Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google webhp malware?


  • This topic is locked This topic is locked
12 replies to this topic

#1 hf44

hf44

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 26 June 2012 - 01:25 AM

Hi,

I am experiencing a redirect problem on my search engine websites (mainly Google). It either goes to a random page with pop-ups, or goes back to Google with an address of www.google.com/webhp. I read several similiar posts, but wasn't sure I was supposed to use the same steps. Please help with this virus fix, it would be much appreciated!



I saw this post, and its my problem, i followed the same instructions. here is the post:
http://www.bleepingcomputer.com/forums/topic456485.html


here are the things i need to copy and paste..



checkup:



Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Frontline Registry Cleaner
Java™ 6 Update 32
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````







DDS :



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by User at 2:33:34 on 2012-06-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1626 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Users\User\AppData\Roaming\cacaoweb\cacaoweb.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Users\User\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\SysWOW64\ping.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {652853ad-5592-4231-88c6-706613a52e61} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Complitly: {d27fc31c-6e3d-4305-8d53-acdaefa5f862} - C:\Users\User\AppData\Roaming\Complitly\Complitly.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {652853ad-5592-4231-88c6-706613a52e61} - No File
uRun: [cacaoweb] "C:\Users\User\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
uRun: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://68.41.109.166/cab/OCXChecker_8320.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} - hxxp://68.41.109.166/cab/DownloadCenter_8300.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4F7CB79C-0CB0-4068-9CB4-C004D2942234} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4F7CB79C-0CB0-4068-9CB4-C004D2942234}\14C69656E677162756 : DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
TCP: Interfaces\{4F7CB79C-0CB0-4068-9CB4-C004D2942234}\2607C657E67796275646 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{4F7CB79C-0CB0-4068-9CB4-C004D2942234}\2656C6B696E6E2332303 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4F7CB79C-0CB0-4068-9CB4-C004D2942234}\44F4C414 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4F7CB79C-0CB0-4068-9CB4-C004D2942234}\758535D463 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{855EECEF-B3D0-4220-9273-12CA0BFE17A5} : DhcpNameServer = 172.16.145.103 172.16.145.103
TCP: Interfaces\{C05AD519-926E-46DA-A286-D6B3A0E85834} : DhcpNameServer = 10.20.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: {652853ad-5592-4231-88c6-706613a52e61} - No File
BHO-X64: Somoto Toolbar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Complitly: {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\User\AppData\Roaming\Complitly\Complitly.dll
BHO-X64: Complitly - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {652853ad-5592-4231-88c6-706613a52e61} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qvlj97ar.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 SMR300;Symantec SMR Utility Service 3.0.0;C:\Windows\system32\drivers\SMR300.SYS --> C:\Windows\system32\drivers\SMR300.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-11-2 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-6-25 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
R2 McShield;McShield;"C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" --> C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [?]
R2 mfefire;McAfee Firewall Core Service;"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" --> C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [?]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
RUnknown SymIRON;SymIRON; [x]
RUnknown SymNetS;SymNetS; [x]
S2 0321111340680693mcinstcleanup;McAfee Application Installer Cleanup (0321111340680693);C:\Users\User\AppData\Local\Temp\032111~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Users\User\AppData\Local\Temp\032111~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-11-4 8192]
S2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-12 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-25 113120]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
SUnknown EraserUtilRebootDrv;EraserUtilRebootDrv; [x]
.
=============== Created Last 30 ================
.
2012-06-26 03:40:04 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-26 03:40:00 85472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-26 03:18:06 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-06-26 03:17:16 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-06-26 03:17:04 149032 ----a-w- C:\Windows\System32\mfevtps.exe.c244.deleteme
2012-06-26 03:16:50 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-06-26 03:16:49 -------- d-----w- C:\Program Files\McAfee.com
2012-06-26 03:16:49 -------- d-----w- C:\Program Files\McAfee
2012-06-26 03:16:46 -------- d-----w- C:\Program Files (x86)\McAfee
2012-06-25 23:43:54 96376 ----a-w- C:\Windows\System32\drivers\SMR300.SYS
2012-06-25 23:43:47 -------- d-----w- C:\Users\User\AppData\Local\NPE
2012-06-25 21:44:16 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-06-25 21:28:41 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-06-25 01:33:21 -------- d-----w- C:\Users\User\jagexcache
2012-06-24 23:24:23 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-24 23:24:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-24 23:23:34 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-24 23:23:34 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 22:03:42 -------- d-----w- C:\.jagex_cache_32
2012-06-12 22:48:39 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-12 22:48:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-12 22:48:39 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-12 22:48:14 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-12 22:48:07 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-12 22:48:05 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-12 22:48:05 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-12 22:47:40 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-12 22:47:34 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-12 22:47:30 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-12 22:47:28 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-12 22:47:18 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-12 22:47:17 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-12 22:47:17 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-12 22:47:17 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-12 22:47:17 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-12 22:47:17 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-11 03:09:26 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
2012-06-11 03:09:19 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-10 02:39:29 -------- d-----w- C:\Users\User\AppData\Local\Macromedia
2012-06-07 19:13:21 -------- d-----w- C:\Users\User\AppData\Roaming\Copyright © 2011-2012 RealNetworks
2012-06-07 19:13:20 -------- d-----w- C:\Users\User\AppData\Local\IsolatedStorage
2012-06-07 06:39:59 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-06 04:26:56 -------- d-----w- C:\sn0wbreeze
2012-06-05 19:04:28 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F7060F48-40A4-4CB3-BD62-C47ED962DD78}\mpengine.dll
2012-06-05 18:57:23 -------- d-----w- C:\Program Files (x86)\Project64 1.6
.
==================== Find3M ====================
.
2012-06-23 02:13:58 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 02:13:58 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-23 02:13:53 9815752 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-19 01:24:23 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-05-19 01:24:22 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-05-18 04:11:21 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-18 04:11:21 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-08 21:32:50 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-04-05 02:42:04 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-04-05 02:42:03 770912 ----a-w- C:\Windows\SysWow64\Msfdbqp.dll
2012-04-05 02:42:03 511328 ----a-w- C:\Windows\SysWow64\Synchronization2.dll
2012-04-05 02:42:03 397152 ----a-w- C:\Windows\SysWow64\Msfdbse.dll
2012-04-05 02:42:03 253280 ----a-w- C:\Windows\SysWow64\MetaStore2.dll
2012-04-05 02:42:03 230240 ----a-w- C:\Windows\SysWow64\Msfdb.dll
2012-04-05 02:42:03 189792 ----a-w- C:\Windows\SysWow64\SimpleProviders2.dll
2012-04-05 02:42:03 171360 ----a-w- C:\Windows\SysWow64\FileSyncProvider2.dll
2012-04-05 02:42:03 156512 ----a-w- C:\Windows\SysWow64\FeedSync2.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 2:34:06.73 ===============


