01:48.0555 2932 iaStorV - ok
08:01:48.0625 2932 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:01:48.0655 2932 idsvc - ok
08:01:48.0685 2932 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:01:48.0695 2932 iirsp - ok
08:01:48.0735 2932 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:01:48.0795 2932 IKEEXT - ok
08:01:48.0865 2932 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
08:01:48.0895 2932 IntcAzAudAddService - ok
08:01:48.0985 2932 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:01:48.0995 2932 intelide - ok
08:01:49.0015 2932 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:01:49.0045 2932 intelppm - ok
08:01:49.0145 2932 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
08:01:49.0155 2932 IntuitUpdateService - ok
08:01:49.0225 2932 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
08:01:49.0235 2932 IntuitUpdateServiceV4 - ok
08:01:49.0245 2932 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:01:49.0305 2932 IPBusEnum - ok
08:01:49.0335 2932 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:01:49.0385 2932 IpFilterDriver - ok
08:01:49.0425 2932 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:01:49.0485 2932 iphlpsvc - ok
08:01:49.0515 2932 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:01:49.0525 2932 IPMIDRV - ok
08:01:49.0535 2932 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:01:49.0565 2932 IPNAT - ok
08:01:49.0655 2932 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
08:01:49.0685 2932 iPod Service - ok
08:01:49.0695 2932 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:01:49.0715 2932 IRENUM - ok
08:01:49.0725 2932 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:01:49.0745 2932 isapnp - ok
08:01:49.0765 2932 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:01:49.0785 2932 iScsiPrt - ok
08:01:49.0805 2932 JRAID (aef3a925cac519cc6a9a48e9bdca1ae3) C:\Windows\system32\DRIVERS\jraid.sys
08:01:49.0855 2932 JRAID - ok
08:01:49.0875 2932 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:01:49.0895 2932 kbdclass - ok
08:01:49.0925 2932 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:01:49.0955 2932 kbdhid - ok
08:01:49.0975 2932 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:01:49.0995 2932 KeyIso - ok
08:01:50.0005 2932 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:01:50.0025 2932 KSecDD - ok
08:01:50.0045 2932 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:01:50.0065 2932 KSecPkg - ok
08:01:50.0075 2932 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:01:50.0125 2932 ksthunk - ok
08:01:50.0155 2932 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:01:50.0195 2932 KtmRm - ok
08:01:50.0225 2932 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:01:50.0265 2932 LanmanServer - ok
08:01:50.0295 2932 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:01:50.0325 2932 LanmanWorkstation - ok
08:01:50.0345 2932 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:01:50.0385 2932 lltdio - ok
08:01:50.0415 2932 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:01:50.0465 2932 lltdsvc - ok
08:01:50.0475 2932 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:01:50.0515 2932 lmhosts - ok
08:01:50.0535 2932 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:01:50.0545 2932 LSI_FC - ok
08:01:50.0555 2932 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:01:50.0575 2932 LSI_SAS - ok
08:01:50.0585 2932 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:01:50.0595 2932 LSI_SAS2 - ok
08:01:50.0605 2932 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:01:50.0615 2932 LSI_SCSI - ok
08:01:50.0635 2932 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:01:50.0685 2932 luafv - ok
08:01:50.0725 2932 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:01:50.0745 2932 Mcx2Svc - ok
08:01:50.0755 2932 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:01:50.0765 2932 megasas - ok
08:01:50.0775 2932 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:01:50.0795 2932 MegaSR - ok
08:01:50.0805 2932 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:01:50.0865 2932 MMCSS - ok
08:01:50.0885 2932 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:01:50.0915 2932 Modem - ok
08:01:50.0935 2932 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:01:50.0965 2932 monitor - ok
08:01:50.0985 2932 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:01:50.0995 2932 mouclass - ok
08:01:51.0005 2932 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:01:51.0015 2932 mouhid - ok
08:01:51.0055 2932 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:01:51.0065 2932 mountmgr - ok
08:01:51.0125 2932 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:01:51.0145 2932 MozillaMaintenance - ok
08:01:51.0205 2932 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
08:01:51.0215 2932 MpFilter - ok
08:01:51.0255 2932 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:01:51.0275 2932 mpio - ok
08:01:51.0295 2932 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:01:51.0325 2932 mpsdrv - ok
08:01:51.0385 2932 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:01:51.0445 2932 MpsSvc - ok
08:01:51.0475 2932 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:01:51.0505 2932 MRxDAV - ok
08:01:51.0535 2932 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:01:51.0575 2932 mrxsmb - ok
08:01:51.0605 2932 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:01:51.0625 2932 mrxsmb10 - ok
08:01:51.0665 2932 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:01:51.0675 2932 mrxsmb20 - ok
08:01:51.0695 2932 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:01:51.0705 2932 msahci - ok
08:01:51.0725 2932 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:01:51.0745 2932 msdsm - ok
08:01:51.0775 2932 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:01:51.0805 2932 MSDTC - ok
08:01:51.0825 2932 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:01:51.0865 2932 Msfs - ok
08:01:51.0875 2932 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:01:51.0905 2932 mshidkmdf - ok
08:01:51.0925 2932 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:01:51.0935 2932 msisadrv - ok
