Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

exploit win32 pdfjsc.vi infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 petrolium

petrolium

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 14 June 2012 - 06:29 AM

Hi Guys,

I was hoping you could help me remove a nasty virus/malware that has slowed my pc to a halt.
I first noticed a change in my computer yesterday morning after I installed some 'updates' that appeared via an icon in my system tray. They looked like genuine windows updates but in hindsight were probably related to the virus. I am assuming my pc was infected before this but didnt notice any symptoms.

Ive run a full scan in MSE and it detected and removed this pdfjsc.vi but after researching the virus, I wanted to make sure it was fully removed.
My pc currently boots up ok, works for a few minutes, begins to slow down and then grinds to a halt.
I would be very grateful if someone could lend me a hand with this...Thanks..


.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Steve at 11:52:21 on 2012-06-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2683 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files

(x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files

(x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files

(x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program

Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program

Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files

(x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files

(x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files

(x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "C:\Users\Steve\AppData\Roaming\Spotify\Data

\SpotifyWebHelper.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe"

/autostart
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash

\FlashUtil32_11_2_202_233_Plugin.exe -update plugin
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe

\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -

startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update

\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamgui.exe /install /silent
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup

\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:

\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:

\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:

\Windows\Installer\{D42F84B6-3709-4A50-8502-

6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:

\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:

\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{338571AB-664A-4856-A6F3-1350088E9CDA} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{338571AB-664A-4856-A6F3-1350088E9CDA}\0556162745275656 : DhcpNameServer =

192.168.113.1
TCP: Interfaces\{338571AB-664A-4856-A6F3-1350088E9CDA}\2656C6B696E6534376 : DhcpNameServer

= 192.168.2.1
TCP: Interfaces\{338571AB-664A-4856-A6F3-1350088E9CDA}\35B4955313339363 : DhcpNameServer =

192.168.0.1
TCP: Interfaces\{338571AB-664A-4856-A6F3-1350088E9CDA}\7627168616D6 : DhcpNameServer =

192.168.0.1
TCP: Interfaces\{74B9FFDE-FF66-4BFA-89F2-AC320402BF4B} : DhcpNameServer = 194.168.4.100

194.168.8.100
TCP: Interfaces\{D7FDC293-2351-4443-A9B8-ECE85AFEB330} : DhcpNameServer = 192.168.42.129
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files

(x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype

\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program

Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files

(x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files

(x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program

Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:

\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files

(x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files

(x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe

\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard

\SwitchBoard.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office

\Office12\GrooveMonitor.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -

startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update

\jusched.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-

Malware\mbamgui.exe /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:

\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles

\wpgyda38.default\
FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin

\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Users\Steve\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla

Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files

(x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files

(x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - C:\Program Files

(x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - C:\Program

Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-

65C46FAD54F9}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP

\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP

\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - %profile%\extensions

\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows

\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:

\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows

\system32\DRIVERS\ETD.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows

\system32\DRIVERS\Rt64win7.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys

--> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe

\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-1-14 14904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows

\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows

\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FastBootAgent;FastBootAgent;C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [2010-1-14

306232]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe [2011-3-24 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamservice.exe [2012-6-14 654408]
S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet

Pass-Through\PassThruSvr.exe [2011-9-15 88576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29

158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows

\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-4 253088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe [2011-3-24 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows

\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:

\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows

\system32\drivers\mbam.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys

--> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client

\NisSrv.exe [2012-3-26 291696]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers

\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS

\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard

\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows

\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat

\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys -->

C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-06-14 10:29:10 -------- d-----w- C:\Users\Steve\AppData\Roaming

\Malwarebytes
2012-06-14 10:29:04 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-14 10:29:04 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-14 10:29:04 -------- d-----w- C:\Program Files

(x86)\Malwarebytes' Anti-Malware
2012-06-13 12:30:50 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft

Antimalware\Definition Updates\{63E5001C-6B4E-4AC9-A965-63AD5EECAF0A}\gapaengine.dll
2012-06-13 12:29:46 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft

Antimalware\Definition Updates\{4ED832F8-BEEC-4E09-8115-A563E2847ABD}\mpengine.dll
2012-06-13 12:15:10 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft

Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-12 16:39:28 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft

Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-05-31 09:40:56 -------- d-----w- C:\Program Files (x86)\Microsoft

Security Client
2012-05-31 09:40:54 -------- d-----w- C:\Program Files\Microsoft

Security Client
.
==================== Find3M ====================
.
2012-05-04 13:33:03 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 13:33:02 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-20 19:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 19:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 11:55:08.99 ===============

Attached File  Attach.txt   14.35KB   0 downloads

BC AdBot (Login to Remove)

 


#2 petrolium

petrolium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 14 June 2012 - 06:51 AM

Also, I've just run a Malwarebytes scan which found 5 items (which have been quarantined and deleted). Heres the log:



Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.14.05

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Steve :: STEVE-PC [administrator]

Protection: Disabled

14/06/2012 12:35:40
mbam-log-2012-06-14 (12-35-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254429
Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Windows\System32\msvfd32.exe (Trojan.Clicker.CT) -> Quarantined and deleted successfully.
C:\Users\music\AppData\Local\Temp\IXP001.TMP\flaudit.exe (Trojan.Clicker.CT) -> Quarantined and deleted successfully.
C:\Users\music\AppData\Local\Temp\mrt3CA5.tmp\stdrt.exe (Trojan.Clicker.CT) -> Quarantined and deleted successfully.
C:\Users\Steve\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Steve\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:59 AM

Posted 18 June 2012 - 08:02 AM

Hi petrolium,


:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

 

Your Malwarebytes log shows a key generator.

IMPORTANT NOTE: The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Before we can continue, I need you to remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites you visited to get them is almost a guaranteed way to get yourself infected!!



 

Combofix

Please download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please include:
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 petrolium

petrolium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 18 June 2012 - 08:16 AM

Hi Jason,

Thanks for getting back.

I will remove the files you mention, as suggested, before we proceed.

Actually, I was deliberating whether to reinstall windows completely as I've read this virus is a nasty one. Would it be better to do this or is it possible to completely remove the virus from my pc through anti-malware programs, etc?

Thanks again,
Steve

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:59 AM

Posted 18 June 2012 - 08:33 AM

With some infections, it's better (and faster) to reinstall than to try and fix the problems. However, I don't see anything in the logs that leads me to believe this is true in your case.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 petrolium

petrolium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 18 June 2012 - 10:13 AM

Thanks again for your help.

I've run combofix and I've pasted the log below.

After running it, my computer still boots up fine but now when I click to open a program I get the message 'Illegal operation attempted on a registry key that has been marked for deletion" and the program does not open.
This happened when I tried to open Chrome and MS Word.