ATTACH:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/2/2011 1:15:28 PM
System Uptime: 6/25/2012 7:44:57 PM (7 hours ago)
.
Motherboard: Hewlett-Packard | | 1444
Processor: AMD Turion™ II P540 Dual-Core Processor | Socket S1G4 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 281 GiB total, 115.611 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 2.355 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP137: 6/15/2012 12:46:33 PM - Windows Update
RP138: 6/18/2012 12:34:00 PM - Windows Update
RP139: 6/24/2012 7:23:00 PM - Windows Update
RP140: 6/25/2012 8:04:12 PM - Removed Project64 1.6
RP141: 6/25/2012 8:19:12 PM - Removed Project64 1.6
RP142: 6/25/2012 10:04:56 PM - Removed Apple Application Support
.
==== Installed Programs ======================
.
.
µTorrent
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5
Adobe Reader 9.3 MUI
Adobe Shockwave Player 11.5
AIM 7
aioscnnr
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
C4USelfUpdater
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
center
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Complitly
Convert AVI to MP4
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DiskAid 5.06
Energy Star Digital Logo
essentials
ESU for Microsoft Windows 7
Facebook Video Calling 1.2.0.159
Frontline Registry Cleaner
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Customer Experience Enhancements
HP Documentation
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HPAsset component for HP Active Support Library
HyperCam 2
Java Auto Updater
Java™ 6 Update 32
Junk Mail filter update
Kies mini
KODAK AiO Software
LabelPrint
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
ocr
ooVoo
PDF Settings CS5
PhotoNow!
Power2Go
PowerDirector
PreReq
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype™ 5.8
StarCraft II
System Requirements Lab CYRI
TeamViewer 7
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 1.1.11
vShare.tv plugin 1.3
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinSCP 4.3.5
.
==== Event Viewer Messages From Past Week ========
.
6/25/2012 7:46:04 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/25/2012 7:45:58 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/25/2012 7:45:53 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/25/2012 5:38:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
6/25/2012 11:36:41 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/25/2012 11:36:41 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
6/25/2012 11:36:40 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall service depends the following service: MpsSvc. This service might not be installed.
6/25/2012 1:50:46 PM, Error: Service Control Manager [7034] - The HP Software Framework Service service terminated unexpectedly. It has done this 2 time(s).
6/22/2012 1:08:58 AM, Error: Service Control Manager [7034] - The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

Edited by hf44, 26 June 2012 - 01:35 AM.


BC AdBot (Login to Remove)

 


#2 hf44

hf44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 30 June 2012 - 06:20 PM

bump?

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 01 July 2012 - 01:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/458367 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 hf44

hf44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 01 July 2012 - 02:05 AM

1) Same problem as before.