08:01:51.0955 2932 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:01:52.0005 2932 MSiSCSI - ok
08:01:52.0005 2932 msiserver - ok
08:01:52.0015 2932 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:01:52.0055 2932 MSKSSRV - ok
08:01:52.0065 2932 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:01:52.0105 2932 MSPCLOCK - ok
08:01:52.0105 2932 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:01:52.0135 2932 MSPQM - ok
08:01:52.0175 2932 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:01:52.0185 2932 MsRPC - ok
08:01:52.0195 2932 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:01:52.0205 2932 mssmbios - ok
08:01:52.0225 2932 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:01:52.0275 2932 MSTEE - ok
08:01:52.0285 2932 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:01:52.0295 2932 MTConfig - ok
08:01:52.0315 2932 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
08:01:52.0315 2932 MTsensor - ok
08:01:52.0335 2932 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:01:52.0335 2932 Mup - ok
08:01:52.0385 2932 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:01:52.0435 2932 napagent - ok
08:01:52.0455 2932 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:01:52.0485 2932 NativeWifiP - ok
08:01:52.0525 2932 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:01:52.0545 2932 NDIS - ok
08:01:52.0555 2932 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:01:52.0595 2932 NdisCap - ok
08:01:52.0615 2932 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:01:52.0645 2932 NdisTapi - ok
08:01:52.0675 2932 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:01:52.0695 2932 Ndisuio - ok
08:01:52.0725 2932 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:01:52.0775 2932 NdisWan - ok
08:01:52.0805 2932 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:01:52.0845 2932 NDProxy - ok
08:01:52.0845 2932 NDSPCIIO - ok
08:01:52.0965 2932 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
08:01:52.0995 2932 Nero BackItUp Scheduler 4.0 - ok
08:01:53.0015 2932 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:01:53.0055 2932 NetBIOS - ok
08:01:53.0085 2932 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:01:53.0135 2932 NetBT - ok
08:01:53.0155 2932 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:01:53.0165 2932 Netlogon - ok
08:01:53.0185 2932 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:01:53.0235 2932 Netman - ok
08:01:53.0285 2932 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:01:53.0325 2932 netprofm - ok
08:01:53.0375 2932 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:01:53.0385 2932 NetTcpPortSharing - ok
08:01:53.0395 2932 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:01:53.0405 2932 nfrd960 - ok
08:01:53.0455 2932 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:01:53.0465 2932 NisDrv - ok
08:01:53.0515 2932 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
08:01:53.0535 2932 NisSrv - ok
08:01:53.0555 2932 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:01:53.0605 2932 NlaSvc - ok
08:01:53.0645 2932 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
08:01:53.0655 2932 NMSAccess - ok
08:01:53.0665 2932 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:01:53.0695 2932 Npfs - ok
08:01:53.0705 2932 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:01:53.0735 2932 nsi - ok
08:01:53.0745 2932 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:01:53.0775 2932 nsiproxy - ok
08:01:53.0845 2932 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:01:53.0895 2932 Ntfs - ok
08:01:53.0975 2932 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:01:54.0025 2932 Null - ok
08:01:54.0045 2932 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
08:01:54.0065 2932 NVENETFD - ok
08:01:54.0415 2932 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:01:54.0565 2932 nvlddmkm - ok
08:01:54.0645 2932 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:01:54.0655 2932 nvraid - ok
08:01:54.0675 2932 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:01:54.0685 2932 nvstor - ok
08:01:54.0735 2932 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
08:01:54.0765 2932 nvsvc - ok
08:01:54.0885 2932 nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
08:01:54.0945 2932 nvUpdatusService - ok
08:01:55.0025 2932 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:01:55.0045 2932 nv_agp - ok
08:01:55.0065 2932 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:01:55.0085 2932 ohci1394 - ok
08:01:55.0135 2932 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:01:55.0145 2932 ose - ok
08:01:55.0305 2932 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:01:55.0425 2932 osppsvc - ok
08:01:55.0505 2932 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:01:55.0545 2932 p2pimsvc - ok
08:01:55.0575 2932 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:01:55.0615 2932 p2psvc - ok
08:01:55.0655 2932 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:01:55.0685 2932 Parport - ok
08:01:55.0715 2932 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:01:55.0725 2932 partmgr - ok
08:01:55.0735 2932 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:01:55.0775 2932 PcaSvc - ok
08:01:55.0815 2932 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:01:55.0835 2932 pci - ok
08:01:55.0845 2932 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:01:55.0855 2932 pciide - ok
08:01:55.0875 2932 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:01:55.0885 2932 pcmcia - ok
08:01:55.0905 2932 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:01:55.0915 2932 pcw - ok
08:01:55.0935 2932 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:01:55.0975 2932 PEAUTH - ok
08:01:56.0015 2932 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:01:56.0025 2932 PerfHost - ok
08:01:56.0095 2932 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:01:56.0165 2932 pla - ok
08:01:56.0205 2932 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:01:56.0255 2932 PlugPlay - ok
08:01:56.0275 2932 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:01:56.0305 2932 PNRPAutoReg - ok