ComboFix 12-06-15.03 - Steve 18/06/2012 15:01:17.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2933 [GMT 1:00]
Running from: d:\downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!SysWOW64!userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 14:25 . 2012-05-08 09:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63EDC14D-6CFD-48A8-BEAF-0B5D37C08ACF}\mpengine.dll
2012-06-18 14:13 . 2012-06-18 14:13 -------- d-----w- c:\users\test\AppData\Local\temp
2012-06-18 14:13 . 2012-06-18 14:13 -------- d-----w- c:\users\music\AppData\Local\temp
2012-06-18 14:13 . 2012-06-18 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 17:18 . 2012-06-15 17:18 -------- d-----w- c:\program files (x86)\Magical Jelly Bean
2012-06-14 12:19 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 12:19 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 12:17 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 12:17 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 12:17 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 12:16 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 12:16 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 12:15 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 12:15 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 12:15 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 12:15 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 12:15 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 12:15 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 12:15 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 12:15 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 12:15 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 12:15 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-14 10:29 . 2012-06-14 10:29 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes
2012-06-14 10:29 . 2012-06-14 10:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-14 10:29 . 2012-06-14 10:29 -------- d-----w- c:\programdata\Malwarebytes
2012-06-14 10:29 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 12:30 . 2012-05-31 09:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63E5001C-6B4E-4AC9-A965-63AD5EECAF0A}\gapaengine.dll
2012-06-13 12:29 . 2012-05-08 09:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-12 16:39 . 2012-05-31 09:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-05-31 09:40 . 2012-05-31 09:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-31 09:40 . 2012-05-31 09:41 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 13:33 . 2012-05-04 13:33 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 13:33 . 2011-06-18 18:32 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-30 11:35 . 2012-05-10 10:46 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 19:44 . 2012-03-20 19:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2012-03-20 19:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-15_18.16.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-24 11:27 . 2012-06-18 14:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-24 11:27 . 2012-06-13 08:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-24 11:27 . 2012-06-18 14:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-24 11:27 . 2012-06-13 08:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-18 14:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-13 08:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-18 14:22 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-18 14:24 . 2012-06-18 14:24 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\265ea5dba5c6f52dc313ad25fcb300da\System.Web.DynamicData.Design.ni.dll
+ 2012-06-18 14:28 . 2012-06-18 14:28 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\eef76dd965ea0a8ae5fb0c734d84389c\System.Web.DynamicData.Design.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2b97ccae44726f13c418f1406180c3e8\System.Web.DynamicData.Design.ni.dll
+ 2012-06-18 14:19 . 2012-06-18 14:19 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\Extensibility\64991faf8251962d6072fa557103432e\Extensibility.ni.dll
- 2012-05-13 12:04 . 2012-05-13 12:04 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\Extensibility\64991faf8251962d6072fa557103432e\Extensibility.ni.dll
- 2012-06-15 18:14 . 2012-06-15 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-18 14:14 . 2012-06-18 14:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-18 14:14 . 2012-06-18 14:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-15 18:14 . 2012-06-15 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-24 15:21 . 2012-06-18 14:48 210100 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-06-15 16:41 674752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-15 18:49 674752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-18 14:33 . 2012-06-18 14:33 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\08becdcc9bd647c4e4d07ceea7fe4895\WindowsFormsIntegration.ni.dll
+ 2012-06-18 14:33 . 2012-06-18 14:33 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ca5505a49a075ee7ad2535f89d9ea992\System.ServiceProcess.ni.dll
+ 2012-06-18 14:33 . 2012-06-18 14:33 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\0d8257087be3e57b071d1d5ccd705c2f\System.Messaging.ni.dll
+ 2012-06-18 14:33 . 2012-06-18 14:33 292352 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing.Desi#\b296ac056fd009b084b03fdfc9559b92\System.Drawing.Design.ni.dll
+ 2012-06-18 14:33 . 2012-06-18 14:33 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\52792a7ce63196551c29f5201562c1ae\System.Configuration.Install.ni.dll
+ 2012-06-18 14:29 . 2012-06-18 14:29 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\097137b03ff37196b4b8ba62db34d64a\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\db6668b547e7504d74c3f345e2519b65\WindowsFormsIntegration.ni.dll
+ 2012-06-18 14:24 . 2012-06-18 14:24 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\5df927ec1d32330b6544ebfa1f1d24c8\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-06-18 14:24 . 2012-06-18 14:24 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\13599eb87b44ca6705754ba1b12654ef\System.Web.Extensions.Design.ni.dll
+ 2012-06-18 14:24 . 2012-06-18 14:24 335360 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\57e337abeeba57327cae79c81a5e589a\System.Web.Entity.ni.dll
+ 2012-06-18 14:24 . 2012-06-18 14:24 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\3c3a6fc3f8cdc3b213a709e13006d238\System.Web.Entity.Design.ni.dll
+ 2012-06-18 14:24 . 2012-06-18 14:24 712192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\ecb51c747bfc8a23ca272b4225274505\System.Web.DynamicData.ni.dll
+ 2012-06-18 14:24 . 2012-06-18 14:24 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\6c0f04523c70a25ba46bcbff46949638\System.Web.DataVisualization.Design.ni.dll
+ 2012-06-18 14:22 . 2012-06-18 14:22 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9ae3a257c347602d42ab80bb7a5ca3bb\System.ServiceProcess.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\7a5371c272b4008457a3af780bf65ae5\System.Messaging.ni.dll
+ 2012-06-18 14:22 . 2012-06-18 14:22 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\0a0d6610975706aee94ec9f44191bab8\System.Configuration.Install.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 815104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Web.Autho#\379ed6d38e1ec5439727ef4ad73b5819\Microsoft.Web.Authoring.ni.dll
+ 2012-06-18 14:24 . 2012-06-18 14:24 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\26599cf02308adfabdc81eff4b322a01\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 248320 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\b7de9d1d76bc77fa2ac090651437f1a9\Microsoft.Expression.Web.PageAnalysis.Sdk.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 172032 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\92399a97cb873d950e99152f87f2624f\Microsoft.Expression.Web.Preview.Remote.Client.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 391168 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\76120ab62ed32c37b51858433ef7ca56\Microsoft.Expression.Web.PageAnalysis.Core.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 769536 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\7599d85de2628713e6dc4ba024326903\Microsoft.Expression.Web.PageAnalysis.Preview.InternetExplorer.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\55da8e8b53e8b374eac2053fd9d87805\Microsoft.Expression.Web.PageAnalysis.Preview.Firefox.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 431616 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\22747ba2752b4f7bdbb7f7e2ba84ffbf\Microsoft.Expression.Web.PageAnalysis.Preview.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 166912 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\1976a369931614d999fbeebf4afd47ae\Microsoft.Expression.SourceControl.TFS.ni.dll
+ 2012-06-18 14:24 . 2012-06-18 14:24 754176 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\0c9f45d5f0f1cdb50b166fb1f264cea0\Microsoft.Expression.Prototyping.Runtime.ni.dll
+ 2012-06-18 14:22 . 2012-06-18 14:22 241664 c:\windows\assembly\NativeImages_v4.0.30319_32\Expression.DevServer\f1a0aaef4954405548c2e53a11c5eea4\Expression.DevServer.ni.exe
+ 2012-06-18 14:22 . 2012-06-18 14:22 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\bf2ce47ab00c769d75c429d5cbb0f4d0\AspNetMMCExt.ni.dll
+ 2012-06-18 14:28 . 2012-06-18 14:28 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\f4d304fcbfda323997083a1f88b83719\WindowsFormsIntegration.ni.dll
+ 2012-06-18 14:28 . 2012-06-18 14:28 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\681410f842337dccc72eb059738c3ced\TaskScheduler.ni.dll
+ 2012-06-18 14:28 . 2012-06-18 14:28 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\72b4992e45d232251a273a59eb3333d5\System.Web.Routing.ni.dll
+ 2012-06-18 14:28 . 2012-06-18 14:28 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\b905eb57b631a30c60caa4d68c186963\System.Web.Entity.ni.dll
+ 2012-06-18 14:28 . 2012-06-18 14:28 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\e412dfbf1aa49bbe345a02a4d23104f5\System.Web.Entity.Design.ni.dll
+ 2012-06-18 14:28 . 2012-06-18 14:28 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\815769f953ebe3f84439d522c97317b8\System.Web.DynamicData.ni.dll
+ 2012-06-18 14:28 . 2012-06-18 14:28 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\c8144ee08dccdac183527e53c86aa901\System.Web.Abstractions.ni.dll
+ 2012-06-15 18:25 . 2012-06-15 18:25 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\f71d2f65d0f149c75ac7a569dbcc8500\System.ServiceProcess.ni.dll
+ 2012-06-18 14:25 . 2012-06-18 14:25 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\d5d612f7d372f500e3062e3814e79d75\System.Messaging.ni.dll
+ 2012-06-15 18:25 . 2012-06-15 18:25 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\fbc02e9f5a14bb93082ebc88bc577413\System.Drawing.Design.ni.dll
+ 2012-06-15 18:25 . 2012-06-15 18:25 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\a88ca70ab9641b8236149bc5dd8d1564\System.Configuration.Install.ni.dll
+ 2012-06-18 14:26 . 2012-06-18 14:26 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\67240ddde494b9cc05cd732ccd099668\MMCFxCommon.ni.dll
+ 2012-06-18 14:26 . 2012-06-18 14:26 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e29cbd30a31d3c8dae19eb17f70c4ec4\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-06-18 14:26 . 2012-06-18 14:26 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\409dae089f2e041343cff71f822cd505\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-06-18 14:26 . 2012-06-18 14:26 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\803188573fb19785a94284e097c48a67\Microsoft.ManagementConsole.ni.dll
+ 2012-06-18 14:27 . 2012-06-18 14:27 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\4ae6ccc32dafb4e3765b9db05585bd48\mcplayerinterop.ni.dll
+ 2012-06-18 14:27 . 2012-06-18 14:27 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\b0db345fd62a84c98fd8b0bf3c72e8bb\mcGlidHostObj.ni.dll
+ 2012-06-18 14:26 . 2012-06-18 14:26 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\bc5df15ee827e248dd6f819874a85718\EventViewer.ni.dll
+ 2012-06-18 14:25 . 2012-06-18 14:25 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\08c9aa18b306aa47ddc0ae4a63b05d04\ehExtHost.ni.exe
+ 2012-06-18 14:22 . 2012-06-18 14:22 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
+ 2012-06-18 14:22 . 2012-06-18 14:22 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\f3e052584df9c614407da662dd3c3df3\TaskScheduler.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\06e4119a0a3484bb0ca667a16145ce74\System.Web.Routing.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4f13c2c06fb97f6659473f02802b377b\System.Web.Extensions.Design.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bc239944bca7cc6b6ddb473259183c7d\System.Web.Entity.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\3701488fb9e601ebe963db25b784d684\System.Web.Entity.Design.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a09cc9877f51f16a4610b702155e8b70\System.Web.DynamicData.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c6aad1edcc51862ceb26b6b65dad1490\System.Web.Abstractions.ni.dll
+ 2012-06-15 18:21 . 2012-06-15 18:21 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
+ 2012-06-18 14:20 . 2012-06-18 14:20 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll
+ 2012-06-15 18:21 . 2012-06-15 18:21 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\912a0776c2bfd35ff76bd0b8ba977ed4\System.Drawing.Design.ni.dll
+ 2012-06-15 18:21 . 2012-06-15 18:21 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\498d2033c60fe5b777cf923b71b25972\System.Configuration.Install.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\acfafa161ea232928cb02b01c50acf1c\napsnap.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\0abec246c5ca6ec4858bfd3ab84da0ec\napinit.ni.dll
+ 2012-06-18 14:20 . 2012-06-18 14:20 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\1e03b7c2539c5376f0665a4aba04efbd\MMCFxCommon.ni.dll
+ 2012-06-18 14:20 . 2012-06-18 14:20 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\622b582866fca37f113bd97ae4c6d1f6\Microsoft.ManagementConsole.ni.dll
+ 2012-06-18 14:20 . 2012-06-18 14:20 478720 c:\windows\assembly\NativeImages_v2.0.50727_32\Google.Connect.Comm#\3bcd4e6432de07fe02ebd5ef6692f344\Google.Connect.Common.ni.dll
+ 2012-06-18 14:20 . 2012-06-18 14:20 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\02577b78c6ed2f9bda301de888dccad8\EventViewer.ni.dll
+ 2012-06-18 14:20 . 2012-06-18 14:20 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\a6b8eb80cfbdd927b2fa4ecb69fc0209\ehExtHost32.ni.exe
- 2009-07-14 04:45 . 2012-06-13 12:18 7110322 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-15 18:23 7110322 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-06-18 14:29 . 2012-06-18 14:29 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e286701acf74012d3aa4a21953f03b6b\WindowsBase.ni.dll
+ 2012-06-18 14:33 . 2012-06-18 14:33 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\950f64ba9fb22ca06c5b2b9cf6f5f4b4\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-18 14:33 . 2012-06-18 14:33 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\d2de16284459454472a6875185c64d08\System.Printing.ni.dll
+ 2012-06-18 14:31 . 2012-06-18 14:31 2305024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1225ef41527a975de83f22328d0a3b93\System.Drawing.ni.dll
+ 2012-06-18 14:32 . 2012-06-18 14:32 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\ad9ff5d55f7ea22e80c39e0ff0240984\System.Deployment.ni.dll
+ 2012-06-18 14:33 . 2012-06-18 14:33 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\707f90689caf41ad429bf3ad373503cb\System.Activities.Presentation.ni.dll
+ 2012-06-18 14:33 . 2012-06-18 14:33 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\16c9569b75a9f47c38b60ba733936e1a\ReachFramework.ni.dll
+ 2012-06-18 14:31 . 2012-06-18 14:31 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\9c3d6b3ddef66cac069b6ab1fec514f8\PresentationUI.ni.dll
+ 2012-06-18 14:29 . 2012-06-18 14:29 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\70e2694fe050bd480b9f61f935ca2da5\Microsoft.VisualBasic.ni.dll