DDS -

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by User at 3:02:07 on 2012-07-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1500 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WUDFHost.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Frontline Registry Cleaner\REGCLEANER.exe
C:\Windows\system32\notepad.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {652853ad-5592-4231-88c6-706613a52e61} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Complitly: {d27fc31c-6e3d-4305-8d53-acdaefa5f862} - C:\Users\User\AppData\Roaming\Complitly\Complitly.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {652853ad-5592-4231-88c6-706613a52e61} - No File
uRun: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Conime] %windir%\system32\conime.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://68.41.109.166/cab/OCXChecker_8320.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} - hxxp://68.41.109.166/cab/DownloadCenter_8300.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4F7CB79C-0CB0-4068-9CB4-C004D2942234} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4F7CB79C-0CB0-4068-9CB4-C004D2942234}\14C69656E677162756 : DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
TCP: Interfaces\{4F7CB79C-0CB0-4068-9CB4-C004D2942234}\2607C657E67796275646 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{4F7CB79C-0CB0-4068-9CB4-C004D2942234}\2656C6B696E6E2332303 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4F7CB79C-0CB0-4068-9CB4-C004D2942234}\44F4C414 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4F7CB79C-0CB0-4068-9CB4-C004D2942234}\758535D463 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{855EECEF-B3D0-4220-9273-12CA0BFE17A5} : DhcpNameServer = 172.16.145.103 172.16.145.103
TCP: Interfaces\{C05AD519-926E-46DA-A286-D6B3A0E85834} : DhcpNameServer = 10.20.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: {652853ad-5592-4231-88c6-706613a52e61} - No File
BHO-X64: Somoto Toolbar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Complitly: {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\User\AppData\Roaming\Complitly\Complitly.dll
BHO-X64: Complitly - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {652853ad-5592-4231-88c6-706613a52e61} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Conime] %windir%\system32\conime.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qvlj97ar.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 SMR300;Symantec SMR Utility Service 3.0.0;C:\Windows\system32\drivers\SMR300.SYS --> C:\Windows\system32\drivers\SMR300.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-11-2 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-6-25 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
R2 McShield;McShield;"C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" --> C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [?]
R2 mfefire;McAfee Firewall Core Service;"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" --> C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [?]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
RUnknown SymIRON;SymIRON; [x]
RUnknown SymNetS;SymNetS; [x]
S2 0321111340680693mcinstcleanup;McAfee Application Installer Cleanup (0321111340680693);C:\Users\User\AppData\Local\Temp\032111~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Users\User\AppData\Local\Temp\032111~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-11-4 8192]
S2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-12 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-25 113120]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
SUnknown EraserUtilRebootDrv;EraserUtilRebootDrv; [x]
.
=============== Created Last 30 ================
.
2012-07-01 02:52:00 -------- d-----w- C:\Users\User\AppData\Local\CrashDumps
2012-06-26 03:40:04 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-26 03:40:00 85472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-26 03:18:06 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-06-26 03:17:16 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-06-26 03:17:04 149032 ----a-w- C:\Windows\System32\mfevtps.exe.c244.deleteme
2012-06-26 03:16:50 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-06-26 03:16:49 -------- d-----w- C:\Program Files\McAfee.com
2012-06-26 03:16:49 -------- d-----w- C:\Program Files\McAfee
2012-06-26 03:16:46 -------- d-----w- C:\Program Files (x86)\McAfee
2012-06-25 23:43:54 96376 ----a-w- C:\Windows\System32\drivers\SMR300.SYS
2012-06-25 23:43:47 -------- d-----w- C:\Users\User\AppData\Local\NPE
2012-06-25 21:44:16 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-06-25 21:28:41 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-06-25 01:33:21 -------- d-----w- C:\Users\User\jagexcache
2012-06-24 23:24:23 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-24 23:24:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-24 23:23:34 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-24 23:23:34 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 22:03:42 -------- d-----w- C:\.jagex_cache_32
2012-06-12 22:48:39 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-12 22:48:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-12 22:48:39 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-12 22:48:14 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-12 22:48:07 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-12 22:48:05 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-12 22:48:05 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-12 22:47:40 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-12 22:47:34 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-12 22:47:30 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-12 22:47:28 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-12 22:47:18 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-12 22:47:17 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-12 22:47:17 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-12 22:47:17 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-12 22:47:17 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-12 22:47:17 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-11 03:09:26 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
2012-06-11 03:09:19 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-10 02:39:29 -------- d-----w- C:\Users\User\AppData\Local\Macromedia
2012-06-07 19:13:21 -------- d-----w- C:\Users\User\AppData\Roaming\Copyright © 2011-2012 RealNetworks
2012-06-07 19:13:20 -------- d-----w- C:\Users\User\AppData\Local\IsolatedStorage
2012-06-07 06:39:59 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-06 04:26:56 -------- d-----w- C:\sn0wbreeze
2012-06-05 19:04:28 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F7060F48-40A4-4CB3-BD62-C47ED962DD78}\mpengine.dll
2012-06-05 18:57:23 -------- d-----w- C:\Program Files (x86)\Project64 1.6
.
==================== Find3M ====================
.
2012-06-23 02:13:58 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 02:13:58 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-23 02:13:53 9815752 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-19 01:24:23 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-05-19 01:24:22 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-05-18 04:11:21 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-18 04:11:21 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-08 21:32:50 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-04-05 02:42:04 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-04-05 02:42:03 770912 ----a-w- C:\Windows\SysWow64\Msfdbqp.dll
2012-04-05 02:42:03 511328 ----a-w- C:\Windows\SysWow64\Synchronization2.dll
2012-04-05 02:42:03 397152 ----a-w- C:\Windows\SysWow64\Msfdbse.dll
2012-04-05 02:42:03 253280 ----a-w- C:\Windows\SysWow64\MetaStore2.dll
2012-04-05 02:42:03 230240 ----a-w- C:\Windows\SysWow64\Msfdb.dll
2012-04-05 02:42:03 189792 ----a-w- C:\Windows\SysWow64\SimpleProviders2.dll
2012-04-05 02:42:03 171360 ----a-w- C:\Windows\SysWow64\FileSyncProvider2.dll
2012-04-05 02:42:03 156512 ----a-w- C:\Windows\SysWow64\FeedSync2.dll
.
============= FINISH: 3:03:48.84 ===============


I am running on 64 bit, so i guess i dont need to post my GMER log.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:39 AM

Posted 01 July 2012 - 07:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

ZeroAccess infection detected on your DDS log.

Lets start with these scans.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#6 hf44

hf44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 01 July 2012 - 07:19 PM

Hi, thank you so much for the reply!!!