08:01:56.0325 2932 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:01:56.0345 2932 PNRPsvc - ok
08:01:56.0385 2932 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
08:01:56.0395 2932 Point64 - ok
08:01:56.0415 2932 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:01:56.0455 2932 PolicyAgent - ok
08:01:56.0485 2932 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:01:56.0535 2932 Power - ok
08:01:56.0575 2932 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:01:56.0595 2932 PptpMiniport - ok
08:01:56.0625 2932 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:01:56.0645 2932 Processor - ok
08:01:56.0665 2932 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:01:56.0715 2932 ProfSvc - ok
08:01:56.0735 2932 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:01:56.0755 2932 ProtectedStorage - ok
08:01:56.0785 2932 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:01:56.0835 2932 Psched - ok
08:01:56.0875 2932 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:01:56.0925 2932 ql2300 - ok
08:01:57.0025 2932 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:01:57.0045 2932 ql40xx - ok
08:01:57.0075 2932 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:01:57.0095 2932 QWAVE - ok
08:01:57.0115 2932 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:01:57.0135 2932 QWAVEdrv - ok
08:01:57.0145 2932 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:01:57.0175 2932 RasAcd - ok
08:01:57.0215 2932 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:01:57.0235 2932 RasAgileVpn - ok
08:01:57.0255 2932 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:01:57.0285 2932 RasAuto - ok
08:01:57.0325 2932 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:01:57.0385 2932 Rasl2tp - ok
08:01:57.0425 2932 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:01:57.0465 2932 RasMan - ok
08:01:57.0495 2932 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:01:57.0525 2932 RasPppoe - ok
08:01:57.0545 2932 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:01:57.0575 2932 RasSstp - ok
08:01:57.0605 2932 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:01:57.0655 2932 rdbss - ok
08:01:57.0675 2932 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:01:57.0685 2932 rdpbus - ok
08:01:57.0695 2932 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:01:57.0725 2932 RDPCDD - ok
08:01:57.0725 2932 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:01:57.0765 2932 RDPENCDD - ok
08:01:57.0765 2932 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:01:57.0795 2932 RDPREFMP - ok
08:01:57.0825 2932 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:01:57.0875 2932 RDPWD - ok
08:01:57.0915 2932 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:01:57.0935 2932 rdyboost - ok
08:01:57.0965 2932 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:01:58.0015 2932 RemoteAccess - ok
08:01:58.0045 2932 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:01:58.0085 2932 RemoteRegistry - ok
08:01:58.0125 2932 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
08:01:58.0155 2932 RFCOMM - ok
08:01:58.0175 2932 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:01:58.0225 2932 RpcEptMapper - ok
08:01:58.0245 2932 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:01:58.0265 2932 RpcLocator - ok
08:01:58.0305 2932 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:01:58.0345 2932 RpcSs - ok
08:01:58.0355 2932 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:01:58.0375 2932 rspndr - ok
08:01:58.0415 2932 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:01:58.0435 2932 RTL8167 - ok
08:01:58.0465 2932 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:01:58.0475 2932 SamSs - ok
08:01:58.0505 2932 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:01:58.0515 2932 sbp2port - ok
08:01:58.0615 2932 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
08:01:58.0655 2932 SBSDWSCService - ok
08:01:58.0675 2932 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:01:58.0705 2932 SCardSvr - ok
08:01:58.0755 2932 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:01:58.0805 2932 scfilter - ok
08:01:58.0865 2932 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:01:58.0935 2932 Schedule - ok
08:01:58.0975 2932 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:01:59.0005 2932 SCPolicySvc - ok
08:01:59.0015 2932 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:01:59.0065 2932 SDRSVC - ok
08:01:59.0125 2932 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
08:01:59.0145 2932 SeaPort - ok
08:01:59.0175 2932 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:01:59.0205 2932 secdrv - ok
08:01:59.0215 2932 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:01:59.0255 2932 seclogon - ok
08:01:59.0285 2932 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
08:01:59.0325 2932 SENS - ok
08:01:59.0335 2932 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:01:59.0355 2932 SensrSvc - ok
08:01:59.0365 2932 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:01:59.0385 2932 Serenum - ok
08:01:59.0405 2932 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:01:59.0415 2932 Serial - ok
08:01:59.0435 2932 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:01:59.0465 2932 sermouse - ok
08:01:59.0495 2932 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:01:59.0545 2932 SessionEnv - ok
08:01:59.0565 2932 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:01:59.0585 2932 sffdisk - ok
08:01:59.0585 2932 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:01:59.0605 2932 sffp_mmc - ok
08:01:59.0605 2932 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:01:59.0625 2932 sffp_sd - ok
08:01:59.0645 2932 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:01:59.0665 2932 sfloppy - ok
08:01:59.0715 2932 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:01:59.0755 2932 SharedAccess - ok
08:01:59.0795 2932 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:01:59.0835 2932 ShellHWDetection - ok
08:01:59.0855 2932 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:01:59.0865 2932 SiSRaid2 - ok
08:01:59.0875 2932 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:01:59.0885 2932 SiSRaid4 - ok
