Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef.AE trojan


  • This topic is locked This topic is locked
43 replies to this topic

#1 garyrbz

garyrbz

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 12 June 2012 - 05:38 PM

How do i get rid of this Sirefef.AE trojan? I have tried everything to get rid of this but now am loosing my mind cant seem to get rid of it. Please Help

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:58 PM

Posted 12 June 2012 - 07:15 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 garyrbz

garyrbz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 12 June 2012 - 08:32 PM

Here is my DDS file. Also the error popup thats showing on my eset antivirus is C:\windows\installer {cbcbd993-506d-879c2385f055}\U\80000000@ and C:\windows\system32\services.exe

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:58 PM

Posted 12 June 2012 - 09:30 PM

Hello,

Please run the following tools and post there logs.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
Do you have access to a USB Flash Drive?
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 garyrbz

garyrbz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 12 June 2012 - 10:18 PM

I have a new popup from ESET NOD it says C:\windows\System32\services.exe Threat win64\pached.B.trojan Event occured during attempt to access the file by application :C combofix\pev3XE


I do have an access to a usb flash.


Here is the Combofix log

ComboFix 12-06-12.03 - Gary 06/12/2012 20:47:59.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2247 [GMT -6:00]
Running from: c:\users\Gary\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{cbcbd993-506d-96b9-6602-879c2385f055}\@
c:\windows\Installer\{cbcbd993-506d-96b9-6602-879c2385f055}\U\00000001.@
c:\windows\Installer\{cbcbd993-506d-96b9-6602-879c2385f055}\U\800000cb.@
.
c:\windows\system32\services.exe . . . is infected!!
.
c:\windows\SysWow64\userinit.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 03:00 . 2012-06-13 03:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-13 03:00 . 2012-06-13 03:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-13 01:30 . 2012-06-13 01:30 -------- d-----w- c:\programdata\NCH Software
2012-06-13 01:30 . 2012-06-13 01:30 -------- d-----w- c:\program files (x86)\NCH Software
2012-06-12 03:50 . 2012-06-12 03:51 -------- d-----w- C:\FRST
2012-06-12 00:11 . 2012-06-12 22:04 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-06-10 16:19 . 2012-06-13 01:52 -------- d-----w- C:\Drweb
2012-06-09 23:01 . 2012-06-09 23:01 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-04 18:01 . 2005-11-05 18:34 145408 ------w- c:\windows\SysWow64\Lame.exe
2012-06-04 18:01 . 2012-06-04 18:01 -------- d-----w- c:\programdata\E-Soft
2012-06-04 18:01 . 2012-06-04 18:01 -------- d-----w- c:\programdata\Tarma Installer
2012-05-31 20:32 . 2012-05-31 20:32 1752576 ----a-w- c:\windows\SysWow64\mprdin.dll
2012-05-30 11:12 . 2012-05-30 11:12 -------- d-----w- c:\windows\SysWow64\1070
2012-05-27 16:33 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2012-05-27 16:33 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-05-27 16:33 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2012-05-27 16:33 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2012-05-27 16:33 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-05-27 16:33 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2012-05-27 16:33 . 2012-05-27 16:33 -------- d-----w- c:\program files (x86)\Xvid
2012-05-27 15:02 . 2011-01-15 20:08 153600 ----a-w- c:\windows\SysWow64\WS_ATLMovie.dll
2012-05-27 15:02 . 2012-05-27 15:02 -------- d-----w- c:\program files (x86)\Aimersoft
2012-05-27 14:38 . 2012-05-27 14:38 -------- d-----w- c:\users\Gary\AppData\Local\Xenocode
2012-05-27 14:37 . 2012-06-10 05:20 -------- d-----w- c:\program files (x86)\Gygan BETA
2012-05-27 14:37 . 2012-05-27 14:38 -------- d-----w- c:\users\Gary\AppData\Roaming\Gygan
2012-05-27 14:31 . 2008-09-24 18:41 839680 ----a-w- c:\windows\SysWow64\lameACM.acm
2012-05-27 14:31 . 2011-12-21 17:14 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2012-05-27 14:31 . 2012-05-15 18:00 79872 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-05-27 14:31 . 2012-05-27 14:32 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-05-27 14:26 . 2012-05-27 14:26 -------- d-----w- c:\programdata\Martau
2012-05-27 14:26 . 2012-05-27 14:26 -------- d-----w- c:\program files\Total Uninstall 6
2012-05-27 14:22 . 2011-12-19 22:41 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2012-05-27 14:22 . 2011-12-19 22:41 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2012-05-27 14:21 . 2011-12-19 22:41 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2012-05-27 14:21 . 2011-12-19 22:41 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2012-05-27 14:21 . 2011-12-19 22:41 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2012-05-27 14:21 . 2012-05-27 14:21 -------- d-----w- c:\users\Gary\AppData\Local\iSkysoft
2012-05-27 14:21 . 2012-05-27 14:21 -------- d-----w- c:\program files (x86)\Common Files\iSkysoft
2012-05-27 14:21 . 2011-12-09 21:35 892928 ----a-w- c:\windows\SysWow64\iconv.dll
2012-05-27 14:21 . 2011-12-09 21:35 675840 ----a-w- c:\windows\SysWow64\ac3filter.ax
2012-05-27 14:21 . 2012-05-27 14:21 -------- d-----w- c:\program files (x86)\iSkysoft
2012-05-26 17:03 . 2012-05-26 17:03 -------- d--h--w- c:\programdata\Common Files
2012-05-24 15:36 . 2012-05-24 15:36 -------- d-----w- c:\program files (x86)\MAGIX
2012-05-24 13:09 . 2012-05-24 13:09 -------- d-----w- c:\users\Gary\AppData\Roaming\MAGIX
2012-05-24 13:06 . 2012-05-24 15:36 -------- d-----w- c:\programdata\MAGIX
2012-05-24 13:06 . 2012-05-24 15:36 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2012-05-23 13:09 . 2012-05-23 13:09 -------- d-----w- c:\program files (x86)\Lame For Audacity
2012-05-22 22:36 . 2012-05-22 22:36 -------- d-----w- c:\program files (x86)\AKVIS
2012-05-21 17:14 . 2012-05-21 17:14 -------- d-----w- c:\program files (x86)\PowerISO
2012-05-21 17:14 . 2012-04-19 03:57 126912 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-05-21 00:57 . 2012-05-21 00:57 -------- d-----w- c:\users\Gary\AppData\Local\Mozilla
2012-05-20 00:49 . 2012-05-20 00:49 -------- d-----w- c:\users\Gary\AppData\Roaming\uTorrent Turbo Booster
2012-05-20 00:49 . 2012-06-10 14:39 -------- d-----w- c:\users\Gary\AppData\Roaming\Complitly
2012-05-19 10:28 . 2012-05-19 10:28 -------- d-----w- c:\program files (x86)\NirSoft
2012-05-16 14:03 . 2012-05-16 14:03 -------- d-----w- c:\users\Gary\AppData\Roaming\jdnetmon
2012-05-16 13:51 . 2012-05-16 13:59 -------- d-----w- c:\users\Gary\AppData\Roaming\jdast
2012-05-16 13:51 . 2012-05-16 13:51 -------- d-----w- c:\program files (x86)\JDAST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 03:02 . 2011-08-28 13:30 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2012-06-12 21:56 . 2012-02-10 12:49 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-05-11 01:20 . 2012-05-11 01:20 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2012-04-23 11:26 . 2012-05-03 19:07 154272 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-04-05 13:59 . 2008-05-23 12:02 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-04 21:56 . 2012-04-27 13:08 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 01:39 . !HASH: COULD NOT OPEN FILE !!!!! . 328704 . . [------] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((( SnapShot_2012-06-09_15.16.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-06-13 03:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-09 15:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-13 03:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-09 15:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-09 15:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-13 03:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2000-03-22 10:40 . 2012-06-13 03:04 53306 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-13 03:03 39060 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-08 13:10 . 2012-06-13 01:30 81920 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-13 01:30 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-09 22:59 . 2012-06-11 02:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-06-09 23:01 . 2012-06-12 00:01 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2011-09-02 05:22 . 2012-06-09 13:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-02 05:22 . 2012-06-13 01:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-31 12:34 . 2012-06-13 01:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-05-31 12:34 . 2012-06-09 13:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-02 05:22 . 2012-06-13 01:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-02 05:22 . 2012-06-09 13:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-27 15:09 . 2012-06-09 13:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-27 15:09 . 2012-06-13 01:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-27 15:09 . 2012-06-13 01:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-27 15:09 . 2012-06-09 13:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-27 11:57 . 2012-06-13 03:04 8742 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3700817450-263443993-1340972289-1000_UserData.bin
- 2012-06-09 15:15 . 2012-06-09 15:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-13 03:01 . 2012-06-13 03:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-13 03:01 . 2012-06-13 03:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-09 15:15 . 2012-06-09 15:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-27 17:18 . 2012-06-12 14:06 243768 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-06-09 12:46 659818 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-12 22:00 659818 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-09 12:46 120714 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-12 22:00 120714 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:34 . 2012-06-13 02:03 9437184 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-06-09 13:56 9437184 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-05-28 02:04 . 2012-06-13 01:30 1196032 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"cdloader"="c:\users\Gary\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-12-16 1508408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"UVS11 Preload"="c:\program files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 341232]
"DVAPTray"="c:\windows\System32\DVAPTray.exe" [2009-10-30 188416]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2012-04-05 198160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-01 634880]
"iSkysoft Helper Compact.exe"="c:\program files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe" [2012-02-28 1667072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe [2000-3-22 12862]
Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-6-21 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-12-03 10:34 35184 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2000-03-22 10:45 72248 ----a-w- c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2000-03-22 10:45 3054136 ----a-w- c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [BU]
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 XLDoctor Service;XLDoctor Service;c:\windows\system32\svchost [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 DIRECTIO;DIRECTIO;c:\bit_temp\DirectIo.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2011-09-01 450048]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [x]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [x]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [x]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [x]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [x]
R4 POSPerformanceCounters;Point Of Service Performance Counters;c:\program files (x86)\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe [2009-01-13 42056]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 CronService;Cron Service for Prey;d:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-08-10 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-07-24 306232]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 Intuit Entitlement Service v6.0;Intuit Entitlement Service v6.0;c:\program files (x86)\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2009-06-02 20480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-07-22 91984]
S2 NWHelper;Novatel Wireless Device Helper ;c:\program files (x86)\Novatel Wireless\Drivers\NWHelper.exe [2010-06-10 270336]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 QBPOSDBServiceV9;QBPOS Database Manager v9;c:\program files (x86)\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe [2009-09-01 2735480]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
DoctorService REG_MULTI_SZ XLDoctor Service
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-06 c:\windows\Tasks\At1.job
- c:\windows\SysWOW64\dnss-sd.exe [2010-07-28 00:44]
.
2012-06-06 c:\windows\Tasks\At2.job
- c:\windows\SysWOW64\SndVVol.exe [2009-07-14 01:14]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job
- c:\users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12 00:19]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job
- c:\users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12 00:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- d:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 365592]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-08-10 4030008]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;*.local
IE: ??????
IE: ??????????
IE: Download all links with IDM - d:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - d:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Download with Xilisoft YouTube HD Video Downloader - d:\program files (x86)\Xilisoft\YouTube HD Video Downloader\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: ?????? - c:\program files (x86)\Thunder Network\Thunder\Program\geturl.htm
IE: ?????????? - c:\program files (x86)\Thunder Network\Thunder\Program\getallurl.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
TCP: DhcpNameServer = 10.0.0.2
TCP: Interfaces\{345FF04F-959A-4F62-8126-89C8F43A4272}: NameServer = 200.32.248.1,200.32.249.225
FF - ProfilePath - c:\users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\li296xb7.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-VirtualDJ - c:\program files (x86)\VirtualDJ\Uninstall.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_´\00\00´\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~´\00\00´\00\00\00\00z\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000000
"ProductCode"="{50E9E32F-063A-412A-9627-553D5DA57C17}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.71.2"
"UniqueId"="0066F8B24E591D77"
"ScannerBuild"=dword:00001dd3
"ScannerVersionId"=dword:000015fe
"ScannerVersion"="ready"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files (x86)\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBDBMgrN10.exe
c:\program files (x86)\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBDBMgrN10.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
.
**************************************************************************
.
Completion time: 2012-06-12 21:09:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-13 03:09
ComboFix2.txt 2012-06-09 15:23
ComboFix3.txt 2011-11-30 18:41
.
Pre-Run: 8,546,287,616 bytes free
Post-Run: 8,754,335,744 bytes free
.
- - End Of File - - F526D44FC1B4181B81356F6C254D491D