20:10:17.0300 4056 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
20:10:17.0600 4056 ============================================================
20:10:17.0600 4056 Current date / time: 2012/07/01 20:10:17.0600
20:10:17.0600 4056 SystemInfo:
20:10:17.0610 4056
20:10:17.0610 4056 OS Version: 6.1.7601 ServicePack: 1.0
20:10:17.0610 4056 Product type: Workstation
20:10:17.0610 4056 ComputerName: USER-HP
20:10:17.0610 4056 UserName: User
20:10:17.0610 4056 Windows directory: C:\Windows
20:10:17.0610 4056 System windows directory: C:\Windows
20:10:17.0610 4056 Running under WOW64
20:10:17.0610 4056 Processor architecture: Intel x64
20:10:17.0610 4056 Number of processors: 2
20:10:17.0610 4056 Page size: 0x1000
20:10:17.0610 4056 Boot type: Normal boot
20:10:17.0610 4056 ============================================================
20:10:18.0610 4056 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:10:18.0620 4056 ============================================================
20:10:18.0620 4056 \Device\Harddisk0\DR0:
20:10:18.0620 4056 MBR partitions:
20:10:18.0620 4056 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:10:18.0620 4056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x232F4800
20:10:18.0620 4056 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23358800, BlocksNum 0x20A2000
20:10:18.0620 4056 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
20:10:18.0620 4056 ============================================================
20:10:18.0640 4056 C: <-> \Device\Harddisk0\DR0\Partition1
20:10:18.0710 4056 D: <-> \Device\Harddisk0\DR0\Partition2
20:10:18.0710 4056 ============================================================
20:10:18.0710 4056 Initialize success
20:10:18.0710 4056 ============================================================
20:10:23.0031 9180 ============================================================
20:10:23.0031 9180 Scan started
20:10:23.0031 9180 Mode: Manual;
20:10:23.0031 9180 ============================================================
20:10:25.0431 9180 0321111340680693mcinstcleanup - ok
20:10:25.0581 9180 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:10:25.0581 9180 1394ohci - ok
20:10:25.0621 9180 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:10:25.0631 9180 ACPI - ok
20:10:25.0691 9180 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:10:25.0691 9180 AcpiPmi - ok
20:10:25.0841 9180 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:10:25.0841 9180 AdobeFlashPlayerUpdateSvc - ok
20:10:25.0921 9180 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:10:25.0931 9180 adp94xx - ok
20:10:25.0981 9180 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:10:25.0991 9180 adpahci - ok
20:10:26.0031 9180 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:10:26.0031 9180 adpu320 - ok
20:10:26.0071 9180 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:10:26.0071 9180 AeLookupSvc - ok
20:10:26.0141 9180 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
20:10:26.0141 9180 AERTFilters - ok
20:10:26.0231 9180 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:10:26.0231 9180 AFD - ok
20:10:26.0291 9180 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:10:26.0291 9180 agp440 - ok
20:10:26.0331 9180 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:10:26.0341 9180 ALG - ok
20:10:26.0381 9180 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:10:26.0381 9180 aliide - ok
20:10:26.0441 9180 AMD External Events Utility (4609419a19891c706455c1a747431af9) C:\Windows\system32\atiesrxx.exe
20:10:26.0441 9180 AMD External Events Utility - ok
20:10:26.0491 9180 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:10:26.0491 9180 amdide - ok
20:10:26.0531 9180 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:10:26.0531 9180 AmdK8 - ok
20:10:26.0981 9180 amdkmdag (4bffead896affbc80c86f62cd18f17c9) C:\Windows\system32\DRIVERS\atipmdag.sys
20:10:27.0101 9180 amdkmdag - ok
20:10:27.0311 9180 amdkmdap (a7155a832f24cf5b048f6048380636ec) C:\Windows\system32\DRIVERS\atikmpag.sys
20:10:27.0321 9180 amdkmdap - ok
20:10:27.0361 9180 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:10:27.0361 9180 AmdPPM - ok
20:10:27.0391 9180 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
20:10:27.0391 9180 amdsata - ok
20:10:27.0431 9180 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:10:27.0431 9180 amdsbs - ok
20:10:27.0461 9180 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
20:10:27.0461 9180 amdxata - ok
20:10:27.0521 9180 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
20:10:27.0521 9180 androidusb - ok
20:10:27.0601 9180 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:10:27.0601 9180 AppID - ok
20:10:27.0631 9180 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:10:27.0631 9180 AppIDSvc - ok
20:10:27.0691 9180 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:10:27.0691 9180 Appinfo - ok
20:10:27.0781 9180 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:10:27.0781 9180 Apple Mobile Device - ok
20:10:27.0821 9180 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:10:27.0821 9180 arc - ok
20:10:27.0841 9180 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:10:27.0851 9180 arcsas - ok
20:10:28.0081 9180 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:10:28.0081 9180 aspnet_state - ok
20:10:28.0121 9180 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:10:28.0121 9180 AsyncMac - ok
20:10:28.0181 9180 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:10:28.0181 9180 atapi - ok
20:10:28.0321 9180 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
20:10:28.0341 9180 athr - ok
20:10:28.0491 9180 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
20:10:28.0491 9180 AtiHdmiService - ok
20:10:28.0531 9180 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
20:10:28.0531 9180 AtiPcie - ok
20:10:28.0631 9180 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:10:28.0641 9180 AudioEndpointBuilder - ok
20:10:28.0651 9180 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:10:28.0661 9180 AudioSrv - ok
20:10:28.0741 9180 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:10:28.0741 9180 AxInstSV - ok
20:10:28.0811 9180 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:10:28.0811 9180 b06bdrv - ok
20:10:28.0861 9180 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:10:28.0871 9180 b57nd60a - ok
20:10:28.0911 9180 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:10:28.0911 9180 BDESVC - ok
20:10:28.0931 9180 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:10:28.0931 9180 Beep - ok
20:10:29.0041 9180 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:10:29.0051 9180 BITS - ok
20:10:29.0071 9180 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:10:29.0081 9180 blbdrive - ok
20:10:29.0201 9180 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:10:29.0211 9180 Bonjour Service - ok
20:10:29.0281 9180 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:10:29.0281 9180 bowser - ok
20:10:29.0311 9180 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:10:29.0311 9180 BrFiltLo - ok
20:10:29.0321 9180 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:10:29.0331 9180 BrFiltUp - ok
20:10:29.0381 9180 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:10:29.0381 9180 Browser - ok
20:10:29.0441 9180 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:10:29.0441 9180 Brserid - ok
20:10:29.0481 9180 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:10:29.0481 9180 BrSerWdm - ok
20:10:29.0511 9180 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:10:29.0511 9180 BrUsbMdm - ok
20:10:29.0541 9180 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:10:29.0541 9180 BrUsbSer - ok
20:10:29.0561 9180 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:10:29.0561 9180 BTHMODEM - ok
20:10:29.0601 9180 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:10:29.0601 9180 bthserv - ok
20:10:29.0621 9180 ccSet_NIS - ok
20:10:29.0651 9180 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:10:29.0661 9180 cdfs - ok
20:10:29.0711 9180 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:10:29.0721 9180 cdrom - ok