08:01:59.0935 2932 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
08:01:59.0945 2932 SmartDefragDriver - ok
08:01:59.0965 2932 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:02:00.0005 2932 Smb - ok
08:02:00.0035 2932 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:02:00.0065 2932 SNMPTRAP - ok
08:02:00.0075 2932 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:02:00.0095 2932 spldr - ok
08:02:00.0115 2932 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:02:00.0165 2932 Spooler - ok
08:02:00.0275 2932 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:02:00.0395 2932 sppsvc - ok
08:02:00.0455 2932 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:02:00.0515 2932 sppuinotify - ok
08:02:00.0565 2932 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:02:00.0615 2932 srv - ok
08:02:00.0645 2932 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:02:00.0685 2932 srv2 - ok
08:02:00.0695 2932 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:02:00.0725 2932 srvnet - ok
08:02:00.0745 2932 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:02:00.0785 2932 SSDPSRV - ok
08:02:00.0795 2932 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:02:00.0825 2932 SstpSvc - ok
08:02:00.0855 2932 Steam Client Service - ok
08:02:00.0915 2932 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:02:00.0935 2932 Stereo Service - ok
08:02:00.0955 2932 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:02:00.0965 2932 stexstor - ok
08:02:01.0025 2932 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:02:01.0055 2932 stisvc - ok
08:02:01.0095 2932 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:02:01.0115 2932 swenum - ok
08:02:01.0135 2932 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:02:01.0185 2932 swprv - ok
08:02:01.0265 2932 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:02:01.0345 2932 SysMain - ok
08:02:01.0415 2932 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:02:01.0455 2932 TabletInputService - ok
08:02:01.0475 2932 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:02:01.0515 2932 TapiSrv - ok
08:02:01.0525 2932 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:02:01.0555 2932 TBS - ok
08:02:01.0655 2932 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:02:01.0715 2932 Tcpip - ok
08:02:01.0815 2932 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:02:01.0845 2932 TCPIP6 - ok
08:02:01.0925 2932 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:02:01.0965 2932 tcpipreg - ok
08:02:01.0985 2932 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:02:02.0005 2932 TDPIPE - ok
08:02:02.0025 2932 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:02:02.0035 2932 TDTCP - ok
08:02:02.0065 2932 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:02:02.0095 2932 tdx - ok
08:02:02.0125 2932 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:02:02.0135 2932 TermDD - ok
08:02:02.0165 2932 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:02:02.0215 2932 TermService - ok
08:02:02.0235 2932 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:02:02.0255 2932 Themes - ok
08:02:02.0285 2932 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:02:02.0325 2932 THREADORDER - ok
08:02:02.0345 2932 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:02:02.0365 2932 TrkWks - ok
08:02:02.0405 2932 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:02:02.0435 2932 TrustedInstaller - ok
08:02:02.0465 2932 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:02:02.0525 2932 tssecsrv - ok
08:02:02.0555 2932 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:02:02.0585 2932 TsUsbFlt - ok
08:02:02.0615 2932 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:02:02.0675 2932 tunnel - ok
08:02:02.0695 2932 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:02:02.0715 2932 uagp35 - ok
08:02:02.0795 2932 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
08:02:02.0815 2932 uCamMonitor - ok
08:02:02.0845 2932 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:02:02.0895 2932 udfs - ok
08:02:02.0925 2932 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:02:02.0935 2932 UI0Detect - ok
08:02:02.0965 2932 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:02:02.0975 2932 uliagpkx - ok
08:02:03.0005 2932 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:02:03.0025 2932 umbus - ok
08:02:03.0045 2932 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:02:03.0065 2932 UmPass - ok
08:02:03.0095 2932 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:02:03.0135 2932 upnphost - ok
08:02:03.0175 2932 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
08:02:03.0195 2932 USBAAPL64 - ok
08:02:03.0215 2932 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
08:02:03.0235 2932 usbaudio - ok
08:02:03.0265 2932 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:02:03.0295 2932 usbccgp - ok
08:02:03.0325 2932 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
08:02:03.0345 2932 usbcir - ok
08:02:03.0375 2932 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:02:03.0385 2932 usbehci - ok
08:02:03.0405 2932 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:02:03.0435 2932 usbhub - ok
08:02:03.0455 2932 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
08:02:03.0465 2932 usbohci - ok
08:02:03.0475 2932 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:02:03.0505 2932 usbprint - ok
08:02:03.0525 2932 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:02:03.0556 2932 usbscan - ok
08:02:03.0656 2932 UsbService (5f4e5026607db417cbad16d0e79c8a3d) C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
08:02:03.0666 2932 UsbService ( UnsignedFile.Multi.Generic ) - warning
08:02:03.0666 2932 UsbService - detected UnsignedFile.Multi.Generic (1)
08:02:03.0676 2932 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:02:03.0706 2932 USBSTOR - ok
08:02:03.0736 2932 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
08:02:03.0766 2932 usbuhci - ok
08:02:03.0816 2932 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
08:02:03.0836 2932 usbvideo - ok