Here is the TDSSKiller Log

20:41:14.0684 5420 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
20:41:15.0047 5420 ============================================================
20:41:15.0047 5420 Current date / time: 2012/06/12 20:41:15.0047
20:41:15.0047 5420 SystemInfo:
20:41:15.0047 5420
20:41:15.0047 5420 OS Version: 6.1.7600 ServicePack: 0.0
20:41:15.0047 5420 Product type: Workstation
20:41:15.0047 5420 ComputerName: GARY-PC
20:41:15.0047 5420 UserName: Gary
20:41:15.0047 5420 Windows directory: C:\Windows
20:41:15.0048 5420 System windows directory: C:\Windows
20:41:15.0048 5420 Running under WOW64
20:41:15.0048 5420 Processor architecture: Intel x64
20:41:15.0048 5420 Number of processors: 2
20:41:15.0048 5420 Page size: 0x1000
20:41:15.0048 5420 Boot type: Normal boot
20:41:15.0048 5420 ============================================================
20:41:15.0578 5420 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:41:15.0585 5420 ============================================================
20:41:15.0585 5420 \Device\Harddisk0\DR0:
20:41:15.0585 5420 MBR partitions:
20:41:15.0585 5420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x24A1C97, BlocksNum 0xE8E0360
20:41:15.0605 5420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10D82036, BlocksNum 0x29602C0B
20:41:15.0605 5420 ============================================================
20:41:15.0643 5420 C: <-> \Device\Harddisk0\DR0\Partition0
20:41:15.0680 5420 D: <-> \Device\Harddisk0\DR0\Partition1
20:41:15.0681 5420 ============================================================
20:41:15.0681 5420 Initialize success
20:41:15.0681 5420 ============================================================
20:41:18.0868 5460 ============================================================
20:41:18.0868 5460 Scan started
20:41:18.0868 5460 Mode: Manual;
20:41:18.0868 5460 ============================================================
20:41:19.0461 5460 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:41:19.0465 5460 1394ohci - ok
20:41:19.0508 5460 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:41:19.0515 5460 ACPI - ok
20:41:19.0548 5460 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:41:19.0549 5460 AcpiPmi - ok
20:41:19.0616 5460 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:41:19.0636 5460 adp94xx - ok
20:41:19.0693 5460 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:41:19.0697 5460 adpahci - ok
20:41:19.0724 5460 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:41:19.0726 5460 adpu320 - ok
20:41:19.0795 5460 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:41:19.0796 5460 AeLookupSvc - ok
20:41:19.0881 5460 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
20:41:19.0892 5460 AFD - ok
20:41:19.0929 5460 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:41:19.0931 5460 agp440 - ok
20:41:19.0975 5460 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:41:19.0977 5460 ALG - ok
20:41:20.0030 5460 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:41:20.0031 5460 aliide - ok
20:41:20.0063 5460 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:41:20.0064 5460 amdide - ok
20:41:20.0117 5460 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:41:20.0118 5460 AmdK8 - ok
20:41:20.0138 5460 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:41:20.0139 5460 AmdPPM - ok
20:41:20.0188 5460 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
20:41:20.0190 5460 amdsata - ok
20:41:20.0240 5460 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:41:20.0243 5460 amdsbs - ok
20:41:20.0292 5460 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
20:41:20.0293 5460 amdxata - ok
20:41:20.0356 5460 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
20:41:20.0357 5460 AmUStor - ok
20:41:20.0403 5460 anvsnddrv (e71711d37c48ac40fd3e2866a5abba51) C:\Windows\system32\drivers\anvsnddrv.sys
20:41:20.0405 5460 anvsnddrv - ok
20:41:20.0444 5460 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:41:20.0446 5460 AppID - ok
20:41:20.0475 5460 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:41:20.0476 5460 AppIDSvc - ok
20:41:20.0860 5460 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
20:41:20.0861 5460 Appinfo - ok
20:41:20.0973 5460 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:41:20.0974 5460 Apple Mobile Device - ok
20:41:21.0027 5460 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:41:21.0028 5460 arc - ok
20:41:21.0062 5460 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:41:21.0064 5460 arcsas - ok
20:41:21.0164 5460 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
20:41:21.0165 5460 ASLDRService - ok
20:41:21.0219 5460 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
20:41:21.0220 5460 ASMMAP64 - ok
20:41:21.0332 5460 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:41:21.0333 5460 aspnet_state - ok
20:41:21.0380 5460 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:41:21.0382 5460 AsyncMac - ok
20:41:21.0424 5460 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:41:21.0425 5460 atapi - ok
20:41:21.0542 5460 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
20:41:21.0599 5460 athr - ok
20:41:21.0692 5460 ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
20:41:21.0693 5460 ATKGFNEXSrv - ok
20:41:21.0859 5460 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:41:21.0865 5460 AudioEndpointBuilder - ok
20:41:21.0879 5460 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:41:21.0884 5460 AudioSrv - ok
20:41:21.0946 5460 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
20:41:21.0947 5460 AxInstSV - ok
20:41:22.0056 5460 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:41:22.0061 5460 b06bdrv - ok
20:41:22.0154 5460 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:41:22.0160 5460 b57nd60a - ok
20:41:22.0222 5460 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:41:22.0224 5460 BDESVC - ok
20:41:22.0252 5460 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:41:22.0253 5460 Beep - ok
20:41:22.0339 5460 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
20:41:22.0349 5460 BFE - ok
20:41:22.0445 5460 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
20:41:22.0455 5460 BITS - ok
20:41:22.0548 5460 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:41:22.0550 5460 blbdrive - ok
20:41:22.0659 5460 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:41:22.0666 5460 Bonjour Service - ok
20:41:22.0706 5460 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
20:41:22.0708 5460 bowser - ok
20:41:22.0742 5460 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:41:22.0743 5460 BrFiltLo - ok
20:41:22.0759 5460 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:41:22.0760 5460 BrFiltUp - ok
20:41:22.0806 5460 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:41:22.0807 5460 BridgeMP - ok
20:41:22.0852 5460 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
20:41:22.0854 5460 Browser - ok
20:41:22.0919 5460 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:41:22.0924 5460 Brserid - ok
20:41:22.0969 5460 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:41:22.0971 5460 BrSerWdm - ok
20:41:22.0987 5460 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:41:22.0987 5460 BrUsbMdm - ok
20:41:23.0000 5460 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:41:23.0001 5460 BrUsbSer - ok
20:41:23.0046 5460 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:41:23.0047 5460 BTHMODEM - ok
20:41:23.0093 5460 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:41:23.0095 5460 bthserv - ok
20:41:23.0194 5460 Capture Device Service (1778eba872274c1226d869cd9486847e) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
20:41:23.0196 5460 Capture Device Service - ok
20:41:23.0265 5460 catchme - ok
20:41:23.0301 5460 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:41:23.0303 5460 cdfs - ok
20:41:23.0352 5460 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:41:23.0355 5460 cdrom - ok
20:41:23.0409 5460 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:41:23.0410 5460 CertPropSvc - ok
20:41:23.0448 5460 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:41:23.0449 5460 circlass - ok
20:41:23.0494 5460 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:41:23.0500 5460 CLFS - ok
20:41:23.0575 5460 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:41:23.0576 5460 clr_optimization_v2.0.50727_32 - ok
20:41:23.0628 5460 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:41:23.0630 5460 clr_optimization_v2.0.50727_64 - ok
20:41:23.0728 5460 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:41:23.0730 5460 clr_optimization_v4.0.30319_32 - ok
20:41:23.0772 5460 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:41:23.0774 5460 clr_optimization_v4.0.30319_64 - ok
20:41:23.0837 5460 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:41:23.0838 5460 CmBatt - ok
20:41:23.0855 5460 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:41:23.0857 5460 cmdide - ok
20:41:23.0911 5460 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
20:41:23.0918 5460 CNG - ok
20:41:23.0970 5460 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:41:23.0971 5460 Compbatt - ok
20:41:24.0007 5460 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:41:24.0009 5460 CompositeBus - ok
20:41:24.0034 5460 COMSysApp - ok
20:41:24.0080 5460 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:41:24.0080 5460 crcdisk - ok
20:41:24.0173 5460 CronService (63a7739ac9c1e38589b3edb1daeb9df5) D:\Prey\platform\windows\cronsvc.exe
20:41:24.0174 5460 CronService - ok
20:41:24.0240 5460 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
20:41:24.0242 5460 CryptSvc - ok
20:41:24.0335 5460 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:41:24.0343 5460 DcomLaunch - ok
20:41:24.0413 5460 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:41:24.0417 5460 defragsvc - ok
20:41:24.0462 5460 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
20:41:24.0464 5460 DfsC - ok
20:41:24.0517 5460 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
20:41:24.0520 5460 Dhcp - ok
20:41:24.0537 5460 DIRECTIO - ok
20:41:24.0564 5460 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:41:24.0565 5460 discache - ok
20:41:24.0597 5460 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:41:24.0599 5460 Disk - ok
20:41:24.0653 5460 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
20:41:24.0655 5460 Dnscache - ok
20:41:24.0694 5460 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
20:41:24.0698 5460 dot3svc - ok
20:41:24.0719 5460 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
20:41:24.0722 5460 DPS - ok
20:41:24.0760 5460 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:41:24.0761 5460 drmkaud - ok
20:41:24.0845 5460 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
20:41:24.0861 5460 DXGKrnl - ok
20:41:24.0953 5460 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
20:41:24.0956 5460 eamonm - ok
20:41:24.0994 5460 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:41:24.0996 5460 EapHost - ok
20:41:25.0201 5460 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:41:25.0280 5460 ebdrv - ok
20:41:25.0390 5460 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
20:41:25.0392 5460 EFS - ok
20:41:25.0458 5460 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
20:41:25.0461 5460 ehdrv - ok
20:41:25.0564 5460 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
20:41:25.0571 5460 ehRecvr - ok
20:41:25.0597 5460 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:41:25.0598 5460 ehSched - ok
20:41:25.0794 5460 ekrn (f0eebac2f362aa866188a1c0ef819cb9) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
20:41:25.0801 5460 ekrn - ok
20:41:25.0979 5460 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:41:25.0985 5460 elxstor - ok
20:41:26.0059 5460 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
20:41:26.0062 5460 epfwwfpr - ok
20:41:26.0111 5460 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:41:26.0112 5460 ErrDev - ok
20:41:26.0167 5460 ETD (5cd1005b9bc241c3ab8501d5fbf09fd4) C:\Windows\system32\DRIVERS\ETD.sys
20:41:26.0170 5460 ETD - ok
20:41:26.0245 5460 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:41:26.0251 5460 EventSystem - ok
20:41:26.0299 5460 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:41:26.0302 5460 exfat - ok
20:41:26.0422 5460 Fabs - ok
20:41:26.0542 5460 FastBootAgent (8c89f06dbc239492e0aaaa0b0d8645ea) C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
20:41:26.0544 5460 FastBootAgent - ok
20:41:26.0588 5460 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:41:26.0590 5460 fastfat - ok
20:41:26.0677 5460 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
20:41:26.0685 5460 Fax - ok
20:41:26.0706 5460 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:41:26.0707 5460 fdc - ok
20:41:26.0726 5460 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:41:26.0728 5460 fdPHost - ok
20:41:26.0747 5460 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:41:26.0748 5460 FDResPub - ok
20:41:26.0779 5460 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:41:26.0781 5460 FileInfo - ok
20:41:26.0798 5460 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:41:26.0800 5460 Filetrace - ok
20:41:26.0881 5460 FirebirdGuardianDefaultInstance (1a18ebd87aa9fbf6efe8cfada08d0275) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
20:41:26.0883 5460 FirebirdGuardianDefaultInstance - ok
20:41:27.0081 5460 FirebirdServerDefaultInstance (53c740150c082aaf3c7d21c1d6a9ff98) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
20:41:27.0104 5460 FirebirdServerDefaultInstance - ok
20:41:27.0397 5460 FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
20:41:27.0438 5460 FirebirdServerMAGIXInstance - ok
20:41:27.0567 5460 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:41:27.0568 5460 flpydisk - ok
20:41:27.0610 5460 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:41:27.0614 5460 FltMgr - ok
20:41:27.0717 5460 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
20:41:27.0750 5460 FontCache - ok
20:41:27.0823 5460 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:41:27.0824 5460 FontCache3.0.0.0 - ok
20:41:27.0889 5460 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:41:27.0890 5460 FsDepends - ok
20:41:27.0914 5460 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:41:27.0915 5460 Fs_Rec - ok
20:41:27.0963 5460 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
20:41:27.0966 5460 fvevol - ok
20:41:27.0988 5460 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:41:27.0989 5460 gagp30kx - ok
20:41:28.0028 5460 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:41:28.0030 5460 GEARAspiWDM - ok
20:41:28.0116 5460 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
20:41:28.0125 5460 gpsvc - ok
20:41:28.0298 5460 GSService (9d3cb0ca88cb9b39a11b882d7e77cb2c) C:\Windows\SysWOW64\GSService.exe
20:41:28.0302 5460 GSService - ok
20:41:28.0443 5460 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:41:28.0444 5460 hcw85cir - ok
20:41:28.0504 5460 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:41:28.0509 5460 HdAudAddService - ok
20:41:28.0547 5460 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:41:28.0549 5460 HDAudBus - ok
20:41:28.0569 5460 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:41:28.0571 5460 HidBatt - ok
20:41:28.0598 5460 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:41:28.0601 5460 HidBth - ok
20:41:28.0625 5460 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:41:28.0627 5460 HidIr - ok
20:41:28.0653 5460 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:41:28.0655 5460 hidserv - ok
20:41:28.0718 5460 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:41:28.0719 5460 HidUsb - ok
20:41:28.0753 5460 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
20:41:28.0756 5460 hkmsvc - ok
20:41:28.0790 5460 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
20:41:28.0794 5460 HomeGroupListener - ok
20:41:28.0841 5460 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
20:41:28.0845 5460 HomeGroupProvider - ok
20:41:28.0866 5460 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:41:28.0868 5460 HpSAMD - ok
20:41:28.0923 5460 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
20:41:28.0924 5460 HTCAND64 - ok
20:41:29.0009 5460 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
20:41:29.0010 5460 htcnprot - ok
20:41:29.0085 5460 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:41:29.0093 5460 HTTP - ok
20:41:29.0138 5460 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:41:29.0139 5460 hwpolicy - ok
20:41:29.0170 5460 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:41:29.0172 5460 i8042prt - ok
20:41:29.0235 5460 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
20:41:29.0239 5460 iaStor - ok
20:41:29.0288 5460 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
20:41:29.0293 5460 iaStorV - ok
20:41:29.0362 5460 IDMWFP (2a63036283b36b3b68cdc6f85a7d53ed) C:\Windows\system32\DRIVERS\idmwfp.sys
20:41:29.0365 5460 IDMWFP - ok
20:41:29.0483 5460 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:41:29.0484 5460 IDriverT - ok
20:41:29.0572 5460 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:41:29.0581 5460 idsvc - ok
20:41:29.0950 5460 igfx (ac4b14e985b2bb19386cc8203fe49bcd) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:41:30.0104 5460 igfx - ok
20:41:30.0231 5460 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:41:30.0232 5460 iirsp - ok
20:41:30.0335 5460 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
20:41:30.0344 5460 IKEEXT - ok
20:41:30.0364 5460 IMT0521 - ok
20:41:30.0391 5460 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:41:30.0392 5460 intelide - ok
20:41:30.0429 5460 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:41:30.0430 5460 intelppm - ok
20:41:30.0554 5460 Intuit Entitlement Service v6.0 (d057df46b913ac54200dfd0edb2909ce) C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
20:41:30.0555 5460 Intuit Entitlement Service v6.0 - ok
20:41:30.0576 5460 IntuitUpdateService (7bdb4e00e1cb174b56e5b2c31dde68a7) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
20:41:30.0576 5460 IntuitUpdateService - ok
20:41:30.0625 5460 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:41:30.0627 5460 IPBusEnum - ok
20:41:30.0674 5460 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:41:30.0677 5460 IpFilterDriver - ok
20:41:30.0772 5460 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
20:41:30.0778 5460 iphlpsvc - ok
20:41:30.0809 5460 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:41:30.0811 5460 IPMIDRV - ok
20:41:30.0858 5460 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:41:30.0861 5460 IPNAT - ok
20:41:31.0003 5460 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:41:31.0009 5460 iPod Service - ok
20:41:31.0050 5460 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:41:31.0051 5460 IRENUM - ok
20:41:31.0077 5460 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:41:31.0078 5460 isapnp - ok
20:41:31.0114 5460 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:41:31.0118 5460 iScsiPrt - ok
20:41:31.0170 5460 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
20:41:31.0171 5460 ivusb - ok
20:41:31.0213 5460 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:41:31.0215 5460 kbdclass - ok
20:41:31.0247 5460 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:41:31.0248 5460 kbdhid - ok
20:41:31.0282 5460 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
20:41:31.0284 5460 kbfiltr - ok
20:41:31.0323 5460 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
20:41:31.0325 5460 KeyIso - ok
20:41:31.0349 5460 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
20:41:31.0351 5460 KSecDD - ok
20:41:31.0387 5460 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
20:41:31.0389 5460 KSecPkg - ok
20:41:31.0409 5460 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:41:31.0411 5460 ksthunk - ok
20:41:31.0472 5460 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:41:31.0477 5460 KtmRm - ok
20:41:31.0523 5460 L1E (1541d77d3eb41177bd7026d49948aa95) C:\Windows\system32\DRIVERS\L1E62x64.sys
20:41:31.0525 5460 L1E - ok
20:41:31.0579 5460 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll
20:41:31.0583 5460 LanmanServer - ok
20:41:31.0615 5460 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
20:41:31.0618 5460 LanmanWorkstation - ok
20:41:31.0673 5460 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:41:31.0674 5460 lltdio - ok
20:41:31.0734 5460 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:41:31.0739 5460 lltdsvc - ok
20:41:31.0764 5460 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:41:31.0766 5460 lmhosts - ok
20:41:31.0834 5460 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:41:31.0837 5460 LSI_FC - ok
20:41:31.0860 5460 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:41:31.0862 5460 LSI_SAS - ok
20:41:31.0882 5460 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:41:31.0883 5460 LSI_SAS2 - ok
20:41:31.0918 5460 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:41:31.0919 5460 LSI_SCSI - ok
20:41:31.0949 5460 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:41:31.0950 5460 luafv - ok
20:41:31.0994 5460 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
20:41:31.0995 5460 lullaby - ok
20:41:32.0046 5460 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:41:32.0047 5460 MBAMProtector - ok
20:41:32.0167 5460 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:41:32.0172 5460 MBAMService - ok
20:41:32.0192 5460 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:41:32.0194 5460 megasas - ok
20:41:32.0245 5460 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:41:32.0248 5460 MegaSR - ok
20:41:32.0279 5460 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:41:32.0281 5460 MMCSS - ok
20:41:32.0310 5460 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:41:32.0311 5460 Modem - ok
20:41:32.0333 5460 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:41:32.0334 5460 monitor - ok
20:41:32.0389 5460 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
20:41:32.0389 5460 motmodem - ok
20:41:32.0429 5460 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:41:32.0430 5460 mouclass - ok
20:41:32.0454 5460 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:41:32.0455 5460 mouhid - ok
20:41:32.0478 5460 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:41:32.0480 5460 mountmgr - ok
20:41:32.0517 5460 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:41:32.0519 5460 mpio - ok
20:41:32.0543 5460 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:41:32.0545 5460 mpsdrv - ok
20:41:32.0668 5460 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
20:41:32.0678 5460 MpsSvc - ok
20:41:32.0717 5460 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:41:32.0720 5460 MRxDAV - ok
20:41:32.0752 5460 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:41:32.0755 5460 mrxsmb - ok
20:41:32.0791 5460 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:41:32.0795 5460 mrxsmb10 - ok
20:41:32.0824 5460 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:41:32.0826 5460 mrxsmb20 - ok
20:41:32.0862 5460 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:41:32.0863 5460 msahci - ok
20:41:32.0903 5460 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:41:32.0905 5460 msdsm - ok
20:41:32.0950 5460 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:41:32.0953 5460 MSDTC - ok
20:41:32.0992 5460 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:41:32.0994 5460 Msfs - ok
20:41:33.0034 5460 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:41:33.0035 5460 mshidkmdf - ok
20:41:33.0059 5460 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:41:33.0060 5460 msisadrv - ok
20:41:33.0118 5460 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:41:33.0121 5460 MSiSCSI - ok
20:41:33.0133 5460 msiserver - ok
20:41:33.0172 5460 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:41:33.0173 5460 MSKSSRV - ok
20:41:33.0199 5460 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:41:33.0200 5460 MSPCLOCK - ok
20:41:33.0213 5460 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:41:33.0214 5460 MSPQM - ok
20:41:33.0263 5460 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:41:33.0268 5460 MsRPC - ok
20:41:33.0298 5460 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:41:33.0299 5460 mssmbios - ok
20:41:33.0319 5460 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:41:33.0320 5460 MSTEE - ok
20:41:33.0354 5460 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:41:33.0355 5460 MTConfig - ok
20:41:33.0400 5460 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
20:41:33.0401 5460 MTsensor - ok
20:41:33.0430 5460 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:41:33.0432 5460 Mup - ok
20:41:33.0496 5460 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
20:41:33.0502 5460 napagent - ok
20:41:33.0582 5460 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:41:33.0597 5460 NativeWifiP - ok
20:41:33.0728 5460 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files (x86)\Nero\Update\NASvc.exe
20:41:33.0732 5460 NAUpdate - ok
20:41:33.0841 5460 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:41:33.0851 5460 NDIS - ok
20:41:33.0902 5460 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:41:33.0903 5460 NdisCap - ok
20:41:33.0941 5460 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:41:33.0942 5460 NdisTapi - ok
20:41:33.0966 5460 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:41:33.0968 5460 Ndisuio - ok
20:41:34.0002 5460 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:41:34.0006 5460 NdisWan - ok
20:41:34.0036 5460 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:41:34.0038 5460 NDProxy - ok
20:41:34.0062 5460 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:41:34.0063 5460 NetBIOS - ok
20:41:34.0108 5460 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:41:34.0126 5460 NetBT - ok
20:41:34.0202 5460 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
20:41:34.0204 5460 Netlogon - ok
20:41:34.0262 5460 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:41:34.0267 5460 Netman - ok