20:10:29.0771 9180 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:10:29.0781 9180 CertPropSvc - ok
20:10:29.0791 9180 cfwids - ok
20:10:29.0882 9180 CinemaNow Service (533328a3d9a9c286682525842547540c) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
20:10:29.0882 9180 CinemaNow Service - ok
20:10:29.0912 9180 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:10:29.0912 9180 circlass - ok
20:10:29.0962 9180 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:10:29.0972 9180 CLFS - ok
20:10:30.0062 9180 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:10:30.0062 9180 clr_optimization_v2.0.50727_32 - ok
20:10:30.0132 9180 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:10:30.0132 9180 clr_optimization_v2.0.50727_64 - ok
20:10:30.0262 9180 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:10:30.0272 9180 clr_optimization_v4.0.30319_32 - ok
20:10:30.0372 9180 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:10:30.0372 9180 clr_optimization_v4.0.30319_64 - ok
20:10:30.0402 9180 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:10:30.0402 9180 CmBatt - ok
20:10:30.0442 9180 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:10:30.0452 9180 cmdide - ok
20:10:30.0542 9180 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:10:30.0552 9180 CNG - ok
20:10:30.0592 9180 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:10:30.0592 9180 Compbatt - ok
20:10:30.0642 9180 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:10:30.0652 9180 CompositeBus - ok
20:10:30.0682 9180 COMSysApp - ok
20:10:30.0722 9180 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:10:30.0732 9180 crcdisk - ok
20:10:30.0822 9180 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:10:30.0822 9180 CryptSvc - ok
20:10:30.0912 9180 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:10:30.0912 9180 DcomLaunch - ok
20:10:30.0972 9180 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:10:30.0982 9180 defragsvc - ok
20:10:31.0032 9180 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:10:31.0032 9180 DfsC - ok
20:10:31.0122 9180 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:10:31.0132 9180 Dhcp - ok
20:10:31.0152 9180 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:10:31.0152 9180 discache - ok
20:10:31.0202 9180 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:10:31.0202 9180 Disk - ok
20:10:31.0242 9180 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:10:31.0242 9180 Dnscache - ok
20:10:31.0312 9180 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:10:31.0312 9180 dot3svc - ok
20:10:31.0372 9180 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:10:31.0372 9180 DPS - ok
20:10:31.0412 9180 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:10:31.0412 9180 drmkaud - ok
20:10:31.0472 9180 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:10:31.0482 9180 dtsoftbus01 - ok
20:10:31.0582 9180 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:10:31.0592 9180 DXGKrnl - ok
20:10:31.0632 9180 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:10:31.0632 9180 EapHost - ok
20:10:31.0862 9180 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:10:31.0892 9180 ebdrv - ok
20:10:32.0022 9180 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:10:32.0032 9180 EFS - ok
20:10:32.0132 9180 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:10:32.0142 9180 ehRecvr - ok
20:10:32.0192 9180 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:10:32.0192 9180 ehSched - ok
20:10:32.0302 9180 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:10:32.0312 9180 elxstor - ok
20:10:32.0352 9180 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:10:32.0352 9180 ErrDev - ok
20:10:32.0422 9180 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:10:32.0422 9180 EventSystem - ok
20:10:32.0482 9180 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:10:32.0482 9180 exfat - ok
20:10:32.0512 9180 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:10:32.0522 9180 fastfat - ok
20:10:32.0612 9180 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:10:32.0622 9180 Fax - ok
20:10:32.0652 9180 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:10:32.0652 9180 fdc - ok
20:10:32.0692 9180 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:10:32.0692 9180 fdPHost - ok
20:10:32.0742 9180 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:10:32.0742 9180 FDResPub - ok
20:10:32.0772 9180 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:10:32.0782 9180 FileInfo - ok
20:10:32.0792 9180 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:10:32.0792 9180 Filetrace - ok
20:10:32.0812 9180 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:10:32.0822 9180 flpydisk - ok
20:10:32.0882 9180 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:10:32.0882 9180 FltMgr - ok
20:10:33.0022 9180 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:10:33.0032 9180 FontCache - ok
20:10:33.0122 9180 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:10:33.0122 9180 FontCache3.0.0.0 - ok
20:10:33.0182 9180 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:10:33.0182 9180 FsDepends - ok
20:10:33.0232 9180 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:10:33.0232 9180 Fs_Rec - ok
20:10:33.0312 9180 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:10:33.0312 9180 fvevol - ok
20:10:33.0352 9180 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:10:33.0352 9180 gagp30kx - ok
20:10:33.0432 9180 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:10:33.0432 9180 GEARAspiWDM - ok
20:10:33.0532 9180 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:10:33.0542 9180 gpsvc - ok
20:10:33.0562 9180 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:10:33.0572 9180 hcw85cir - ok
20:10:33.0642 9180 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:10:33.0652 9180 HdAudAddService - ok
20:10:33.0682 9180 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:10:33.0692 9180 HDAudBus - ok
20:10:33.0732 9180 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:10:33.0732 9180 HidBatt - ok
20:10:33.0752 9180 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:10:33.0762 9180 HidBth - ok
20:10:33.0792 9180 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:10:33.0802 9180 HidIr - ok
20:10:33.0833 9180 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:10:33.0833 9180 hidserv - ok
20:10:33.0903 9180 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:10:33.0903 9180 HidUsb - ok
20:10:33.0963 9180 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:10:33.0963 9180 hkmsvc - ok
20:10:34.0023 9180 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:10:34.0033 9180 HomeGroupListener - ok
20:10:34.0073 9180 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:10:34.0083 9180 HomeGroupProvider - ok
20:10:34.0163 9180 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
20:10:34.0173 9180 HP Wireless Assistant Service - ok
20:10:34.0273 9180 HPDrvMntSvc.exe (881f74074963cdad8c475d09dc3a0bb6) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:10:34.0283 9180 HPDrvMntSvc.exe - ok
20:10:34.0373 9180 hpqwmiex (fe51b163a618b1cbf015485d21c1bc68) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:10:34.0373 9180 hpqwmiex - ok
20:10:34.0453 9180 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:10:34.0453 9180 HpSAMD - ok
20:10:34.0523 9180 HPWMISVC (5aa89e152634954e15e9db265c6a8557) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:10:34.0523 9180 HPWMISVC - ok
20:10:34.0623 9180 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:10:34.0633 9180 HTTP - ok
20:10:34.0693 9180 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:10:34.0693 9180 hwpolicy - ok
20:10:34.0783 9180 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:10:34.0783 9180 i8042prt - ok
20:10:34.0843 9180 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:10:34.0843 9180 iaStorV - ok
20:10:34.0973 9180 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:10:34.0983 9180 idsvc - ok
20:10:35.0093 9180 IDSVia64 - ok
20:10:35.0713 9180 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:10:35.0833 9180 igfx - ok