08:02:03.0856 2932 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:02:03.0896 2932 UxSms - ok
08:02:03.0916 2932 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:02:03.0926 2932 VaultSvc - ok
08:02:03.0956 2932 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:02:03.0966 2932 vdrvroot - ok
08:02:04.0006 2932 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:02:04.0046 2932 vds - ok
08:02:04.0076 2932 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:02:04.0086 2932 vga - ok
08:02:04.0106 2932 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:02:04.0166 2932 VgaSave - ok
08:02:04.0186 2932 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:02:04.0206 2932 vhdmp - ok
08:02:04.0236 2932 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:02:04.0246 2932 viaide - ok
08:02:04.0266 2932 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:02:04.0276 2932 volmgr - ok
08:02:04.0316 2932 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:02:04.0326 2932 volmgrx - ok
08:02:04.0346 2932 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:02:04.0356 2932 volsnap - ok
08:02:04.0376 2932 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:02:04.0386 2932 vsmraid - ok
08:02:04.0456 2932 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:02:04.0526 2932 VSS - ok
08:02:04.0616 2932 vuhub (e07d31ee76ee18bfca49ad9a89782d43) C:\Windows\system32\DRIVERS\vuhub.sys
08:02:04.0626 2932 vuhub - ok
08:02:04.0626 2932 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:02:04.0666 2932 vwifibus - ok
08:02:04.0696 2932 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:02:04.0746 2932 W32Time - ok
08:02:04.0756 2932 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:02:04.0766 2932 WacomPen - ok
08:02:04.0776 2932 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:02:04.0806 2932 WANARP - ok
08:02:04.0806 2932 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:02:04.0836 2932 Wanarpv6 - ok
08:02:04.0906 2932 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:02:04.0956 2932 WatAdminSvc - ok
08:02:05.0006 2932 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:02:05.0066 2932 wbengine - ok
08:02:05.0106 2932 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:02:05.0126 2932 WbioSrvc - ok
08:02:05.0156 2932 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:02:05.0196 2932 wcncsvc - ok
08:02:05.0216 2932 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:02:05.0246 2932 WcsPlugInService - ok
08:02:05.0286 2932 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:02:05.0296 2932 Wd - ok
08:02:05.0326 2932 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:02:05.0346 2932 Wdf01000 - ok
08:02:05.0356 2932 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:02:05.0426 2932 WdiServiceHost - ok
08:02:05.0436 2932 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:02:05.0446 2932 WdiSystemHost - ok
08:02:05.0466 2932 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:02:05.0496 2932 WebClient - ok
08:02:05.0516 2932 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:02:05.0546 2932 Wecsvc - ok
08:02:05.0556 2932 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:02:05.0596 2932 wercplsupport - ok
08:02:05.0606 2932 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:02:05.0636 2932 WerSvc - ok
08:02:05.0656 2932 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:02:05.0676 2932 WfpLwf - ok
08:02:05.0696 2932 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:02:05.0706 2932 WIMMount - ok
08:02:05.0736 2932 WinDefend - ok
08:02:05.0746 2932 WinHttpAutoProxySvc - ok
08:02:05.0776 2932 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:02:05.0816 2932 Winmgmt - ok
08:02:05.0896 2932 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:02:05.0976 2932 WinRM - ok
08:02:06.0056 2932 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:02:06.0086 2932 WinUsb - ok
08:02:06.0146 2932 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:02:06.0196 2932 Wlansvc - ok
08:02:06.0316 2932 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:02:06.0386 2932 wlidsvc - ok
08:02:06.0436 2932 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:02:06.0456 2932 WmiAcpi - ok
08:02:06.0486 2932 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:02:06.0516 2932 wmiApSrv - ok
08:02:06.0526 2932 WMPNetworkSvc - ok
08:02:06.0546 2932 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:02:06.0576 2932 WPCSvc - ok
08:02:06.0606 2932 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:02:06.0636 2932 WPDBusEnum - ok
08:02:06.0676 2932 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:02:06.0726 2932 ws2ifsl - ok
08:02:06.0756 2932 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:02:06.0786 2932 wscsvc - ok
08:02:06.0796 2932 WSearch - ok
08:02:06.0876 2932 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
08:02:06.0946 2932 wuauserv - ok
08:02:07.0006 2932 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:02:07.0056 2932 WudfPf - ok
08:02:07.0066 2932 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:02:07.0106 2932 WUDFRd - ok
08:02:07.0116 2932 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:02:07.0146 2932 wudfsvc - ok
08:02:07.0166 2932 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:02:07.0206 2932 WwanSvc - ok
08:02:07.0226 2932 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:02:07.0446 2932 \Device\Harddisk0\DR0 - ok
08:02:07.0446 2932 Boot (0x1200) (91e62438d4ebdf9296078d9bc75aed2c) \Device\Harddisk0\DR0\Partition0
08:02:07.0446 2932 \Device\Harddisk0\DR0\Partition0 - ok
08:02:07.0476 2932 Boot (0x1200) (614a617ffc07174e9e6fe1f2a5cb84ce) \Device\Harddisk0\DR0\Partition1
08:02:07.0476 2932 \Device\Harddisk0\DR0\Partition1 - ok
08:02:07.0476 2932 ============================================================
08:02:07.0476 2932 Scan finished
08:02:07.0476 2932 ============================================================
08:02:07.0486 5720 Detected object count: 1
08:02:07.0486 5720 Actual detected object count: 1
08:02:24.0026 5720 UsbService ( UnsignedFile.Multi.Generic ) - skipped by user
08:02:24.0026 5720 UsbService ( UnsignedFile.Multi.Generic ) - User select action: Skip


aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-13 18:11:58
-----------------------------
18:11:58.000 OS Version: Windows x64 6.1.7601 Service Pack 1
18:11:58.000 Number of processors: 8 586 0x1A05
18:11:58.000 ComputerName: KELVIN-PC UserName: Kelvin
18:12:02.120 Initialize success
18:12:08.480 AVAST engine defs: 12061300
18:12:16.730 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
18:12:16.730 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
18:12:16.740 Disk 0 MBR read successfully
18:12:16.740 Disk 0 MBR scan
18:12:16.750 Disk 0 Windows 7 default MBR code
18:12:16.760 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:12:16.770 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1430697 MB offset 206848
18:12:16.800 Disk 0 scanning C:\Windows\system32\drivers
18:12:27.671 Service scanning
18:12:45.313 Modules scanning
18:12:45.313 Disk 0 trace - called modules:
18:12:45.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:12:45.353 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a1b0790]
18:12:45.353 3 CLASSPNP.SYS[fffff88001bb643f] -> nt!IofCallDriver -> [0xfffffa8009f68520]
18:12:45.363 5 ACPI.sys[fffff88000d7a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8009f64680]
18:12:50.943 AVAST engine scan C:\Windows
18:12:54.164 AVAST engine scan C:\Windows\system32
18:15:53.759 AVAST engine scan C:\Windows\system32\drivers
18:16:07.711 AVAST engine scan C:\Users\Kelvin
18:36:05.999 AVAST engine scan C:\ProgramData
18:39:17.712 Scan finished successfully
18:40:04.566 Disk 0 MBR has been saved successfully to "C:\Users\Kelvin\Desktop\MBR.dat"
18:40:04.566 The log file has been saved successfully to "C:\Users\Kelvin\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 13 June 2012 - 09:00 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 kelvin6

