Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Services.exe shows infected by AVG


  • This topic is locked This topic is locked
67 replies to this topic

#1 Nearis

Nearis

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 22 June 2012 - 10:49 AM

Also windows firewall doesn't work, the base filtering windows service was removed, have that going now so i can block connections with peerblock while the firewall is down.

AVG Resident shield Alert detects that services.exe is infected but can't clean it as it is a "white-listed" program

Here is what AVG says
file c:\Windows\system32\services.exe
Infection Trojan horse Dropper.Generic_c.MMI
Detected on open
Precess name C:\Windows\system32\svchost.exe
Process ID 1252

I have run the following and come back clean

Malwarbytes
Superantispyware
spybot search and destroy

Any help would be great thanks.

Edited by Nearis, 22 June 2012 - 03:10 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 AM

Posted 23 June 2012 - 07:22 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Nearis

Nearis
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 23 June 2012 - 11:03 AM

No problem running the tools

here are the logs

Security check

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Internet Security 2011
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 22
Java™ 6 Update 29
Java™ 7 Update 2
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 23% Defragment your hard drive soon!
````````````````````End of Log``````````````````````


DDS Logs


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 3/24/2011 10:48:58 AM
System Uptime: 6/23/2012 8:50:44 AM (1 hours ago)
.
Motherboard: EVGA | | 132-BL-E758
Processor: Intel® Core™ i7 CPU 940 @ 2.93GHz | Socket 423 | 2927/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 7.336 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 90.862 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
Class GUID:
Description:
Device ID: ROOT\KERNEL\0104
Manufacturer:
Name:
PNP Device ID: ROOT\KERNEL\0104
Service:
.
==== System Restore Points ===================
.
RP127: 6/21/2012 6:24:20 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
3132-W-R
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.4.6 - CPSID_83708
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader X (10.1.1)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIO_Scan
Apple Application Support
Apple Software Update
Application Profiles
ASPCA Reminder by We-Care.com v4.0.16.1
ATI Catalyst Registration
AviSynth 2.5
Bing Bar
BufferChm
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Combined Community Codec Pack 2010-10-10
Connect
Copy
Coupon Printer for Windows
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
Diablo III
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
EVE Online (remove only)
EVEMon
F4100
F4100_Help
Google Chrome
Google Update Helper
GPBaseService2
HD Tune Pro 5.00
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 29
Java™ 7 Update 2
K-Lite Codec Pack 7.0.0 (Standard)
kuler
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mount & Blade
Mount & Blade: Warband
Mount & Blade: With Fire and Sword
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble 1.2.3
Mumble and Murmur
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
PS3 Media Server
QuickTime
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Click to Call
Skype™ 5.8
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
StarCraft II
Status
Steam
Suite Shared Configuration CS4
TERA
The Elder Scrolls V: Skyrim
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1
WebReg
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/23/2012 8:51:12 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/23/2012 8:51:12 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
6/23/2012 8:51:06 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
6/23/2012 8:51:03 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
6/22/2012 8:52:23 PM, Error: Service Control Manager [7024] - The PS3 Media Server service terminated with service-specific error Incorrect function..
6/22/2012 8:49:41 PM, Error: Service Control Manager [7030] - The PS3 Media Server service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/21/2012 6:23:27 PM, Error: Service Control Manager [7001] - The Routing and Remote Access service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
6/21/2012 6:23:27 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
6/21/2012 6:23:27 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
6/21/2012 6:23:26 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
6/21/2012 6:23:26 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
6/21/2012 6:19:05 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/21/2012 6:18:42 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/21/2012 6:15:47 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running.
6/21/2012 6:15:17 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/21/2012 6:15:11 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/21/2012 6:02:56 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/21/2012 6:02:54 PM, Error: Service Control Manager [7003] - The Routing and Remote Access service depends the following service: BFE. This service might not be installed.
6/21/2012 6:00:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ad-Aware Service service to connect.
6/21/2012 6:00:40 PM, Error: Service Control Manager [7000] - The Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/21/2012 5:59:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}
6/21/2012 5:57:18 PM, Error: Service Control Manager [7000] - The sbwtis service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
6/21/2012 5:25:05 PM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/21/2012 5:25:00 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/21/2012 10:16:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 10:10:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/21/2012 10:10:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/21/2012 10:07:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/21/2012 10:07:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/21/2012 10:07:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/21/2012 10:07:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/21/2012 10:07:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/21/2012 10:07:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/21/2012 10:07:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SBRE spldr tdx Wanarpv6 WfpLwf
6/21/2012 10:07:09 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 10:07:09 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2012 10:07:09 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2012 10:07:09 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 10:07:09 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 10:07:09 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2012 10:07:09 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 10:07:09 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2012 10:07:09 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2012 10:07:09 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/20/2012 10:09:05 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
6/16/2012 7:16:42 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.
6/16/2012 7:16:42 AM, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0
Run by Daniel at 8:59:51 on 2012-06-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.3779 [GMT -7:00]
.
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Silicon Image\3132-W-R\SATARaid5ConfigService.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
E:\steam\steam.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
E:\adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWoW64\svchost.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\.\globalroot\systemroot\Installer\{56b1b460-45ac-0de8-ec14-4de09bd16350}\U
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - E:\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - E:\adobe\/Adobe Contribute CS4/contributeieplugin.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [EVEMon] "C:\Program Files (x86)\EVEMon\EVEMon.exe" -startMinimized
uRun: [Steam] "E:\steam\Steam.exe" -silent
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [D-Link SharePort] C:\Program Files (x86)\D-Link\SharePort\SharePort.exe -mini
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "E:\adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "E:\adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex
StartupFolder: C:\Users\Daniel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PS3MED~1.LNK - C:\Program Files (x86)\PS3 Media Server\PMS.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SATARA~1.LNK - C:\Windows\Installer\{2ABC904F-6915-40AC-8CF8-B48743698CEC}\_19B708D90CBD3F24F241B9.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 76.102.75.10
TCP: Interfaces\{94B7ADDD-D741-4141-93D1-D9A69CFD41B6} : DhcpNameServer = 76.102.75.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\adobe\/Adobe Contribute CS4/contributeieplugin.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [D-Link SharePort] C:\Program Files (x86)\D-Link\SharePort\SharePort.exe -mini
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "E:\adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "E:\adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\64jb3iit.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
FF - plugin: E:\adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: E:\adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 Si3124r5;SiI-3124 SoftRaid 5 Controller;C:\Windows\system32\DRIVERS\Si3124r5.sys --> C:\Windows\system32\DRIVERS\Si3124r5.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 SATARaid5 Config Service;SATARaid5 Configuration Service;C:\Program Files (x86)\Silicon Image\3132-W-R\SATARaid5ConfigService.exe [2005-10-5 131072]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-4-26 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-22 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-6-9 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-22 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PS3 Media Server;PS3 Media Server;C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [2011-5-17 366872]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-23 03:52:32 608 ----a-w- C:\ProgramData\hnedcaa.tmp
2012-06-22 16:47:53 -------- d-----w- C:\ProgramData\MFAData
2012-06-22 05:38:58 -------- d-----w- C:\Users\Daniel\AppData\Roaming\SUPERAntiSpyware.com
2012-06-22 05:38:48 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-22 05:38:48 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-22 05:17:58 -------- d-----w- C:\ProgramData\PMS
2012-06-22 00:45:05 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-06-22 00:44:31 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Ad-Aware Antivirus
2012-06-22 00:42:31 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-21 23:46:26 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-21 12:27:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 12:27:45 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 12:27:44 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 12:27:44 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-17 03:19:07 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-17 03:19:07 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-13 13:03:00 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 13:03:00 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 13:03:00 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-11 16:05:09 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-06-10 17:34:57 -------- d-----w- C:\Program Files (x86)\EVEMon
2012-06-10 12:29:36 -------- d-----w- C:\Users\Daniel\AppData\Local\Macromedia
2012-06-03 01:40:10 -------- d-----w- C:\Users\Daniel\AppData\Roaming\AVG2012
2012-06-03 01:40:07 -------- d-----w- C:\ProgramData\AVG2012
2012-06-01 15:34:04 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
==================== Find3M ====================
.
2012-06-10 12:29:13 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-10 12:29:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-05 05:33:02 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 11:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-04-06 05:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-04-06 05:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-04-06 05:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-04-06 05:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-04-06 05:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-04-06 05:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-04-06 05:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll
2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 9:00:24.00 ===============

#4 Nearis

Nearis
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 23 June 2012 - 11:10 AM

just glancing thru this list, i assume i at least have a problem with an adobe file and some registry entries that i see as bad.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 AM

Posted 23 June 2012 - 11:23 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Nearis

Nearis
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 23 June 2012 - 11:42 AM

computer hasn't had any voice ads pop up today yet, but the redirecting changed, instead of redirecting me to ad site every so often, now when ever i click on a google search result i get sent back to the main Google search page.

ComboFix 12-06-23.05 - Daniel 06/23/2012 9:28.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.3751 [GMT -7:00]
Running from: c:\users\Daniel\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hnedcaa.tmp
c:\windows\Installer\{56b1b460-45ac-0de8-ec14-4de09bd16350}\@
c:\windows\Installer\{56b1b460-45ac-0de8-ec14-4de09bd16350}\U\00000001.@
c:\windows\Installer\{56b1b460-45ac-0de8-ec14-4de09bd16350}\U\80000000.@
c:\windows\Installer\{56b1b460-45ac-0de8-ec14-4de09bd16350}\U\800000cb.@
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\devil.dll
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy1_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 16:33 . 2012-06-23 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 16:47 . 2012-06-23 15:56 -------- d-----w- c:\programdata\MFAData