+ 2012-06-18 14:29 . 2012-06-18 14:29 1829888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\4d28e34ed5ec6a4765578c847e7b2a58\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-18 14:33 . 2012-06-18 14:33 3821056 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Tas#\9857693ea27b34f5c8d00356eddefb9b\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-06-18 14:25 . 2012-06-18 14:25 1226752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\cb07483ac20ce06dc443a227608da4ea\System.WorkflowServices.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 4476416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\7bc9898dcd1359e77d95c6a905d94492\System.Workflow.ComponentModel.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\32b296ba0b4c0cebdf063833d7f2a9c8\System.Workflow.Activities.ni.dll
+ 2012-06-18 14:24 . 2012-06-18 14:24 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\0927d75b05e9d3bfdae478155e8c0742\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\30477e775de4e48f7f23353615aa6c66\System.Web.Mobile.ni.dll
+ 2012-06-18 14:24 . 2012-06-18 14:24 3127296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\72fa616b626045e9331b04a5a9ba948d\System.Web.Extensions.ni.dll
+ 2012-06-18 14:24 . 2012-06-18 14:24 4575232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\a2fa0285db169004c50f0e4be1027f87\System.Web.DataVisualization.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\71e3d9751ca6679c5ce2d707ca173373\System.Printing.ni.dll
+ 2012-06-18 14:22 . 2012-06-18 14:22 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e642f8e9415d53aa2bc08fc3af938236\System.Deployment.ni.dll
+ 2012-06-18 14:24 . 2012-06-18 14:24 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\4ff694358b3796883fea64e500c27169\System.Activities.Presentation.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\47f8023bf6e24604f908ebc472dbe3b6\ReachFramework.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\de8350e990fc1123d26665588c7d68c7\PresentationUI.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 1563648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Web.Desig#\b50eaf1729bd05eb2cb7e0a698bd3d67\Microsoft.Web.Design.Client.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\4cd09961cd45c4c3d3a079f3e81686f5\Microsoft.VisualBasic.ni.dll
+ 2012-06-18 14:24 . 2012-06-18 14:24 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\3e57a70ec206d3794c2e66efae066000\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 3506688 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\e9d7fca1ff15c52db501d3f4576582db\Microsoft.Expression.Web.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 1717248 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\c87a9477ab4321df31ed3b40a05b0f09\Microsoft.Expression.Importers.Psd.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 3911168 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\b57b5f9d3727e885725f34bb11d172b5\Microsoft.Expression.Web.Framework.ni.dll
+ 2012-06-18 14:23 . 2012-06-18 14:23 1650176 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\273b62084c7bbe287c5ce1f57e205a51\Microsoft.Expression.Web.PageAnalysis.Preview.Controls.ni.dll
+ 2012-06-18 14:22 . 2012-06-18 14:22 2877440 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\d308e270a3a79b55687327f521aff160\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-06-18 14:28 . 2012-06-18 14:28 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\70cc5e8a5a3372fe0b104c1b20392cd2\System.WorkflowServices.ni.dll
+ 2012-06-15 18:25 . 2012-06-15 18:25 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\aa638ba79250284eb4af4adaa4a4117b\System.Workflow.Runtime.ni.dll
+ 2012-06-15 18:25 . 2012-06-15 18:25 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\996dc2af3b9e5c111130935f298908c6\System.Workflow.ComponentModel.ni.dll
+ 2012-06-15 18:25 . 2012-06-15 18:25 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\178797db84abae2eeaed835bd28ca52c\System.Workflow.Activities.ni.dll
+ 2012-06-15 18:25 . 2012-06-15 18:25 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\a32734087cd0db5607d5744ca63235d7\System.Web.Services.ni.dll
+ 2012-06-18 14:28 . 2012-06-18 14:28 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\af7689e8cbec5d2755497be23c30e293\System.Web.Mobile.ni.dll
+ 2012-06-18 14:28 . 2012-06-18 14:28 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\768ea257d75839979b4efb2d49d653f6\System.Web.Extensions.ni.dll
+ 2012-06-18 14:28 . 2012-06-18 14:28 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2c47bc5d426a7cf9ffef1425eda08184\System.Web.Extensions.Design.ni.dll
+ 2012-06-15 18:23 . 2012-06-15 18:23 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\b964519964d302b4977e1380d8d15f1a\System.Printing.ni.dll
+ 2012-06-15 18:22 . 2012-06-15 18:22 2318848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\222eb8aa336953a6b0216db2b0c4770d\System.Drawing.ni.dll
+ 2012-06-15 18:22 . 2012-06-15 18:22 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\6e4e9b07f376d445df1718c0011fa99b\System.Deployment.ni.dll
+ 2012-06-15 18:23 . 2012-06-15 18:23 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\1f88a3693c8ddd527a130aff49dc58b3\ReachFramework.ni.dll
+ 2012-06-15 18:23 . 2012-06-15 18:23 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\b91c32fab08ba62d8c7681cc596895be\PresentationUI.ni.dll
+ 2012-06-18 14:28 . 2012-06-18 14:28 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\ac1ba76ed19d668ce53a74593f040453\Narrator.ni.exe
+ 2012-06-18 14:27 . 2012-06-18 14:27 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\61812970c4743b686a67f28687e1dcb6\MIGUIControls.ni.dll
+ 2012-06-18 14:28 . 2012-06-18 14:28 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\1586ee919f86130df9771cf9b8d95d3a\Microsoft.VisualBasic.ni.dll
+ 2012-06-18 14:27 . 2012-06-18 14:27 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ca7e936eed0de2436d87b2601ee3a20a\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-18 14:27 . 2012-06-18 14:27 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6caa366471176a065a96d77e8ba01eeb\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-18 14:27 . 2012-06-18 14:27 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\3040e2de07177c0a6a66a49de61fdc59\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-18 14:25 . 2012-06-18 14:25 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b2afc0af3d89ae00e973b4e6e9db382c\Microsoft.MediaCenter.ni.dll
+ 2012-06-18 14:27 . 2012-06-18 14:27 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\73bfbdccdc1b0ae87f70a0ec594fee3c\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-06-18 14:25 . 2012-06-18 14:25 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\653e1ee01f10d658d52ca42e17e74283\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-18 14:27 . 2012-06-18 14:27 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\dac69844e6333484159a4cf544190906\Microsoft.Ink.ni.dll
+ 2012-06-18 14:27 . 2012-06-18 14:27 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4b362e9e25c33e371f06403edec8849a\Microsoft.Build.Tasks.ni.dll
+ 2012-06-18 14:27 . 2012-06-18 14:27 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\33730d136a34d2f4e56a0322f49ee9b6\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-18 14:26 . 2012-06-18 14:26 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\cc4844e7242c1e35d145bf2439f944c5\mcstore.ni.dll
+ 2012-06-18 14:22 . 2012-06-18 14:22 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
+ 2012-06-15 18:21 . 2012-06-15 18:21 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\88bfc62ac0195a8ae673c444a3339505\System.Workflow.Runtime.ni.dll
+ 2012-06-15 18:21 . 2012-06-15 18:21 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\cfb739be21092d5b8f7b4fde529e6aaa\System.Workflow.ComponentModel.ni.dll
+ 2012-06-15 18:21 . 2012-06-15 18:21 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\a815fffab98375c1919df68b5b292725\System.Workflow.Activities.ni.dll
+ 2012-06-15 18:20 . 2012-06-15 18:20 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4a90802e36dee6e10d9bf54832cbf549\System.Web.Mobile.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c45efc7ec92c1da8e67eb597559ec39c\System.Web.Extensions.ni.dll
+ 2012-06-15 18:20 . 2012-06-15 18:20 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\991dbe40be5b114ed705bb5b48e6b330\System.Printing.ni.dll
+ 2012-06-15 18:19 . 2012-06-15 18:19 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
+ 2012-06-15 18:19 . 2012-06-15 18:19 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
+ 2012-06-15 18:20 . 2012-06-15 18:20 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\87f73de6e080d37be93adfc7d5c31d7a\ReachFramework.ni.dll
+ 2012-06-15 18:20 . 2012-06-15 18:20 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\163517c8a195fb48f7ef6ee17c585bdb\PresentationUI.ni.dll
+ 2012-06-18 14:20 . 2012-06-18 14:20 1722880 c:\windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\b8a3b57547fb21796aa5626aaaa0c4fd\Newtonsoft.Json.Net20.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\17add09c98fa34255142d42697db53df\Narrator.ni.exe
+ 2012-06-18 14:21 . 2012-06-18 14:21 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\21abde8efab609732b2ade3f05234e79\MMCEx.ni.dll
+ 2012-06-18 14:20 . 2012-06-18 14:20 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\0e7da0df83f0619e3b0e0a7d7ee05fa3\MIGUIControls.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\99ae5f32cd1dc3618659bc3c77f2b2a9\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\77b5496d214dd5034294b058c0bb0e8d\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\72765e5fab12761eb6d3f58180fa34d7\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-18 14:20 . 2012-06-18 14:20 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ce1d10f94b40f054017865757552f2d\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-18 14:20 . 2012-06-18 14:20 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7fab1ec8f5ed6a55a8a73b2c590bd7cd\Microsoft.MediaCenter.ni.dll
+ 2012-06-18 14:21 . 2012-06-18 14:21 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\4d381048e3b9c0914c0f72c6aa0a599d\Microsoft.Ink.ni.dll
+ 2012-06-18 14:20 . 2012-06-18 14:20 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3893fa9a19b52dee8b2cc424840d5d08\Microsoft.Build.Tasks.ni.dll
+ 2012-06-18 14:20 . 2012-06-18 14:20 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1d2250044b1ecff755e26ed12f6d27cb\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-18 14:20 . 2012-06-18 14:20 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\3a4e56a8d1075cf0af0619c383b3e592\mcstore.ni.dll
+ 2012-06-18 14:20 . 2012-06-18 14:20 4457984 c:\windows\assembly\NativeImages_v2.0.50727_32\Google.Connect.Plug#\5398239e4d85169112082a10e56d1080\Google.Connect.Plugin.ni.dll
+ 2012-06-18 14:19 . 2012-06-18 14:19 1688576 c:\windows\assembly\NativeImages_v2.0.50727_32\AddinExpress.XL.2005\144af3ab9d0578c9ce769a59e0950b31\AddinExpress.XL.2005.ni.dll
+ 2012-06-18 14:19 . 2012-06-18 14:19 1701888 c:\windows\assembly\NativeImages_v2.0.50727_32\AddinExpress.WD.2005\d81a0558948948d77c48c1be8eb352f1\AddinExpress.WD.2005.ni.dll
+ 2012-06-18 14:19 . 2012-06-18 14:19 1663488 c:\windows\assembly\NativeImages_v2.0.50727_32\AddinExpress.PP.2005\1003bdfa7f56cbede06de800c594a770\AddinExpress.PP.2005.ni.dll
+ 2012-06-18 14:19 . 2012-06-18 14:19 4747264 c:\windows\assembly\NativeImages_v2.0.50727_32\AddinExpress.MSO.20#\4031e7e046ed1a7d793828f69618f552\AddinExpress.MSO.2005.ni.dll
+ 2012-06-18 14:32 . 2012-06-18 14:32 17355264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e883d90a0210bf99ca88f3b4ade53a24\System.Windows.Forms.ni.dll
+ 2012-06-18 14:31 . 2012-06-18 14:31 15761920 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\be472c4f636fc5b8fc38476dbfe01358\System.Web.ni.dll
+ 2012-06-18 14:32 . 2012-06-18 14:32 13314048 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\2cf901cb93fe6a24b4466094390ec73a\System.Design.ni.dll
+ 2012-06-18 14:31 . 2012-06-18 14:31 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a3c3789d54894008501ce5891f1eeb40\PresentationFramework.ni.dll
+ 2012-06-18 14:30 . 2012-06-18 14:30 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\9d69a7a407bbc43a1bcb2da603af5840\PresentationCore.ni.dll
+ 2012-06-18 14:22 . 2012-06-18 14:22 12079616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\0fd7cd0503cdde3598c52680e7b1d36f\System.Web.ni.dll
+ 2012-06-15 18:22 . 2012-06-15 18:22 17383424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\dc5bb74eefdbf954cdfb70dd534d5564\System.Windows.Forms.ni.dll
+ 2012-06-15 18:24 . 2012-06-15 18:24 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\95f38e7485bbe2b73b6055c45196fedd\System.Web.ni.dll
+ 2012-06-15 18:25 . 2012-06-15 18:25 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\582144c0ee317038621aebc626187b56\System.Design.ni.dll
+ 2012-06-15 18:23 . 2012-06-15 18:23 19198464 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\47054c4d5b7e522c21a9d57797410302\PresentationFramework.ni.dll
+ 2012-06-15 18:22 . 2012-06-15 18:22 16543232 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\3a9d13514a8c4c710fa5ce8e9b5393fe\PresentationCore.ni.dll
+ 2012-06-18 14:26 . 2012-06-18 14:26 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\0c1f96a4136efe532bbb8eb91d3de300\ehshell.ni.dll
+ 2012-06-15 18:19 . 2012-06-15 18:19 12436480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
+ 2012-06-15 18:20 . 2012-06-15 18:20 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
+ 2012-06-15 18:20 . 2012-06-15 18:20 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll
+ 2012-06-15 18:20 . 2012-06-15 18:20 14340608 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
+ 2012-06-15 18:19 . 2012-06-15 18:19 12237824 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Steve\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-04 932528]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-05-16 11921064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe [2010-1-14 12862]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
SRS Premium Sound.lnk - c:\windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-1-14 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53 35736 ----a-w- c:\program files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2009-06-24 20:30 272952 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
c:\windows\AsScrProlog.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2010-01-14 04:10 3054136 ----a-w- c:\windows\AsScrPro.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-20 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-20 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-07-24 306232]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 13:33]
.
2012-06-17 c:\windows\Tasks\AdobeAAMUpdater-1.0-Steve-PC-Steve.job
- c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-24 02:44]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-24 13:57]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-24 13:57]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3451573305-3710492314-1918614960-1001Core.job
- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 12:52]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3451573305-3710492314-1918614960-1001UA.job
- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 12:52]
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3451573305-3710492314-1918614960-1003Core.job
- c:\users\music\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 10:30]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3451573305-3710492314-1918614960-1003UA.job
- c:\users\music\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 10:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-16 16:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-16 16:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-05-16 16:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-16 16:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 16330272]
"LXCFCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCFtime.dll" [2005-09-14 29184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\wpgyda38.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - %profile%\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
.
**************************************************************************
.
Completion time: 2012-06-18 15:54:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 14:54
ComboFix2.txt 2012-06-15 18:25
.
Pre-Run: 38,600,241,152 bytes free
Post-Run: 37,894,246,400 bytes free
.
- - End Of File - - A0903EDC5AE9E479657BAD856AFA9BED