20:41:34.0388 5460 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:41:34.0389 5460 NetMsmqActivator - ok
20:41:34.0403 5460 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:41:34.0405 5460 NetPipeActivator - ok
20:41:34.0458 5460 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:41:34.0465 5460 netprofm - ok
20:41:34.0549 5460 netr7364 (4d457321124ef6031875da01e9c402b3) C:\Windows\system32\DRIVERS\netr7364.sys
20:41:34.0553 5460 netr7364 - ok
20:41:34.0565 5460 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:41:34.0567 5460 NetTcpActivator - ok
20:41:34.0578 5460 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:41:34.0580 5460 NetTcpPortSharing - ok
20:41:34.0620 5460 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:41:34.0621 5460 nfrd960 - ok
20:41:34.0701 5460 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
20:41:34.0706 5460 NlaSvc - ok
20:41:34.0763 5460 NMIndexingService - ok
20:41:34.0814 5460 nmwcd (5fe6f8c05f0769bbb74afac11453b182) C:\Windows\system32\drivers\ccdcmbx64.sys
20:41:34.0815 5460 nmwcd - ok
20:41:34.0861 5460 nmwcdc (73c929945c0850b8d1fe2fea05fdf05d) C:\Windows\system32\drivers\ccdcmbox64.sys
20:41:34.0862 5460 nmwcdc - ok
20:41:34.0887 5460 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:41:34.0889 5460 Npfs - ok
20:41:34.0917 5460 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:41:34.0919 5460 nsi - ok
20:41:34.0948 5460 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:41:34.0950 5460 nsiproxy - ok
20:41:35.0100 5460 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
20:41:35.0142 5460 Ntfs - ok
20:41:35.0281 5460 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:41:35.0282 5460 Null - ok
20:41:35.0324 5460 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
20:41:35.0326 5460 nvraid - ok
20:41:35.0364 5460 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
20:41:35.0366 5460 nvstor - ok
20:41:35.0461 5460 NvtlService (8fe118d3ac82c868746e38b5e670e82c) C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
20:41:35.0462 5460 NvtlService - ok
20:41:35.0495 5460 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:41:35.0497 5460 nv_agp - ok
20:41:35.0546 5460 NWADI (6eeb54e34603dd417ece187c8402320a) C:\Windows\system32\DRIVERS\NWADIenum.sys
20:41:35.0550 5460 NWADI - ok
20:41:35.0585 5460 NWHelper (cfd6c86499ddcfa795a5f312102d05aa) C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe
20:41:35.0588 5460 NWHelper - ok
20:41:35.0620 5460 NWUSBModem_000 (a66e23d2684af82930486749584491e3) C:\Windows\system32\DRIVERS\nwusbmdm_000.sys
20:41:35.0623 5460 NWUSBModem_000 - ok
20:41:35.0674 5460 NWUSBPort2_000 (a66e23d2684af82930486749584491e3) C:\Windows\system32\DRIVERS\nwusbser2_000.sys
20:41:35.0677 5460 NWUSBPort2_000 - ok
20:41:35.0719 5460 NWUSBPort_000 (a66e23d2684af82930486749584491e3) C:\Windows\system32\DRIVERS\nwusbser_000.sys
20:41:35.0722 5460 NWUSBPort_000 - ok
20:41:35.0843 5460 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:41:35.0847 5460 odserv - ok
20:41:35.0882 5460 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:41:35.0883 5460 ohci1394 - ok
20:41:36.0031 5460 OpenVPNService (a861b4223b6b8ee13e1a5f7199b7e6c5) C:\Program Files\personalVPN\bin\openvpnserv.exe
20:41:36.0032 5460 OpenVPNService - ok
20:41:36.0089 5460 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:41:36.0090 5460 ose - ok
20:41:36.0143 5460 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:41:36.0153 5460 p2pimsvc - ok
20:41:36.0214 5460 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:41:36.0221 5460 p2psvc - ok
20:41:36.0268 5460 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:41:36.0269 5460 Parport - ok
20:41:36.0299 5460 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:41:36.0301 5460 partmgr - ok
20:41:36.0404 5460 PassThru Service (39b9dcd7040654c2e57d7396736c718e) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
20:41:36.0405 5460 PassThru Service - ok
20:41:36.0446 5460 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:41:36.0449 5460 PcaSvc - ok
20:41:36.0499 5460 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:41:36.0501 5460 pccsmcfd - ok
20:41:36.0537 5460 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:41:36.0540 5460 pci - ok
20:41:36.0571 5460 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:41:36.0572 5460 pciide - ok
20:41:36.0609 5460 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:41:36.0612 5460 pcmcia - ok
20:41:36.0640 5460 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:41:36.0642 5460 pcw - ok
20:41:36.0707 5460 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:41:36.0719 5460 PEAUTH - ok
20:41:36.0815 5460 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:41:36.0816 5460 PerfHost - ok
20:41:37.0015 5460 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
20:41:37.0064 5460 pla - ok
20:41:37.0112 5460 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
20:41:37.0118 5460 PlugPlay - ok
20:41:37.0145 5460 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:41:37.0152 5460 PNRPAutoReg - ok
20:41:37.0199 5460 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:41:37.0203 5460 PNRPsvc - ok
20:41:37.0273 5460 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
20:41:37.0279 5460 PolicyAgent - ok
20:41:37.0355 5460 POSPerformanceCounters (a012d02f3cf9eaa4d6cd4d81f79a480f) C:\Program Files (x86)\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe
20:41:37.0356 5460 POSPerformanceCounters - ok
20:41:37.0387 5460 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:41:37.0391 5460 Power - ok
20:41:37.0467 5460 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:41:37.0469 5460 PptpMiniport - ok
20:41:37.0491 5460 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:41:37.0492 5460 Processor - ok
20:41:37.0545 5460 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
20:41:37.0549 5460 ProfSvc - ok
20:41:37.0591 5460 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
20:41:37.0592 5460 ProtectedStorage - ok
20:41:37.0645 5460 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:41:37.0652 5460 Psched - ok
20:41:37.0858 5460 QBPOSDBServiceV9 (4779a33e85fbb3bc9d94a591c08509aa) C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe
20:41:37.0875 5460 QBPOSDBServiceV9 - ok
20:41:38.0120 5460 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:41:38.0166 5460 ql2300 - ok
20:41:38.0312 5460 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:41:38.0314 5460 ql40xx - ok
20:41:38.0366 5460 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:41:38.0374 5460 QWAVE - ok
20:41:38.0404 5460 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:41:38.0406 5460 QWAVEdrv - ok
20:41:38.0469 5460 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
20:41:38.0471 5460 RapiMgr - ok
20:41:38.0494 5460 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:41:38.0495 5460 RasAcd - ok
20:41:38.0536 5460 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:41:38.0537 5460 RasAgileVpn - ok
20:41:38.0580 5460 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:41:38.0582 5460 RasAuto - ok
20:41:38.0613 5460 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:41:38.0617 5460 Rasl2tp - ok
20:41:38.0662 5460 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
20:41:38.0674 5460 RasMan - ok
20:41:38.0702 5460 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:41:38.0704 5460 RasPppoe - ok
20:41:38.0728 5460 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:41:38.0730 5460 RasSstp - ok
20:41:38.0776 5460 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:41:38.0781 5460 rdbss - ok
20:41:38.0801 5460 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:41:38.0802 5460 rdpbus - ok
20:41:38.0827 5460 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:41:38.0828 5460 RDPCDD - ok
20:41:38.0865 5460 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:41:38.0866 5460 RDPENCDD - ok
20:41:38.0884 5460 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:41:38.0885 5460 RDPREFMP - ok
20:41:38.0921 5460 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
20:41:38.0924 5460 RDPWD - ok
20:41:38.0980 5460 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:41:38.0983 5460 rdyboost - ok
20:41:39.0036 5460 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:41:39.0039 5460 RemoteRegistry - ok
20:41:39.0198 5460 RichVideo64 (0b169fe016039571ecc6db70073f8979) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
20:41:39.0204 5460 RichVideo64 - ok
20:41:39.0252 5460 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
20:41:39.0254 5460 RimUsb - ok
20:41:39.0296 5460 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
20:41:39.0298 5460 RimVSerPort - ok
20:41:39.0336 5460 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
20:41:39.0338 5460 ROOTMODEM - ok
20:41:39.0376 5460 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:41:39.0379 5460 RpcEptMapper - ok
20:41:39.0418 5460 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:41:39.0420 5460 RpcLocator - ok
20:41:39.0489 5460 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:41:39.0494 5460 RpcSs - ok
20:41:39.0531 5460 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:41:39.0533 5460 rspndr - ok
20:41:39.0557 5460 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
20:41:39.0559 5460 SamSs - ok
20:41:39.0583 5460 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:41:39.0584 5460 sbp2port - ok
20:41:39.0630 5460 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:41:39.0634 5460 SCardSvr - ok
20:41:39.0700 5460 SCDEmu (741b338d675fe20b779e7effa55032fe) C:\Windows\system32\drivers\SCDEmu.sys
20:41:39.0702 5460 SCDEmu - ok
20:41:39.0736 5460 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:41:39.0737 5460 scfilter - ok
20:41:39.0846 5460 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
20:41:39.0893 5460 Schedule - ok
20:41:39.0931 5460 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:41:39.0932 5460 SCPolicySvc - ok
20:41:39.0944 5460 SCR33X USB Smart Card Reader - ok
20:41:39.0974 5460 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
20:41:39.0978 5460 SDRSVC - ok
20:41:40.0017 5460 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:41:40.0018 5460 secdrv - ok
20:41:40.0046 5460 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
20:41:40.0049 5460 seclogon - ok
20:41:40.0075 5460 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:41:40.0078 5460 SENS - ok
20:41:40.0120 5460 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:41:40.0122 5460 SensrSvc - ok
20:41:40.0149 5460 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:41:40.0149 5460 Serenum - ok
20:41:40.0205 5460 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:41:40.0206 5460 Serial - ok
20:41:40.0226 5460 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:41:40.0227 5460 sermouse - ok
20:41:40.0365 5460 ServiceLayer (e802089fec30a95fdfd218995308f9b3) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
20:41:40.0370 5460 ServiceLayer - ok
20:41:40.0436 5460 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
20:41:40.0440 5460 SessionEnv - ok
20:41:40.0485 5460 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:41:40.0486 5460 sffdisk - ok
20:41:40.0499 5460 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:41:40.0500 5460 sffp_mmc - ok
20:41:40.0535 5460 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:41:40.0536 5460 sffp_sd - ok
20:41:40.0555 5460 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:41:40.0555 5460 sfloppy - ok
20:41:40.0627 5460 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:41:40.0641 5460 SharedAccess - ok
20:41:40.0694 5460 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
20:41:40.0700 5460 ShellHWDetection - ok
20:41:40.0739 5460 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
20:41:40.0740 5460 SiSGbeLH - ok
20:41:40.0755 5460 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:41:40.0756 5460 SiSRaid2 - ok
20:41:40.0781 5460 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:41:40.0783 5460 SiSRaid4 - ok
20:41:40.0814 5460 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:41:40.0816 5460 Smb - ok
20:41:40.0878 5460 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:41:40.0881 5460 SNMPTRAP - ok
20:41:41.0036 5460 SNP2UVC (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys
20:41:41.0087 5460 SNP2UVC - ok
20:41:41.0212 5460 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:41:41.0213 5460 spldr - ok
20:41:41.0278 5460 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
20:41:41.0286 5460 Spooler - ok
20:41:41.0490 5460 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
20:41:41.0575 5460 sppsvc - ok
20:41:41.0702 5460 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:41:41.0704 5460 sppuinotify - ok
20:41:41.0780 5460 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
20:41:41.0785 5460 srv - ok
20:41:41.0828 5460 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
20:41:41.0833 5460 srv2 - ok
20:41:41.0867 5460 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
20:41:41.0870 5460 srvnet - ok
20:41:41.0926 5460 sscebus (f74634f46692c8315e7f37f698af3225) C:\Windows\system32\DRIVERS\sscebus.sys
20:41:41.0928 5460 sscebus - ok
20:41:41.0971 5460 sscemdfl (82732b391efd69b0548044be9cb37bfc) C:\Windows\system32\DRIVERS\sscemdfl.sys
20:41:41.0972 5460 sscemdfl - ok
20:41:42.0013 5460 sscemdm (43d56ace4469d90f9790e8352d87d9b5) C:\Windows\system32\DRIVERS\sscemdm.sys
20:41:42.0016 5460 sscemdm - ok
20:41:42.0073 5460 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:41:42.0077 5460 SSDPSRV - ok
20:41:42.0122 5460 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:41:42.0126 5460 SstpSvc - ok
20:41:42.0193 5460 ss_bus (d21ff3592daee244ee8376830a672b52) C:\Windows\system32\DRIVERS\ss_bus.sys
20:41:42.0195 5460 ss_bus - ok
20:41:42.0225 5460 ss_mdfl (451db3d10e6112e06b4506d4a7becec1) C:\Windows\system32\DRIVERS\ss_mdfl.sys
20:41:42.0226 5460 ss_mdfl - ok
20:41:42.0251 5460 ss_mdm (ef40c8a268a5263a0ef48fed8e57cbed) C:\Windows\system32\DRIVERS\ss_mdm.sys
20:41:42.0253 5460 ss_mdm - ok
20:41:42.0282 5460 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:41:42.0283 5460 stexstor - ok
20:41:42.0356 5460 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
20:41:42.0365 5460 stisvc - ok
20:41:42.0387 5460 StkMini - ok
20:41:42.0398 5460 StkScan - ok
20:41:42.0425 5460 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:41:42.0427 5460 swenum - ok
20:41:42.0488 5460 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:41:42.0495 5460 swprv - ok
20:41:42.0618 5460 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
20:41:42.0672 5460 SysMain - ok
20:41:42.0791 5460 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
20:41:42.0794 5460 TabletInputService - ok
20:41:42.0851 5460 tap0901 (0554664fa66bfd1d31f864c66381f35b) C:\Windows\system32\DRIVERS\tap0901.sys
20:41:42.0852 5460 tap0901 - ok
20:41:42.0895 5460 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
20:41:42.0901 5460 TapiSrv - ok
20:41:42.0935 5460 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:41:42.0937 5460 TBS - ok
20:41:43.0081 5460 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
20:41:43.0141 5460 Tcpip - ok
20:41:43.0395 5460 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
20:41:43.0412 5460 TCPIP6 - ok
20:41:43.0496 5460 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:41:43.0497 5460 tcpipreg - ok
20:41:43.0529 5460 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:41:43.0530 5460 TDPIPE - ok
20:41:43.0547 5460 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:41:43.0548 5460 TDTCP - ok
20:41:43.0578 5460 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:41:43.0580 5460 tdx - ok
20:41:43.0818 5460 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
20:41:43.0835 5460 TeamViewer7 - ok
20:41:43.0962 5460 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:41:43.0963 5460 TermDD - ok
20:41:44.0050 5460 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
20:41:44.0060 5460 TermService - ok
20:41:44.0115 5460 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:41:44.0118 5460 Themes - ok
20:41:44.0161 5460 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:41:44.0163 5460 THREADORDER - ok
20:41:44.0201 5460 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:41:44.0204 5460 TrkWks - ok
20:41:44.0278 5460 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
20:41:44.0280 5460 TrustedInstaller - ok
20:41:44.0307 5460 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:41:44.0309 5460 tssecsrv - ok
20:41:44.0372 5460 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:41:44.0374 5460 tunnel - ok
20:41:44.0411 5460 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:41:44.0412 5460 uagp35 - ok
20:41:44.0459 5460 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:41:44.0463 5460 udfs - ok
20:41:44.0513 5460 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:41:44.0516 5460 UI0Detect - ok
20:41:44.0531 5460 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:41:44.0532 5460 uliagpkx - ok
20:41:44.0579 5460 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:41:44.0581 5460 umbus - ok
20:41:44.0606 5460 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:41:44.0607 5460 UmPass - ok
20:41:44.0677 5460 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:41:44.0683 5460 upnphost - ok
20:41:44.0737 5460 upperdev (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
20:41:44.0738 5460 upperdev - ok
20:41:44.0790 5460 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:41:44.0791 5460 USBAAPL64 - ok
20:41:44.0859 5460 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
20:41:44.0862 5460 usbaudio - ok
20:41:44.0894 5460 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
20:41:44.0896 5460 usbccgp - ok
20:41:44.0940 5460 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:41:44.0941 5460 usbcir - ok
20:41:44.0969 5460 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
20:41:44.0971 5460 usbehci - ok
20:41:45.0031 5460 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
20:41:45.0047 5460 usbhub - ok
20:41:45.0105 5460 usbio (5c4219c10b5887dff85e1d2779aed55b) C:\Windows\system32\Drivers\dsiarhwprog_x64.sys
20:41:45.0106 5460 usbio - ok
20:41:45.0135 5460 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:41:45.0136 5460 usbohci - ok
20:41:45.0181 5460 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:41:45.0182 5460 usbprint - ok
20:41:45.0221 5460 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:41:45.0222 5460 usbscan - ok
20:41:45.0271 5460 usbser (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys
20:41:45.0272 5460 usbser - ok
20:41:45.0296 5460 UsbserFilt (aa75e1efbee7186b4cbaaacf1f15e6ca) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
20:41:45.0297 5460 UsbserFilt - ok
20:41:45.0329 5460 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:41:45.0331 5460 USBSTOR - ok
20:41:45.0352 5460 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:41:45.0353 5460 usbuhci - ok
20:41:45.0411 5460 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
20:41:45.0414 5460 usbvideo - ok
20:41:45.0465 5460 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
20:41:45.0466 5460 usb_rndisx - ok
20:41:45.0504 5460 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:41:45.0507 5460 UxSms - ok
20:41:45.0545 5460 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
20:41:45.0547 5460 VaultSvc - ok
20:41:45.0568 5460 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:41:45.0569 5460 vdrvroot - ok
20:41:45.0619 5460 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
20:41:45.0626 5460 vds - ok
20:41:45.0672 5460 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:41:45.0673 5460 vga - ok
20:41:45.0691 5460 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:41:45.0693 5460 VgaSave - ok
20:41:45.0732 5460 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:41:45.0734 5460 vhdmp - ok
20:41:45.0859 5460 VIAHdAudAddService (fe595d1a1b781190bb483444b62cc607) C:\Windows\system32\drivers\viahduaa.sys
20:41:45.0914 5460 VIAHdAudAddService - ok
20:41:45.0947 5460 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:41:45.0948 5460 viaide - ok
20:41:45.0974 5460 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:41:45.0976 5460 volmgr - ok
20:41:46.0017 5460 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:41:46.0022 5460 volmgrx - ok
20:41:46.0063 5460 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:41:46.0068 5460 volsnap - ok
20:41:46.0103 5460 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:41:46.0105 5460 vsmraid - ok
20:41:46.0254 5460 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
20:41:46.0307 5460 VSS - ok
20:41:46.0431 5460 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:41:46.0433 5460 vwifibus - ok
20:41:46.0451 5460 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:41:46.0453 5460 vwififlt - ok
20:41:46.0502 5460 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:41:46.0508 5460 W32Time - ok
20:41:46.0532 5460 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:41:46.0534 5460 WacomPen - ok
20:41:46.0564 5460 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:41:46.0566 5460 WANARP - ok
20:41:46.0592 5460 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:41:46.0593 5460 Wanarpv6 - ok
20:41:46.0710 5460 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
20:41:46.0766 5460 wbengine - ok
20:41:46.0901 5460 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:41:46.0910 5460 WbioSrvc - ok
20:41:46.0985 5460 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
20:41:46.0989 5460 WcesComm - ok
20:41:47.0035 5460 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
20:41:47.0043 5460 wcncsvc - ok
20:41:47.0090 5460 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:41:47.0093 5460 WcsPlugInService - ok
20:41:47.0149 5460 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:41:47.0151 5460 Wd - ok
20:41:47.0212 5460 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:41:47.0220 5460 Wdf01000 - ok
20:41:47.0248 5460 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:41:47.0251 5460 WdiServiceHost - ok
20:41:47.0262 5460 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:41:47.0265 5460 WdiSystemHost - ok
20:41:47.0325 5460 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
20:41:47.0332 5460 WebClient - ok
20:41:47.0375 5460 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:41:47.0379 5460 Wecsvc - ok
20:41:47.0414 5460 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:41:47.0417 5460 wercplsupport - ok
20:41:47.0459 5460 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:41:47.0461 5460 WerSvc - ok
20:41:47.0536 5460 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:41:47.0537 5460 WfpLwf - ok
20:41:47.0602 5460 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
20:41:47.0604 5460 WimFltr - ok
20:41:47.0628 5460 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:41:47.0630 5460 WIMMount - ok
20:41:47.0705 5460 WinDefend - ok
20:41:47.0727 5460 WinHttpAutoProxySvc - ok
20:41:47.0812 5460 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:41:47.0815 5460 Winmgmt - ok
20:41:47.0962 5460 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
20:41:48.0032 5460 WinRM - ok
20:41:48.0209 5460 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
20:41:48.0211 5460 WinUsb - ok
20:41:48.0292 5460 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:41:48.0303 5460 Wlansvc - ok
20:41:48.0339 5460 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:41:48.0340 5460 WmiAcpi - ok
20:41:48.0437 5460 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:41:48.0440 5460 wmiApSrv - ok
20:41:48.0500 5460 WMPNetworkSvc - ok
20:41:48.0527 5460 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:41:48.0530 5460 WPCSvc - ok
20:41:48.0555 5460 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
20:41:48.0558 5460 WPDBusEnum - ok
20:41:48.0599 5460 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:41:48.0600 5460 ws2ifsl - ok
20:41:48.0655 5460 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
20:41:48.0662 5460 WsAudio_DeviceS(1) - ok
20:41:48.0694 5460 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
20:41:48.0695 5460 WsAudio_DeviceS(2) - ok
20:41:48.0723 5460 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
20:41:48.0725 5460 WsAudio_DeviceS(3) - ok
20:41:48.0740 5460 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
20:41:48.0741 5460 WsAudio_DeviceS(4) - ok
20:41:48.0776 5460 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
20:41:48.0777 5460 WsAudio_DeviceS(5) - ok
20:41:48.0827 5460 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:41:48.0830 5460 wscsvc - ok
20:41:48.0843 5460 WSearch - ok
20:41:49.0009 5460 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
20:41:49.0072 5460 wuauserv - ok
20:41:49.0214 5460 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:41:49.0216 5460 WudfPf - ok
20:41:49.0246 5460 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:41:49.0249 5460 WUDFRd - ok
20:41:49.0287 5460 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
20:41:49.0290 5460 wudfsvc - ok
20:41:49.0323 5460 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:41:49.0328 5460 WwanSvc - ok
20:41:49.0373 5460 XLDoctor Service - ok
20:41:49.0426 5460 YMIDUSBW (01bb59bed139965df5964e021512942b) C:\Windows\system32\drivers\ymidusbx64.sys
20:41:49.0427 5460 YMIDUSBW - ok
20:41:49.0567 5460 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:41:49.0795 5460 \Device\Harddisk0\DR0 - ok
20:41:49.0805 5460 Boot (0x1200) (4a78b4266d4a65063124ab266751ac50) \Device\Harddisk0\DR0\Partition0
20:41:49.0807 5460 \Device\Harddisk0\DR0\Partition0 - ok
20:41:49.0827 5460 Boot (0x1200) (11733f923f8b0211852a87078566e1ba) \Device\Harddisk0\DR0\Partition1
20:41:49.0828 5460 \Device\Harddisk0\DR0\Partition1 - ok
20:41:49.0833 5460 ============================================================
20:41:49.0833 5460 Scan finished
20:41:49.0833 5460 ============================================================
20:41:49.0849 3836 Detected object count: 0
20:41:49.0849 3836 Actual detected object count: 0
20:41:58.0099 2120 Deinitialize success