kelvin6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 14 June 2012 - 12:33 PM

I've redone the combofix, but due to some sort of forum limitation I am unable to post it up (the forum says its too long) and I cannot attach it (the file is too big). I can email it to you (if you can send me a private message with the email) or worse comes to worse, break the log into parts and try to post it. Thanks again!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 14 June 2012 - 01:11 PM

greetings


there will be a large section called "snapshot" remove this section and try and repost it again


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 kelvin6

kelvin6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 14 June 2012 - 03:34 PM

Alright thats much better now. I also noticed that Microsoft Security Essentials don't seem to work anymore (the service won't start).

Here is the log:


ComboFix 12-06-13.05 - Kelvin 06/13/2012 19:23:21.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.11255.8675 [GMT -7:00]
Running from: c:\users\Kelvin\Desktop\ComboFix.exe
Command switches used :: c:\users\Kelvin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 )))))))))))))))))))))))))))))))
.
.
2012-06-14 02:29 . 2012-06-14 02:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-14 02:29 . 2012-06-14 02:29 -------- d-----w- c:\users\James\AppData\Local\temp
2012-06-14 02:29 . 2012-06-14 02:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 02:29 . 2012-06-14 02:29 -------- d-----w- c:\users\Bernice\AppData\Local\temp
2012-06-13 04:55 . 2012-06-13 04:56 -------- d-----w- C:\FRST
2012-06-13 02:09 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-11 03:16 . 2007-12-17 02:25 47616 ----a-w- c:\windows\system32\drivers\vuhub.sys
2012-06-08 03:57 . 2012-06-11 03:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-07 03:15 . 2012-06-07 03:15 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-07 02:30 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3CED6768-C5FB-41F1-96C3-EE5C0CE74019}\mpengine.dll
2012-06-06 02:11 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-25 03:20 . 2012-05-25 03:30 -------- d-----w- C:\simcity
2012-05-23 16:19 . 2012-05-23 16:19 -------- d-----w- c:\windows\en
2012-05-23 16:15 . 2012-05-23 16:15 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3f09871d1cd38ff01\DXSETUP.exe
2012-05-23 16:15 . 2012-05-23 16:15 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3f09871d1cd38ff01\dsetup32.dll
2012-05-23 16:15 . 2012-05-23 16:15 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3f09871d1cd38ff01\DSETUP.dll
2012-05-23 00:48 . 2012-05-23 00:48 -------- d-----w- c:\users\Kelvin\AppData\Roaming\Nuance
2012-05-23 00:44 . 2012-05-23 00:44 -------- d-----w- c:\users\Kelvin\AppData\Roaming\FLEXnet
2012-05-23 00:42 . 2012-05-23 00:42 -------- d-----w- c:\program files (x86)\Common Files\IVA
2012-05-23 00:42 . 2012-05-23 00:42 -------- d-----w- c:\program files (x86)\Common Files\Nuance
2012-05-23 00:39 . 2012-05-23 00:39 -------- d-----w- c:\programdata\Nuance
2012-05-23 00:39 . 2012-05-23 00:39 -------- d-----w- c:\programdata\FLEXnet
2012-05-23 00:39 . 2012-05-23 00:39 -------- d-----w- c:\program files (x86)\Nuance
2012-05-22 04:03 . 2012-05-22 04:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-22 04:03 . 2012-05-22 04:03 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-22 04:03 . 2012-05-22 04:03 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-17 03:35 . 2012-05-09 01:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-05-17 03:34 . 2010-11-27 01:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 14:59 . 2012-05-09 15:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 14:59 . 2011-06-07 17:48 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-22 04:16 . 2011-09-29 17:21 1905808 ----a-w- c:\windows\system32\drivers\HCW85BDA.sys
2012-05-22 04:16 . 2011-09-29 17:20 33792 ----a-w- c:\windows\system32\drivers\hcw85cir3.sys
2012-05-22 04:16 . 2011-09-29 17:20 139776 ----a-w- c:\windows\system32\hcw85enc.ax
2012-05-22 04:16 . 2011-09-29 17:20 110592 ----a-w- c:\windows\system32\hcw85prop.ax
2012-05-18 02:17 . 2010-03-23 00:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-18 02:17 . 2010-03-23 00:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-18 02:16 . 2010-06-03 01:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-04 22:56 . 2010-01-17 03:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-09 15:13 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-21 03:44 . 2010-10-25 05:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2009-06-19 02:48 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 07:58 . 2012-05-09 15:13 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-02 1242448]
"RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2010-01-29 306088]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-06-30 36864]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-05-25 5391872]
"CMCService"="c:\program files (x86)\ATI\Catalyst Media Center\CMCService.exe" [2007-08-03 172032]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\Bernice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648]
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]
AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2012-5-14 117344]
HP Button Manager.lnk - c:\program files (x86)\HP Button Manager\BM.exe [2012-5-14 266240]
MyTray.lnk - c:\windows\Installer\{685C742F-B837-42A7-80B5-98CF94F621AE}\_CD6D31DBF7077B4577E4B6.exe [2012-1-16 10134]
WinTV Recording Status.lnk - c:\program files (x86)\WinTV\WinTV7\WinTVTray.exe [2012-5-14 146944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-22 129976]
R3 NDSPCIIO;NDSPCIIO;c:\windows\system32\DRIVERS\NDSPCIIO64.SYS [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-11 490840]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [2010-09-15 21880]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-06 296808]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UsbService;ASUS Virtual MFP Service;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [2010-02-11 326144]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 23:33]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 23:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
IE: Display All Images with Full Quality - "c:\program files (x86)\JunoInternet\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files (x86)\JunoInternet\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
Trusted Zone: juno.com
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\76gxupsr.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-605799253-4213787052-3513490261-1001\Software\SecuROM\License information*]
"datasecu"=hex:41,db,89,e5,c5,10,11,7d,0a,6b,11,24,33,3c,fc,f3,f2,87,b9,af,09,
47,94,85,46,e4,d6,ae,0a,f2,fb,2f,92,34,b6,17,ab,2c,26,22,be,02,d5,16,f8,1f,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-13 19:31:45
ComboFix-quarantined-files.txt 2012-06-14 02:31
ComboFix2.txt 2012-06-13 06:46
.
Pre-Run: 1,199,508,529,152 bytes free
Post-Run: 1,199,372,505,088 bytes free
.
- - End Of File - - 4B85B0C6089803C22CCA0AC1CBF32919