#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:59 AM

Posted 18 June 2012 - 10:49 AM

petrolium,

That error should go away if you restart your computer.

:step1: aswMBR

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
When asked to update the definitions, click Yes.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


:step2: Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


In your next reply, please include:
  • aswMBR log
  • TDSSkiller log
  • How's your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 petrolium

petrolium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 18 June 2012 - 12:58 PM

Hi Jason,

Its running a lot better now. Thank you.
I've been using it for 15 - 20 minutes now, opened up programs and browsed the web without any problems.

The logs you requested are below:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-18 17:56:22
-----------------------------
17:56:22.603 OS Version: Windows x64 6.1.7601 Service Pack 1
17:56:22.603 Number of processors: 2 586 0x170A
17:56:22.604 ComputerName: STEVE-PC UserName: Steve
17:56:23.380 Initialize success
17:57:57.644 AVAST engine defs: 12061801
17:59:00.152 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
17:59:00.168 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
17:59:00.183 Disk 0 MBR read successfully
17:59:00.183 Disk 0 MBR scan
17:59:00.183 Disk 0 Windows VISTA default MBR code
17:59:00.199 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 15000 MB offset 2048
17:59:00.214 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152622 MB offset 30722048
17:59:00.214 Disk 0 Partition - 00 0F Extended LBA 137621 MB offset 343291904
17:59:00.261 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 137620 MB offset 343293952
17:59:00.277 Disk 0 scanning C:\Windows\system32\drivers
17:59:09.979 Service scanning
17:59:37.879 Modules scanning
17:59:37.889 Disk 0 trace - called modules:
17:59:38.249 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
17:59:38.255 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80041cb060]
17:59:38.261 3 CLASSPNP.SYS[fffff8800194d43f] -> nt!IofCallDriver -> [0xfffffa800368cc20]
17:59:38.267 5 ACPI.sys[fffff88000f327a1] -> nt!IofCallDriver -> \Device\00000067[0xfffffa8004066640]
17:59:38.979 AVAST engine scan C:\Windows
17:59:42.589 AVAST engine scan C:\Windows\system32
18:02:51.859 AVAST engine scan C:\Windows\system32\drivers
18:03:02.436 AVAST engine scan C:\Users\Steve
18:25:41.201 AVAST engine scan C:\ProgramData
18:28:55.136 Scan finished successfully
18:36:04.271 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
18:36:04.271 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"