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:58 PM

Posted 13 June 2012 - 06:25 AM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list][/quote]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 garyrbz

garyrbz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 13 June 2012 - 08:18 AM

Here is the FRST text:

Scan result of Farbar Recovery Scan Tool Version: 11-06-2012 03
Ran by SYSTEM at 13-06-2012 06:28:13
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-07-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2009-07-11] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2009-07-11] (Intel Corporation)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [619392 2009-06-11] (ELAN Microelectronic Corp.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2710856 2009-11-02] (CANON INC.)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4030008 2011-08-09] (ESET)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2244096 2009-07-12] (VIA)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2004-06-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1234216 2010-03-26] (Nero AG)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [341232 2007-07-23] (InterVideo Digital Technology Corporation)
HKLM-x32\...\Run: [DVAPTray] C:\Windows\System32\DVAPTray.exe [x]
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot [198160 2012-04-05] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [634880 2012-04-01] ()
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [1667072 2012-02-28] (iSkySoft)
HKU\Gary\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2004-06-16] (InstallShield Software Corporation)
HKU\Gary\...\Run: [cdloader] "C:\Users\Gary\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2012-02-01] (magicJack L.P.)
HKU\Gary\...\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [1508408 2011-12-16] (Nokia)
HKU\QBPOSDBSrvUser\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2004-06-16] (InstallShield Software Corporation)
HKU\QBPOSDBSrvUser\...\Run: [cdloader] "C:\Users\Gary\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2012-02-01] (magicJack L.P.)
HKU\QBPOSDBSrvUser\...\Run: [Google Update] "C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-11] (Google Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\explorer.exe, [2868224 2000-03-22] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\explorer.exe, [2868224 2000-03-22] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{345FF04F-959A-4F62-8126-89C8F43A4272}: [NameServer]200.32.248.1,200.32.249.225
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

==================== Services (Whitelisted) ======

2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
2 Capture Device Service; "C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe" [198168 2007-03-06] (InterVideo Inc.)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-08-09] (ESET)
2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI [1840128 2011-05-24] (MAGIX AG)
2 FastBootAgent; "C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe" [306232 2009-07-23] (ASUSTeK Computer Inc.)
2 FirebirdGuardianDefaultInstance; "C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe" -s DefaultInstance [98304 2010-09-17] (Firebird Project)
3 FirebirdServerDefaultInstance; "C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe" -s DefaultInstance [3735552 2010-09-17] (Firebird Project)
3 FirebirdServerMAGIXInstance; "C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe" [2702848 2011-04-26] (MAGIX®)
3 GSService; "C:\Windows\SysWOW64\GSService.exe" [450048 2011-09-01] ()
2 Intuit Entitlement Service v6.0; "C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe" [20480 2009-06-02] (Intuit, Inc.)
2 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13088 2009-05-21] (Intuit Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 NvtlService; "C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe" [91984 2010-07-22] ()
2 NWHelper; C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe [270336 2010-06-10] (Novatel Wireless Inc.)
3 OpenVPNService; C:\Program Files\personalVPN\bin\openvpnserv.exe [37888 2010-06-21] ()
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
4 POSPerformanceCounters; "C:\Program Files (x86)\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe" [42056 2009-01-13] (Microsoft Corporation)
2 QBPOSDBServiceV9; "C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe" [2735480 2009-09-01] (Intuit Inc.)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 RichVideo64; "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" [386344 2010-08-19] ()
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
2 CronService; "C:\Prey\platform\windows\cronsvc.exe" [x]
3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [x]
2 XLDoctor Service; C:\Program Files (x86)\Thunder Network\Thunder\Program\DctSer.dll [x]