2012-06-22 05:38 . 2012-06-22 05:38 -------- d-----w- c:\users\Daniel\AppData\Roaming\SUPERAntiSpyware.com
2012-06-22 05:38 . 2012-06-22 05:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-22 05:38 . 2012-06-22 05:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-22 05:17 . 2012-06-22 05:18 -------- d-----w- c:\programdata\PMS
2012-06-22 00:45 . 2012-06-22 01:00 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-06-22 00:45 . 2012-06-22 00:45 -------- d-----w- c:\programdata\Lavasoft
2012-06-22 00:44 . 2012-06-22 00:46 -------- d-----w- c:\users\Daniel\AppData\Roaming\Ad-Aware Antivirus
2012-06-22 00:42 . 2012-06-22 00:42 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-21 23:46 . 2012-06-21 23:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-21 12:27 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 12:27 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 12:27 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 12:27 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 12:27 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 12:27 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 12:27 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 12:27 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 12:27 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 03:19 . 2012-06-17 03:19 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-17 03:19 . 2012-06-17 03:19 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-13 13:03 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 13:03 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 13:03 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-11 16:05 . 2012-06-11 16:05 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-10 17:34 . 2012-06-10 17:34 -------- d-----w- c:\program files (x86)\EVEMon
2012-06-10 12:29 . 2012-06-10 12:29 -------- d-----w- c:\users\Daniel\AppData\Local\Macromedia
2012-06-03 01:40 . 2012-06-03 01:40 -------- d-----w- c:\users\Daniel\AppData\Roaming\AVG2012
2012-06-03 01:40 . 2012-06-03 01:56 -------- d-----w- c:\programdata\AVG2012
2012-06-01 15:34 . 2012-06-01 15:34 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 12:29 . 2012-04-22 15:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-10 12:29 . 2011-05-28 15:05 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 05:33 . 2012-04-22 15:33 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 11:50 . 2012-04-19 11:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 05:33 . 2012-04-06 05:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-11-10 03:16 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-01-27 05:59 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-02-15 03:07 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-01-27 05:20 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2011-01-27 05:40 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2011-11-10 02:33 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2011-11-10 02:29 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-01-27 05:12 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-02-15 02:12 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-11-10 02:11 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-04 22:56 . 2011-07-08 01:08 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-10 17:45 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 7398CBFB433E635F41DD42F249D14804 . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-18 880496]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
"EVEMon"="c:\program files (x86)\EVEMon\EVEMon.exe" [2012-06-10 2040320]
"Steam"="e:\steam\Steam.exe" [2012-01-14 1242448]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"D-Link SharePort"="c:\program files (x86)\D-Link\SharePort\SharePort.exe" [2010-04-16 2797568]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="e:\adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="e:\adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe" [2012-05-05 351904]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PS3 Media Server.lnk - c:\program files (x86)\PS3 Media Server\PMS.exe [2012-1-28 432761]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
SATARaid5Manager.lnk - c:\windows\Installer\{2ABC904F-6915-40AC-8CF8-B48743698CEC}\_19B708D90CBD3F24F241B9.exe [2011-12-4 1206]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 DlinkUDSMBus;DlinkUDSMBus;SysWOW64\Drivers\DlinkUDSMBus.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-09 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [2011-05-17 366872]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\system32\DRIVERS\Si3124r5.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]
S2 SATARaid5 Config Service;SATARaid5 Configuration Service;c:\program files (x86)\Silicon Image\3132-W-R\SATARaid5ConfigService.exe [2005-10-06 131072]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-22 21:42]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-22 21:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 76.102.75.10
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\64jb3iit.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:12,52,00,1a,08,50,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,31,26,79,f2,28,64,4d,86,a3,58,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,31,26,79,f2,28,64,4d,86,a3,58,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Java\jre7\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2012-06-23 09:36:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 16:36
.
Pre-Run: 7,653,634,048 bytes free
Post-Run: 7,851,520,000 bytes free
.
- - End Of File - - A43CBB1417AF3169D06F2213D8B52FC5

#7 Nearis

Nearis
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 23 June 2012 - 11:46 AM

Firewall is now working too

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 AM

Posted 23 June 2012 - 12:38 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Nearis

Nearis
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 23 June 2012 - 12:56 PM

TDSSkiller log

10:39:29.0028 1944 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
10:39:29.0525 1944 ============================================================
10:39:29.0525 1944 Current date / time: 2012/06/23 10:39:29.0525
10:39:29.0525 1944 SystemInfo:
10:39:29.0525 1944
10:39:29.0525 1944 OS Version: 6.1.7601 ServicePack: 1.0
10:39:29.0525 1944 Product type: Workstation
10:39:29.0525 1944 ComputerName: DANIEL-PC
10:39:29.0525 1944 UserName: Daniel
10:39:29.0525 1944 Windows directory: C:\Windows
10:39:29.0525 1944 System windows directory: C:\Windows
10:39:29.0525 1944 Running under WOW64
10:39:29.0525 1944 Processor architecture: Intel x64
10:39:29.0525 1944 Number of processors: 8
10:39:29.0525 1944 Page size: 0x1000
10:39:29.0525 1944 Boot type: Normal boot
10:39:29.0525 1944 ============================================================
10:39:29.0895 1944 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:39:29.0895 1944 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:39:29.0899 1944 ============================================================
10:39:29.0899 1944 \Device\Harddisk1\DR1:
10:39:29.0899 1944 MBR partitions:
10:39:29.0899 1944 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
10:39:29.0899 1944 \Device\Harddisk0\DR0:
10:39:29.0899 1944 MBR partitions:
10:39:29.0899 1944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCB800
10:39:29.0899 1944 ============================================================
10:39:29.0900 1944 C: <-> \Device\Harddisk0\DR0\Partition0
10:39:29.0921 1944 E: <-> \Device\Harddisk1\DR1\Partition0
10:39:29.0921 1944 ============================================================
10:39:29.0921 1944 Initialize success
10:39:29.0921 1944 ============================================================
10:39:32.0430 5948 ============================================================
10:39:32.0430 5948 Scan started
10:39:32.0430 5948 Mode: Manual;
10:39:32.0430 5948 ============================================================
10:39:32.0646 5948 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
10:39:32.0648 5948 !SASCORE - ok
10:39:32.0692 5948 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:39:32.0694 5948 1394ohci - ok
10:39:32.0709 5948 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:39:32.0710 5948 ACPI - ok
10:39:32.0712 5948 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:39:32.0713 5948 AcpiPmi - ok
10:39:32.0718 5948 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
10:39:32.0719 5948 adfs - ok
10:39:32.0732 5948 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
10:39:32.0736 5948 Adobe Version Cue CS4 - ok
10:39:32.0741 5948 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:39:32.0742 5948 AdobeARMservice - ok
10:39:32.0762 5948 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:39:32.0765 5948 adp94xx - ok
10:39:32.0778 5948 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:39:32.0780 5948 adpahci - ok
10:39:32.0788 5948 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:39:32.0788 5948 adpu320 - ok
10:39:32.0794 5948 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:39:32.0794 5948 AeLookupSvc - ok
10:39:32.0814 5948 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:39:32.0816 5948 AFD - ok
10:39:32.0820 5948 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:39:32.0820 5948 agp440 - ok
10:39:32.0824 5948 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:39:32.0825 5948 ALG - ok
10:39:32.0827 5948 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:39:32.0828 5948 aliide - ok
10:39:32.0837 5948 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
10:39:32.0838 5948 AMD External Events Utility - ok
10:39:32.0840 5948 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:39:32.0841 5948 amdide - ok
10:39:32.0845 5948 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:39:32.0845 5948 AmdK8 - ok
10:39:33.0274 5948 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
10:39:33.0317 5948 amdkmdag - ok
10:39:33.0360 5948 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
10:39:33.0361 5948 amdkmdap - ok
10:39:33.0365 5948 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:39:33.0366 5948 AmdPPM - ok
10:39:33.0371 5948 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:39:33.0371 5948 amdsata - ok
10:39:33.0380 5948 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:39:33.0381 5948 amdsbs - ok
10:39:33.0384 5948 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:39:33.0384 5948 amdxata - ok
10:39:33.0389 5948 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:39:33.0389 5948 AppID - ok
10:39:33.0392 5948 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:39:33.0392 5948 AppIDSvc - ok
10:39:33.0397 5948 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:39:33.0398 5948 Appinfo - ok
10:39:33.0403 5948 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:39:33.0404 5948 Apple Mobile Device - ok
10:39:33.0415 5948 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
10:39:33.0416 5948 AppMgmt - ok
10:39:33.0420 5948 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:39:33.0421 5948 arc - ok
10:39:33.0426 5948 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:39:33.0427 5948 arcsas - ok
10:39:33.0438 5948 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:39:33.0438 5948 aspnet_state - ok
10:39:33.0441 5948 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:39:33.0441 5948 AsyncMac - ok
10:39:33.0444 5948 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:39:33.0444 5948 atapi - ok
10:39:33.0450 5948 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
10:39:33.0451 5948 AtiHDAudioService - ok
10:39:33.0479 5948 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:39:33.0482 5948 AudioEndpointBuilder - ok
10:39:33.0486 5948 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:39:33.0489 5948 AudioSrv - ok
10:39:33.0689 5948 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
10:39:33.0737 5948 AVGIDSAgent - ok
10:39:33.0770 5948 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
10:39:33.0771 5948 AVGIDSDriver - ok
10:39:33.0774 5948 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
10:39:33.0775 5948 AVGIDSFilter - ok
10:39:33.0778 5948 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
10:39:33.0779 5948 AVGIDSHA - ok
10:39:33.0792 5948 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
10:39:33.0793 5948 Avgldx64 - ok
10:39:33.0796 5948 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
10:39:33.0797 5948 Avgmfx64 - ok
10:39:33.0800 5948 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
10:39:33.0801 5948 Avgrkx64 - ok
10:39:33.0812 5948 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
10:39:33.0814 5948 avgwd - ok
10:39:33.0820 5948 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:39:33.0821 5948 AxInstSV - ok
10:39:33.0839 5948 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:39:33.0841 5948 b06bdrv - ok
10:39:33.0853 5948 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:39:33.0854 5948 b57nd60a - ok
10:39:33.0865 5948 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
10:39:33.0867 5948 BBSvc - ok
10:39:33.0878 5948 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
10:39:33.0881 5948 BBUpdate - ok
10:39:33.0886 5948 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:39:33.0887 5948 BDESVC - ok
10:39:33.0889 5948 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:39:33.0889 5948 Beep - ok
10:39:33.0920 5948 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:39:33.0923 5948 BFE - ok
10:39:33.0956 5948 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:39:33.0965 5948 BITS - ok
10:39:33.0971 5948 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:39:33.0972 5948 blbdrive - ok
10:39:33.0991 5948 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:39:33.0995 5948 Bonjour Service - ok
10:39:34.0000 5948 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:39:34.0001 5948 bowser - ok
10:39:34.0003 5948 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:39:34.0004 5948 BrFiltLo - ok
10:39:34.0005 5948 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:39:34.0006 5948 BrFiltUp - ok
10:39:34.0011 5948 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:39:34.0012 5948 BridgeMP - ok
10:39:34.0019 5948 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:39:34.0020 5948 Browser - ok
10:39:34.0030 5948 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:39:34.0032 5948 Brserid - ok