-----








18:37:44.0193 1676 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
18:37:44.0405 1676 ============================================================
18:37:44.0405 1676 Current date / time: 2012/06/18 18:37:44.0405
18:37:44.0405 1676 SystemInfo:
18:37:44.0405 1676
18:37:44.0405 1676 OS Version: 6.1.7601 ServicePack: 1.0
18:37:44.0405 1676 Product type: Workstation
18:37:44.0405 1676 ComputerName: STEVE-PC
18:37:44.0405 1676 UserName: Steve
18:37:44.0405 1676 Windows directory: C:\Windows
18:37:44.0405 1676 System windows directory: C:\Windows
18:37:44.0405 1676 Running under WOW64
18:37:44.0405 1676 Processor architecture: Intel x64
18:37:44.0405 1676 Number of processors: 2
18:37:44.0405 1676 Page size: 0x1000
18:37:44.0405 1676 Boot type: Safe boot with network
18:37:44.0405 1676 ============================================================
18:37:45.0950 1676 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:37:46.0012 1676 ============================================================
18:37:46.0012 1676 \Device\Harddisk0\DR0:
18:37:46.0012 1676 MBR partitions:
18:37:46.0012 1676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4C800, BlocksNum 0x12A17000
18:37:46.0028 1676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14764000, BlocksNum 0x10CCA000
18:37:46.0028 1676 ============================================================
18:37:46.0074 1676 C: <-> \Device\Harddisk0\DR0\Partition0
18:37:46.0106 1676 D: <-> \Device\Harddisk0\DR0\Partition1
18:37:46.0106 1676 ============================================================
18:37:46.0106 1676 Initialize success
18:37:46.0106 1676 ============================================================
18:38:42.0954 1928 ============================================================
18:38:42.0954 1928 Scan started
18:38:42.0954 1928 Mode: Manual; SigCheck; TDLFS;
18:38:42.0954 1928 ============================================================
18:38:44.0448 1928 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:38:44.0682 1928 1394ohci - ok
18:38:44.0801 1928 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:38:44.0820 1928 ACPI - ok
18:38:44.0866 1928 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:38:44.0959 1928 AcpiPmi - ok
18:38:45.0097 1928 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:38:45.0109 1928 AdobeARMservice - ok
18:38:45.0244 1928 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:38:45.0258 1928 AdobeFlashPlayerUpdateSvc - ok
18:38:45.0337 1928 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:38:45.0360 1928 adp94xx - ok
18:38:45.0387 1928 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:38:45.0406 1928 adpahci - ok
18:38:45.0420 1928 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:38:45.0435 1928 adpu320 - ok
18:38:45.0547 1928 ADSMService (c0bf554d2277f7a4c735d475ade2e3b2) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
18:38:45.0577 1928 ADSMService ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0578 1928 ADSMService - detected UnsignedFile.Multi.Generic (1)
18:38:45.0609 1928 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:38:45.0783 1928 AeLookupSvc - ok
18:38:45.0923 1928 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:38:46.0017 1928 AFD - ok
18:38:46.0079 1928 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:38:46.0092 1928 agp440 - ok
18:38:46.0126 1928 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:38:46.0187 1928 ALG - ok
18:38:46.0211 1928 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:38:46.0223 1928 aliide - ok
18:38:46.0280 1928 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:38:46.0292 1928 amdide - ok
18:38:46.0318 1928 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:38:46.0368 1928 AmdK8 - ok
18:38:46.0375 1928 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:38:46.0410 1928 AmdPPM - ok
18:38:46.0432 1928 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:38:46.0447 1928 amdsata - ok
18:38:46.0468 1928 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:38:46.0484 1928 amdsbs - ok
18:38:46.0506 1928 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:38:46.0518 1928 amdxata - ok
18:38:46.0559 1928 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:38:46.0697 1928 AppID - ok
18:38:46.0716 1928 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:38:46.0793 1928 AppIDSvc - ok
18:38:46.0832 1928 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:38:46.0894 1928 Appinfo - ok
18:38:46.0958 1928 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:38:46.0971 1928 arc - ok
18:38:46.0981 1928 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:38:46.0995 1928 arcsas - ok
18:38:47.0058 1928 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
18:38:47.0110 1928 AsDsm - ok
18:38:47.0191 1928 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
18:38:47.0201 1928 ASLDRService - ok
18:38:47.0265 1928 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
18:38:47.0280 1928 ASMMAP64 - ok
18:38:47.0374 1928 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:38:47.0421 1928 aspnet_state - ok
18:38:47.0483 1928 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:38:47.0546 1928 AsyncMac - ok
18:38:47.0639 1928 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:38:47.0639 1928 atapi - ok
18:38:47.0795 1928 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
18:38:47.0904 1928 athr - ok
18:38:47.0940 1928 ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
18:38:47.0964 1928 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0964 1928 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
18:38:48.0124 1928 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:38:48.0197 1928 AudioEndpointBuilder - ok
18:38:48.0207 1928 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:38:48.0250 1928 AudioSrv - ok
18:38:48.0282 1928 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:38:48.0378 1928 AxInstSV - ok
18:38:48.0449 1928 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:38:48.0515 1928 b06bdrv - ok
18:38:48.0550 1928 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:38:48.0591 1928 b57nd60a - ok
18:38:48.0628 1928 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:38:48.0700 1928 BDESVC - ok
18:38:48.0765 1928 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:38:48.0829 1928 Beep - ok
18:38:48.0890 1928 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:38:48.0962 1928 BFE - ok
18:38:49.0046 1928 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:38:49.0422 1928 BITS - ok
18:38:49.0522 1928 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:38:49.0558 1928 blbdrive - ok
18:38:49.0634 1928 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:38:49.0692 1928 bowser - ok
18:38:49.0724 1928 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:38:49.0799 1928 BrFiltLo - ok
18:38:49.0804 1928 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:38:49.0837 1928 BrFiltUp - ok
18:38:49.0908 1928 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:38:49.0975 1928 BridgeMP - ok
18:38:50.0026 1928 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:38:50.0095 1928 Browser - ok
18:38:50.0129 1928 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:38:50.0200 1928 Brserid - ok
18:38:50.0217 1928 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:38:50.0233 1928 BrSerWdm - ok
18:38:50.0238 1928 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:38:50.0270 1928 BrUsbMdm - ok
18:38:50.0275 1928 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:38:50.0303 1928 BrUsbSer - ok
18:38:50.0311 1928 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:38:50.0335 1928 BTHMODEM - ok
18:38:50.0366 1928 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:38:50.0413 1928 bthserv - ok
18:38:50.0444 1928 catchme - ok
18:38:50.0491 1928 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:38:50.0537 1928 cdfs - ok
18:38:50.0584 1928 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:38:50.0615 1928 cdrom - ok
18:38:50.0647 1928 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:38:50.0709 1928 CertPropSvc - ok
18:38:50.0740 1928 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:38:50.0756 1928 circlass - ok
18:38:50.0834 1928 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:38:50.0849 1928 CLFS - ok
18:38:50.0927 1928 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:38:51.0007 1928 clr_optimization_v2.0.50727_32 - ok
18:38:51.0106 1928 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:38:51.0150 1928 clr_optimization_v2.0.50727_64 - ok
18:38:51.0244 1928 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:38:51.0404 1928 clr_optimization_v4.0.30319_32 - ok
18:38:51.0428 1928 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:38:51.0467 1928 clr_optimization_v4.0.30319_64 - ok
18:38:51.0524 1928 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:38:51.0554 1928 CmBatt - ok
18:38:51.0576 1928 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:38:51.0589 1928 cmdide - ok
18:38:51.0658 1928 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:38:51.0723 1928 CNG - ok
18:38:51.0769 1928 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:38:51.0782 1928 Compbatt - ok
18:38:51.0831 1928 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:38:51.0874 1928 CompositeBus - ok
18:38:51.0878 1928 COMSysApp - ok
18:38:51.0891 1928 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:38:51.0907 1928 crcdisk - ok
18:38:51.0954 1928 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:38:52.0016 1928 CryptSvc - ok
18:38:52.0063 1928 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:38:52.0133 1928 DcomLaunch - ok
18:38:52.0181 1928 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:38:52.0244 1928 defragsvc - ok
18:38:52.0315 1928 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:38:52.0374 1928 DfsC - ok
18:38:52.0418 1928 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:38:52.0476 1928 Dhcp - ok
18:38:52.0539 1928 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:38:52.0607 1928 discache - ok
18:38:52.0630 1928 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:38:52.0644 1928 Disk - ok
18:38:52.0669 1928 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:38:52.0716 1928 Dnscache - ok
18:38:52.0764 1928 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:38:52.0818 1928 dot3svc - ok
18:38:52.0902 1928 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
18:38:52.0935 1928 Dot4 - ok
18:38:52.0992 1928 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
18:38:53.0020 1928 Dot4Print - ok
18:38:53.0076 1928 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
18:38:53.0104 1928 dot4usb - ok
18:38:53.0138 1928 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:38:53.0200 1928 DPS - ok
18:38:53.0242 1928 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:38:53.0278 1928 drmkaud - ok
18:38:53.0364 1928 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:38:53.0397 1928 DXGKrnl - ok
18:38:53.0451 1928 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:38:53.0498 1928 EapHost - ok
18:38:53.0685 1928 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:38:53.0778 1928 ebdrv - ok
18:38:53.0919 1928 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:38:53.0984 1928 EFS - ok
18:38:54.0077 1928 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:38:54.0165 1928 ehRecvr - ok
18:38:54.0213 1928 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:38:54.0270 1928 ehSched - ok
18:38:54.0342 1928 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:38:54.0365 1928 elxstor - ok
18:38:54.0416 1928 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:38:54.0446 1928 ErrDev - ok
18:38:54.0493 1928 ETD (5cd1005b9bc241c3ab8501d5fbf09fd4) C:\Windows\system32\DRIVERS\ETD.sys
18:38:54.0551 1928 ETD - ok
18:38:54.0634 1928 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:38:54.0698 1928 EventSystem - ok
18:38:54.0731 1928 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:38:54.0784 1928 exfat - ok
18:38:54.0890 1928 FastBootAgent (8c89f06dbc239492e0aaaa0b0d8645ea) C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
18:38:54.0906 1928 FastBootAgent - ok
18:38:54.0985 1928 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:38:55.0039 1928 fastfat - ok
18:38:55.0120 1928 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:38:55.0197 1928 Fax - ok
18:38:55.0241 1928 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:38:55.0277 1928 fdc - ok
18:38:55.0298 1928 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:38:55.0348 1928 fdPHost - ok
18:38:55.0363 1928 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:38:55.0416 1928 FDResPub - ok
18:38:55.0484 1928 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:38:55.0497 1928 FileInfo - ok
18:38:55.0512 1928 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:38:55.0575 1928 Filetrace - ok
18:38:55.0590 1928 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:38:55.0614 1928 flpydisk - ok
18:38:55.0689 1928 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:38:55.0706 1928 FltMgr - ok
18:38:55.0814 1928 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:38:55.0910 1928 FontCache - ok
18:38:55.0978 1928 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:38:55.0989 1928 FontCache3.0.0.0 - ok
18:38:56.0035 1928 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:38:56.0048 1928 FsDepends - ok
18:38:56.0096 1928 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:38:56.0108 1928 Fs_Rec - ok
18:38:56.0181 1928 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:38:56.0201 1928 fvevol - ok
18:38:56.0218 1928 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:38:56.0231 1928 gagp30kx - ok
18:38:56.0351 1928 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:38:56.0427 1928 gpsvc - ok
18:38:56.0537 1928 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:38:56.0592 1928 gupdate - ok
18:38:56.0620 1928 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:38:56.0630 1928 gupdatem - ok
18:38:56.0659 1928 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:38:56.0705 1928 hcw85cir - ok
18:38:56.0790 1928 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:38:56.0818 1928 HdAudAddService - ok
18:38:56.0859 1928 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:38:56.0893 1928 HDAudBus - ok
18:38:56.0929 1928 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:38:56.0957 1928 HidBatt - ok
18:38:56.0965 1928 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:38:56.0995 1928 HidBth - ok
18:38:57.0000 1928 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:38:57.0026 1928 HidIr - ok
18:38:57.0062 1928 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:38:57.0114 1928 hidserv - ok
18:38:57.0165 1928 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:38:57.0178 1928 HidUsb - ok
18:38:57.0208 1928 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:38:57.0264 1928 hkmsvc - ok
18:38:57.0305 1928 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:38:57.0360 1928 HomeGroupListener - ok
18:38:57.0394 1928 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:38:57.0426 1928 HomeGroupProvider - ok
18:38:57.0592 1928 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:38:57.0620 1928 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
18:38:57.0620 1928 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
18:38:57.0649 1928 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:38:57.0666 1928 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
18:38:57.0666 1928 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
18:38:57.0691 1928 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:38:57.0704 1928 HpSAMD - ok
18:38:57.0757 1928 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:38:57.0813 1928 HTCAND64 - ok
18:38:57.0852 1928 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
18:38:57.0862 1928 htcnprot - ok
18:38:57.0923 1928 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:38:57.0990 1928 HTTP - ok
18:38:58.0060 1928 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:38:58.0073 1928 hwpolicy - ok
18:38:58.0122 1928 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:38:58.0138 1928 i8042prt - ok
18:38:58.0169 1928 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:38:58.0185 1928 iaStorV - ok