========================== Drivers (Whitelisted) =============

3 anvsnddrv; C:\Windows\System32\Drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2011-12-14] (HTC, Corporation)
3 htcnprot; C:\Windows\System32\Drivers\htcnprot.sys [36928 2010-06-25] (Windows ® Win 7 DDK provider)
3 IDMWFP; C:\Windows\System32\Drivers\IDMWFP.sys [154272 2012-04-23] (Tonec Inc.)
3 IMT0521; C:\Windows\SysWow64\Drivers\IMT0521.sys [34825 2003-07-11] (Inmax Technology Corp.)
3 ivusb; C:\Windows\System32\Drivers\ivusb.sys [29720 2010-07-28] (Initio Corporation)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
0 lullaby; C:\Windows\System32\Drivers\lullaby.sys [15928 2009-06-18] (Windows ® Win 7 DDK provider)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 NWADI; C:\Windows\System32\DRIVERS\NWADIenum.sys [256512 2010-06-08] (Novatel Wireless Inc)
3 NWUSBModem_000; C:\Windows\System32\DRIVERS\nwusbmdm_000.sys [217856 2010-06-10] (Novatel Wireless Inc.)
3 NWUSBPort2_000; C:\Windows\System32\DRIVERS\nwusbser2_000.sys [217856 2010-06-10] (Novatel Wireless Inc.)
3 NWUSBPort_000; C:\Windows\System32\DRIVERS\nwusbser_000.sys [217856 2010-06-10] (Novatel Wireless Inc.)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1806400 2009-06-05] ()
3 ss_bus; C:\Windows\System32\Drivers\ss_bus.sys [127488 2011-12-14] (MCCI Corporation)
3 ss_mdfl; C:\Windows\System32\Drivers\ss_mdfl.sys [18944 2011-12-14] (MCCI Corporation)
3 ss_mdm; C:\Windows\System32\Drivers\ss_mdm.sys [161280 2011-12-14] (MCCI Corporation)
3 StkMini; C:\Windows\SysWow64\Drivers\StkMini.sys [600617 2004-08-31] (Syntek America Inc.)
3 StkScan; C:\Windows\SysWow64\Drivers\StkScan.sys [4265 2004-08-31] (Syntek America Inc.)
3 tap0901; C:\Windows\System32\Drivers\tap0901.sys [30720 2010-06-21] (The OpenVPN Project)
3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2011-05-03] (Thesycon GmbH, Germany)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2011-11-01] (Nokia)
3 WsAudio_DeviceS(1); C:\Windows\System32\Drivers\WsAudio_DeviceS(1).sys [29288 2011-12-19] (Wondershare)
3 WsAudio_DeviceS(2); C:\Windows\System32\Drivers\WsAudio_DeviceS(2).sys [29288 2011-12-19] (Wondershare)
3 WsAudio_DeviceS(3); C:\Windows\System32\Drivers\WsAudio_DeviceS(3).sys [29288 2011-12-19] (Wondershare)
3 WsAudio_DeviceS(4); C:\Windows\System32\Drivers\WsAudio_DeviceS(4).sys [29288 2011-12-19] (Wondershare)
3 WsAudio_DeviceS(5); C:\Windows\System32\Drivers\WsAudio_DeviceS(5).sys [29288 2011-12-19] (Wondershare)
3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51016 2011-11-01] (Yamaha Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 DIRECTIO; \??\c:\BIT_TEMP\DirectIo.sys [x]
2 RemoteAccess; [x]
3 SCR33X USB Smart Card Reader; C:\Windows\System32\DRIVERS\SCR33X2K.sys [x]

========================== NetSvcs (Whitelisted) ===========

NETSVCx32: Mcx2Svc -> No ServiceDLL Path.

============ One Month Created Files and Folders ==============

2012-06-13 03:12 - 2012-06-13 03:12 - 00000000 ____D C:\Windows\SysWOW64\3005
2012-06-12 19:19 - 2012-06-12 19:19 - 00034382 ____A C:\Users\Gary\Desktop\Combolog.txt
2012-06-12 19:09 - 2012-06-12 19:09 - 00034382 ____A C:\ComboFix.txt
2012-06-12 18:41 - 2012-06-12 18:41 - 00139374 ____A C:\TDSSKiller.2.7.36.0_12.06.2012_20.41.14_log.txt
2012-06-12 18:39 - 2012-06-12 18:39 - 02111270 ____A C:\Users\Gary\Desktop\tdsskiller.rar
2012-06-12 18:37 - 2012-06-12 18:37 - 04556274 ____R (Swearware) C:\Users\Gary\Desktop\ComboFix.exe
2012-06-12 18:34 - 2012-06-12 18:34 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Gary\Desktop\tdsskiller.exe
2012-06-12 17:31 - 2012-06-12 17:31 - 00011486 ____A C:\Users\Gary\Documents\MyZip.zip
2012-06-12 17:30 - 2012-06-12 17:30 - 00001188 ____A C:\Users\Public\Desktop\Express Zip File Compression Software.lnk
2012-06-12 17:30 - 2012-06-12 17:30 - 00000000 ____D C:\Users\All Users\NCH Software
2012-06-12 17:30 - 2012-06-12 17:30 - 00000000 ____D C:\Program Files (x86)\NCH Software
2012-06-12 17:29 - 2012-06-12 17:29 - 00000000 ____D C:\Users\Gary\Documents\NCH.Express.Zip.Plus.v1.12.softarchive.net
2012-06-12 17:28 - 2012-06-12 17:28 - 04007836 ____A C:\Users\Gary\Documents\NCH.Express.Zip.Plus.v1.12.softarchive.net.rar
2012-06-12 17:07 - 2012-06-12 17:08 - 00011034 ____A C:\Users\Gary\Documents\Documents.rar
2012-06-12 17:07 - 2012-06-12 17:07 - 00026697 ____A C:\Users\Gary\Documents\DDS.txt
2012-06-12 17:06 - 2012-06-12 17:06 - 00010072 ____A C:\Users\Gary\Documents\Attach.txt
2012-06-12 05:27 - 2012-06-12 05:27 - 00000301 ____A C:\Users\Gary\Documents\virus path.txt
2012-06-11 19:50 - 2012-06-13 06:28 - 00000000 ____D C:\FRST
2012-06-11 16:14 - 2012-06-11 16:14 - 00000000 ____D C:\Users\Gary\Documents\Simply Super Software
2012-06-11 16:11 - 2012-06-12 14:04 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2012-06-10 08:19 - 2012-06-12 17:52 - 00000000 ____D C:\Drweb
2012-06-09 15:15 - 2012-06-09 15:15 - 00000000 ____D C:\Users\Gary\Downloads\Dr.Web.Scanner_downloaddownload.softarchive.net
2012-06-09 15:01 - 2012-06-09 15:01 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-09 07:32 - 2012-06-09 07:32 - 00284057 ____A C:\Users\Gary\Documents\Scan Log.txt
2012-06-06 12:36 - 2012-06-06 12:36 - 00000218 ____A C:\Users\Gary\.recently-used.xbel
2012-06-05 17:57 - 2012-06-10 17:56 - 00000991 ____A C:\Users\Gary\Desktop\magicJack.lnk
2012-06-04 10:02 - 2012-06-04 10:02 - 00001140 ____A C:\Users\Gary\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2012-06-04 10:02 - 2012-06-04 10:02 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2012-06-04 10:02 - 2012-03-24 22:57 - 00215552 ____N C:\Windows\SysWOW64\amp3dj.oca
2012-06-04 10:02 - 2012-03-24 22:55 - 00202240 ____N C:\Windows\SysWOW64\asrecmms.oca
2012-06-04 10:02 - 2012-02-26 04:07 - 02040320 ____N (MultiMedia Soft) C:\Windows\SysWOW64\AdjMmsEng.dll
2012-06-04 10:02 - 2011-11-17 03:37 - 01117184 ____N (MultiMedia Soft) C:\Windows\SysWOW64\asrecmms.ocx
2012-06-04 10:02 - 2011-09-19 08:26 - 00747008 ____N (MultiMedia Soft) C:\Windows\SysWOW64\amp3dj.ocx
2012-06-04 10:02 - 2010-02-27 02:42 - 00000194 ____N C:\Windows\SysWOW64\DJStudioPro.BAT
2012-06-04 10:02 - 2010-02-27 02:41 - 00002831 ____N C:\Windows\SysWOW64\DJStudioPro.DDF
2012-06-04 10:02 - 2008-01-19 03:04 - 00554008 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dao360.dll
2012-06-04 10:02 - 2007-10-17 02:17 - 00073728 ____N () C:\Windows\SysWOW64\vbzlib1.dll
2012-06-04 10:02 - 2007-05-30 15:29 - 00667648 ____N (Gogowishs Software) C:\Windows\SysWOW64\PictureViewer.ocx
2012-06-04 10:02 - 2007-04-16 00:44 - 00905216 ____N (MultiMedia Soft) C:\Windows\SysWOW64\3dabm8u.ocx
2012-06-04 10:02 - 2006-12-30 14:38 - 00245760 ____N (audio2convert.com) C:\Windows\SysWOW64\CDAConverterAX.ocx
2012-06-04 10:02 - 2006-06-29 09:19 - 00135168 ____N () C:\Windows\SysWOW64\id3vx_ocx.dll
2012-06-04 10:02 - 2006-05-10 18:54 - 00000868 ____N C:\Windows\SysWOW64\PictureViewer.lpk
2012-06-04 10:02 - 2006-03-11 14:04 - 00061440 ____N (TODO: <Company name>) C:\Windows\SysWOW64\audioburner.ocx
2012-06-04 10:02 - 2006-02-28 18:01 - 00000389 ____N C:\Windows\SysWOW64\audioburner.lic
2012-06-04 10:02 - 2005-12-31 06:19 - 01097728 ____N C:\Windows\SysWOW64\vorbis.dll
2012-06-04 10:02 - 2005-12-31 06:13 - 00024576 ____N C:\Windows\SysWOW64\ogg.dll
2012-06-04 10:02 - 2005-11-30 03:49 - 00161792 ____N C:\Windows\SysWOW64\lame_enc.dll
2012-06-04 10:02 - 2004-08-03 23:56 - 01227264 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dx8vb.dll
2012-06-04 10:02 - 2004-05-10 22:19 - 00192512 ____N (Matthew T. Ashland) C:\Windows\SysWOW64\MACDll.dll
2012-06-04 10:02 - 2003-08-22 05:46 - 00237568 ____N (NCT Company Ltd.) C:\Windows\SysWOW64\NCTAudioConvert3.exe
2012-06-04 10:02 - 2003-08-19 07:39 - 01028096 ____N (NCT Company Ltd.) C:\Windows\SysWOW64\NCTAudioInformation2.dll
2012-06-04 10:02 - 2003-06-17 19:35 - 00000299 ____N C:\Windows\SysWOW64\NCTAudioConvert3.dep
2012-06-04 10:02 - 2003-06-02 21:06 - 00286720 ____N (NCT Company Ltd.) C:\Windows\SysWOW64\NCTWMAFile2.dll
2012-06-04 10:02 - 2003-06-02 20:55 - 01720320 ____N (NCT Company Ltd.) C:\Windows\SysWOW64\NCTAudioFile2.dll
2012-06-04 10:02 - 2003-05-21 16:50 - 01700352 ____N (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2012-06-04 10:02 - 2003-03-24 04:03 - 00000289 ____N C:\Windows\SysWOW64\NCTWMAFile2.dep
2012-06-04 10:02 - 2003-03-24 04:02 - 00000307 ____N C:\Windows\SysWOW64\NCTAudioInformation2.dep
2012-06-04 10:02 - 2003-03-24 04:02 - 00000291 ____N C:\Windows\SysWOW64\NCTAudioFile2.dep
2012-06-04 10:02 - 2002-03-24 13:03 - 00380928 ____N (NUGROOVZ) C:\Windows\SysWOW64\CDRipperX.ocx
2012-06-04 10:02 - 2002-01-14 13:36 - 00172032 ____N C:\Windows\SysWOW64\MP2enc.dll
2012-06-04 10:02 - 2001-08-12 08:08 - 00360448 ____N (NCT Company) C:\Windows\SysWOW64\NCTWavPlayer.ocx
2012-06-04 10:02 - 2000-12-06 04:01 - 00415176 ____N (Microsoft Corporation ) C:\Windows\SysWOW64\comct332.ocx
2012-06-04 10:02 - 2000-07-01 05:36 - 00053248 ____N (E-Soft) C:\Windows\SysWOW64\Slider.ocx
2012-06-04 10:02 - 1999-07-14 03:36 - 00068608 ____N (BinaryWork Corp.) C:\Windows\SysWOW64\bw6mi15r.ocx
2012-06-04 10:02 - 1998-10-23 08:28 - 00187904 ____N (Global Majic Software, Inc.) C:\Windows\SysWOW64\Sliderdj.ocx
2012-06-04 10:02 - 1997-09-25 06:18 - 00520192 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dbgrid32.ocx
2012-06-04 10:01 - 2012-06-04 10:01 - 00000000 ____D C:\Users\All Users\Tarma Installer
2012-06-04 10:01 - 2012-06-04 10:01 - 00000000 ____D C:\Users\All Users\E-Soft
2012-06-04 10:01 - 2005-11-05 10:34 - 00145408 ____N C:\Windows\SysWOW64\Lame.exe
2012-06-01 19:55 - 2012-06-01 19:55 - 00012525 ____A C:\Users\Gary\Documents\Tamales.docx
2012-05-31 12:33 - 2012-05-31 12:33 - 00000435 ____A C:\Windows\SysWOW64\mprdin.ocx
2012-05-31 12:32 - 2012-05-31 12:32 - 01752576 ____A C:\Windows\SysWOW64\mprdin.dll
2012-05-31 04:35 - 2012-06-13 04:24 - 00083015 ____A C:\Windows\WindowsUpdate.log
2012-05-31 04:33 - 2012-06-12 19:01 - 01097952 ____A C:\Windows\PFRO.log
2012-05-30 03:12 - 2012-06-13 03:12 - 00000000 ____D C:\Windows\SysWOW64\1070
2012-05-27 18:34 - 2012-06-12 19:01 - 00003360 ____A C:\Windows\setupact.log
2012-05-27 18:04 - 2012-06-05 00:06 - 00000000 ____D C:\Users\Gary\Desktop\Unused Icons
2012-05-27 08:51 - 2012-05-27 08:51 - 00000000 ____D C:\Users\Gary\Documents\NeroVision
2012-05-27 08:33 - 2012-05-27 08:33 - 00000000 ____D C:\Program Files (x86)\Xvid
2012-05-27 08:33 - 2011-05-30 05:42 - 00255488 ____A C:\Windows\System32\xvidvfw.dll
2012-05-27 08:33 - 2011-05-30 05:42 - 00240640 ____A C:\Windows\SysWOW64\xvidvfw.dll
2012-05-27 08:33 - 2011-05-23 01:52 - 00153088 ____A C:\Windows\SysWOW64\xvid.ax
2012-05-27 08:33 - 2011-05-22 23:49 - 00173568 ____A C:\Windows\System32\xvid.ax
2012-05-27 08:33 - 2011-05-22 23:46 - 00645632 ____A C:\Windows\SysWOW64\xvidcore.dll
2012-05-27 08:33 - 2011-05-22 23:45 - 00696832 ____A C:\Windows\System32\xvidcore.dll
2012-05-27 07:02 - 2012-05-27 08:54 - 00000000 ____D C:\Users\Gary\Documents\Aimersoft DRM Media Converter
2012-05-27 07:02 - 2012-05-27 07:02 - 00001329 ____A C:\Users\Gary\Desktop\Aimersoft DRM Media Converter.lnk
2012-05-27 07:02 - 2012-05-27 07:02 - 00000000 ____D C:\Program Files (x86)\Aimersoft
2012-05-27 07:02 - 2011-01-15 12:08 - 00153600 ____A C:\Windows\SysWOW64\WS_ATLMovie.dll
2012-05-27 06:38 - 2012-05-27 06:38 - 00000000 ____D C:\Users\Gary\Documents\Gygan Downloads
2012-05-27 06:38 - 2012-05-27 06:38 - 00000000 ____D C:\Users\Gary\AppData\Local\Xenocode
2012-05-27 06:37 - 2012-06-09 21:20 - 00000000 ____D C:\Program Files (x86)\Gygan BETA
2012-05-27 06:37 - 2012-05-27 06:38 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Gygan
2012-05-27 06:31 - 2012-05-27 06:32 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2012-05-27 06:31 - 2012-05-15 10:00 - 00079872 ____A C:\Windows\SysWOW64\ff_vfw.dll
2012-05-27 06:31 - 2011-12-21 09:14 - 00151552 ____A (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2012-05-27 06:31 - 2008-10-03 04:30 - 00000414 ____A C:\Windows\SysWOW64\lame_acm.xml
2012-05-27 06:31 - 2008-09-24 10:41 - 00839680 ____A (http://www.mp3dev.org/) C:\Windows\SysWOW64\lameACM.acm
2012-05-27 06:26 - 2012-05-27 06:26 - 00000841 ____A C:\Users\Public\Desktop\Total Uninstall 6.lnk
2012-05-27 06:26 - 2012-05-27 06:26 - 00000000 ____D C:\Users\All Users\Martau
2012-05-27 06:26 - 2012-05-27 06:26 - 00000000 ____D C:\Program Files\Total Uninstall 6
2012-05-27 06:23 - 2012-05-27 06:36 - 00000000 ____D C:\Users\Gary\Documents\iSkysoft DRM Removal
2012-05-27 06:22 - 2011-12-19 14:41 - 00029288 ____A (Wondershare) C:\Windows\System32\Drivers\WsAudio_DeviceS(5).sys
2012-05-27 06:22 - 2011-12-19 14:41 - 00029288 ____A (Wondershare) C:\Windows\System32\Drivers\WsAudio_DeviceS(4).sys
2012-05-27 06:21 - 2012-05-27 06:21 - 00001213 ____A C:\Users\Gary\Desktop\iSkysoft DRM Removal.lnk
2012-05-27 06:21 - 2012-05-27 06:21 - 00000000 ____D C:\Users\Gary\AppData\Local\iSkysoft
2012-05-27 06:21 - 2012-05-27 06:21 - 00000000 ____D C:\Program Files (x86)\iSkysoft
2012-05-27 06:21 - 2011-12-19 14:41 - 00029288 ____A (Wondershare) C:\Windows\System32\Drivers\WsAudio_DeviceS(3).sys
2012-05-27 06:21 - 2011-12-19 14:41 - 00029288 ____A (Wondershare) C:\Windows\System32\Drivers\WsAudio_DeviceS(2).sys
2012-05-27 06:21 - 2011-12-19 14:41 - 00029288 ____A (Wondershare) C:\Windows\System32\Drivers\WsAudio_DeviceS(1).sys
2012-05-27 06:21 - 2011-12-09 13:35 - 00892928 ____A (Free Software Foundation) C:\Windows\SysWOW64\iconv.dll
2012-05-27 06:21 - 2011-12-09 13:35 - 00675840 ____A () C:\Windows\SysWOW64\ac3filter.ax
2012-05-26 09:03 - 2012-05-26 09:03 - 00002185 ____A C:\Users\Gary\Desktop\Camfrog Video Chat 6.2.lnk
2012-05-26 08:42 - 2012-05-26 17:05 - 00210656 ___AH C:\Windows\temporaneo.html
2012-05-26 08:42 - 2012-05-26 17:05 - 00210656 ___AH C:\Windows\log.html
2012-05-24 07:37 - 2012-05-24 07:37 - 00000833 ____A C:\Users\Public\Desktop\MAGIX Audio Cleaning Lab MX Download Version.lnk
2012-05-24 07:36 - 2012-05-24 07:36 - 00000000 ____D C:\Program Files (x86)\MAGIX
2012-05-24 05:41 - 2012-05-24 05:41 - 00043151 ____A C:\Users\Gary\Downloads\AACencoder_upgrade_en_II.rtf
2012-05-24 05:09 - 2012-05-24 05:09 - 00000000 ____D C:\Users\Gary\Documents\MAGIX
2012-05-24 05:09 - 2012-05-24 05:09 - 00000000 ____D C:\Users\Gary\AppData\Roaming\MAGIX
2012-05-24 05:06 - 2012-05-24 07:36 - 00000000 ____D C:\Users\All Users\MAGIX
2012-05-24 04:59 - 2012-05-14 03:41 - 00000000 ____D C:\Users\Gary\Desktop\Language
2012-05-23 05:09 - 2012-05-23 05:09 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2012-05-22 17:27 - 2012-05-22 17:27 - 00308720 ____A C:\Users\Gary\Documents\Doc5.docx
2012-05-22 14:37 - 2012-05-22 14:37 - 00000000 ____D C:\Users\Public\Documents\AKVIS
2012-05-22 14:36 - 2012-05-22 14:36 - 00000977 ____A C:\Users\Public\Desktop\AKVIS Retoucher.lnk
2012-05-22 14:36 - 2012-05-22 14:36 - 00000000 ____D C:\Program Files (x86)\AKVIS
2012-05-21 09:14 - 2012-05-21 09:14 - 00001009 ____A C:\Users\Public\Desktop\PowerISO.lnk
2012-05-21 09:14 - 2012-05-21 09:14 - 00000000 ____D C:\Program Files (x86)\PowerISO
2012-05-21 09:14 - 2012-04-18 19:57 - 00126912 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
2012-05-20 16:57 - 2012-05-20 16:57 - 00001136 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-05-20 16:57 - 2012-05-20 16:57 - 00000000 ____D C:\Users\Gary\AppData\Local\Mozilla
2012-05-20 16:57 - 2012-05-20 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-20 09:42 - 2012-05-20 09:42 - 00003504 ____A C:\Users\Gary\Documents\Nucht.rtf
2012-05-19 16:54 - 2012-05-19 16:54 - 00000772 ____A C:\Users\Public\Desktop\PhotoInstrument.lnk
2012-05-19 16:49 - 2012-06-10 06:39 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Complitly
2012-05-19 16:49 - 2012-05-19 16:49 - 00000828 ____A C:\Users\Public\Desktop\uTorrent Turbo Booster.lnk
2012-05-19 16:49 - 2012-05-19 16:49 - 00000000 ____D C:\Users\Gary\AppData\Roaming\uTorrent Turbo Booster
2012-05-19 16:46 - 2012-05-19 16:46 - 00000803 ____A C:\Users\Public\Desktop\MarvelousDesigner2.lnk
2012-05-19 02:28 - 2012-05-19 02:28 - 00000000 ____D C:\Program Files (x86)\NirSoft
2012-05-16 18:38 - 2012-05-16 18:38 - 00000130 ____A C:\Users\Gary\AppData\Roaming\Network Monitor II_Traffic.ini
2012-05-16 18:28 - 2012-05-16 18:28 - 00000634 ____A C:\Users\Gary\AppData\Roaming\Network Monitor II_Settings.ini
2012-05-16 06:03 - 2012-05-16 06:03 - 00000000 ____D C:\Users\Gary\AppData\Roaming\jdnetmon
2012-05-16 05:51 - 2012-05-16 05:59 - 00000000 ____D C:\Users\Gary\AppData\Roaming\jdast
2012-05-16 05:51 - 2012-05-16 05:51 - 00001921 ____A C:\Users\Gary\Desktop\JDs Auto Speed Tester.lnk
2012-05-16 05:51 - 2012-05-16 05:51 - 00000000 ____D C:\Users\Gary\Documents\Speed_Tester
2012-05-16 05:51 - 2012-05-16 05:51 - 00000000 ____D C:\Program Files (x86)\JDAST
2012-05-15 19:19 - 2012-05-24 09:51 - 00031771 ____A C:\Users\Gary\Documents\estimate.docx