10:39:34.0035 5948 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:39:34.0036 5948 BrSerWdm - ok
10:39:34.0037 5948 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:39:34.0038 5948 BrUsbMdm - ok
10:39:34.0040 5948 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:39:34.0040 5948 BrUsbSer - ok
10:39:34.0045 5948 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:39:34.0045 5948 BTHMODEM - ok
10:39:34.0051 5948 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:39:34.0052 5948 bthserv - ok
10:39:34.0053 5948 catchme - ok
10:39:34.0060 5948 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:39:34.0060 5948 cdfs - ok
10:39:34.0068 5948 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:39:34.0068 5948 cdrom - ok
10:39:34.0074 5948 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:39:34.0075 5948 CertPropSvc - ok
10:39:34.0078 5948 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:39:34.0079 5948 circlass - ok
10:39:34.0093 5948 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:39:34.0095 5948 CLFS - ok
10:39:34.0101 5948 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:39:34.0102 5948 clr_optimization_v2.0.50727_32 - ok
10:39:34.0109 5948 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:39:34.0110 5948 clr_optimization_v2.0.50727_64 - ok
10:39:34.0121 5948 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:39:34.0122 5948 clr_optimization_v4.0.30319_32 - ok
10:39:34.0133 5948 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:39:34.0134 5948 clr_optimization_v4.0.30319_64 - ok
10:39:34.0137 5948 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:39:34.0137 5948 CmBatt - ok
10:39:34.0140 5948 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:39:34.0140 5948 cmdide - ok
10:39:34.0158 5948 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:39:34.0160 5948 CNG - ok
10:39:34.0162 5948 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:39:34.0163 5948 Compbatt - ok
10:39:34.0166 5948 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:39:34.0166 5948 CompositeBus - ok
10:39:34.0168 5948 COMSysApp - ok
10:39:34.0171 5948 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:39:34.0171 5948 crcdisk - ok
10:39:34.0180 5948 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:39:34.0182 5948 CryptSvc - ok
10:39:34.0201 5948 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:39:34.0203 5948 CSC - ok
10:39:34.0230 5948 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
10:39:34.0233 5948 CscService - ok
10:39:34.0256 5948 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:39:34.0261 5948 DcomLaunch - ok
10:39:34.0274 5948 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:39:34.0276 5948 defragsvc - ok
10:39:34.0284 5948 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:39:34.0284 5948 DfsC - ok
10:39:34.0299 5948 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:39:34.0300 5948 Dhcp - ok
10:39:34.0303 5948 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:39:34.0304 5948 discache - ok
10:39:34.0308 5948 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:39:34.0308 5948 Disk - ok
10:39:34.0333 5948 DlinkUDSMBus - ok
10:39:34.0342 5948 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:39:34.0343 5948 Dnscache - ok
10:39:34.0355 5948 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:39:34.0356 5948 dot3svc - ok
10:39:34.0363 5948 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
10:39:34.0365 5948 Dot4 - ok
10:39:34.0367 5948 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:39:34.0368 5948 Dot4Print - ok
10:39:34.0371 5948 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
10:39:34.0371 5948 dot4usb - ok
10:39:34.0378 5948 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:39:34.0379 5948 DPS - ok
10:39:34.0381 5948 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:39:34.0382 5948 drmkaud - ok
10:39:34.0394 5948 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:39:34.0395 5948 dtsoftbus01 - ok
10:39:34.0434 5948 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:39:34.0437 5948 DXGKrnl - ok
10:39:34.0443 5948 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:39:34.0445 5948 EapHost - ok
10:39:34.0567 5948 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:39:34.0598 5948 ebdrv - ok
10:39:34.0625 5948 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:39:34.0626 5948 EFS - ok
10:39:34.0655 5948 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:39:34.0662 5948 ehRecvr - ok
10:39:34.0668 5948 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:39:34.0670 5948 ehSched - ok
10:39:34.0693 5948 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:39:34.0695 5948 elxstor - ok
10:39:34.0697 5948 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:39:34.0698 5948 ErrDev - ok
10:39:34.0717 5948 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:39:34.0721 5948 EventSystem - ok
10:39:34.0730 5948 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:39:34.0732 5948 exfat - ok
10:39:34.0742 5948 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:39:34.0744 5948 fastfat - ok
10:39:34.0770 5948 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:39:34.0777 5948 Fax - ok
10:39:34.0780 5948 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:39:34.0781 5948 fdc - ok
10:39:34.0783 5948 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:39:34.0784 5948 fdPHost - ok
10:39:34.0786 5948 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:39:34.0787 5948 FDResPub - ok
10:39:34.0792 5948 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:39:34.0793 5948 FileInfo - ok
10:39:34.0796 5948 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:39:34.0797 5948 Filetrace - ok
10:39:34.0824 5948 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:39:34.0831 5948 FLEXnet Licensing Service - ok
10:39:34.0873 5948 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
10:39:34.0886 5948 FLEXnet Licensing Service 64 - ok
10:39:34.0917 5948 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:39:34.0918 5948 flpydisk - ok
10:39:34.0933 5948 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:39:34.0937 5948 FltMgr - ok
10:39:34.0988 5948 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:39:35.0003 5948 FontCache - ok
10:39:35.0009 5948 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:39:35.0010 5948 FontCache3.0.0.0 - ok
10:39:35.0017 5948 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:39:35.0019 5948 FsDepends - ok
10:39:35.0022 5948 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:39:35.0024 5948 Fs_Rec - ok
10:39:35.0036 5948 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:39:35.0040 5948 fvevol - ok
10:39:35.0045 5948 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:39:35.0047 5948 gagp30kx - ok
10:39:35.0052 5948 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:39:35.0053 5948 GEARAspiWDM - ok
10:39:35.0087 5948 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:39:35.0098 5948 gpsvc - ok
10:39:35.0108 5948 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:39:35.0110 5948 gupdate - ok
10:39:35.0113 5948 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:39:35.0114 5948 gupdatem - ok
10:39:35.0119 5948 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:39:35.0120 5948 hcw85cir - ok
10:39:35.0138 5948 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:39:35.0144 5948 HdAudAddService - ok
10:39:35.0152 5948 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:39:35.0154 5948 HDAudBus - ok
10:39:35.0157 5948 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:39:35.0159 5948 HidBatt - ok
10:39:35.0165 5948 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:39:35.0167 5948 HidBth - ok
10:39:35.0171 5948 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:39:35.0172 5948 HidIr - ok
10:39:35.0175 5948 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:39:35.0176 5948 hidserv - ok
10:39:35.0180 5948 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:39:35.0181 5948 HidUsb - ok
10:39:35.0187 5948 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:39:35.0189 5948 hkmsvc - ok
10:39:35.0199 5948 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:39:35.0202 5948 HomeGroupListener - ok
10:39:35.0211 5948 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:39:35.0214 5948 HomeGroupProvider - ok
10:39:35.0228 5948 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:39:35.0231 5948 hpqcxs08 - ok
10:39:35.0238 5948 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:39:35.0240 5948 hpqddsvc - ok
10:39:35.0245 5948 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:39:35.0247 5948 HpSAMD - ok
10:39:35.0275 5948 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:39:35.0283 5948 HTTP - ok
10:39:35.0286 5948 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:39:35.0287 5948 hwpolicy - ok
10:39:35.0292 5948 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:39:35.0294 5948 i8042prt - ok
10:39:35.0312 5948 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
10:39:35.0317 5948 iaStor - ok
10:39:35.0335 5948 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:39:35.0340 5948 iaStorV - ok
10:39:35.0373 5948 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:39:35.0377 5948 idsvc - ok
10:39:35.0381 5948 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:39:35.0382 5948 iirsp - ok
10:39:35.0417 5948 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:39:35.0426 5948 IKEEXT - ok
10:39:35.0430 5948 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:39:35.0431 5948 intelide - ok
10:39:35.0435 5948 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:39:35.0436 5948 intelppm - ok
10:39:35.0442 5948 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:39:35.0444 5948 IPBusEnum - ok
10:39:35.0449 5948 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:39:35.0450 5948 IpFilterDriver - ok
10:39:35.0474 5948 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:39:35.0481 5948 iphlpsvc - ok
10:39:35.0486 5948 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:39:35.0488 5948 IPMIDRV - ok
10:39:35.0494 5948 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:39:35.0496 5948 IPNAT - ok
10:39:35.0532 5948 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
10:39:35.0541 5948 iPod Service - ok
10:39:35.0545 5948 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:39:35.0545 5948 IRENUM - ok
10:39:35.0548 5948 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:39:35.0549 5948 isapnp - ok
10:39:35.0561 5948 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:39:35.0564 5948 iScsiPrt - ok
10:39:35.0568 5948 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:39:35.0570 5948 kbdclass - ok
10:39:35.0573 5948 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:39:35.0574 5948 kbdhid - ok
10:39:35.0577 5948 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:39:35.0578 5948 KeyIso - ok
10:39:35.0583 5948 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:39:35.0585 5948 KSecDD - ok
10:39:35.0592 5948 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:39:35.0595 5948 KSecPkg - ok
10:39:35.0597 5948 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:39:35.0598 5948 ksthunk - ok
10:39:35.0613 5948 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:39:35.0617 5948 KtmRm - ok
10:39:35.0629 5948 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:39:35.0633 5948 LanmanServer - ok
10:39:35.0639 5948 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:39:35.0642 5948 LanmanWorkstation - ok
10:39:35.0647 5948 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
10:39:35.0648 5948 LGBusEnum - ok
10:39:35.0651 5948 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
10:39:35.0651 5948 LGVirHid - ok
10:39:35.0656 5948 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:39:35.0657 5948 lltdio - ok
10:39:35.0670 5948 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:39:35.0674 5948 lltdsvc - ok
10:39:35.0676 5948 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:39:35.0677 5948 lmhosts - ok
10:39:35.0685 5948 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:39:35.0687 5948 LSI_FC - ok
10:39:35.0693 5948 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:39:35.0694 5948 LSI_SAS - ok
10:39:35.0699 5948 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:39:35.0700 5948 LSI_SAS2 - ok
10:39:35.0706 5948 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:39:35.0708 5948 LSI_SCSI - ok
10:39:35.0715 5948 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:39:35.0716 5948 luafv - ok
10:39:35.0719 5948 lvpepf64 (07389f6925e490d2db7882110e99921c) C:\Windows\system32\DRIVERS\lv302a64.sys
10:39:35.0720 5948 lvpepf64 - ok
10:39:35.0750 5948 LVRS64 (7f0ba3a6e8996f15693c6b7d81da049e) C:\Windows\system32\DRIVERS\lvrs64.sys
10:39:35.0758 5948 LVRS64 - ok
10:39:35.0763 5948 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
10:39:35.0764 5948 LVUSBS64 - ok
10:39:35.0769 5948 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:39:35.0771 5948 Mcx2Svc - ok
10:39:35.0774 5948 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:39:35.0775 5948 megasas - ok
10:39:35.0787 5948 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:39:35.0790 5948 MegaSR - ok
10:39:35.0796 5948 Microsoft SharePoint Workspace Audit Service - ok
10:39:35.0802 5948 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:39:35.0803 5948 MMCSS - ok
10:39:35.0806 5948 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:39:35.0807 5948 Modem - ok
10:39:35.0811 5948 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:39:35.0811 5948 monitor - ok
10:39:35.0815 5948 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:39:35.0816 5948 mouclass - ok
10:39:35.0820 5948 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:39:35.0822 5948 mouhid - ok
10:39:35.0827 5948 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:39:35.0829 5948 mountmgr - ok
10:39:35.0835 5948 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:39:35.0837 5948 MozillaMaintenance - ok
10:39:35.0844 5948 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:39:35.0847 5948 mpio - ok
10:39:35.0852 5948 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:39:35.0853 5948 mpsdrv - ok
10:39:35.0890 5948 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:39:35.0902 5948 MpsSvc - ok
10:39:35.0911 5948 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:39:35.0913 5948 MRxDAV - ok