18:38:58.0294 1928 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:38:58.0325 1928 idsvc - ok
18:38:58.0372 1928 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:38:58.0387 1928 iirsp - ok
18:38:58.0465 1928 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:38:58.0536 1928 IKEEXT - ok
18:38:58.0684 1928 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
18:38:58.0733 1928 IntcAzAudAddService - ok
18:38:58.0872 1928 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:38:58.0884 1928 intelide - ok
18:38:58.0942 1928 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:38:58.0971 1928 intelppm - ok
18:38:59.0020 1928 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:38:59.0077 1928 IPBusEnum - ok
18:38:59.0113 1928 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:38:59.0156 1928 IpFilterDriver - ok
18:38:59.0212 1928 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:38:59.0278 1928 iphlpsvc - ok
18:38:59.0327 1928 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:38:59.0359 1928 IPMIDRV - ok
18:38:59.0407 1928 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:38:59.0450 1928 IPNAT - ok
18:38:59.0462 1928 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:38:59.0556 1928 IRENUM - ok
18:38:59.0594 1928 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:38:59.0607 1928 isapnp - ok
18:38:59.0638 1928 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:38:59.0658 1928 iScsiPrt - ok
18:38:59.0711 1928 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:38:59.0725 1928 kbdclass - ok
18:38:59.0778 1928 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:38:59.0807 1928 kbdhid - ok
18:38:59.0829 1928 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
18:38:59.0839 1928 kbfiltr - ok
18:38:59.0875 1928 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:38:59.0891 1928 KeyIso - ok
18:38:59.0938 1928 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:38:59.0954 1928 KSecDD - ok
18:39:00.0017 1928 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:39:00.0035 1928 KSecPkg - ok
18:39:00.0077 1928 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:39:00.0138 1928 ksthunk - ok
18:39:00.0177 1928 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:39:00.0244 1928 KtmRm - ok
18:39:00.0313 1928 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:39:00.0410 1928 LanmanServer - ok
18:39:00.0447 1928 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:39:00.0580 1928 LanmanWorkstation - ok
18:39:00.0660 1928 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:39:00.0698 1928 lltdio - ok
18:39:00.0739 1928 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:39:00.0797 1928 lltdsvc - ok
18:39:00.0821 1928 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:39:00.0859 1928 lmhosts - ok
18:39:00.0878 1928 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:39:00.0892 1928 LSI_FC - ok
18:39:00.0932 1928 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:39:00.0947 1928 LSI_SAS - ok
18:39:00.0953 1928 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:39:00.0967 1928 LSI_SAS2 - ok
18:39:00.0988 1928 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:39:01.0002 1928 LSI_SCSI - ok
18:39:01.0054 1928 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:39:01.0116 1928 luafv - ok
18:39:01.0147 1928 lxcf_device - ok
18:39:01.0194 1928 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
18:39:01.0194 1928 MBAMProtector - ok
18:39:01.0615 1928 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:39:01.0674 1928 MBAMService - ok
18:39:01.0708 1928 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:39:01.0740 1928 Mcx2Svc - ok
18:39:01.0766 1928 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:39:01.0779 1928 megasas - ok
18:39:01.0798 1928 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:39:01.0816 1928 MegaSR - ok
18:39:01.0926 1928 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:39:02.0025 1928 Microsoft Office Groove Audit Service - ok
18:39:02.0045 1928 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:39:02.0107 1928 MMCSS - ok
18:39:02.0144 1928 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:39:02.0191 1928 Modem - ok
18:39:02.0227 1928 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:39:02.0243 1928 monitor - ok
18:39:02.0290 1928 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:39:02.0303 1928 mouclass - ok
18:39:02.0308 1928 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:39:02.0332 1928 mouhid - ok
18:39:02.0362 1928 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:39:02.0376 1928 mountmgr - ok
18:39:02.0452 1928 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
18:39:02.0469 1928 MpFilter - ok
18:39:02.0503 1928 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:39:02.0518 1928 mpio - ok
18:39:02.0573 1928 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:39:02.0623 1928 mpsdrv - ok
18:39:02.0685 1928 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:39:02.0763 1928 MpsSvc - ok
18:39:02.0795 1928 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:39:02.0826 1928 MRxDAV - ok
18:39:02.0904 1928 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:39:02.0982 1928 mrxsmb - ok
18:39:03.0013 1928 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:39:03.0060 1928 mrxsmb10 - ok
18:39:03.0107 1928 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:39:03.0153 1928 mrxsmb20 - ok
18:39:03.0201 1928 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:39:03.0213 1928 msahci - ok
18:39:03.0268 1928 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:39:03.0283 1928 msdsm - ok
18:39:03.0316 1928 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:39:03.0343 1928 MSDTC - ok
18:39:03.0412 1928 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:39:03.0449 1928 Msfs - ok
18:39:03.0465 1928 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:39:03.0527 1928 mshidkmdf - ok
18:39:03.0559 1928 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:39:03.0571 1928 msisadrv - ok
18:39:03.0608 1928 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:39:03.0667 1928 MSiSCSI - ok
18:39:03.0670 1928 msiserver - ok
18:39:03.0705 1928 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:39:03.0755 1928 MSKSSRV - ok
18:39:03.0884 1928 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:39:03.0908 1928 MsMpSvc - ok
18:39:03.0921 1928 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:39:03.0968 1928 MSPCLOCK - ok
18:39:04.0030 1928 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:39:04.0077 1928 MSPQM - ok
18:39:04.0128 1928 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:39:04.0147 1928 MsRPC - ok
18:39:04.0208 1928 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:39:04.0208 1928 mssmbios - ok
18:39:04.0223 1928 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:39:04.0286 1928 MSTEE - ok
18:39:04.0317 1928 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:39:04.0333 1928 MTConfig - ok
18:39:04.0395 1928 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
18:39:04.0411 1928 MTsensor - ok
18:39:04.0457 1928 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:39:04.0457 1928 Mup - ok
18:39:04.0520 1928 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:39:04.0582 1928 napagent - ok
18:39:04.0629 1928 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:39:04.0660 1928 NativeWifiP - ok
18:39:04.0753 1928 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:39:04.0786 1928 NDIS - ok
18:39:04.0811 1928 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:39:04.0850 1928 NdisCap - ok
18:39:04.0871 1928 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:39:04.0925 1928 NdisTapi - ok
18:39:04.0962 1928 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:39:05.0018 1928 Ndisuio - ok
18:39:05.0084 1928 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:39:05.0122 1928 NdisWan - ok
18:39:05.0169 1928 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:39:05.0206 1928 NDProxy - ok
18:39:05.0290 1928 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
18:39:05.0313 1928 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:39:05.0313 1928 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:39:05.0401 1928 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:39:05.0677 1928 NetBIOS - ok
18:39:05.0715 1928 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:39:05.0761 1928 NetBT - ok
18:39:05.0793 1928 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:39:05.0808 1928 Netlogon - ok
18:39:05.0855 1928 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:39:05.0917 1928 Netman - ok
18:39:06.0027 1928 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:39:06.0073 1928 NetMsmqActivator - ok
18:39:06.0089 1928 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:39:06.0089 1928 NetPipeActivator - ok
18:39:06.0136 1928 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:39:06.0183 1928 netprofm - ok
18:39:06.0214 1928 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:39:06.0214 1928 NetTcpActivator - ok
18:39:06.0214 1928 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:39:06.0229 1928 NetTcpPortSharing - ok
18:39:06.0298 1928 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:39:06.0311 1928 nfrd960 - ok
18:39:06.0379 1928 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:39:06.0390 1928 NisDrv - ok
18:39:06.0565 1928 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
18:39:06.0583 1928 NisSrv - ok
18:39:06.0630 1928 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:39:06.0671 1928 NlaSvc - ok
18:39:06.0707 1928 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:39:06.0744 1928 Npfs - ok
18:39:06.0770 1928 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:39:06.0824 1928 nsi - ok
18:39:06.0846 1928 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:39:06.0900 1928 nsiproxy - ok
18:39:07.0037 1928 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:39:07.0084 1928 Ntfs - ok
18:39:07.0226 1928 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:39:07.0268 1928 Null - ok
18:39:07.0315 1928 NVHDA (6574620a7d7549bb72ea26c162025909) C:\Windows\system32\drivers\nvhda64v.sys
18:39:07.0315 1928 NVHDA - ok
18:39:07.0932 1928 nvlddmkm (0d3f6e25c658530a2ad4b648849f1483) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:39:08.0312 1928 nvlddmkm - ok
18:39:08.0455 1928 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:39:08.0470 1928 nvraid - ok
18:39:08.0522 1928 nvsmu (a1381b3d52850bc4f0cc8b4697bd891c) C:\Windows\system32\DRIVERS\nvsmu.sys
18:39:08.0530 1928 nvsmu - ok
18:39:08.0557 1928 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:39:08.0573 1928 nvstor - ok
18:39:08.0605 1928 nvstor64 (ebfe363aab0d6e4086adbf04c41ebdf8) C:\Windows\system32\DRIVERS\nvstor64.sys
18:39:08.0616 1928 nvstor64 - ok
18:39:08.0694 1928 nvsvc (7dd5a1a53bb2d1b1b85c9c543d05e222) C:\Windows\system32\nvvsvc.exe
18:39:08.0713 1928 nvsvc - ok
18:39:08.0754 1928 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:39:08.0769 1928 nv_agp - ok
18:39:08.0906 1928 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:39:08.0984 1928 odserv - ok
18:39:09.0015 1928 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:39:09.0031 1928 ohci1394 - ok
18:39:09.0109 1928 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:39:09.0124 1928 ose - ok
18:39:09.0155 1928 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:39:09.0249 1928 p2pimsvc - ok
18:39:09.0280 1928 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:39:09.0311 1928 p2psvc - ok
18:39:09.0343 1928 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:39:09.0374 1928 Parport - ok
18:39:09.0930 1928 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:39:09.0943 1928 partmgr - ok
18:39:10.0088 1928 PassThru Service (39b9dcd7040654c2e57d7396736c718e) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
18:39:10.0110 1928 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
18:39:10.0110 1928 PassThru Service - detected UnsignedFile.Multi.Generic (1)
18:39:10.0151 1928 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:39:10.0186 1928 PcaSvc - ok
18:39:10.0249 1928 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:39:10.0264 1928 pci - ok
18:39:10.0280 1928 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:39:10.0292 1928 pciide - ok
18:39:10.0325 1928 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:39:10.0341 1928 pcmcia - ok
18:39:10.0381 1928 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:39:10.0381 1928 pcw - ok
18:39:10.0444 1928 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:39:10.0506 1928 PEAUTH - ok
18:39:10.0584 1928 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:39:10.0709 1928 PerfHost - ok
18:39:10.0818 1928 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:39:10.0896 1928 pla - ok
18:39:10.0948 1928 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:39:11.0013 1928 PlugPlay - ok
18:39:11.0074 1928 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
18:39:11.0094 1928 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:39:11.0094 1928 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:39:11.0124 1928 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:39:11.0159 1928 PNRPAutoReg - ok
18:39:11.0200 1928 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:39:11.0218 1928 PNRPsvc - ok
18:39:11.0275 1928 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:39:11.0337 1928 PolicyAgent - ok
18:39:11.0374 1928 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:39:11.0488 1928 Power - ok
18:39:11.0707 1928 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:39:11.0745 1928 PptpMiniport - ok
18:39:11.0917 1928 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:39:11.0935 1928 Processor - ok
18:39:11.0982 1928 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:39:12.0029 1928 ProfSvc - ok
18:39:12.0060 1928 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:39:12.0075 1928 ProtectedStorage - ok
18:39:12.0153 1928 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:39:12.0216 1928 Psched - ok
18:39:12.0263 1928 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:39:12.0278 1928 PxHlpa64 - ok
18:39:12.0372 1928 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:39:12.0419 1928 ql2300 - ok
18:39:12.0561 1928 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:39:12.0575 1928 ql40xx - ok
18:39:12.0617 1928 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:39:12.0641 1928 QWAVE - ok
18:39:12.0661 1928 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:39:12.0695 1928 QWAVEdrv - ok
18:39:12.0701 1928 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:39:12.0750 1928 RasAcd - ok
18:39:12.0788 1928 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:39:12.0842 1928 RasAgileVpn - ok
18:39:12.0862 1928 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:39:12.0918 1928 RasAuto - ok
18:39:12.0948 1928 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:39:13.0005 1928 Rasl2tp - ok
18:39:13.0061 1928 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:39:13.0105 1928 RasMan - ok
18:39:13.0154 1928 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:39:13.0203 1928 RasPppoe - ok
18:39:13.0240 1928 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:39:13.0293 1928 RasSstp - ok
18:39:13.0366 1928 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:39:13.0424 1928 rdbss - ok
18:39:13.0448 1928 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:39:13.0463 1928 rdpbus - ok
18:39:13.0504 1928 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:39:13.0535 1928 RDPCDD - ok
18:39:13.0613 1928 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:39:13.0645 1928 RDPENCDD - ok
18:39:13.0676 1928 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:39:13.0738 1928 RDPREFMP - ok
18:39:13.0769 1928 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:39:13.0816 1928 RDPWD - ok
18:39:13.0863 1928 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:39:13.0879 1928 rdyboost - ok
18:39:13.0925 1928 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:39:13.0988 1928 RemoteAccess - ok
18:39:14.0019 1928 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:39:14.0092 1928 RemoteRegistry - ok
18:39:14.0119 1928 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:39:14.0170 1928 RpcEptMapper - ok