============ 3 Months Modified Files and Folders =============

2012-06-13 06:28 - 2012-06-11 19:50 - 00000000 ____D C:\FRST
2012-06-13 04:24 - 2012-05-31 04:35 - 00083015 ____A C:\Windows\WindowsUpdate.log
2012-06-13 04:22 - 2011-08-28 05:30 - 00000029 ____A C:\Windows\SysWOW64\TempWmicBatchFile.bat
2012-06-13 03:43 - 2011-09-11 16:19 - 00000904 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job
2012-06-13 03:12 - 2012-06-13 03:12 - 00000000 ____D C:\Windows\SysWOW64\3005
2012-06-13 03:12 - 2012-05-30 03:12 - 00000000 ____D C:\Windows\SysWOW64\1070
2012-06-13 03:12 - 2012-04-11 04:20 - 00000348 ____A C:\Windows\Tasks\At2.job
2012-06-13 03:12 - 2012-04-11 04:19 - 00000348 ____A C:\Windows\Tasks\At1.job
2012-06-12 19:19 - 2012-06-12 19:19 - 00034382 ____A C:\Users\Gary\Desktop\Combolog.txt
2012-06-12 19:10 - 2009-07-13 20:45 - 00010016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-12 19:10 - 2009-07-13 20:45 - 00010016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-12 19:09 - 2012-06-12 19:09 - 00034382 ____A C:\ComboFix.txt
2012-06-12 19:09 - 2011-11-30 09:18 - 00000000 ___AD C:\Qoobox
2012-06-12 19:03 - 2012-04-30 22:33 - 00000000 ____D C:\Users\Gary\AppData\Local\Htc
2012-06-12 19:02 - 2011-11-30 09:18 - 00000000 ____D C:\Windows\ERDNT
2012-06-12 19:02 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-12 19:02 - 2009-07-13 18:34 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-12 19:01 - 2012-05-31 04:33 - 01097952 ____A C:\Windows\PFRO.log
2012-06-12 19:01 - 2012-05-27 18:34 - 00003360 ____A C:\Windows\setupact.log
2012-06-12 19:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-12 18:41 - 2012-06-12 18:41 - 00139374 ____A C:\TDSSKiller.2.7.36.0_12.06.2012_20.41.14_log.txt
2012-06-12 18:39 - 2012-06-12 18:39 - 02111270 ____A C:\Users\Gary\Desktop\tdsskiller.rar
2012-06-12 18:37 - 2012-06-12 18:37 - 04556274 ____R (Swearware) C:\Users\Gary\Desktop\ComboFix.exe
2012-06-12 18:34 - 2012-06-12 18:34 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Gary\Desktop\tdsskiller.exe
2012-06-12 17:52 - 2012-06-10 08:19 - 00000000 ____D C:\Drweb
2012-06-12 17:31 - 2012-06-12 17:31 - 00011486 ____A C:\Users\Gary\Documents\MyZip.zip
2012-06-12 17:30 - 2012-06-12 17:30 - 00001188 ____A C:\Users\Public\Desktop\Express Zip File Compression Software.lnk
2012-06-12 17:30 - 2012-06-12 17:30 - 00000000 ____D C:\Users\All Users\NCH Software
2012-06-12 17:30 - 2012-06-12 17:30 - 00000000 ____D C:\Program Files (x86)\NCH Software
2012-06-12 17:29 - 2012-06-12 17:29 - 00000000 ____D C:\Users\Gary\Documents\NCH.Express.Zip.Plus.v1.12.softarchive.net
2012-06-12 17:28 - 2012-06-12 17:28 - 04007836 ____A C:\Users\Gary\Documents\NCH.Express.Zip.Plus.v1.12.softarchive.net.rar
2012-06-12 17:08 - 2012-06-12 17:07 - 00011034 ____A C:\Users\Gary\Documents\Documents.rar
2012-06-12 17:07 - 2012-06-12 17:07 - 00026697 ____A C:\Users\Gary\Documents\DDS.txt
2012-06-12 17:06 - 2012-06-12 17:06 - 00010072 ____A C:\Users\Gary\Documents\Attach.txt
2012-06-12 16:45 - 2011-09-11 16:26 - 00002395 ____A C:\Users\Gary\Desktop\Google Chrome.lnk
2012-06-12 14:04 - 2012-06-11 16:11 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2012-06-12 14:00 - 2009-07-13 21:13 - 00778150 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-12 13:56 - 2012-02-10 04:49 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-06-12 05:27 - 2012-06-12 05:27 - 00000301 ____A C:\Users\Gary\Documents\virus path.txt
2012-06-12 01:56 - 2011-08-27 08:39 - 02198582 ____A C:\Windows\ntbtlog.txt
2012-06-11 16:14 - 2012-06-11 16:14 - 00000000 ____D C:\Users\Gary\Documents\Simply Super Software
2012-06-11 15:50 - 2011-08-27 08:46 - 00000000 ____D C:\Users\Gary\Tracing
2012-06-11 12:52 - 2011-09-11 16:19 - 00000852 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job
2012-06-10 21:10 - 2011-10-06 14:54 - 00000000 ____D C:\Users\Gary\Downloads\Google_Chrome_15.0.874.15_Beta
2012-06-10 17:56 - 2012-06-05 17:57 - 00000991 ____A C:\Users\Gary\Desktop\magicJack.lnk
2012-06-10 17:56 - 2011-09-07 12:24 - 00000000 ____D C:\Users\Gary\AppData\Roaming\mjusbsp
2012-06-10 06:39 - 2012-05-19 16:49 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Complitly
2012-06-09 22:58 - 2012-04-29 16:17 - 00000000 ____D C:\Program Files (x86)\VirtualDJ
2012-06-09 21:20 - 2012-05-27 06:37 - 00000000 ____D C:\Program Files (x86)\Gygan BETA
2012-06-09 15:15 - 2012-06-09 15:15 - 00000000 ____D C:\Users\Gary\Downloads\Dr.Web.Scanner_downloaddownload.softarchive.net
2012-06-09 15:01 - 2012-06-09 15:01 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-09 14:29 - 2009-07-13 21:08 - 00005094 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-09 07:32 - 2012-06-09 07:32 - 00284057 ____A C:\Users\Gary\Documents\Scan Log.txt
2012-06-09 04:37 - 2012-05-12 02:08 - 00000000 ____D C:\Users\Gary\AppData\Roaming\DMCache
2012-06-08 11:49 - 2011-08-27 08:48 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Camfrog
2012-06-06 15:55 - 2011-08-27 12:25 - 00000000 ____D C:\Users\Gary\AppData\Roaming\uTorrent
2012-06-06 12:36 - 2012-06-06 12:36 - 00000218 ____A C:\Users\Gary\.recently-used.xbel
2012-06-06 12:36 - 2011-08-27 03:55 - 00000000 ____D C:\users\Gary
2012-06-06 12:25 - 2011-12-04 20:02 - 00000000 ____D C:\Users\Gary\Downloads\Torrents
2012-06-05 06:50 - 2011-09-10 06:58 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Skype
2012-06-05 00:06 - 2012-05-27 18:04 - 00000000 ____D C:\Users\Gary\Desktop\Unused Icons
2012-06-04 10:02 - 2012-06-04 10:02 - 00001140 ____A C:\Users\Gary\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2012-06-04 10:02 - 2012-06-04 10:02 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2012-06-04 10:01 - 2012-06-04 10:01 - 00000000 ____D C:\Users\All Users\Tarma Installer
2012-06-04 10:01 - 2012-06-04 10:01 - 00000000 ____D C:\Users\All Users\E-Soft
2012-06-01 19:55 - 2012-06-01 19:55 - 00012525 ____A C:\Users\Gary\Documents\Tamales.docx
2012-05-31 12:33 - 2012-05-31 12:33 - 00000435 ____A C:\Windows\SysWOW64\mprdin.ocx
2012-05-31 12:32 - 2012-05-31 12:32 - 01752576 ____A C:\Windows\SysWOW64\mprdin.dll
2012-05-27 14:58 - 2009-07-28 22:03 - 00000000 ____D C:\Windows\Panther
2012-05-27 14:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
2012-05-27 14:50 - 2012-02-11 14:00 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Xilisoft
2012-05-27 14:50 - 2012-02-11 14:00 - 00000000 ____D C:\Users\All Users\Xilisoft
2012-05-27 08:54 - 2012-05-27 07:02 - 00000000 ____D C:\Users\Gary\Documents\Aimersoft DRM Media Converter
2012-05-27 08:51 - 2012-05-27 08:51 - 00000000 ____D C:\Users\Gary\Documents\NeroVision
2012-05-27 08:33 - 2012-05-27 08:33 - 00000000 ____D C:\Program Files (x86)\Xvid
2012-05-27 07:02 - 2012-05-27 07:02 - 00001329 ____A C:\Users\Gary\Desktop\Aimersoft DRM Media Converter.lnk
2012-05-27 07:02 - 2012-05-27 07:02 - 00000000 ____D C:\Program Files (x86)\Aimersoft
2012-05-27 06:38 - 2012-05-27 06:38 - 00000000 ____D C:\Users\Gary\Documents\Gygan Downloads
2012-05-27 06:38 - 2012-05-27 06:38 - 00000000 ____D C:\Users\Gary\AppData\Local\Xenocode
2012-05-27 06:38 - 2012-05-27 06:37 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Gygan
2012-05-27 06:36 - 2012-05-27 06:23 - 00000000 ____D C:\Users\Gary\Documents\iSkysoft DRM Removal
2012-05-27 06:32 - 2012-05-27 06:31 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2012-05-27 06:26 - 2012-05-27 06:26 - 00000841 ____A C:\Users\Public\Desktop\Total Uninstall 6.lnk
2012-05-27 06:26 - 2012-05-27 06:26 - 00000000 ____D C:\Users\All Users\Martau
2012-05-27 06:26 - 2012-05-27 06:26 - 00000000 ____D C:\Program Files\Total Uninstall 6
2012-05-27 06:21 - 2012-05-27 06:21 - 00001213 ____A C:\Users\Gary\Desktop\iSkysoft DRM Removal.lnk
2012-05-27 06:21 - 2012-05-27 06:21 - 00000000 ____D C:\Users\Gary\AppData\Local\iSkysoft
2012-05-27 06:21 - 2012-05-27 06:21 - 00000000 ____D C:\Program Files (x86)\iSkysoft
2012-05-26 17:05 - 2012-05-26 08:42 - 00210656 ___AH C:\Windows\temporaneo.html
2012-05-26 17:05 - 2012-05-26 08:42 - 00210656 ___AH C:\Windows\log.html
2012-05-26 09:06 - 2011-08-27 03:55 - 00000000 ____D C:\Users\Gary\AppData\LocalLow
2012-05-26 09:03 - 2012-05-26 09:03 - 00002185 ____A C:\Users\Gary\Desktop\Camfrog Video Chat 6.2.lnk
2012-05-26 08:00 - 2011-08-27 11:20 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Canon
2012-05-24 09:51 - 2012-05-15 19:19 - 00031771 ____A C:\Users\Gary\Documents\estimate.docx
2012-05-24 07:37 - 2012-05-24 07:37 - 00000833 ____A C:\Users\Public\Desktop\MAGIX Audio Cleaning Lab MX Download Version.lnk
2012-05-24 07:36 - 2012-05-24 07:36 - 00000000 ____D C:\Program Files (x86)\MAGIX
2012-05-24 07:36 - 2012-05-24 05:06 - 00000000 ____D C:\Users\All Users\MAGIX
2012-05-24 05:41 - 2012-05-24 05:41 - 00043151 ____A C:\Users\Gary\Downloads\AACencoder_upgrade_en_II.rtf
2012-05-24 05:09 - 2012-05-24 05:09 - 00000000 ____D C:\Users\Gary\Documents\MAGIX
2012-05-24 05:09 - 2012-05-24 05:09 - 00000000 ____D C:\Users\Gary\AppData\Roaming\MAGIX
2012-05-23 05:09 - 2012-05-23 05:09 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2012-05-22 17:27 - 2012-05-22 17:27 - 00308720 ____A C:\Users\Gary\Documents\Doc5.docx
2012-05-22 17:10 - 2011-09-13 09:54 - 00000000 ____D C:\Users\Gary\Documents\My Received Files
2012-05-22 16:59 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-05-22 14:37 - 2012-05-22 14:37 - 00000000 ____D C:\Users\Public\Documents\AKVIS
2012-05-22 14:36 - 2012-05-22 14:36 - 00000977 ____A C:\Users\Public\Desktop\AKVIS Retoucher.lnk
2012-05-22 14:36 - 2012-05-22 14:36 - 00000000 ____D C:\Program Files (x86)\AKVIS
2012-05-22 14:36 - 2011-08-28 05:02 - 00000000 ____D C:\Users\Gary\AppData\Local\Downloaded Installations
2012-05-21 09:14 - 2012-05-21 09:14 - 00001009 ____A C:\Users\Public\Desktop\PowerISO.lnk
2012-05-21 09:14 - 2012-05-21 09:14 - 00000000 ____D C:\Program Files (x86)\PowerISO
2012-05-20 16:57 - 2012-05-20 16:57 - 00001136 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-05-20 16:57 - 2012-05-20 16:57 - 00000000 ____D C:\Users\Gary\AppData\Local\Mozilla
2012-05-20 16:57 - 2012-05-20 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-20 16:57 - 2011-10-08 04:44 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Mozilla
2012-05-20 09:42 - 2012-05-20 09:42 - 00003504 ____A C:\Users\Gary\Documents\Nucht.rtf
2012-05-19 16:54 - 2012-05-19 16:54 - 00000772 ____A C:\Users\Public\Desktop\PhotoInstrument.lnk
2012-05-19 16:49 - 2012-05-19 16:49 - 00000828 ____A C:\Users\Public\Desktop\uTorrent Turbo Booster.lnk
2012-05-19 16:49 - 2012-05-19 16:49 - 00000000 ____D C:\Users\Gary\AppData\Roaming\uTorrent Turbo Booster
2012-05-19 16:46 - 2012-05-19 16:46 - 00000803 ____A C:\Users\Public\Desktop\MarvelousDesigner2.lnk
2012-05-19 02:28 - 2012-05-19 02:28 - 00000000 ____D C:\Program Files (x86)\NirSoft
2012-05-19 02:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-05-17 04:13 - 2012-05-12 02:08 - 00000000 ____D C:\Users\Gary\AppData\Roaming\IDM
2012-05-16 18:38 - 2012-05-16 18:38 - 00000130 ____A C:\Users\Gary\AppData\Roaming\Network Monitor II_Traffic.ini
2012-05-16 18:28 - 2012-05-16 18:28 - 00000634 ____A C:\Users\Gary\AppData\Roaming\Network Monitor II_Settings.ini
2012-05-16 06:03 - 2012-05-16 06:03 - 00000000 ____D C:\Users\Gary\AppData\Roaming\jdnetmon
2012-05-16 05:59 - 2012-05-16 05:51 - 00000000 ____D C:\Users\Gary\AppData\Roaming\jdast
2012-05-16 05:51 - 2012-05-16 05:51 - 00001921 ____A C:\Users\Gary\Desktop\JDs Auto Speed Tester.lnk
2012-05-16 05:51 - 2012-05-16 05:51 - 00000000 ____D C:\Users\Gary\Documents\Speed_Tester
2012-05-16 05:51 - 2012-05-16 05:51 - 00000000 ____D C:\Program Files (x86)\JDAST
2012-05-16 05:50 - 2012-05-12 02:08 - 00000000 ____D C:\Users\Gary\Downloads\Compressed
2012-05-15 10:00 - 2012-05-27 06:31 - 00079872 ____A C:\Windows\SysWOW64\ff_vfw.dll
2012-05-14 03:41 - 2012-05-24 04:59 - 00000000 ____D C:\Users\Gary\Desktop\Language
2012-05-12 11:03 - 2012-05-12 10:20 - 00000000 ____D C:\Users\Gary\Desktop\Kindle Fire Utility
2012-05-12 09:55 - 2012-05-12 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2012-05-12 09:06 - 2012-05-12 09:06 - 00001913 ____A C:\Users\Gary\Desktop\GetGo YouTube Downloader 1.6.0.742 Portable.exe - Shortcut.lnk