10:39:35.0922 5948 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:39:35.0925 5948 mrxsmb - ok
10:39:35.0940 5948 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:39:35.0945 5948 mrxsmb10 - ok
10:39:35.0953 5948 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:39:35.0956 5948 mrxsmb20 - ok
10:39:35.0960 5948 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:39:35.0961 5948 msahci - ok
10:39:35.0969 5948 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:39:35.0972 5948 msdsm - ok
10:39:35.0980 5948 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:39:35.0984 5948 MSDTC - ok
10:39:35.0991 5948 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:39:35.0993 5948 Msfs - ok
10:39:35.0996 5948 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:39:35.0997 5948 mshidkmdf - ok
10:39:36.0000 5948 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:39:36.0002 5948 msisadrv - ok
10:39:36.0011 5948 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:39:36.0014 5948 MSiSCSI - ok
10:39:36.0017 5948 msiserver - ok
10:39:36.0022 5948 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:39:36.0023 5948 MSKSSRV - ok
10:39:36.0027 5948 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:39:36.0027 5948 MSPCLOCK - ok
10:39:36.0031 5948 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:39:36.0032 5948 MSPQM - ok
10:39:36.0051 5948 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:39:36.0056 5948 MsRPC - ok
10:39:36.0063 5948 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:39:36.0063 5948 mssmbios - ok
10:39:36.0067 5948 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:39:36.0068 5948 MSTEE - ok
10:39:36.0071 5948 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:39:36.0072 5948 MTConfig - ok
10:39:36.0078 5948 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:39:36.0080 5948 Mup - ok
10:39:36.0103 5948 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:39:36.0111 5948 napagent - ok
10:39:36.0127 5948 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:39:36.0131 5948 NativeWifiP - ok
10:39:36.0178 5948 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:39:36.0191 5948 NDIS - ok
10:39:36.0196 5948 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:39:36.0197 5948 NdisCap - ok
10:39:36.0201 5948 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:39:36.0203 5948 NdisTapi - ok
10:39:36.0208 5948 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:39:36.0209 5948 Ndisuio - ok
10:39:36.0219 5948 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:39:36.0221 5948 NdisWan - ok
10:39:36.0226 5948 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:39:36.0227 5948 NDProxy - ok
10:39:36.0232 5948 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
10:39:36.0234 5948 Net Driver HPZ12 - ok
10:39:36.0237 5948 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:39:36.0239 5948 NetBIOS - ok
10:39:36.0251 5948 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:39:36.0254 5948 NetBT - ok
10:39:36.0257 5948 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:39:36.0258 5948 Netlogon - ok
10:39:36.0274 5948 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:39:36.0279 5948 Netman - ok
10:39:36.0291 5948 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:39:36.0292 5948 NetMsmqActivator - ok
10:39:36.0294 5948 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:39:36.0295 5948 NetPipeActivator - ok
10:39:36.0315 5948 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:39:36.0321 5948 netprofm - ok
10:39:36.0323 5948 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:39:36.0324 5948 NetTcpActivator - ok
10:39:36.0326 5948 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:39:36.0327 5948 NetTcpPortSharing - ok
10:39:36.0333 5948 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:39:36.0335 5948 nfrd960 - ok
10:39:36.0349 5948 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:39:36.0353 5948 NlaSvc - ok
10:39:36.0357 5948 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:39:36.0358 5948 Npfs - ok
10:39:36.0361 5948 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:39:36.0363 5948 nsi - ok
10:39:36.0365 5948 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:39:36.0366 5948 nsiproxy - ok
10:39:36.0436 5948 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:39:36.0457 5948 Ntfs - ok
10:39:36.0486 5948 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:39:36.0486 5948 Null - ok
10:39:36.0494 5948 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:39:36.0496 5948 nvraid - ok
10:39:36.0504 5948 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:39:36.0506 5948 nvstor - ok
10:39:36.0512 5948 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:39:36.0514 5948 nv_agp - ok
10:39:36.0519 5948 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:39:36.0520 5948 ohci1394 - ok
10:39:36.0529 5948 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:39:36.0531 5948 ose - ok
10:39:36.0744 5948 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:39:36.0792 5948 osppsvc - ok
10:39:36.0832 5948 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:39:36.0836 5948 p2pimsvc - ok
10:39:36.0854 5948 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:39:36.0859 5948 p2psvc - ok
10:39:36.0866 5948 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:39:36.0868 5948 Parport - ok
10:39:36.0872 5948 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:39:36.0874 5948 partmgr - ok
10:39:36.0878 5948 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys
10:39:36.0879 5948 pbfilter - ok
10:39:36.0887 5948 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:39:36.0890 5948 PcaSvc - ok
10:39:36.0899 5948 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:39:36.0901 5948 pci - ok
10:39:36.0904 5948 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
10:39:36.0905 5948 pciide - ok
10:39:36.0914 5948 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:39:36.0916 5948 pcmcia - ok
10:39:36.0920 5948 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:39:36.0921 5948 pcw - ok
10:39:36.0947 5948 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:39:36.0953 5948 PEAUTH - ok
10:39:37.0006 5948 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
10:39:37.0025 5948 PeerDistSvc - ok
10:39:37.0053 5948 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:39:37.0055 5948 PerfHost - ok
10:39:37.0194 5948 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\Windows\system32\DRIVERS\LV302V64.SYS
10:39:37.0227 5948 PID_PEPI - ok
10:39:37.0310 5948 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:39:37.0328 5948 pla - ok
10:39:37.0346 5948 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:39:37.0352 5948 PlugPlay - ok
10:39:37.0359 5948 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
10:39:37.0361 5948 Pml Driver HPZ12 - ok
10:39:37.0364 5948 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:39:37.0366 5948 PNRPAutoReg - ok
10:39:37.0379 5948 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:39:37.0382 5948 PNRPsvc - ok
10:39:37.0389 5948 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
10:39:37.0391 5948 Point64 - ok
10:39:37.0411 5948 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:39:37.0417 5948 PolicyAgent - ok
10:39:37.0427 5948 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:39:37.0430 5948 Power - ok
10:39:37.0436 5948 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:39:37.0438 5948 PptpMiniport - ok
10:39:37.0442 5948 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:39:37.0444 5948 Processor - ok
10:39:37.0453 5948 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:39:37.0457 5948 ProfSvc - ok
10:39:37.0460 5948 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:39:37.0461 5948 ProtectedStorage - ok
10:39:37.0479 5948 PS3 Media Server (e2e47486f9d39145daea03d007587a02) C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
10:39:37.0483 5948 PS3 Media Server - ok
10:39:37.0492 5948 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:39:37.0494 5948 Psched - ok
10:39:37.0498 5948 PxHlpa64 (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys
10:39:37.0500 5948 PxHlpa64 - ok
10:39:37.0561 5948 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:39:37.0581 5948 ql2300 - ok
10:39:37.0616 5948 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:39:37.0619 5948 ql40xx - ok
10:39:37.0632 5948 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:39:37.0637 5948 QWAVE - ok
10:39:37.0642 5948 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:39:37.0643 5948 QWAVEdrv - ok
10:39:37.0647 5948 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:39:37.0648 5948 RasAcd - ok
10:39:37.0653 5948 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:39:37.0654 5948 RasAgileVpn - ok
10:39:37.0661 5948 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:39:37.0664 5948 RasAuto - ok
10:39:37.0673 5948 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:39:37.0676 5948 Rasl2tp - ok
10:39:37.0695 5948 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:39:37.0702 5948 RasMan - ok
10:39:37.0709 5948 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:39:37.0711 5948 RasPppoe - ok
10:39:37.0717 5948 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:39:37.0719 5948 RasSstp - ok
10:39:37.0736 5948 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:39:37.0740 5948 rdbss - ok
10:39:37.0744 5948 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:39:37.0745 5948 rdpbus - ok
10:39:37.0748 5948 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:39:37.0749 5948 RDPCDD - ok
10:39:37.0761 5948 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
10:39:37.0764 5948 RDPDR - ok
10:39:37.0768 5948 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:39:37.0769 5948 RDPENCDD - ok
10:39:37.0774 5948 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:39:37.0775 5948 RDPREFMP - ok
10:39:37.0781 5948 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
10:39:37.0783 5948 RdpVideoMiniport - ok
10:39:37.0792 5948 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:39:37.0794 5948 RDPWD - ok
10:39:37.0804 5948 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:39:37.0807 5948 rdyboost - ok
10:39:37.0812 5948 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:39:37.0814 5948 RemoteAccess - ok
10:39:37.0821 5948 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:39:37.0824 5948 RemoteRegistry - ok
10:39:37.0828 5948 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:39:37.0830 5948 RpcEptMapper - ok
10:39:37.0832 5948 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:39:37.0833 5948 RpcLocator - ok
10:39:37.0854 5948 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:39:37.0857 5948 RpcSs - ok
10:39:37.0863 5948 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:39:37.0864 5948 rspndr - ok
10:39:37.0885 5948 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:39:37.0890 5948 RTL8167 - ok
10:39:37.0893 5948 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
10:39:37.0893 5948 s3cap - ok
10:39:37.0896 5948 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:39:37.0897 5948 SamSs - ok
10:39:37.0900 5948 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
10:39:37.0901 5948 SASDIFSV - ok
10:39:37.0903 5948 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:39:37.0904 5948 SASKUTIL - ok
10:39:37.0912 5948 SATARaid5 Config Service (f6321d6505ebdd699f7dbbeb996127c8) C:\Program Files (x86)\Silicon Image\3132-W-R\SATARaid5ConfigService.exe
10:39:37.0913 5948 SATARaid5 Config Service - ok
10:39:37.0919 5948 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:39:37.0921 5948 sbp2port - ok
10:39:37.0922 5948 SBRE - ok
10:39:37.0932 5948 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:39:37.0935 5948 SCardSvr - ok
10:39:37.0938 5948 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:39:37.0939 5948 scfilter - ok
10:39:37.0982 5948 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:39:37.0994 5948 Schedule - ok
10:39:37.0999 5948 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:39:38.0000 5948 SCPolicySvc - ok
10:39:38.0008 5948 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:39:38.0011 5948 SDRSVC - ok
10:39:38.0016 5948 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:39:38.0017 5948 secdrv - ok
10:39:38.0020 5948 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:39:38.0021 5948 seclogon - ok
10:39:38.0026 5948 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:39:38.0028 5948 SENS - ok
10:39:38.0031 5948 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:39:38.0032 5948 SensrSvc - ok
10:39:38.0035 5948 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:39:38.0036 5948 Serenum - ok
10:39:38.0041 5948 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:39:38.0042 5948 Serial - ok
10:39:38.0045 5948 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:39:38.0046 5948 sermouse - ok
10:39:38.0055 5948 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:39:38.0058 5948 SessionEnv - ok
10:39:38.0060 5948 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:39:38.0061 5948 sffdisk - ok
10:39:38.0063 5948 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:39:38.0064 5948 sffp_mmc - ok
10:39:38.0066 5948 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:39:38.0067 5948 sffp_sd - ok
10:39:38.0069 5948 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:39:38.0070 5948 sfloppy - ok
10:39:38.0086 5948 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:39:38.0090 5948 SharedAccess - ok
10:39:38.0105 5948 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:39:38.0110 5948 ShellHWDetection - ok
10:39:38.0124 5948 Si3124r5 (da492c8305434ec6f9bdd60c8b83b10e) C:\Windows\system32\DRIVERS\Si3124r5.sys
10:39:38.0127 5948 Si3124r5 - ok
10:39:38.0130 5948 SiFilter (8d10887a1699cf61e74467694b929b09) C:\Windows\system32\DRIVERS\SiWinAcc.sys
10:39:38.0131 5948 SiFilter - ok
10:39:38.0133 5948 SiRemFil (94e1eda9a0b305a67ee1bbd0a68ce21a) C:\Windows\system32\DRIVERS\SiRemFil.sys
10:39:38.0134 5948 SiRemFil - ok
10:39:38.0137 5948 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:39:38.0138 5948 SiSRaid2 - ok
10:39:38.0143 5948 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:39:38.0144 5948 SiSRaid4 - ok
10:39:38.0154 5948 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:39:38.0156 5948 SkypeUpdate - ok
10:39:38.0161 5948 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:39:38.0163 5948 Smb - ok