20:10:35.0983 9180 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:10:35.0983 9180 iirsp - ok
20:10:36.0093 9180 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:10:36.0103 9180 IKEEXT - ok
20:10:36.0283 9180 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys
20:10:36.0303 9180 IntcAzAudAddService - ok
20:10:36.0453 9180 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:10:36.0453 9180 intelide - ok
20:10:36.0493 9180 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:10:36.0493 9180 intelppm - ok
20:10:36.0523 9180 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:10:36.0523 9180 IPBusEnum - ok
20:10:36.0573 9180 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:10:36.0573 9180 IpFilterDriver - ok
20:10:36.0623 9180 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:10:36.0623 9180 IPMIDRV - ok
20:10:36.0693 9180 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:10:36.0693 9180 IPNAT - ok
20:10:36.0823 9180 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:10:36.0833 9180 iPod Service - ok
20:10:36.0863 9180 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:10:36.0863 9180 IRENUM - ok
20:10:36.0913 9180 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:10:36.0913 9180 isapnp - ok
20:10:36.0973 9180 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:10:36.0983 9180 iScsiPrt - ok
20:10:36.0993 9180 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:10:36.0993 9180 kbdclass - ok
20:10:37.0043 9180 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:10:37.0053 9180 kbdhid - ok
20:10:37.0103 9180 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:10:37.0103 9180 KeyIso - ok
20:10:37.0123 9180 KMService - ok
20:10:37.0303 9180 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
20:10:37.0303 9180 Kodak AiO Network Discovery Service - ok
20:10:37.0353 9180 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:10:37.0353 9180 KSecDD - ok
20:10:37.0423 9180 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:10:37.0423 9180 KSecPkg - ok
20:10:37.0443 9180 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:10:37.0453 9180 ksthunk - ok
20:10:37.0513 9180 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:10:37.0513 9180 KtmRm - ok
20:10:37.0603 9180 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:10:37.0603 9180 LanmanServer - ok
20:10:37.0653 9180 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:10:37.0663 9180 LanmanWorkstation - ok
20:10:37.0703 9180 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:10:37.0703 9180 lltdio - ok
20:10:37.0773 9180 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:10:37.0773 9180 lltdsvc - ok
20:10:37.0803 9180 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:10:37.0813 9180 lmhosts - ok
20:10:37.0863 9180 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:10:37.0863 9180 LSI_FC - ok
20:10:37.0893 9180 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:10:37.0893 9180 LSI_SAS - ok
20:10:37.0933 9180 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:10:37.0933 9180 LSI_SAS2 - ok
20:10:37.0963 9180 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:10:37.0963 9180 LSI_SCSI - ok
20:10:38.0023 9180 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:10:38.0023 9180 luafv - ok
20:10:38.0063 9180 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:10:38.0073 9180 Mcx2Svc - ok
20:10:38.0113 9180 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:10:38.0113 9180 megasas - ok
20:10:38.0173 9180 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:10:38.0173 9180 MegaSR - ok
20:10:38.0193 9180 mfeapfk - ok
20:10:38.0203 9180 mfeavfk - ok
20:10:38.0213 9180 mfeavfk01 - ok
20:10:38.0223 9180 mfefirek - ok
20:10:38.0223 9180 mfefirek01 - ok
20:10:38.0233 9180 mfehidk - ok
20:10:38.0243 9180 mferkdet - ok
20:10:38.0263 9180 mfewfpk - ok
20:10:38.0353 9180 Microsoft SharePoint Workspace Audit Service - ok
20:10:38.0393 9180 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:10:38.0403 9180 MMCSS - ok
20:10:38.0433 9180 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:10:38.0443 9180 Modem - ok
20:10:38.0463 9180 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:10:38.0463 9180 monitor - ok
20:10:38.0523 9180 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:10:38.0523 9180 mouclass - ok
20:10:38.0553 9180 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:10:38.0553 9180 mouhid - ok
20:10:38.0613 9180 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:10:38.0613 9180 mountmgr - ok
20:10:38.0693 9180 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:10:38.0693 9180 MozillaMaintenance - ok
20:10:38.0753 9180 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:10:38.0753 9180 mpio - ok
20:10:38.0793 9180 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:10:38.0793 9180 mpsdrv - ok
20:10:38.0843 9180 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:10:38.0843 9180 MRxDAV - ok
20:10:38.0883 9180 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:10:38.0893 9180 mrxsmb - ok
20:10:38.0923 9180 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:10:38.0923 9180 mrxsmb10 - ok
20:10:38.0943 9180 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:10:38.0943 9180 mrxsmb20 - ok
20:10:38.0993 9180 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:10:38.0993 9180 msahci - ok
20:10:39.0023 9180 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:10:39.0023 9180 msdsm - ok
20:10:39.0063 9180 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:10:39.0063 9180 MSDTC - ok
20:10:39.0103 9180 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:10:39.0103 9180 Msfs - ok
20:10:39.0123 9180 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:10:39.0123 9180 mshidkmdf - ok
20:10:39.0183 9180 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:10:39.0183 9180 msisadrv - ok
20:10:39.0233 9180 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:10:39.0243 9180 MSiSCSI - ok
20:10:39.0243 9180 msiserver - ok
20:10:39.0283 9180 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:10:39.0283 9180 MSKSSRV - ok
20:10:39.0303 9180 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:10:39.0303 9180 MSPCLOCK - ok
20:10:39.0323 9180 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:10:39.0323 9180 MSPQM - ok
20:10:39.0383 9180 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:10:39.0393 9180 MsRPC - ok
20:10:39.0443 9180 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:10:39.0443 9180 mssmbios - ok
20:10:39.0483 9180 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:10:39.0483 9180 MSTEE - ok
20:10:39.0503 9180 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:10:39.0503 9180 MTConfig - ok
20:10:39.0533 9180 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:10:39.0533 9180 Mup - ok
20:10:39.0613 9180 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:10:39.0613 9180 napagent - ok
20:10:39.0683 9180 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:10:39.0693 9180 NativeWifiP - ok
20:10:39.0813 9180 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:10:39.0823 9180 NDIS - ok
20:10:39.0863 9180 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:10:39.0863 9180 NdisCap - ok
20:10:39.0893 9180 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:10:39.0903 9180 NdisTapi - ok
20:10:39.0963 9180 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:10:39.0963 9180 Ndisuio - ok
20:10:40.0023 9180 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:10:40.0033 9180 NdisWan - ok
20:10:40.0083 9180 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:10:40.0083 9180 NDProxy - ok
20:10:40.0143 9180 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
20:10:40.0143 9180 Netaapl - ok
20:10:40.0193 9180 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:10:40.0193 9180 NetBIOS - ok
20:10:40.0243 9180 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:10:40.0253 9180 NetBT - ok
20:10:40.0313 9180 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:10:40.0313 9180 Netlogon - ok
20:10:40.0373 9180 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:10:40.0373 9180 Netman - ok