2012-05-12 08:26 - 2012-05-12 07:59 - 11457024 ____A C:\Users\Gary\Documents\Baptist Invitation.pcr
2012-05-12 02:20 - 2012-05-12 02:20 - 00000071 ____A C:\Users\Gary\Desktop\Base.txt
2012-05-10 18:21 - 2012-05-10 18:21 - 00004270 ____A C:\Users\Gary\Desktop\android_winusb.inf
2012-05-10 17:20 - 2012-05-10 17:20 - 01002728 ____A (Microsoft Corporation) C:\Windows\System32\WinUSBCoInstaller2.dll
2012-05-08 06:07 - 2011-08-27 08:48 - 00000000 ____D C:\Program Files (x86)\Camfrog
2012-05-08 05:47 - 2012-05-08 05:44 - 00000000 ____D C:\Users\Gary\AppData\Local\Camfrog Single Server
2012-05-08 05:43 - 2012-05-08 05:43 - 00000000 ____D C:\Users\All Users\Camfrog Server
2012-05-07 07:14 - 2011-09-08 05:35 - 00000000 ____D C:\Users\Gary\Documents\ClaudeFlash
2012-05-07 07:13 - 2012-05-07 07:13 - 00000000 ____D C:\Program Files\personalVPN
2012-05-05 08:11 - 2012-05-05 08:11 - 00178096 ____A C:\Users\Gary\BUSY DROP7.vdj
2012-05-05 08:01 - 2012-05-05 08:01 - 00082505 ____A C:\Users\Gary\!wicked_horn!.vdj
2012-05-05 06:13 - 2012-05-05 06:13 - 00523485 ____A C:\Users\Gary\Documents\Unlock iphone 4.docx
2012-05-04 20:01 - 2011-12-04 13:12 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Apple Computer
2012-05-01 17:34 - 2012-05-01 17:34 - 00000000 ____D C:\Users\Gary\Documents\Bigasoft 3GP Converter
2012-05-01 17:32 - 2012-05-01 17:32 - 00001113 ____A C:\Users\Public\Desktop\Bigasoft 3GP Converter.lnk
2012-05-01 17:32 - 2011-12-04 07:27 - 00000000 ____D C:\Program Files (x86)\Bigasoft
2012-05-01 14:08 - 2012-05-01 14:08 - 00000000 ____D C:\Users\Gary\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-05-01 10:06 - 2012-04-30 18:59 - 00000000 ____D C:\Android
2012-05-01 06:22 - 2012-05-01 06:22 - 00000000 ____D C:\HTC
2012-05-01 06:15 - 2012-04-01 10:47 - 00000000 ____D C:\Program Files (x86)\Android
2012-04-30 22:33 - 2012-04-30 22:32 - 00000000 ____D C:\Users\Gary\AppData\Roaming\HTC
2012-04-30 22:32 - 2012-04-30 22:32 - 00001084 ____A C:\Users\Public\Desktop\HTC Sync.lnk
2012-04-30 22:32 - 2012-04-14 04:38 - 00000000 ____D C:\Program Files (x86)\HTC
2012-04-30 22:31 - 2012-04-30 22:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-04-30 22:31 - 2012-04-30 22:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-04-30 22:31 - 2011-08-27 12:10 - 00000000 ____D C:\Users\Gary\AppData\Local\Adobe
2012-04-30 22:31 - 2000-03-22 02:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-04-30 17:16 - 2012-04-30 17:16 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-30 17:16 - 2012-04-30 17:16 - 00000000 ____D C:\Program Files\iTunes
2012-04-30 17:16 - 2012-04-30 17:16 - 00000000 ____D C:\Program Files\iPod
2012-04-30 17:16 - 2012-04-30 17:16 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-04-30 17:13 - 2012-04-30 17:13 - 00000000 ____D C:\Program Files\Bonjour
2012-04-30 17:13 - 2012-04-30 17:13 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-04-30 16:57 - 2012-04-30 16:57 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-04-30 16:57 - 2012-04-30 16:57 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-04-30 16:40 - 2012-04-30 16:40 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-04-29 16:38 - 2012-04-29 16:38 - 00001043 ____A C:\Users\Gary\Desktop\VirtualDJ 7 Pro.lnk
2012-04-28 08:09 - 2012-04-28 08:09 - 00001364 ____A C:\Users\Gary\Desktop\Amediasoft YouTube Video Converter.lnk
2012-04-28 08:09 - 2012-04-28 08:09 - 00000000 ____D C:\Windows\SysWOW64\Mpeg
2012-04-28 08:09 - 2012-04-28 08:09 - 00000000 ____D C:\Users\Gary\AppData\Local\Amediasoft
2012-04-28 08:09 - 2012-04-28 08:09 - 00000000 ____D C:\Program Files (x86)\Amediasoft
2012-04-28 07:30 - 2011-09-25 19:01 - 00000000 ____D C:\Users\Gary\AppData\Local\Nero
2012-04-28 06:41 - 2012-04-28 06:41 - 00000000 ____D C:\Users\Gary\Documents\Xilisoft
2012-04-28 06:41 - 2012-02-11 14:00 - 00000000 ____D C:\Users\Gary\AppData\Local\Xilisoft
2012-04-28 06:40 - 2012-04-28 06:40 - 00001105 ____A C:\Users\Public\Desktop\Xilisoft YouTube HD Video Downloader.lnk
2012-04-27 05:25 - 2012-04-27 05:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-27 05:15 - 2012-04-27 05:08 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-27 05:08 - 2012-04-27 05:08 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Malwarebytes
2012-04-27 05:08 - 2012-04-27 05:08 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-04-25 08:56 - 2012-04-06 08:13 - 00000000 ____D C:\Users\Gary\AppData\Roaming\MOBILedit
2012-04-25 08:47 - 2012-04-25 08:47 - 00000000 ____D C:\Program Files (x86)\DVAPTray
2012-04-24 05:18 - 2012-01-19 11:15 - 00000000 ____D C:\Users\Public\CyberLink
2012-04-23 03:26 - 2012-05-03 11:07 - 00154272 ____A (Tonec Inc.) C:\Windows\System32\Drivers\idmwfp.sys
2012-04-20 11:52 - 2012-04-20 11:52 - 00001216 ____A C:\Users\Public\Desktop\Wondershare Data Recovery.lnk
2012-04-20 11:52 - 2012-04-20 11:52 - 00000000 ____D C:\Users\Gary\AppData\Local\Wondershare
2012-04-20 11:52 - 2012-04-20 11:52 - 00000000 ____D C:\Program Files (x86)\Wondershare
2012-04-20 11:33 - 2012-04-20 11:33 - 00000000 ____D C:\Program Files (x86)\GetData
2012-04-20 08:16 - 2012-04-20 08:16 - 00001065 ____A C:\Users\QBPOSDBSrvUser\Desktop\Recover Deleted Files.lnk
2012-04-20 08:16 - 2012-04-20 08:16 - 00000000 ____D C:\Program Files (x86)\Recover Deleted Files
2012-04-19 12:34 - 2012-02-08 08:27 - 00000000 ____D C:\Users\Gary\Documents\Any Video Converter Ultimate
2012-04-19 11:36 - 2012-01-19 11:12 - 00000000 ____D C:\Users\All Users\CyberLink
2012-04-19 11:20 - 2011-12-05 06:28 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Thinstall
2012-04-18 19:57 - 2012-05-21 09:14 - 00126912 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
2012-04-17 22:03 - 2012-04-17 22:03 - 00000000 ____D C:\Program Files (x86)\Datel
2012-04-17 15:31 - 2012-04-17 15:31 - 00000000 ____D C:\Users\Gary\Documents\Datel
2012-04-15 16:46 - 2011-12-11 18:30 - 00000000 ____D C:\Users\All Users\MSNRecorderMax
2012-04-15 06:27 - 2012-04-15 05:44 - 00000000 ____D C:\ruu_log
2012-04-14 04:42 - 2011-08-27 12:10 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Adobe
2012-04-14 04:38 - 2012-04-14 04:38 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2012-04-14 04:33 - 2012-04-14 04:33 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-04-11 11:39 - 2012-04-11 11:39 - 00000000 ____D C:\Program Files\SoftwareForMe Inc
2012-04-09 15:06 - 2011-12-13 17:52 - 00000000 ____D C:\Program Files (x86)\RadioGet
2012-04-09 08:45 - 2012-04-09 08:45 - 00000000 ____D C:\Users\Gary\AppData\Local\MPlayer
2012-04-09 08:41 - 2012-04-09 08:41 - 00000000 ____D C:\Users\Gary\Documents\SnowFox Output
2012-04-09 08:37 - 2012-04-09 08:37 - 00000000 ____D C:\Program Files (x86)\SnowFox Software
2012-04-08 20:53 - 2012-04-08 21:33 - 13815412 ____A C:\Skype_2.7.0.907_v14.apk
2012-04-08 08:48 - 2012-04-08 07:36 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Paltalk
2012-04-08 07:36 - 2012-04-08 07:36 - 00000000 ____D C:\Windows\Paltalk Messenger
2012-04-08 07:36 - 2012-04-08 07:36 - 00000000 ____D C:\Program Files (x86)\Paltalk Messenger
2012-04-08 07:36 - 2012-04-08 07:35 - 00021389 ____A C:\Windows\Paltalk Messenger Setup Log.txt
2012-04-06 08:16 - 2012-04-06 08:16 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motmodem_01007.Wdf
2012-04-06 08:13 - 2012-04-06 08:13 - 00000000 ____D C:\Users\Gary\Documents\MOBILedit!
2012-04-06 08:11 - 2012-04-06 07:30 - 00000000 ____D C:\Program Files (x86)\MOBILedit!
2012-04-06 07:52 - 2012-04-06 07:52 - 00000000 ____D C:\Program Files\Compiled Driver Disc (Full)
2012-04-06 07:51 - 2012-04-06 07:51 - 00000000 ____D C:\Program Files\Phone Drivers Downloader
2012-04-06 07:30 - 2012-04-06 07:30 - 00000965 ____A C:\Users\Public\Desktop\MOBILedit!.lnk
2012-04-06 07:30 - 2012-04-06 07:30 - 00000000 ____D C:\Users\Public\Documents\MobilEdit!
2012-04-06 07:30 - 2012-04-06 07:30 - 00000000 ____D C:\Program Files (x86)\COMPELSON Labs
2012-04-05 05:59 - 2012-04-05 05:59 - 00000000 ____D C:\Program Files (x86)\Real
2012-04-05 05:59 - 2012-02-08 18:42 - 00185920 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-04-05 05:59 - 2012-02-08 18:42 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-04-05 05:59 - 2012-02-08 18:42 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-04-05 05:59 - 2012-02-08 18:42 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Real
2012-04-05 05:59 - 2012-02-08 18:42 - 00000000 ____D C:\Users\All Users\Real
2012-04-05 05:59 - 2012-02-08 18:42 - 00000000 ____D C:\Program Files (x86)\Real Alternative
2012-04-05 05:59 - 2008-09-03 17:47 - 00278528 ____A (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
2012-04-05 05:59 - 2008-05-23 04:02 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-04-04 18:57 - 2011-10-09 09:19 - 00000000 ___HD C:\Users\All Users\firebird
2012-04-04 13:56 - 2012-04-27 05:08 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-01 19:07 - 2012-04-01 16:37 - 00000000 ____D C:\Users\Gary\.android
2012-04-01 10:46 - 2012-04-01 10:46 - 00000000 ____D C:\Program Files\Oracle
2012-04-01 10:45 - 2012-04-01 10:45 - 00188808 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-04-01 10:45 - 2012-04-01 10:45 - 00188808 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-04-01 10:45 - 2012-04-01 10:45 - 00000000 ____D C:\Program Files\Java
2012-03-30 03:20 - 2012-03-29 00:12 - 00016037 ____A C:\Users\Gary\Documents\Glad to help.docx
2012-03-28 05:03 - 2012-03-28 05:03 - 00000000 ____D C:\Users\Gary\Downloads\CCM7_Eris_V23
2012-03-28 04:08 - 2012-03-28 04:08 - 90359862 ____A C:\Users\Gary\Downloads\CCM7_Eris_V23.zip
2012-03-27 17:39 - 2012-03-27 17:39 - 00000215 ____A C:\Windows\injector.ini
2012-03-27 08:14 - 2012-03-27 08:14 - 00000000 ____D C:\Program Files (x86)\Android Injector
2012-03-26 08:09 - 2012-03-26 08:09 - 00280698 ____A C:\Users\Gary\Documents\erisone010.apk
2012-03-25 14:03 - 2012-03-25 14:03 - 00006144 ____A C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-25 14:03 - 2000-03-22 02:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-24 22:57 - 2012-06-04 10:02 - 00215552 ____N C:\Windows\SysWOW64\amp3dj.oca
2012-03-24 22:55 - 2012-06-04 10:02 - 00202240 ____N C:\Windows\SysWOW64\asrecmms.oca
2012-03-23 05:41 - 2011-11-13 19:06 - 00001259 ____A C:\Users\Gary\Desktop\TreeSize Professional.lnk
2012-03-23 05:29 - 2011-08-27 03:56 - 00000000 ____D C:\Users\Gary\AppData\Local\VirtualStore
2012-03-23 05:26 - 2012-03-23 05:26 - 00001166 ____A C:\Users\QBPOSDBSrvUser\Desktop\Video Watermark Pro.lnk
2012-03-23 05:26 - 2012-03-23 05:26 - 00001166 ____A C:\Users\Gary\Desktop\Video Watermark Pro.lnk
2012-03-23 05:26 - 2012-03-23 05:26 - 00000000 ____D C:\Program Files\AoaoPhoto Digital Studio
2012-03-19 09:37 - 2012-03-19 09:37 - 00000000 ____D C:\Users\Gary\Documents\iVisit
2012-03-19 09:37 - 2012-03-19 09:37 - 00000000 ____D C:\Users\Gary\AppData\Roaming\iVisit Data
2012-03-19 09:37 - 2012-03-19 09:37 - 00000000 ____D C:\Program Files (x86)\iVisit
2012-03-19 06:05 - 2012-03-19 06:04 - 00460140 ____A C:\Users\Gary\Downloads\o2b2update.tar.gz
2012-03-18 23:35 - 2012-03-18 23:34 - 00010636 ____A C:\Users\Gary\Documents\Burnout Websites Articles.docx
2012-03-18 23:33 - 2012-03-18 23:33 - 00011565 ____A C:\Users\Gary\Documents\I just used this file on my 920.docx
2012-03-17 22:18 - 2012-03-17 17:55 - 00000000 ____D C:\Users\Gary\AppData\Local\Samsung
2012-03-17 22:18 - 2012-02-20 08:38 - 00000000 ____D C:\Users\All Users\Samsung
2012-03-17 18:43 - 2012-03-17 18:43 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Verizon Wireless
2012-03-17 18:38 - 2011-12-03 09:20 - 00000000 ____D C:\Program Files (x86)\Samsung
2012-03-17 17:54 - 2012-03-17 17:54 - 00000000 ____D C:\Users\Gary\Documents\samsung
2012-03-17 17:54 - 2012-03-17 17:54 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Samsung
2012-03-17 17:51 - 2012-03-17 17:51 - 00000000 ____D C:\Program Files (x86)\MarkAny
2012-03-17 07:52 - 2012-03-17 07:52 - 00010862 ____A C:\Users\Gary\Documents\Supaphorn Kokklang Address.docx