10:39:38.0167 5948 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:39:38.0169 5948 SNMPTRAP - ok
10:39:38.0171 5948 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:39:38.0172 5948 spldr - ok
10:39:38.0194 5948 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:39:38.0201 5948 Spooler - ok
10:39:38.0356 5948 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:39:38.0404 5948 sppsvc - ok
10:39:38.0433 5948 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:39:38.0435 5948 sppuinotify - ok
10:39:38.0457 5948 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:39:38.0461 5948 srv - ok
10:39:38.0479 5948 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:39:38.0483 5948 srv2 - ok
10:39:38.0492 5948 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:39:38.0494 5948 srvnet - ok
10:39:38.0504 5948 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:39:38.0507 5948 SSDPSRV - ok
10:39:38.0512 5948 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:39:38.0514 5948 SstpSvc - ok
10:39:38.0517 5948 Steam Client Service - ok
10:39:38.0521 5948 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:39:38.0522 5948 stexstor - ok
10:39:38.0545 5948 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:39:38.0551 5948 stisvc - ok
10:39:38.0555 5948 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
10:39:38.0556 5948 storflt - ok
10:39:38.0559 5948 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
10:39:38.0560 5948 storvsc - ok
10:39:38.0563 5948 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:39:38.0563 5948 swenum - ok
10:39:38.0584 5948 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:39:38.0591 5948 swprv - ok
10:39:38.0593 5948 Synth3dVsc - ok
10:39:38.0668 5948 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:39:38.0694 5948 SysMain - ok
10:39:38.0727 5948 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:39:38.0730 5948 TabletInputService - ok
10:39:38.0747 5948 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:39:38.0753 5948 TapiSrv - ok
10:39:38.0759 5948 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:39:38.0762 5948 TBS - ok
10:39:38.0843 5948 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:39:38.0868 5948 Tcpip - ok
10:39:38.0975 5948 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:39:38.0988 5948 TCPIP6 - ok
10:39:39.0022 5948 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:39:39.0024 5948 tcpipreg - ok
10:39:39.0029 5948 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:39:39.0030 5948 TDPIPE - ok
10:39:39.0034 5948 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:39:39.0036 5948 TDTCP - ok
10:39:39.0044 5948 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:39:39.0047 5948 tdx - ok
10:39:39.0053 5948 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:39:39.0055 5948 TermDD - ok
10:39:39.0084 5948 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:39:39.0095 5948 TermService - ok
10:39:39.0100 5948 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:39:39.0103 5948 Themes - ok
10:39:39.0109 5948 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:39:39.0111 5948 THREADORDER - ok
10:39:39.0119 5948 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:39:39.0122 5948 TrkWks - ok
10:39:39.0133 5948 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:39:39.0136 5948 TrustedInstaller - ok
10:39:39.0143 5948 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:39:39.0145 5948 tssecsrv - ok
10:39:39.0150 5948 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:39:39.0152 5948 TsUsbFlt - ok
10:39:39.0154 5948 tsusbhub - ok
10:39:39.0165 5948 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:39:39.0167 5948 tunnel - ok
10:39:39.0173 5948 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:39:39.0175 5948 uagp35 - ok
10:39:39.0192 5948 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:39:39.0197 5948 udfs - ok
10:39:39.0205 5948 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:39:39.0208 5948 UI0Detect - ok
10:39:39.0214 5948 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:39:39.0216 5948 uliagpkx - ok
10:39:39.0221 5948 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:39:39.0223 5948 umbus - ok
10:39:39.0226 5948 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:39:39.0227 5948 UmPass - ok
10:39:39.0240 5948 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
10:39:39.0245 5948 UmRdpService - ok
10:39:39.0264 5948 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:39:39.0272 5948 upnphost - ok
10:39:39.0278 5948 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
10:39:39.0280 5948 USBAAPL64 - ok
10:39:39.0288 5948 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:39:39.0291 5948 usbaudio - ok
10:39:39.0298 5948 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:39:39.0300 5948 usbccgp - ok
10:39:39.0307 5948 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:39:39.0309 5948 usbcir - ok
10:39:39.0314 5948 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:39:39.0316 5948 usbehci - ok
10:39:39.0334 5948 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:39:39.0339 5948 usbhub - ok
10:39:39.0343 5948 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
10:39:39.0344 5948 usbohci - ok
10:39:39.0349 5948 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:39:39.0350 5948 usbprint - ok
10:39:39.0355 5948 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:39:39.0357 5948 usbscan - ok
10:39:39.0364 5948 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:39:39.0366 5948 USBSTOR - ok
10:39:39.0370 5948 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
10:39:39.0371 5948 usbuhci - ok
10:39:39.0374 5948 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:39:39.0376 5948 UxSms - ok
10:39:39.0380 5948 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:39:39.0381 5948 VaultSvc - ok
10:39:39.0384 5948 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:39:39.0385 5948 vdrvroot - ok
10:39:39.0406 5948 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:39:39.0412 5948 vds - ok
10:39:39.0416 5948 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:39:39.0417 5948 vga - ok
10:39:39.0420 5948 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:39:39.0421 5948 VgaSave - ok
10:39:39.0423 5948 VGPU - ok
10:39:39.0434 5948 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:39:39.0437 5948 vhdmp - ok
10:39:39.0440 5948 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:39:39.0441 5948 viaide - ok
10:39:39.0450 5948 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
10:39:39.0453 5948 vmbus - ok
10:39:39.0456 5948 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
10:39:39.0457 5948 VMBusHID - ok
10:39:39.0462 5948 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:39:39.0463 5948 volmgr - ok
10:39:39.0479 5948 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:39:39.0484 5948 volmgrx - ok
10:39:39.0497 5948 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:39:39.0501 5948 volsnap - ok
10:39:39.0509 5948 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:39:39.0511 5948 vsmraid - ok
10:39:39.0578 5948 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:39:39.0600 5948 VSS - ok
10:39:39.0631 5948 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:39:39.0632 5948 vwifibus - ok
10:39:39.0651 5948 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:39:39.0658 5948 W32Time - ok
10:39:39.0663 5948 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:39:39.0664 5948 WacomPen - ok
10:39:39.0670 5948 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:39:39.0672 5948 WANARP - ok
10:39:39.0674 5948 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:39:39.0675 5948 Wanarpv6 - ok
10:39:39.0730 5948 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:39:40.0082 5948 WatAdminSvc - ok
10:39:40.0144 5948 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:39:40.0165 5948 wbengine - ok
10:39:40.0202 5948 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:39:40.0208 5948 WbioSrvc - ok
10:39:40.0226 5948 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:39:40.0233 5948 wcncsvc - ok
10:39:40.0238 5948 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:39:40.0241 5948 WcsPlugInService - ok
10:39:40.0247 5948 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:39:40.0248 5948 Wd - ok
10:39:40.0279 5948 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:39:40.0288 5948 Wdf01000 - ok
10:39:40.0295 5948 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:39:40.0298 5948 WdiServiceHost - ok
10:39:40.0301 5948 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:39:40.0304 5948 WdiSystemHost - ok
10:39:40.0318 5948 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:39:40.0323 5948 WebClient - ok
10:39:40.0336 5948 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:39:40.0341 5948 Wecsvc - ok
10:39:40.0348 5948 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:39:40.0351 5948 wercplsupport - ok
10:39:40.0358 5948 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:39:40.0362 5948 WerSvc - ok
10:39:40.0368 5948 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:39:40.0369 5948 WfpLwf - ok
10:39:40.0373 5948 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:39:40.0375 5948 WIMMount - ok
10:39:40.0379 5948 WinDefend - ok
10:39:40.0386 5948 WinHttpAutoProxySvc - ok
10:39:40.0404 5948 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:39:40.0408 5948 Winmgmt - ok
10:39:40.0496 5948 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:39:40.0524 5948 WinRM - ok
10:39:40.0559 5948 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:39:40.0561 5948 WinUsb - ok
10:39:40.0595 5948 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:39:40.0605 5948 Wlansvc - ok
10:39:40.0608 5948 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:39:40.0609 5948 WmiAcpi - ok
10:39:40.0622 5948 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:39:40.0625 5948 wmiApSrv - ok
10:39:40.0629 5948 WMPNetworkSvc - ok
10:39:40.0632 5948 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:39:40.0634 5948 WPCSvc - ok
10:39:40.0641 5948 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:39:40.0644 5948 WPDBusEnum - ok
10:39:40.0647 5948 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:39:40.0648 5948 ws2ifsl - ok
10:39:40.0655 5948 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:39:40.0657 5948 wscsvc - ok
10:39:40.0659 5948 WSearch - ok
10:39:40.0759 5948 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:39:40.0791 5948 wuauserv - ok
10:39:40.0825 5948 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:39:40.0827 5948 WudfPf - ok
10:39:40.0837 5948 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:39:40.0839 5948 WUDFRd - ok
10:39:40.0845 5948 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:39:40.0847 5948 wudfsvc - ok
10:39:40.0858 5948 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:39:40.0864 5948 WwanSvc - ok
10:39:40.0893 5948 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:39:40.0899 5948 YahooAUService - ok
10:39:40.0906 5948 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
10:39:40.0932 5948 \Device\Harddisk1\DR1 - ok
10:39:40.0935 5948 MBR (0x1B8) (842ec4429e02ca691ad8cd1adf8b3caa) \Device\Harddisk0\DR0
10:39:41.0049 5948 \Device\Harddisk0\DR0 - ok
10:39:41.0052 5948 Boot (0x1200) (81e9cbc0117223de0e8cb8d963a5fbc0) \Device\Harddisk1\DR1\Partition0
10:39:41.0054 5948 \Device\Harddisk1\DR1\Partition0 - ok
10:39:41.0056 5948 Boot (0x1200) (46751654c913df5b8d7f8b710ec8b7f6) \Device\Harddisk0\DR0\Partition0
10:39:41.0058 5948 \Device\Harddisk0\DR0\Partition0 - ok
10:39:41.0058 5948 ============================================================
10:39:41.0058 5948 Scan finished
10:39:41.0058 5948 ============================================================
10:39:41.0068 4568 Detected object count: 0
10:39:41.0068 4568 Actual detected object count: 0


aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 10:40:47
-----------------------------
10:40:47.139 OS Version: Windows x64 6.1.7601 Service Pack 1
10:40:47.139 Number of processors: 8 586 0x1A04
10:40:47.139 ComputerName: DANIEL-PC UserName: Daniel
10:40:47.336 Initialize success
10:41:42.944 AVAST engine defs: 12062300
10:41:53.979 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
10:41:53.981 Disk 0 Vendor: ADATA_SSD_S599_64GB 3.4.3 Size: 57241MB BusType: 11
10:41:53.984 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
10:41:53.986 Disk 1 Vendor: WDC_WD10EACS-00ZJB0 01.01B01 Size: 953869MB BusType: 11
10:41:53.990 Disk 0 MBR read successfully
10:41:53.993 Disk 0 MBR scan
10:41:53.997 Disk 0 unknown MBR code
10:41:54.001 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57239 MB offset 2048
10:41:54.008 Disk 0 scanning C:\Windows\system32\drivers
10:41:56.364 Service scanning
10:42:04.099 Modules scanning
10:42:04.107 Disk 0 trace - called modules:
10:42:04.113 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:42:04.119 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006488790]
10:42:04.125 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa800625a520]
10:42:04.130 5 ACPI.sys[fffff88000fa07a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8006256680]
10:42:04.345 AVAST engine scan C:\Windows
10:42:05.588 AVAST engine scan C:\Windows\system32
10:43:27.805 AVAST engine scan C:\Windows\system32\drivers
10:43:31.613 AVAST engine scan C:\Users\Daniel
10:54:20.565 AVAST engine scan C:\ProgramData
10:54:48.011 Scan finished successfully
10:55:02.170 Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
10:55:02.173 The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 AM

Posted 23 June 2012 - 01:07 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Nearis

Nearis
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 23 June 2012 - 01:20 PM

Still redirecting google searches back to google, other than that everything else seems to be fixed.

ComboFix 12-06-23.05 - Daniel 06/23/2012 11:11:31.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.3773 [GMT -7:00]
Running from: c:\users\Daniel\Desktop\ComboFix.exe
Command switches used :: c:\users\Daniel\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 18:15 . 2012-06-23 18:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-23 18:15 . 2012-06-23 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 17:55 . 2012-06-23 17:55 -------- d-----w- c:\users\Daniel\AppData\Roaming\Media Player Classic
2012-06-22 16:47 . 2012-06-23 15:56 -------- d-----w- c:\programdata\MFAData