20:10:40.0563 9180 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:10:40.0563 9180 NetMsmqActivator - ok
20:10:40.0593 9180 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:10:40.0593 9180 NetPipeActivator - ok
20:10:40.0653 9180 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:10:40.0663 9180 netprofm - ok
20:10:40.0663 9180 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:10:40.0673 9180 NetTcpActivator - ok
20:10:40.0673 9180 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:10:40.0683 9180 NetTcpPortSharing - ok
20:10:41.0094 9180 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
20:10:41.0194 9180 netw5v64 - ok
20:10:41.0324 9180 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:10:41.0324 9180 nfrd960 - ok
20:10:41.0404 9180 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:10:41.0414 9180 NlaSvc - ok
20:10:41.0444 9180 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:10:41.0444 9180 Npfs - ok
20:10:41.0474 9180 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:10:41.0474 9180 nsi - ok
20:10:41.0494 9180 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:10:41.0494 9180 nsiproxy - ok
20:10:41.0654 9180 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:10:41.0674 9180 Ntfs - ok
20:10:41.0794 9180 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:10:41.0794 9180 Null - ok
20:10:41.0874 9180 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:10:41.0874 9180 nvraid - ok
20:10:41.0904 9180 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:10:41.0914 9180 nvstor - ok
20:10:41.0974 9180 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:10:41.0974 9180 nv_agp - ok
20:10:42.0004 9180 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:10:42.0004 9180 ohci1394 - ok
20:10:42.0094 9180 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:10:42.0094 9180 ose - ok
20:10:42.0484 9180 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:10:42.0574 9180 osppsvc - ok
20:10:42.0744 9180 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:10:42.0754 9180 p2pimsvc - ok
20:10:42.0804 9180 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:10:42.0804 9180 p2psvc - ok
20:10:42.0864 9180 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:10:42.0864 9180 Parport - ok
20:10:42.0924 9180 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:10:42.0924 9180 partmgr - ok
20:10:42.0974 9180 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:10:42.0974 9180 PcaSvc - ok
20:10:43.0034 9180 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:10:43.0044 9180 pci - ok
20:10:43.0064 9180 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:10:43.0064 9180 pciide - ok
20:10:43.0124 9180 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:10:43.0124 9180 pcmcia - ok
20:10:43.0164 9180 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:10:43.0164 9180 pcw - ok
20:10:43.0224 9180 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:10:43.0234 9180 PEAUTH - ok
20:10:43.0314 9180 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:10:43.0314 9180 PerfHost - ok
20:10:43.0474 9180 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:10:43.0484 9180 pla - ok
20:10:43.0574 9180 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:10:43.0584 9180 PlugPlay - ok
20:10:43.0614 9180 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:10:43.0614 9180 PNRPAutoReg - ok
20:10:43.0644 9180 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:10:43.0654 9180 PNRPsvc - ok
20:10:43.0724 9180 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:10:43.0734 9180 PolicyAgent - ok
20:10:43.0784 9180 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:10:43.0784 9180 Power - ok
20:10:43.0874 9180 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:10:43.0874 9180 PptpMiniport - ok
20:10:43.0914 9180 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:10:43.0914 9180 Processor - ok
20:10:43.0964 9180 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:10:43.0964 9180 ProfSvc - ok
20:10:44.0014 9180 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:10:44.0014 9180 ProtectedStorage - ok
20:10:44.0074 9180 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:10:44.0084 9180 Psched - ok
20:10:44.0204 9180 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:10:44.0224 9180 ql2300 - ok
20:10:44.0374 9180 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:10:44.0374 9180 ql40xx - ok
20:10:44.0424 9180 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:10:44.0434 9180 QWAVE - ok
20:10:44.0474 9180 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:10:44.0474 9180 QWAVEdrv - ok
20:10:44.0494 9180 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:10:44.0494 9180 RasAcd - ok
20:10:44.0534 9180 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:10:44.0534 9180 RasAgileVpn - ok
20:10:44.0574 9180 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:10:44.0574 9180 RasAuto - ok
20:10:44.0634 9180 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:10:44.0644 9180 Rasl2tp - ok
20:10:44.0704 9180 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:10:44.0724 9180 RasMan - ok
20:10:44.0784 9180 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:10:44.0784 9180 RasPppoe - ok
20:10:44.0834 9180 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:10:44.0834 9180 RasSstp - ok
20:10:44.0924 9180 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:10:44.0924 9180 rdbss - ok
20:10:44.0964 9180 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:10:44.0974 9180 rdpbus - ok
20:10:45.0014 9180 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:10:45.0014 9180 RDPCDD - ok
20:10:45.0034 9180 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:10:45.0034 9180 RDPENCDD - ok
20:10:45.0074 9180 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:10:45.0074 9180 RDPREFMP - ok
20:10:45.0134 9180 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:10:45.0134 9180 RDPWD - ok
20:10:45.0204 9180 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:10:45.0214 9180 rdyboost - ok
20:10:45.0264 9180 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:10:45.0264 9180 RemoteAccess - ok
20:10:45.0294 9180 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:10:45.0304 9180 RemoteRegistry - ok
20:10:45.0364 9180 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
20:10:45.0364 9180 RimUsb - ok
20:10:45.0454 9180 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:10:45.0454 9180 RpcEptMapper - ok
20:10:45.0484 9180 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:10:45.0484 9180 RpcLocator - ok
20:10:45.0714 9180 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:10:45.0714 9180 RpcSs - ok
20:10:45.0744 9180 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:10:45.0754 9180 rspndr - ok
20:10:45.0814 9180 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
20:10:45.0814 9180 RSUSBSTOR - ok
20:10:45.0875 9180 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:10:45.0875 9180 RTL8167 - ok
20:10:45.0975 9180 RtVOsdService (5fff3e71b4724bb10918fd6dd7413d99) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
20:10:45.0975 9180 RtVOsdService - ok
20:10:46.0025 9180 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:10:46.0025 9180 SamSs - ok
20:10:46.0085 9180 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:10:46.0085 9180 sbp2port - ok
20:10:46.0125 9180 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:10:46.0135 9180 SCardSvr - ok
20:10:46.0175 9180 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:10:46.0175 9180 scfilter - ok
20:10:46.0295 9180 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:10:46.0315 9180 Schedule - ok
20:10:46.0365 9180 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:10:46.0365 9180 SCPolicySvc - ok
20:10:46.0425 9180 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
20:10:46.0425 9180 sdbus - ok
20:10:46.0485 9180 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:10:46.0485 9180 SDRSVC - ok
20:10:46.0545 9180 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:10:46.0545 9180 seclogon - ok