ZeroAccess:
C:\Windows\Installer\{cbcbd993-506d-96b9-6602-879c2385f055}
C:\Windows\Installer\{cbcbd993-506d-96b9-6602-879c2385f055}\L
C:\Windows\Installer\{cbcbd993-506d-96b9-6602-879c2385f055}\U

ZeroAccess:
C:\Users\Gary\AppData\Local\{cbcbd993-506d-96b9-6602-879c2385f055}
C:\Users\Gary\AppData\Local\{cbcbd993-506d-96b9-6602-879c2385f055}\@
C:\Users\Gary\AppData\Local\{cbcbd993-506d-96b9-6602-879c2385f055}\L
C:\Users\Gary\AppData\Local\{cbcbd993-506d-96b9-6602-879c2385f055}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe
[2000-03-22 03:16] - [2000-03-22 03:16] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4061.09 MB
Available physical RAM: 3490.09 MB
Total Pagefile: 4059.23 MB
Available Pagefile: 3481.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:8.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:331.01 GB) (Free:116.3 GB) NTFS
4 Drive f: (HP) (Removable) (Total:3.73 GB) (Free:1.1 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 2048 KB
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 18 GB 31 KB
Partition 2 Primary 116 GB 18 GB
Partition 0 Extended 331 GB 134 GB
Partition 3 Logical 331 GB 134 GB

======================================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 116 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 331 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 64 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F HP FAT32 Removable 3823 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-08 02:13

======================= End Of Log ==========================

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:58 PM

Posted 13 June 2012 - 08:00 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

2012-06-13 03:12 - 2012-06-13 03:12 - 00000000 ____D C:\Windows\SysWOW64\3005
2012-06-13 03:12 - 2012-05-30 03:12 - 00000000 ____D C:\Windows\SysWOW64\1070
2012-06-13 03:12 - 2012-04-11 04:20 - 00000348 ____A C:\Windows\Tasks\At2.job
2012-06-13 03:12 - 2012-04-11 04:19 - 00000348 ____A C:\Windows\Tasks\At1.job
2012-06-10 17:56 - 2011-09-07 12:24 - 00000000 ____D C:\Users\Gary\AppData\Roaming\mjusbsp
C:\Windows\Installer\{cbcbd993-506d-96b9-6602-879c2385f055}
C:\Users\Gary\AppData\Local\{cbcbd993-506d-96b9-6602-879c2385f055}
2012-05-30 03:12 - 2012-06-13 03:12 - 00000000 ____D C:\Windows\SysWOW64\1070

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 garyrbz

garyrbz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 13 June 2012 - 10:24 PM

Here is the log from FRST fix:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-06-2012 03
Ran by SYSTEM at 2012-06-13 21:01:52 Run:1
Running from F:\

==============================================

C:\Windows\SysWOW64\3005 moved successfully.
C:\Windows\SysWOW64\1070 moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
C:\Users\Gary\AppData\Roaming\mjusbsp moved successfully.
C:\Windows\Installer\{cbcbd993-506d-96b9-6602-879c2385f055} moved successfully.
C:\Users\Gary\AppData\Local\{cbcbd993-506d-96b9-6602-879c2385f055} moved successfully.
C:\Windows\SysWOW64\1070 not found.

==== End of Fixlog ====

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:58 PM

Posted 14 June 2012 - 03:51 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


TrendMicro™ HouseCall Java Scan
  • Please go HERE to run the Trend Micro™ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.


Things to include in your next reply::
MBAM log
TrendMICRO log
Eset still Popping up?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 garyrbz

garyrbz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 14 June 2012 - 07:49 PM

Thanks again

MBAM log:

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Gary :: GARY-PC [administrator]

Protection: Disabled

6/14/2012 5:02:33 PM
mbam-log-2012-06-14 (17-02-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235080
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\CLSID\{1F372C26-3A29-3763-1AEF-730D7C3A6753} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F372C26-3A29-3763-1AEF-730D7C3A6753} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\SysWOW64\KBDDRO.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\KBDDRO.DLL (Trojan.BHO) -> Quarantined and deleted successfully.

(end)



TrendMicro log:


No threats found.



Now my ESET doesnt run on computer startup. I have to click on program file to start it when my computer boots up. I uninstall it and reinstall it and it does the same thing. I have gone into its settings to change it to default but it still doest start when my computer starts.

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:58 PM

Posted 14 June 2012 - 08:06 PM

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to BartPe and run FRST.
Type the following in the edit box after "Search:".

services.exe;userinit.exe

Note: The file names should be separated by semicolon (;)

It then should look like:

Search: services.exe;userinit.exe

Click Search button and post the log (Search.txt) it makes to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 garyrbz

garyrbz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 14 June 2012 - 08:21 PM

I have an ESET popup C\windows\system32\services.exe Threat win64/patched B.Gen trojan

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:58 PM

Posted 14 June 2012 - 08:28 PM

Please run the FRST Search from my previous post.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 garyrbz

garyrbz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 14 June 2012 - 08:43 PM

Here is the FRST search log:

Farbar Recovery Scan Tool Version: 11-06-2012 03
Ran by SYSTEM at 2012-06-14 19:32:18
Running from F:\

================== Search: "services.exe;userinit.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009-07-13 15:34] - [2009-07-13 17:14] - 0026112 ____A (Microsoft Corporation) 6DE80F60D7DE9CE6B8C2DDFDF79EF175

C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009-07-13 15:50] - [2009-07-13 17:39] - 0030208 ____A (Microsoft Corporation) 6F8F1376A13114CC10C0E69274F5A4DE

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\SysWOW64\userinit.exe
[2009-07-13 15:34] - [2009-07-13 17:14] - 0026112 ____A (Microsoft Corporation) 6DE80F60D7DE9CE6B8C2DDFDF79EF175

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\userinit.exe
[2009-07-13 15:50] - [2009-07-13 17:39] - 0030208 ____A (Microsoft Corporation) 6F8F1376A13114CC10C0E69274F5A4DE

C:\Windows\ERDNT\cache86\userinit.exe
[2011-11-30 10:35] - [2009-07-13 17:14] - 0026112 ____A (Microsoft Corporation) 6DE80F60D7DE9CE6B8C2DDFDF79EF175

C:\Windows\ERDNT\cache64\services.exe
[2011-11-30 10:35] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\ERDNT\cache64\userinit.exe
[2011-11-30 10:35] - [2009-07-13 17:39] - 0030208 ____A (Microsoft Corporation) 6F8F1376A13114CC10C0E69274F5A4DE

====== End Of Search ======




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users