2012-06-22 05:38 . 2012-06-22 05:38 -------- d-----w- c:\users\Daniel\AppData\Roaming\SUPERAntiSpyware.com
2012-06-22 05:38 . 2012-06-22 05:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-22 05:38 . 2012-06-22 05:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-22 05:17 . 2012-06-22 05:18 -------- d-----w- c:\programdata\PMS
2012-06-22 00:45 . 2012-06-22 01:00 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-06-22 00:45 . 2012-06-22 00:45 -------- d-----w- c:\programdata\Lavasoft
2012-06-22 00:44 . 2012-06-22 00:46 -------- d-----w- c:\users\Daniel\AppData\Roaming\Ad-Aware Antivirus
2012-06-22 00:42 . 2012-06-22 00:42 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-21 23:46 . 2012-06-21 23:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-21 12:27 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 12:27 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 12:27 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 12:27 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 12:27 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 12:27 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 12:27 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 12:27 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 12:27 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 03:19 . 2012-06-17 03:19 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-17 03:19 . 2012-06-17 03:19 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-13 13:03 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 13:03 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 13:03 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-11 16:05 . 2012-06-11 16:05 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-10 17:34 . 2012-06-10 17:34 -------- d-----w- c:\program files (x86)\EVEMon
2012-06-10 12:29 . 2012-06-10 12:29 -------- d-----w- c:\users\Daniel\AppData\Local\Macromedia
2012-06-03 01:40 . 2012-06-03 01:40 -------- d-----w- c:\users\Daniel\AppData\Roaming\AVG2012
2012-06-03 01:40 . 2012-06-03 01:56 -------- d-----w- c:\programdata\AVG2012
2012-06-01 15:34 . 2012-06-01 15:34 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 12:29 . 2012-04-22 15:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-10 12:29 . 2011-05-28 15:05 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 05:33 . 2012-04-22 15:33 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 11:50 . 2012-04-19 11:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 05:33 . 2012-04-06 05:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-11-10 03:16 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-01-27 05:59 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-02-15 03:07 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-01-27 05:20 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2011-01-27 05:40 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2011-11-10 02:33 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2011-11-10 02:29 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-01-27 05:12 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-02-15 02:12 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-11-10 02:11 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-04 22:56 . 2011-07-08 01:08 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-10 17:45 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 7398CBFB433E635F41DD42F249D14804 . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-06-23_16.34.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-24 18:33 . 2012-06-23 16:36 85338 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-23 16:36 34850 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-03-24 18:33 . 2012-06-23 15:52 15474 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-158390043-3670614479-1082866522-1001_UserData.bin
+ 2011-03-24 18:33 . 2012-06-23 16:36 15474 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-158390043-3670614479-1082866522-1001_UserData.bin
- 2012-06-23 16:34 . 2012-06-23 16:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-23 18:16 . 2012-06-23 18:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-06-23 16:31 675604 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-23 16:38 675604 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-23 16:38 126276 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-23 16:31 126276 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-23 16:33 507816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-23 18:15 507816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-25 09:31 . 2012-06-23 18:15 27358256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-158390043-3670614479-1082866522-1001-12288.dat
- 2011-03-25 09:31 . 2012-06-23 16:33 27358256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-158390043-3670614479-1082866522-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-18 880496]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
"EVEMon"="c:\program files (x86)\EVEMon\EVEMon.exe" [2012-06-10 2040320]
"Steam"="e:\steam\Steam.exe" [2012-01-14 1242448]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"D-Link SharePort"="c:\program files (x86)\D-Link\SharePort\SharePort.exe" [2010-04-16 2797568]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="e:\adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="e:\adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe" [2012-05-05 351904]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PS3 Media Server.lnk - c:\program files (x86)\PS3 Media Server\PMS.exe [2012-1-28 432761]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
SATARaid5Manager.lnk - c:\windows\Installer\{2ABC904F-6915-40AC-8CF8-B48743698CEC}\_19B708D90CBD3F24F241B9.exe [2011-12-4 1206]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 DlinkUDSMBus;DlinkUDSMBus;SysWOW64\Drivers\DlinkUDSMBus.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-09 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [2011-05-17 366872]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\system32\DRIVERS\Si3124r5.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]
S2 SATARaid5 Config Service;SATARaid5 Configuration Service;c:\program files (x86)\Silicon Image\3132-W-R\SATARaid5ConfigService.exe [2005-10-06 131072]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-22 21:42]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-22 21:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 76.102.75.10
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\64jb3iit.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:12,52,00,1a,08,50,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,31,26,79,f2,28,64,4d,86,a3,58,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,31,26,79,f2,28,64,4d,86,a3,58,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Java\jre7\bin\javaw.exe
c:\program files (x86)\AVG\AVG2012\avgui.exe
.
**************************************************************************
.
Completion time: 2012-06-23 11:18:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 18:18
ComboFix2.txt 2012-06-23 16:36
.
Pre-Run: 7,753,502,720 bytes free
Post-Run: 7,806,922,752 bytes free
.
- - End Of File - - F1A9D685D26D9063E57E6504260664A3

#12 Nearis

Nearis
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 23 June 2012 - 01:24 PM

Still redirecting google searches results back to google, other than that everything else seems to be fixed.

Edited by Nearis, 23 June 2012 - 01:26 PM.


#13 Nearis

Nearis
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 23 June 2012 - 04:34 PM

Just started getting the voice ads from IE again too

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 AM

Posted 23 June 2012 - 04:48 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Nearis

Nearis
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 23 June 2012 - 05:27 PM

Scan result of Farbar Recovery Scan Tool Version: 23-06-2012
Ran by SYSTEM at 23-06-2012 15:23:56
Running from D:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2328944 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4725320 2010-08-03] (Logitech Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [D-Link SharePort] C:\Program Files (x86)\D-Link\SharePort\SharePort.exe -mini [2797568 2010-04-15] (D-Link Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "E:\adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "E:\adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [x]
HKLM-x32\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2011-09-30] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKU\Daniel\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-18] (BitTorrent, Inc.)
HKU\Daniel\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6595928 2012-05-25] (Yahoo! Inc.)
HKU\Daniel\...\Run: [EVEMon] "C:\Program Files (x86)\EVEMon\EVEMon.exe" -startMinimized [2040320 2012-06-10] (EVEMon Development Team)
HKU\Daniel\...\Run: [Steam] "E:\steam\Steam.exe" -silent [x]
HKU\Daniel\...\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
HKU\Daniel\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-06-11] (SUPERAntiSpyware.com)
Tcpip\Parameters: [DhcpNameServer] 76.102.75.10
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\SATARaid5Manager.lnk
ShortcutTarget: SATARaid5Manager.lnk -> C:\Windows\Installer\{2ABC904F-6915-40AC-8CF8-B48743698CEC}\_19B708D90CBD3F24F241B9.exe ()
Startup: C:\Users\Daniel\Start Menu\Programs\Startup\PS3 Media Server.lnk
ShortcutTarget: PS3 Media Server.lnk -> C:\Program Files (x86)\PS3 Media Server\PMS.exe (A. Brochard)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-15] (Adobe Systems Incorporated)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 EventSystem; C:\Windows\SysWow64\es.dll [271360 2009-07-13] (Microsoft Corporation)
2 SATARaid5 Config Service; "C:\Program Files (x86)\Silicon Image\3132-W-R\SATARaid5ConfigService.exe" [131072 2005-10-05] ()
3 PS3 Media Server; "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf" [x]

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
3 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2011-12-11] (DT Soft Ltd)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
0 Si3124r5; C:\Windows\System32\Drivers\Si3124r5.sys [340008 2010-04-12] (Silicon Image, Inc)
0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22568 2010-04-12] (Silicon Image, Inc.)
0 SiRemFil; C:\Windows\System32\Drivers\SiRemFil.sys [16936 2010-04-12] (Silicon Image, Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 DlinkUDSMBus; C:\Windows\SysWow64\Drivers\DlinkUDSMBus.sys [x]
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-23 14:15 - 2012-06-23 14:15 - 00000943 ____A C:\Users\All Users\lxqicaa.tmp
2012-06-23 13:50 - 2012-06-23 13:50 - 01425803 ____A C:\Users\Daniel\Downloads\FRST64.exe
2012-06-23 10:18 - 2012-06-23 10:18 - 00030672 ____A C:\ComboFix.txt
2012-06-23 09:55 - 2012-06-23 09:55 - 00002008 ____A C:\Users\Daniel\Desktop\aswMBR.txt
2012-06-23 09:55 - 2012-06-23 09:55 - 00000512 ____A C:\Users\Daniel\Desktop\MBR.dat
2012-06-23 09:55 - 2012-06-23 09:55 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Media Player Classic
2012-06-23 09:40 - 2012-06-23 09:40 - 00067479 ____A C:\Users\Daniel\Desktop\TDSS.txt
2012-06-23 09:38 - 2012-06-23 09:39 - 04731392 ____A (AVAST Software) C:\Users\Daniel\Desktop\aswMBR.exe
2012-06-23 09:38 - 2012-06-23 09:38 - 02128472 ____A (Kaspersky Lab ZAO) C:\Users\Daniel\Desktop\tdsskiller.exe
2012-06-23 08:27 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-23 08:27 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-23 08:27 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-23 08:27 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-23 08:27 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-23 08:27 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-23 08:27 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-23 08:27 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-23 08:25 - 2012-06-23 10:18 - 00000000 ____D C:\Qoobox
2012-06-23 08:25 - 2012-06-23 08:35 - 00000000 ____D C:\Windows\erdnt
2012-06-23 08:23 - 2012-06-23 08:24 - 04565820 ____R (Swearware) C:\Users\Daniel\Desktop\ComboFix.exe
2012-06-23 07:59 - 2012-06-23 07:59 - 00001253 ____A C:\Users\Daniel\Desktop\security check.txt
2012-06-23 07:55 - 2012-06-23 07:55 - 00000474 ____A C:\Users\Daniel\Desktop\defogger_disable.log
2012-06-23 07:55 - 2012-06-23 07:55 - 00000000 ____A C:\Users\Daniel\defogger_reenable
2012-06-23 07:52 - 2012-06-23 07:52 - 00881475 ____A C:\Users\Daniel\Desktop\SecurityCheck.exe
2012-06-23 07:52 - 2012-06-23 07:52 - 00607260 ____R (Swearware) C:\Users\Daniel\Desktop\dds.scr
2012-06-23 07:52 - 2012-06-23 07:52 - 00050477 ____A C:\Users\Daniel\Desktop\Defogger.exe
2012-06-22 08:47 - 2012-06-23 07:56 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-21 21:38 - 2012-06-21 21:38 - 17992224 ____A (SUPERAntiSpyware.com) C:\Users\Daniel\Downloads\SUPERAntiSpyware.exe
2012-06-21 21:38 - 2012-06-21 21:38 - 00001815 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-06-21 21:38 - 2012-06-21 21:38 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\SUPERAntiSpyware.com
2012-06-21 21:38 - 2012-06-21 21:38 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-21 21:38 - 2012-06-21 21:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-21 21:17 - 2012-06-21 21:18 - 00000000 ____D C:\Users\All Users\PMS
2012-06-21 21:11 - 2012-06-21 21:11 - 00000183 ____A C:\Users\Daniel\Desktop\avgrep.txt
2012-06-21 16:45 - 2012-06-21 17:00 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-06-21 16:45 - 2012-06-21 16:45 - 00000012 ____A C:\Users\Daniel\Downloads\FSSC.dat
2012-06-21 16:45 - 2012-06-21 16:45 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-06-21 16:44 - 2012-06-21 16:46 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Ad-Aware Antivirus
2012-06-21 16:44 - 2012-06-21 16:44 - 06236280 ____A (Lavasoft Limited) C:\Users\Daniel\Downloads\Adaware_Installer.exe
2012-06-21 16:42 - 2012-06-21 16:42 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-21 16:22 - 2012-06-21 16:22 - 00000000 ____A C:\Users\Daniel\Documents\all