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 14 June 2012 - 04:01 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kelvin6

kelvin6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 14 June 2012 - 09:21 PM

This is what gets generated:


Adobe AIR
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.5.1
Advanced SystemCare 5
Advanced Visualization 5.35.4.53 - 003
Advertising Center
AIM 7
Alien Swarm
APC PowerChute Personal Edition 3.0
Apple Application Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
ASUS Ai Charger
ASUSUpdate
Audacity 1.3.11 (Unicode)
BiAdmin
Burn4Free CD & DVD 4.9.0.0
Call of Duty: Modern Warfare 2 - Multiplayer
Catalyst Media Center
Catalyst Media Center DVD Authoring Module
CDBurnerXP
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DolbyFiles
Download Updater (AOL LLC)
DR Systems Web Ambassador
Dragon NaturallySpeaking 11
Dual-Core Optimizer
Duke Nukem Forever
DVD Shrink 3.2
EA Download Manager
EA Download Manager UI
EPSON Scan
Express Gate
Facebook Plug-In
Fraps
Garmin City Navigator North America NT 2010.30
Garmin City Navigator North America NT 2011.40 Update
Garmin City Navigator North America NT 2012.10 Update
Garmin Communicator Plugin
Garmin Lifetime Updater
Garmin MapSource
Garmin POI Loader
Garmin USB Drivers
Garmin VoiceStudio v2.10
Garmin WebUpdater
Google Earth
Google Update Helper
Grand Theft Auto IV
Handbrake 0.9.4
Hauppauge WinTV 7
HFSExplorer 0.21
HP Button Manager
HP USB Disk Storage Format Tool
HP Webcam User's Guide
ImagXpress
Internet TV for Windows Media Center
IPP Port Monitor
iSEEK AnswerWorks English Runtime
J2SE Runtime Environment 5.0 Update 17
Java Auto Updater
Java™ 6 Update 29
JMicron JMB36X Driver
Juno Internet
LAME v3.98.2 for Audacity
Malwarebytes Anti-Malware version 1.61.0.1400
MCE 2005 STB Controller
MCE Standby Tool 0.9.091
Microsoft Default Manager
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mirada Casebook
Mobile Mouse Server
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC NaViSet 1.1.26.00
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
Nero Vision
Nero Vision Help
NeroExpress
neroxml
NTFS4DOS
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.1
Parrot Software Update Tool
PDF Settings CS5
PrimoPDF -- brought to you by Nitro PDF Software
Print Server Driver
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Rockstar Games Social Club
ScanTool.net for Windows v1.20
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
SlimDX Redistributable (March 2009)
Smart Defrag 2
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Stamps.com
Steam
Street Fighter IV
The Sims™ 3
TSR Workshop
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wcaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboV
UBCD4Win 3.60
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Veoh Web Player
Visual C++ 8.0 Runtime Setup Package (x64)
Volvo - The Game
Winamp (remove only)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Center Add-in for Flash
Xiph.Org Open Codecs 0.85.17777
Xtranormal - TTS Engine
Xtranormal Desktop
Xtranormal State - Voicepack-USEnglish-Laura22k
Xtranormal State - Voicepack-USEnglish-Ryan22k




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users