18:39:14.0186 1928 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:39:14.0219 1928 RpcLocator - ok
18:39:14.0274 1928 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:39:14.0317 1928 RpcSs - ok
18:39:14.0522 1928 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:39:14.0759 1928 rspndr - ok
18:39:14.0806 1928 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:39:14.0856 1928 RTL8167 - ok
18:39:14.0929 1928 s116bus (33e3b5497741e11609f5c19a4babece5) C:\Windows\system32\DRIVERS\s116bus.sys
18:39:14.0941 1928 s116bus - ok
18:39:15.0034 1928 s116nd5 (0fe400d90ed42b93b43c3c9f0b4fd43d) C:\Windows\system32\DRIVERS\s116nd5.sys
18:39:15.0042 1928 s116nd5 - ok
18:39:15.0058 1928 s116unic (e587b738bc7cbb094bcd041b345c9bd3) C:\Windows\system32\DRIVERS\s116unic.sys
18:39:15.0073 1928 s116unic - ok
18:39:15.0105 1928 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:39:15.0120 1928 SamSs - ok
18:39:15.0151 1928 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:39:15.0167 1928 sbp2port - ok
18:39:15.0198 1928 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:39:15.0261 1928 SCardSvr - ok
18:39:15.0307 1928 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
18:39:15.0323 1928 SCDEmu - ok
18:39:15.0354 1928 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:39:15.0417 1928 scfilter - ok
18:39:15.0541 1928 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:39:15.0607 1928 Schedule - ok
18:39:15.0648 1928 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:39:15.0684 1928 SCPolicySvc - ok
18:39:15.0707 1928 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:39:15.0767 1928 SDRSVC - ok
18:39:15.0840 1928 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:39:15.0877 1928 secdrv - ok
18:39:15.0905 1928 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:39:15.0962 1928 seclogon - ok
18:39:15.0991 1928 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:39:16.0050 1928 SENS - ok
18:39:16.0066 1928 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:39:16.0125 1928 SensrSvc - ok
18:39:16.0143 1928 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:39:16.0178 1928 Serenum - ok
18:39:16.0202 1928 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:39:16.0233 1928 Serial - ok
18:39:16.0261 1928 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:39:16.0288 1928 sermouse - ok
18:39:16.0328 1928 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:39:16.0384 1928 SessionEnv - ok
18:39:16.0413 1928 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:39:16.0455 1928 sffdisk - ok
18:39:16.0461 1928 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:39:16.0487 1928 sffp_mmc - ok
18:39:16.0492 1928 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:39:16.0516 1928 sffp_sd - ok
18:39:16.0537 1928 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:39:16.0560 1928 sfloppy - ok
18:39:16.0611 1928 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:39:16.0674 1928 SharedAccess - ok
18:39:16.0736 1928 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:39:16.0783 1928 ShellHWDetection - ok
18:39:16.0845 1928 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
18:39:16.0877 1928 SiSGbeLH - ok
18:39:16.0877 1928 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:39:16.0892 1928 SiSRaid2 - ok
18:39:16.0908 1928 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:39:16.0923 1928 SiSRaid4 - ok
18:39:17.0048 1928 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:39:17.0048 1928 SkypeUpdate - ok
18:39:17.0064 1928 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:39:17.0095 1928 Smb - ok
18:39:17.0126 1928 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:39:17.0164 1928 SNMPTRAP - ok
18:39:17.0288 1928 SNP2UVC (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys
18:39:17.0337 1928 SNP2UVC - ok
18:39:17.0495 1928 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:39:17.0508 1928 spldr - ok
18:39:17.0570 1928 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:39:17.0618 1928 Spooler - ok
18:39:17.0831 1928 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:39:17.0936 1928 sppsvc - ok
18:39:18.0088 1928 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:39:18.0148 1928 sppuinotify - ok
18:39:18.0227 1928 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:39:18.0290 1928 srv - ok
18:39:18.0383 1928 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:39:18.0415 1928 srv2 - ok
18:39:18.0493 1928 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:39:18.0524 1928 srvnet - ok
18:39:18.0555 1928 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:39:18.0617 1928 SSDPSRV - ok
18:39:18.0633 1928 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:39:18.0664 1928 SstpSvc - ok
18:39:18.0695 1928 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:39:18.0716 1928 stexstor - ok
18:39:18.0774 1928 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
18:39:18.0805 1928 StillCam - ok
18:39:18.0903 1928 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:39:18.0934 1928 stisvc - ok
18:39:18.0975 1928 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:39:18.0988 1928 swenum - ok
18:39:19.0111 1928 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:39:19.0129 1928 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
18:39:19.0130 1928 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
18:39:19.0187 1928 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:39:19.0238 1928 swprv - ok
18:39:19.0454 1928 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:39:19.0516 1928 SysMain - ok
18:39:19.0645 1928 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:39:19.0668 1928 TabletInputService - ok
18:39:19.0703 1928 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:39:19.0750 1928 TapiSrv - ok
18:39:20.0015 1928 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:39:20.0077 1928 TBS - ok
18:39:20.0249 1928 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:39:20.0309 1928 Tcpip - ok
18:39:20.0545 1928 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:39:20.0587 1928 TCPIP6 - ok
18:39:20.0778 1928 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:39:20.0815 1928 tcpipreg - ok
18:39:20.0837 1928 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:39:20.0931 1928 TDPIPE - ok
18:39:20.0951 1928 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:39:20.0983 1928 TDTCP - ok
18:39:21.0036 1928 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:39:21.0094 1928 tdx - ok
18:39:21.0129 1928 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:39:21.0142 1928 TermDD - ok
18:39:21.0203 1928 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:39:21.0265 1928 TermService - ok
18:39:21.0303 1928 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:39:21.0341 1928 Themes - ok
18:39:21.0367 1928 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:39:21.0407 1928 THREADORDER - ok
18:39:21.0423 1928 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:39:21.0483 1928 TrkWks - ok
18:39:21.0556 1928 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:39:21.0672 1928 TrustedInstaller - ok
18:39:21.0708 1928 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:39:21.0760 1928 tssecsrv - ok
18:39:21.0802 1928 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:39:21.0857 1928 TsUsbFlt - ok
18:39:21.0924 1928 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:39:21.0979 1928 tunnel - ok
18:39:22.0006 1928 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:39:22.0019 1928 uagp35 - ok
18:39:22.0089 1928 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:39:22.0147 1928 udfs - ok
18:39:22.0194 1928 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:39:22.0226 1928 UI0Detect - ok
18:39:22.0259 1928 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:39:22.0270 1928 uliagpkx - ok
18:39:22.0286 1928 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:39:22.0301 1928 umbus - ok
18:39:22.0329 1928 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:39:22.0342 1928 UmPass - ok
18:39:22.0374 1928 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:39:22.0440 1928 upnphost - ok
18:39:22.0465 1928 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:39:22.0490 1928 usbccgp - ok
18:39:22.0521 1928 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:39:22.0556 1928 usbcir - ok
18:39:22.0583 1928 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:39:22.0614 1928 usbehci - ok
18:39:22.0684 1928 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:39:22.0702 1928 usbhub - ok
18:39:22.0741 1928 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:39:22.0753 1928 usbohci - ok
18:39:22.0809 1928 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:39:22.0839 1928 usbprint - ok
18:39:22.0883 1928 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:39:22.0913 1928 usbscan - ok
18:39:22.0952 1928 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:39:23.0030 1928 USBSTOR - ok
18:39:23.0081 1928 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:39:23.0105 1928 usbuhci - ok
18:39:23.0148 1928 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:39:23.0180 1928 usbvideo - ok
18:39:23.0253 1928 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
18:39:23.0286 1928 usb_rndisx - ok
18:39:23.0309 1928 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:39:23.0377 1928 UxSms - ok
18:39:23.0407 1928 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:39:23.0422 1928 VaultSvc - ok
18:39:23.0462 1928 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:39:23.0475 1928 vdrvroot - ok
18:39:23.0544 1928 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:39:23.0606 1928 vds - ok
18:39:23.0633 1928 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:39:23.0648 1928 vga - ok
18:39:23.0666 1928 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:39:23.0719 1928 VgaSave - ok
18:39:23.0757 1928 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:39:23.0774 1928 vhdmp - ok
18:39:23.0794 1928 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:39:23.0806 1928 viaide - ok
18:39:23.0828 1928 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:39:23.0841 1928 volmgr - ok
18:39:23.0912 1928 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:39:23.0932 1928 volmgrx - ok
18:39:23.0959 1928 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:39:23.0977 1928 volsnap - ok
18:39:24.0009 1928 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:39:24.0025 1928 vsmraid - ok
18:39:24.0144 1928 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:39:24.0218 1928 VSS - ok
18:39:24.0333 1928 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:39:24.0375 1928 vwifibus - ok
18:39:24.0421 1928 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:39:24.0457 1928 vwififlt - ok
18:39:24.0506 1928 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:39:24.0569 1928 W32Time - ok
18:39:24.0608 1928 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:39:24.0621 1928 WacomPen - ok
18:39:24.0669 1928 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:39:24.0744 1928 WANARP - ok
18:39:24.0766 1928 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:39:24.0804 1928 Wanarpv6 - ok
18:39:24.0922 1928 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:39:24.0962 1928 WatAdminSvc - ok
18:39:25.0372 1928 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:39:25.0462 1928 wbengine - ok
18:39:25.0593 1928 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:39:25.0636 1928 WbioSrvc - ok
18:39:25.0688 1928 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:39:25.0715 1928 wcncsvc - ok
18:39:25.0736 1928 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:39:25.0794 1928 WcsPlugInService - ok
18:39:25.0834 1928 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:39:25.0846 1928 Wd - ok
18:39:25.0898 1928 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:39:25.0924 1928 Wdf01000 - ok
18:39:25.0948 1928 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:39:26.0022 1928 WdiServiceHost - ok
18:39:26.0027 1928 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:39:26.0049 1928 WdiSystemHost - ok
18:39:26.0094 1928 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:39:26.0119 1928 WebClient - ok
18:39:26.0157 1928 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:39:26.0219 1928 Wecsvc - ok
18:39:26.0243 1928 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:39:26.0305 1928 wercplsupport - ok
18:39:26.0332 1928 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:39:26.0379 1928 WerSvc - ok
18:39:26.0433 1928 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:39:26.0470 1928 WfpLwf - ok
18:39:26.0490 1928 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:39:26.0503 1928 WIMMount - ok
18:39:26.0566 1928 WinDefend - ok
18:39:26.0594 1928 WinHttpAutoProxySvc - ok
18:39:26.0673 1928 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:39:26.0753 1928 Winmgmt - ok
18:39:26.0886 1928 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:39:26.0960 1928 WinRM - ok
18:39:27.0129 1928 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:39:27.0166 1928 Wlansvc - ok
18:39:27.0232 1928 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:39:27.0259 1928 WmiAcpi - ok
18:39:27.0332 1928 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:39:27.0365 1928 wmiApSrv - ok
18:39:27.0395 1928 WMPNetworkSvc - ok
18:39:27.0418 1928 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:39:27.0480 1928 WPCSvc - ok
18:39:27.0527 1928 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:39:27.0574 1928 WPDBusEnum - ok
18:39:27.0621 1928 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:39:27.0652 1928 ws2ifsl - ok
18:39:27.0683 1928 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:39:27.0730 1928 wscsvc - ok
18:39:27.0808 1928 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:39:27.0823 1928 WSDPrintDevice - ok
18:39:27.0823 1928 WSearch - ok
18:39:27.0996 1928 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:39:28.0094 1928 wuauserv - ok
18:39:28.0264 1928 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:39:28.0313 1928 WudfPf - ok
18:39:28.0361 1928 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:39:28.0400 1928 WUDFRd - ok
18:39:28.0428 1928 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:39:28.0469 1928 wudfsvc - ok
18:39:28.0505 1928 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:39:28.0548 1928 WwanSvc - ok
18:39:28.0604 1928 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:39:28.0940 1928 \Device\Harddisk0\DR0 - ok
18:39:28.0940 1928 Boot (0x1200) (e0da676720f7f50413fc7f030296ecd3) \Device\Harddisk0\DR0\Partition0
18:39:28.0940 1928 \Device\Harddisk0\DR0\Partition0 - ok
18:39:28.0971 1928 Boot (0x1200) (d7dc92236d2ca7786d81a1fcbecd7e41) \Device\Harddisk0\DR0\Partition1
18:39:28.0971 1928 \Device\Harddisk0\DR0\Partition1 - ok
18:39:28.0971 1928 ============================================================
18:39:28.0971 1928 Scan finished
18:39:28.0971 1928 ============================================================
18:39:29.0000 0788 Detected object count: 8
18:39:29.0000 0788 Actual detected object count: 8
18:39:51.0796 0788 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:51.0796 0788 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:51.0797 0788 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:51.0797 0788 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:51.0799 0788 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:51.0799 0788 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:51.0805 0788 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:51.0805 0788 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:51.0808 0788 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:51.0808 0788 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:51.0811 0788 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:51.0811 0788 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:51.0813 0788 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:51.0813 0788 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:51.0816 0788 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:51.0816 0788 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:42:23.0149 1288 Deinitialize success