2012-06-21 15:46 - 2012-06-21 15:46 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-21 04:27 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 04:27 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 04:27 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 04:27 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 04:27 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 04:27 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 04:27 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 04:27 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 04:27 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-18 20:30 - 2012-06-18 20:30 - 07244664 ____A C:\Users\Daniel\Downloads\Attachments_2012_06_18.zip
2012-06-18 20:30 - 2012-06-18 20:30 - 05943011 ____A C:\Users\Daniel\Downloads\Attachments_2012_06_18(1).zip
2012-06-15 15:24 - 2012-06-15 15:24 - 00240828 ____A C:\Users\Daniel\Downloads\[1.2.5]ReiMinimap_v3.1.zip
2012-06-15 15:22 - 2012-06-15 15:22 - 00198882 ____A C:\Users\Daniel\Downloads\MOAT(1.2.5).zip
2012-06-15 14:59 - 2012-06-15 14:59 - 00000000 ____D C:\Users\Daniel\Desktop\bin
2012-06-15 14:58 - 2012-06-15 14:58 - 00278561 ____A C:\Users\Daniel\Desktop\Minecraft.exe
2012-06-15 14:28 - 2012-06-15 14:28 - 00103347 ____A C:\Users\Daniel\Desktop\ModLoader.zip
2012-06-13 22:22 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 22:22 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 22:22 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 22:22 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 22:22 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 22:22 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 22:22 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 22:22 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 22:22 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 22:22 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 22:22 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 22:22 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 22:22 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 22:22 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 22:22 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 22:22 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 22:22 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 22:22 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 22:22 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 22:22 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 22:22 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 22:22 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 22:22 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 22:22 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 22:22 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 22:22 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 22:22 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 22:22 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 14:25 - 2012-06-15 17:38 - 00000000 ____D C:\Users\Daniel\Desktop\mine craft xerver
2012-06-13 14:15 - 2012-06-13 14:15 - 00002629 ____A C:\Users\Daniel\Downloads\skin_20120613162432140717.png
2012-06-13 05:03 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 05:03 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 05:03 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 05:02 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 05:02 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 05:02 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 05:02 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 05:02 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 05:02 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-13 05:02 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 05:02 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 05:02 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 05:02 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 05:02 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 05:02 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 05:02 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 05:02 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 05:02 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-11 08:05 - 2012-06-11 08:05 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-06-10 16:40 - 2012-06-15 15:23 - 00000000 ____D C:\Users\Daniel\Desktop\mods
2012-06-10 15:57 - 2012-06-10 16:07 - 24280667 ____A C:\Users\Daniel\Downloads\sy9069p.rar
2012-06-10 09:35 - 2012-06-10 09:34 - 00219667 ____A C:\Users\Daniel\Documents\EVEMon_Settings_3611.xml.bak
2012-06-10 09:34 - 2012-06-10 09:34 - 00000000 ____D C:\Program Files (x86)\EVEMon
2012-06-10 04:29 - 2012-06-10 04:29 - 00000000 ____D C:\Users\Daniel\AppData\Local\Macromedia
2012-06-05 15:07 - 2012-06-05 15:07 - 00000745 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-06-05 15:06 - 2012-06-05 15:06 - 40048208 ____A (Blizzard Entertainment) C:\Users\Daniel\Downloads\Diablo-III-Setup-enUS.exe
2012-06-02 17:40 - 2012-06-21 21:00 - 00001129 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-06-02 17:40 - 2012-06-02 17:56 - 00000000 ____D C:\Users\All Users\AVG2012
2012-06-02 17:40 - 2012-06-02 17:40 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVG2012
2012-05-31 21:49 - 2012-05-31 21:49 - 09811100 ____A C:\Users\Daniel\Downloads\Dky.avi
2012-05-31 11:21 - 2012-05-31 11:21 - 00001142 ____A C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2012-05-31 11:20 - 2012-05-31 11:20 - 00439704 ____A (Yahoo! Inc.) C:\Users\Daniel\Downloads\msgr11us.exe
2012-05-28 13:11 - 2012-05-28 13:11 - 02003305 ____A C:\Users\Daniel\Downloads\EFT2.15.zip


============ 3 Months Modified Files and Folders =============

2012-06-23 15:23 - 2012-06-23 15:23 - 00000000 ____D C:\FRST
2012-06-23 14:15 - 2012-06-23 14:15 - 00000943 ____A C:\Users\All Users\lxqicaa.tmp
2012-06-23 14:15 - 2012-03-31 13:55 - 00000000 ____D C:\Program Files\PeerBlock
2012-06-23 14:15 - 2011-03-24 09:48 - 01835039 ____A C:\Windows\WindowsUpdate.log
2012-06-23 13:50 - 2012-06-23 13:50 - 01425803 ____A C:\Users\Daniel\Downloads\FRST64.exe
2012-06-23 13:26 - 2012-02-22 05:43 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\.minecraft
2012-06-23 13:25 - 2011-05-15 22:48 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mumble
2012-06-23 13:21 - 2009-07-13 21:13 - 00800322 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-23 13:21 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-23 13:21 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-23 13:19 - 2011-07-22 13:42 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-23 13:15 - 2011-03-24 09:52 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent
2012-06-23 13:14 - 2011-07-22 13:42 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-23 13:14 - 2011-03-25 14:11 - 00041174 ____A C:\Windows\PFRO.log
2012-06-23 13:14 - 2011-03-24 09:59 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server
2012-06-23 13:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-23 13:14 - 2009-07-13 20:51 - 00057666 ____A C:\Windows\setupact.log
2012-06-23 12:33 - 2011-03-24 09:56 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2012-06-23 10:18 - 2012-06-23 10:18 - 00030672 ____A C:\ComboFix.txt
2012-06-23 10:18 - 2012-06-23 08:25 - 00000000 ____D C:\Qoobox
2012-06-23 10:16 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-23 09:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-23 09:55 - 2012-06-23 09:55 - 00002008 ____A C:\Users\Daniel\Desktop\aswMBR.txt
2012-06-23 09:55 - 2012-06-23 09:55 - 00000512 ____A C:\Users\Daniel\Desktop\MBR.dat
2012-06-23 09:55 - 2012-06-23 09:55 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Media Player Classic
2012-06-23 09:40 - 2012-06-23 09:40 - 00067479 ____A C:\Users\Daniel\Desktop\TDSS.txt
2012-06-23 09:39 - 2012-06-23 09:38 - 04731392 ____A (AVAST Software) C:\Users\Daniel\Desktop\aswMBR.exe
2012-06-23 09:38 - 2012-06-23 09:38 - 02128472 ____A (Kaspersky Lab ZAO) C:\Users\Daniel\Desktop\tdsskiller.exe
2012-06-23 08:36 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-06-23 08:35 - 2012-06-23 08:25 - 00000000 ____D C:\Windows\erdnt
2012-06-23 08:24 - 2012-06-23 08:23 - 04565820 ____R (Swearware) C:\Users\Daniel\Desktop\ComboFix.exe
2012-06-23 07:59 - 2012-06-23 07:59 - 00001253 ____A C:\Users\Daniel\Desktop\security check.txt
2012-06-23 07:56 - 2012-06-22 08:47 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-23 07:56 - 2011-03-24 09:56 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-23 07:55 - 2012-06-23 07:55 - 00000474 ____A C:\Users\Daniel\Desktop\defogger_disable.log
2012-06-23 07:55 - 2012-06-23 07:55 - 00000000 ____A C:\Users\Daniel\defogger_reenable
2012-06-23 07:55 - 2011-03-24 09:49 - 00000000 ____D C:\users\Daniel
2012-06-23 07:52 - 2012-06-23 07:52 - 00881475 ____A C:\Users\Daniel\Desktop\SecurityCheck.exe
2012-06-23 07:52 - 2012-06-23 07:52 - 00607260 ____R (Swearware) C:\Users\Daniel\Desktop\dds.scr
2012-06-23 07:52 - 2012-06-23 07:52 - 00050477 ____A C:\Users\Daniel\Desktop\Defogger.exe
2012-06-21 21:38 - 2012-06-21 21:38 - 17992224 ____A (SUPERAntiSpyware.com) C:\Users\Daniel\Downloads\SUPERAntiSpyware.exe
2012-06-21 21:38 - 2012-06-21 21:38 - 00001815 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-06-21 21:38 - 2012-06-21 21:38 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\SUPERAntiSpyware.com
2012-06-21 21:38 - 2012-06-21 21:38 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-21 21:38 - 2012-06-21 21:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-21 21:18 - 2012-06-21 21:17 - 00000000 ____D C:\Users\All Users\PMS
2012-06-21 21:11 - 2012-06-21 21:11 - 00000183 ____A C:\Users\Daniel\Desktop\avgrep.txt
2012-06-21 21:00 - 2012-06-02 17:40 - 00001129 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-06-21 17:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2012-06-21 17:00 - 2012-06-21 16:45 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-06-21 16:48 - 2012-01-11 11:46 - 00000000 __SHD C:\Users\Daniel\AppData\Local\{56b1b460-45ac-0de8-ec14-4de09bd16350}
2012-06-21 16:46 - 2012-06-21 16:44 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Ad-Aware Antivirus
2012-06-21 16:45 - 2012-06-21 16:45 - 00000012 ____A C:\Users\Daniel\Downloads\FSSC.dat
2012-06-21 16:45 - 2012-06-21 16:45 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-06-21 16:44 - 2012-06-21 16:44 - 06236280 ____A (Lavasoft Limited) C:\Users\Daniel\Downloads\Adaware_Installer.exe
2012-06-21 16:42 - 2012-06-21 16:42 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-21 16:22 - 2012-06-21 16:22 - 00000000 ____A C:\Users\Daniel\Documents\all
2012-06-21 16:04 - 2011-04-13 21:31 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
2012-06-21 15:46 - 2012-06-21 15:46 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-21 05:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-18 20:30 - 2012-06-18 20:30 - 07244664 ____A C:\Users\Daniel\Downloads\Attachments_2012_06_18.zip
2012-06-18 20:30 - 2012-06-18 20:30 - 05943011 ____A C:\Users\Daniel\Downloads\Attachments_2012_06_18(1).zip
2012-06-17 04:30 - 2012-04-25 21:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-16 19:19 - 2011-03-24 10:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-15 17:38 - 2012-06-13 14:25 - 00000000 ____D C:\Users\Daniel\Desktop\mine craft xerver
2012-06-15 15:24 - 2012-06-15 15:24 - 00240828 ____A C:\Users\Daniel\Downloads\[1.2.5]ReiMinimap_v3.1.zip
2012-06-15 15:23 - 2012-06-10 16:40 - 00000000 ____D C:\Users\Daniel\Desktop\mods
2012-06-15 15:22 - 2012-06-15 15:22 - 00198882 ____A C:\Users\Daniel\Downloads\MOAT(1.2.5).zip
2012-06-15 14:59 - 2012-06-15 14:59 - 00000000 ____D C:\Users\Daniel\Desktop\bin
2012-06-15 14:58 - 2012-06-15 14:58 - 00278561 ____A C:\Users\Daniel\Desktop\Minecraft.exe
2012-06-15 14:28 - 2012-06-15 14:28 - 00103347 ____A C:\Users\Daniel\Desktop\ModLoader.zip
2012-06-15 06:45 - 2009-07-13 21:08 - 00032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-14 04:29 - 2009-07-13 20:45 - 03049232 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 22:26 - 2011-11-10 13:32 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-13 22:25 - 2011-03-25 12:49 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 14:15 - 2012-06-13 14:15 - 00002629 ____A C:\Users\Daniel\Downloads\skin_20120613162432140717.png
2012-06-12 20:46 - 2011-08-22 21:49 - 00201576 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-06-11 21:45 - 2011-07-24 14:05 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2012-06-11 21:20 - 2011-07-22 13:42 - 00002347 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-06-11 08:05 - 2012-06-11 08:05 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-06-10 16:07 - 2012-06-10 15:57 - 24280667 ____A C:\Users\Daniel\Downloads\sy9069p.rar
2012-06-10 09:35 - 2011-03-24 10:38 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\EVEMon
2012-06-10 09:34 - 2012-06-10 09:35 - 00219667 ____A C:\Users\Daniel\Documents\EVEMon_Settings_3611.xml.bak
2012-06-10 09:34 - 2012-06-10 09:34 - 00000000 ____D C:\Program Files (x86)\EVEMon
2012-06-10 04:29 - 2012-06-10 04:29 - 00000000 ____D C:\Users\Daniel\AppData\Local\Macromedia
2012-06-10 04:29 - 2012-04-22 07:05 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-10 04:29 - 2011-05-28 07:05 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-08 08:14 - 2012-04-26 19:41 - 00001787 ____A C:\Users\Daniel\Desktop\PeerBlock.lnk
2012-06-05 15:07 - 2012-06-05 15:07 - 00000745 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-06-05 15:06 - 2012-06-05 15:06 - 40048208 ____A (Blizzard Entertainment) C:\Users\Daniel\Downloads\Diablo-III-Setup-enUS.exe
2012-06-02 17:56 - 2012-06-02 17:40 - 00000000 ____D C:\Users\All Users\AVG2012
2012-06-02 17:40 - 2012-06-02 17:40 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVG2012
2012-06-02 17:40 - 2012-04-06 14:36 - 00000000 ____D C:\$AVG
2012-06-02 17:39 - 2011-03-24 09:56 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-02 14:19 - 2012-06-21 04:27 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 04:27 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 04:27 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-21 04:27 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 04:27 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 04:27 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 04:27 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 04:27 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-21 04:27 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 21:49 - 2012-05-31 21:49 - 09811100 ____A C:\Users\Daniel\Downloads\Dky.avi
2012-05-31 11:21 - 2012-05-31 11:21 - 00001142 ____A C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2012-05-31 11:20 - 2012-05-31 11:20 - 00439704 ____A (Yahoo! Inc.) C:\Users\Daniel\Downloads\msgr11us.exe
2012-05-28 13:11 - 2012-05-28 13:11 - 02003305 ____A C:\Users\Daniel\Downloads\EFT2.15.zip
2012-05-18 13:50 - 2011-03-24 09:52 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-18 10:48 - 2011-03-24 09:52 - 00000950 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-17 18:47 - 2012-06-13 22:22 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 22:22 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 22:22 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 22:22 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 22:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 22:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 22:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 22:22 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 22:22 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 22:22 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 22:22 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 22:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 22:22 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 22:22 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 16:17 - 2012-05-17 16:17 - 33451432 ____A C:\Users\Daniel\Downloads\young_stallion_cum_in_me.wmv
2012-05-17 16:16 - 2012-05-17 16:15 - 05139880 ____A C:\Users\Daniel\Downloads\young_stallion_cum_in_me.wmv.004
2012-05-17 16:13 - 2012-05-17 16:12 - 09437184 ____A C:\Users\Daniel\Downloads\young_stallion_cum_in_me.wmv.003
2012-05-17 16:11 - 2012-05-17 16:10 - 09437184 ____A C:\Users\Daniel\Downloads\young_stallion_cum_in_me.wmv.002
2012-05-17 16:08 - 2012-05-17 16:07 - 09437184 ____A C:\Users\Daniel\Downloads\young_stallion_cum_in_me.wmv.001
2012-05-17 15:11 - 2012-06-13 22:22 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 22:22 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 22:22 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 22:22 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 22:22 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 22:22 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 22:22 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 22:22 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 22:22 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 22:22 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 22:22 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 22:22 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 22:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 22:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-13 05:02 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 10:16 - 2012-05-12 10:16 - 13703830 ____A C:\Users\Daniel\Downloads\stallion.avi
2012-05-12 10:16 - 2012-05-12 10:16 - 00194885 ____A C:\Users\Daniel\Downloads\hjsplit.zip
2012-05-12 10:14 - 2012-05-12 10:14 - 03975830 ____A C:\Users\Daniel\Downloads\stallion.avi.002
2012-05-12 10:11 - 2012-05-12 10:11 - 09728000 ____A C:\Users\Daniel\Downloads\stallion.avi.001
2012-05-11 02:21 - 2011-11-30 11:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 02:00 - 2009-07-13 23:46 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-06 16:36 - 2012-05-06 16:36 - 00009467 ____A C:\Users\Daniel\Documents\SriLanka.gif
2012-05-05 07:55 - 2012-05-05 07:55 - 00000000 ____D C:\Users\All Users\ATI
2012-05-05 07:54 - 2012-05-05 07:54 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2012-05-05 07:54 - 2012-05-05 07:54 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-05-05 07:54 - 2012-03-10 21:47 - 00000000 ____D C:\Users\All Users\AMD
2012-05-05 07:54 - 2011-03-25 20:06 - 00000000 ____D C:\Program Files\ATI Technologies
2012-05-04 21:33 - 2012-04-22 07:33 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 18:12 - 2011-07-07 17:13 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-04 17:51 - 2012-05-04 17:51 - 00001265 ____A C:\Users\Daniel\Desktop\Spybot - Search & Destroy.lnk
2012-05-04 17:51 - 2011-07-07 17:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-04 17:49 - 2012-05-04 17:49 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-04 17:49 - 2011-07-07 17:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-04 03:06 - 2012-06-13 05:02 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 05:02 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 05:02 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 18:43 - 2011-03-24 09:53 - 00000000 ____D C:\Users\Daniel\AppData\Local\Apple Computer
2012-04-30 21:40 - 2012-06-13 05:02 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 16:30 - 2011-04-08 20:43 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\TS3Client
2012-04-28 16:30 - 2011-04-08 19:21 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2012-04-27 21:32 - 2012-06-13 05:02 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:55 - 2012-06-13 05:02 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 19:53 - 2012-04-26 19:53 - 00229548 ____A C:\Users\Daniel\Downloads\1055.BFE.reg
2012-04-26 19:53 - 2012-04-26 19:53 - 00006396 ____A C:\Users\Daniel\Downloads\0677.mpssvc.reg
2012-04-26 19:17 - 2012-04-26 19:17 - 00068545 ____A C:\Users\Daniel\Documents\Presentation1.pptx
2012-04-26 17:43 - 2012-04-26 17:43 - 05157694 ____A C:\Users\Daniel\Downloads\vid03.wmv
2012-04-26 17:42 - 2012-04-26 17:42 - 05420836 ____A C:\Users\Daniel\Downloads\vid04.wmv
2012-04-25 21:41 - 2012-06-13 05:03 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 05:03 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 05:03 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 21:00 - 2012-04-25 21:00 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-23 21:37 - 2012-06-13 05:02 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 05:02 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 05:02 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 05:02 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 05:02 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 05:02 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-22 14:49 - 2012-04-22 14:48 - 00000000 ____D C:\Users\Daniel\AppData\Local\TERA
2012-04-22 14:48 - 2012-04-22 14:48 - 00000419 ____A C:\Users\Public\Desktop\TERA-Launcher.lnk
2012-04-22 14:48 - 2011-03-24 09:57 - 00170594 ____A C:\Windows\DirectX.log
2012-04-22 14:46 - 2012-04-22 14:46 - 96234888 ____A (En Masse Entertainment) C:\Users\Daniel\Downloads\TERA-Setup.exe
2012-04-21 15:16 - 2012-04-21 15:16 - 00000000 ____D C:\Users\Daniel\Documents\Diablo III
2012-04-20 19:31 - 2012-04-20 19:31 - 00000000 ____D C:\Users\All Users\Battle.net
2012-04-20 19:31 - 2012-04-20 19:30 - 46104904 ____A (Blizzard Entertainment) C:\Users\Daniel\Downloads\Diablo-III-Beta-enUS-Setup.exe
2012-04-19 20:08 - 2012-04-19 20:08 - 00064454 ____A C:\Users\Daniel\Downloads\Active Blinks.htm
2012-04-19 19:29 - 2012-04-19 19:26 - 00000000 ____D C:\Users\Daniel\Documents\Mount&Blade With Fire and Sword
2012-04-19 19:28 - 2012-04-19 19:26 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mount&Blade With Fire and Sword
2012-04-19 19:26 - 2012-04-19 19:25 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mount&Blade Warband
2012-04-19 19:25 - 2012-04-19 19:25 - 00000000 ____D C:\Users\Daniel\Documents\Mount&Blade Warband Savegames
2012-04-19 19:25 - 2012-04-19 19:25 - 00000000 ____D C:\Users\Daniel\Documents\Mount&Blade Warband
2012-04-19 19:09 - 2012-04-19 19:09 - 00000201 ____A C:\Users\Daniel\Desktop\Mount & Blade.url
2012-04-19 19:09 - 2012-04-19 19:09 - 00000201 ____A C:\Users\Daniel\Desktop\Mount & Blade With Fire and Sword.url
2012-04-19 19:09 - 2012-04-19 19:09 - 00000201 ____A C:\Users\Daniel\Desktop\Mount & Blade Warband.url
2012-04-19 03:50 - 2012-04-19 03:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-04-16 19:13 - 2012-04-16 19:13 - 02000421 ____A C:\Users\Daniel\Downloads\EFT2.14.8.zip
2012-04-15 19:58 - 2012-04-15 19:58 - 00041199 ____A C:\Users\Daniel\Downloads\Attachments_2012_04_15.zip
2012-04-12 02:01 - 2012-04-12 02:01 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-12 02:01 - 2012-04-12 02:01 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-12 02:01 - 2009-07-13 18:34 - 00000513 ____A C:\Windows\win.ini
2012-04-11 19:56 - 2012-04-11 19:10 - 00000000 ____D C:\Users\Daniel\Documents\ALS
2012-04-07 08:05 - 2012-04-07 08:05 - 02105040 ____A (PeerBlock, LLC ) C:\Users\Daniel\Downloads\PeerBlock-Setup_v1.1_r518.exe
2012-04-07 04:31 - 2012-06-13 05:02 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-13 05:02 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-06 09:02 - 2012-04-06 09:02 - 00229290 ____A C:\Users\Daniel\Documents\EVEMon_Settings_3464.xml.bak
2012-04-05 21:34 - 2012-04-05 21:34 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-04-05 21:34 - 2012-04-05 21:34 - 00074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-04-05 21:34 - 2012-04-05 21:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-04-05 21:33 - 2012-04-05 21:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-04-05 21:33 - 2012-04-05 21:33 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-04-05 21:33 - 2012-04-05 21:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-04-05 21:32 - 2012-04-05 21:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-04-05 21:22 - 2012-04-05 21:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
2012-04-05 18:22 - 2012-04-05 18:22 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-04-05 18:21 - 2011-11-09 19:16 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-04-05 18:20 - 2011-01-26 21:59 - 01067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 00503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-04-05 18:16 - 2012-04-05 18:16 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 00236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-04-05 18:14 - 2012-04-05 18:14 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-04-05 18:13 - 2012-02-14 19:07 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-04-05 18:10 - 2012-04-05 18:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-04-05 18:00 - 2011-01-26 21:20 - 00064000 ____A (AMD) C:\Windows\System32\coinst.dll
2012-04-05 17:54 - 2011-01-26 21:40 - 07479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-04-05 17:50 - 2012-04-05 17:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-04-05 17:35 - 2012-04-05 17:35 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 04731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-04-05 17:34 - 2011-11-09 18:33 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 02631008 ____A C:\Windows\System32\atiumd6a.cap
2012-04-05 17:25 - 2012-04-05 17:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-04-05 17:23 - 2012-04-05 17:23 - 07431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-04-05 17:22 - 2011-11-09 18:29 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-04-05 17:21 - 2012-04-05 17:21 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-04-05 17:11 - 2012-04-05 17:11 - 00514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-04-05 17:10 - 2012-04-05 17:10 - 00343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-04-05 17:10 - 2012-04-05 17:10 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 00044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-04-05 17:09 - 2012-02-14 18:12 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-04-05 17:09 - 2011-11-09 18:11 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-04-05 17:09 - 2011-01-26 21:12 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-04-04 14:56 - 2011-07-07 17:08 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 04:29 - 2012-04-04 04:29 - 00001790 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-04 04:29 - 2012-04-04 04:29 - 00000000 ____D C:\Program Files\iTunes
2012-04-04 04:29 - 2012-04-04 04:29 - 00000000 ____D C:\Program Files\iPod
2012-04-04 04:29 - 2012-04-04 04:29 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-04-03 16:15 - 2011-08-24 19:48 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-03 16:15 - 2011-07-22 13:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-04-03 16:15 - 2011-07-22 13:41 - 00000000 ____D C:\Users\All Users\Skype
2012-04-03 12:13 - 2011-04-18 09:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe
2012-04-03 12:13 - 2011-03-24 10:42 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Adobe
2012-03-31 13:55 - 2012-03-31 13:55 - 02104576 ____A (PeerBlock, LLC ) C:\Users\Daniel\Downloads\PeerBlock-Setup_v1.0+_r484.exe
2012-03-30 03:35 - 2012-05-10 09:45 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 14:44 - 2012-03-28 14:44 - 00001073 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-03-28 14:43 - 2012-01-16 00:55 - 00000000 ____D C:\Users\Daniel\Documents\My Games

ZeroAccess:
C:\Windows\Installer\{56b1b460-45ac-0de8-ec14-4de09bd16350}
C:\Windows\Installer\{56b1b460-45ac-0de8-ec14-4de09bd16350}\L
C:\Windows\Installer\{56b1b460-45ac-0de8-ec14-4de09bd16350}\U

ZeroAccess:
C:\Users\Daniel\AppData\Local\{56b1b460-45ac-0de8-ec14-4de09bd16350}
C:\Users\Daniel\AppData\Local\{56b1b460-45ac-0de8-ec14-4de09bd16350}\@
C:\Users\Daniel\AppData\Local\{56b1b460-45ac-0de8-ec14-4de09bd16350}\L
C:\Users\Daniel\AppData\Local\{56b1b460-45ac-0de8-ec14-4de09bd16350}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll
[2011-03-25 12:57] - [2010-11-20 04:08] - 0857600 ____A (Microsoft Corporation) 7398CBFB433E635F41DD42F249D14804

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 6135.18 MB
Available physical RAM: 5227.45 MB
Total Pagefile: 6133.32 MB
Available Pagefile: 5227.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:55.9 GB) (Free:9.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (External) (Fixed) (Total:931.51 GB) (Free:93.48 GB) NTFS
3 Drive e: (WIN_7_HOMEPREMIUM) (CDROM) (Total:5.75 GB) (Free:0 GB) UDF
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 55 GB 0 B
Disk 1 Online 931 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 55 GB 1024 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Windows NTFS Partition 55 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 0 Extended 931 GB 31 KB
Partition 1 Logical 931 GB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D External NTFS Partition 931 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-18 06:28

======================= End Of Log ==========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users