#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:59 AM

Posted 18 June 2012 - 01:05 PM

Looking good. :thumbup2:

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.



In your next reply, please include:
  • ESET log
  • Copy/paste the contents of C:\Qoobox\Add-Remove Programs.txt

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 petrolium

petrolium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 19 June 2012 - 05:24 AM

My computer seems to be running perfectly now - thanks again.

Here are the requested logs:

ESET:

D:\Downloads\50_Self-Help_Classics.exe Win32/Adware.1ClickDownload.C application cleaned by deleting - quarantined
D:\Downloads\Alain_De_Botton_-_The_Art_of_Travel_(EPUB).exe Win32/Adware.1ClickDownload application cleaned by deleting - quarantined
D:\Downloads\KeyFinderInstaller.exe Win32/OpenCandy application cleaned by deleting - quarantined
D:\Downloads\Setup.exe probably a variant of Win32/Adware.iBryte.B application cleaned by deleting - quarantined




---



Qoobox:

Update for Microsoft Office 2007 (KB2508958)
ACID Pro 7.0
Acrobat.com
Adobe After Effects CS5 Third Party Content
Adobe After Effects CS5 Third Party Royalty Content
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Media Encoder CS5 Dolby X64
Adobe Media Encoder CS5 PCI X64
Adobe Media Player
Adobe Reader X (10.1.3)
AIM 7
Alcor Micro USB Card Reader
Amazon MP3 Downloader 1.0.9
ASIO4ALL
ASUS Data Security Manager
ASUS FancyStart
ASUS Live Update
ASUS MultiFrame
ASUS Splendid Video Enhancement Technology
Atheros Client Installation Program
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
Balsamiq Mockups For Desktop
BufferChm
ControlDeck
Copy
Destinations
DeviceDiscovery
DJ_AIO_03_F4200_Software_Min
Download Updater (AOL LLC)
F4200
Fast Boot
Feedback Tool
FL Studio 10
GmoteServer
Google Chrome
Google Cloud Connect for Microsoft Office
Google Drive
Google Earth
Google Talk (remove only)
Google Update Helper
GPBaseService2
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
IL Download Manager
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 31
Magic ISO Maker v5.5 (build 0272)
Magical Jelly Bean KeyFinder
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Studio 4
Microsoft Expression Web 4
Microsoft Expression Web 4 Service Pack 2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
PDF Settings CS5
PowerISO
PrimoPDF -- brought to you by Nitro PDF Software
PxMergeModule
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.8
SmartWebPrinting
SolutionCenter
SopCast 3.4.0
Spotify
Status
ThumbView_Lite 1.0
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Veetle TV 0.9.18
VLC media player 2.0.1
WebReg
Windows Media Player Firefox Plugin
WinFlash
WinSCP 4.2.8
WinZip 14.5
Wireless Console 3
WPF Toolkit February 2010 (Version 3.5.50211.1)

#11 petrolium

petrolium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 19 June 2012 - 06:44 AM

Actually, one thing I have noticed (though it may not be related to the virus) is my Windows Explorer becomes very slow and sometimes crashes when transferring files or uploading files to the internet.

This started happening a few weeks before I noticed the virus and hasnt been rectified by the anti-virus software so I imagine it is unrelated, but I thought I'd mention it just in case.

Thanks again...

#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:59 AM

Posted 19 June 2012 - 08:36 AM

petrolium,

How old is your computer?

Is it only Windows Explorer that's slow?

Other than those odd symptoms you just described, I don't see any other malware/viruses on your computer.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 petrolium

petrolium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 19 June 2012 - 08:45 AM

Its about 2 years old and has run windows 7 fine up until a month or two ago.

Yes, its just Windows Explorer, everything else runs ok.

As I mentioned, I think this may be unrelated to the virus so I will attempt to fix it using some solutions that I have found online.

Thanks again for all your hard work - you're a life saver.

Steve

#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:59 AM

Posted 19 June 2012 - 08:54 AM

petrolium,

You're welcome, I'm glad I could help. :thumbup2:

Your computer looks clean!

Let's take some preventative steps to ensure you don't get infected again:


:step1: Uninstall Combofix
First, please delete the current version of Combofix.exe on your desktop. Do not make any other changes to your computer!
Then, download the latest version of Combofix and save it to your desktop.

These first two steps are important!

Hold down the Windows key Posted Image and press the R key.
In the Run window, type the following bolded text and click OK:

Combofix.exe /Uninstall

:step2: Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

:step3: Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe (or jre-7u5-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

:step4: Like Java, outdated versions of Adobe Air have vulnerabilities that malware can use to reinfect your computer. Please update to the latest, secure version:

:step5: Make Internet Explorer more secure:
Hold down the Windows Key, and press the R key.
In the Run Dialog box, type: inetcpl.cpl & click OK
Click on the Security tab,
Click Reset all zones to default level
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

:step6: Install the Latest Version of Common Software:
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting http://secunia.com/vulnerability_scanning/online/ and http://www.calendarofupdates.com/updates/calendar.html.

I recommend FileHippo's update checker that scans your computer for programs it recognizes and allows you to easily download new versions of common software: http://filehippo.com/updatechecker/UpdateChecker.exe

:step6: Finally, read this tutorial and follow each of the steps:
http://www.bleepingcomputer.com/tutorials/tutorial82.html

Please feel free to post any future computer problems in the appropriate forum. Have a great day! :)
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:59 AM

Posted 19 June 2012 - 07:21 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users