20:10:46.0585 9180 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:10:46.0595 9180 SENS - ok
20:10:46.0645 9180 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:10:46.0645 9180 SensrSvc - ok
20:10:46.0685 9180 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:10:46.0685 9180 Serenum - ok
20:10:46.0715 9180 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:10:46.0725 9180 Serial - ok
20:10:46.0765 9180 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:10:46.0765 9180 sermouse - ok
20:10:46.0835 9180 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:10:46.0845 9180 SessionEnv - ok
20:10:46.0905 9180 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:10:46.0905 9180 sffdisk - ok
20:10:46.0925 9180 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:10:46.0925 9180 sffp_mmc - ok
20:10:46.0935 9180 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:10:46.0945 9180 sffp_sd - ok
20:10:46.0975 9180 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:10:46.0975 9180 sfloppy - ok
20:10:47.0045 9180 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:10:47.0055 9180 ShellHWDetection - ok
20:10:47.0085 9180 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:10:47.0085 9180 SiSRaid2 - ok
20:10:47.0115 9180 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:10:47.0125 9180 SiSRaid4 - ok
20:10:47.0205 9180 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:10:47.0215 9180 SkypeUpdate - ok
20:10:47.0255 9180 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:10:47.0255 9180 Smb - ok
20:10:47.0315 9180 SMR300 (10bc9f077fc149e4e0a40bae1d42a259) C:\Windows\system32\drivers\SMR300.SYS
20:10:47.0315 9180 SMR300 - ok
20:10:47.0385 9180 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:10:47.0385 9180 SNMPTRAP - ok
20:10:47.0415 9180 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:10:47.0415 9180 spldr - ok
20:10:47.0495 9180 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:10:47.0505 9180 Spooler - ok
20:10:47.0765 9180 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:10:47.0805 9180 sppsvc - ok
20:10:47.0916 9180 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:10:47.0926 9180 sppuinotify - ok
20:10:47.0966 9180 SRTSPX - ok
20:10:48.0026 9180 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:10:48.0036 9180 srv - ok
20:10:48.0076 9180 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:10:48.0086 9180 srv2 - ok
20:10:48.0146 9180 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:10:48.0156 9180 SrvHsfHDA - ok
20:10:48.0276 9180 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:10:48.0296 9180 SrvHsfV92 - ok
20:10:48.0486 9180 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:10:48.0496 9180 SrvHsfWinac - ok
20:10:48.0546 9180 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:10:48.0556 9180 srvnet - ok
20:10:48.0626 9180 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
20:10:48.0626 9180 ssadbus - ok
20:10:48.0716 9180 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:10:48.0716 9180 ssadmdfl - ok
20:10:48.0776 9180 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
20:10:48.0776 9180 ssadmdm - ok
20:10:48.0836 9180 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
20:10:48.0836 9180 sscdbus - ok
20:10:48.0876 9180 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:10:48.0876 9180 sscdmdfl - ok
20:10:48.0926 9180 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
20:10:48.0926 9180 sscdmdm - ok
20:10:48.0986 9180 sscdserd (05ffa552f578e27ab2d41b6828db477f) C:\Windows\system32\DRIVERS\sscdserd.sys
20:10:48.0986 9180 sscdserd - ok
20:10:49.0036 9180 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:10:49.0046 9180 SSDPSRV - ok
20:10:49.0066 9180 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:10:49.0066 9180 SstpSvc - ok
20:10:49.0096 9180 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:10:49.0096 9180 stexstor - ok
20:10:49.0196 9180 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:10:49.0206 9180 stisvc - ok
20:10:49.0256 9180 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:10:49.0256 9180 swenum - ok
20:10:49.0376 9180 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:10:49.0386 9180 SwitchBoard - ok
20:10:49.0446 9180 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:10:49.0456 9180 swprv - ok
20:10:49.0476 9180 SymDS - ok
20:10:49.0496 9180 SymEFA - ok
20:10:49.0566 9180 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
20:10:49.0566 9180 SynTP - ok
20:10:49.0736 9180 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:10:49.0756 9180 SysMain - ok
20:10:49.0886 9180 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:10:49.0886 9180 TabletInputService - ok
20:10:49.0926 9180 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:10:49.0936 9180 TapiSrv - ok
20:10:49.0966 9180 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:10:49.0966 9180 TBS - ok
20:10:50.0166 9180 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:10:50.0186 9180 Tcpip - ok
20:10:50.0456 9180 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:10:50.0466 9180 TCPIP6 - ok
20:10:50.0626 9180 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:10:50.0636 9180 tcpipreg - ok
20:10:50.0716 9180 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:10:50.0766 9180 TDPIPE - ok
20:10:50.0886 9180 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:10:50.0916 9180 TDTCP - ok
20:10:50.0966 9180 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:10:50.0966 9180 tdx - ok
20:10:51.0246 9180 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
20:10:51.0276 9180 TeamViewer7 - ok
20:10:51.0436 9180 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
20:10:51.0446 9180 teamviewervpn - ok
20:10:51.0506 9180 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:10:51.0506 9180 TermDD - ok
20:10:51.0606 9180 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:10:51.0616 9180 TermService - ok
20:10:51.0656 9180 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:10:51.0656 9180 Themes - ok
20:10:51.0686 9180 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:10:51.0686 9180 THREADORDER - ok
20:10:51.0716 9180 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:10:51.0716 9180 TrkWks - ok
20:10:51.0786 9180 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:10:51.0796 9180 TrustedInstaller - ok
20:10:51.0846 9180 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:10:51.0846 9180 tssecsrv - ok
20:10:51.0906 9180 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:10:51.0916 9180 TsUsbFlt - ok
20:10:51.0976 9180 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:10:51.0986 9180 tunnel - ok
20:10:52.0026 9180 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:10:52.0026 9180 uagp35 - ok
20:10:52.0086 9180 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:10:52.0096 9180 udfs - ok
20:10:52.0246 9180 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:10:52.0246 9180 UI0Detect - ok
20:10:52.0306 9180 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:10:52.0316 9180 uliagpkx - ok
20:10:52.0336 9180 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:10:52.0336 9180 umbus - ok
20:10:52.0376 9180 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:10:52.0376 9180 UmPass - ok
20:10:52.0436 9180 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:10:52.0436 9180 upnphost - ok
20:10:52.0486 9180 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:10:52.0496 9180 USBAAPL64 - ok
20:10:52.0546 9180 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:10:52.0546 9180 usbccgp - ok
20:10:52.0596 9180 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:10:52.0606 9180 usbcir - ok
20:10:52.0666 9180 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:10:52.0666 9180 usbehci - ok
20:10:52.0736 9180 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
20:10:52.0736 9180 usbfilter - ok
20:10:52.0796 9180 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:10:52.0806 9180 usbhub - ok
20:10:52.0856 9180 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:10:52.0856 9180 usbohci - ok
20:10:52.0876 9180 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:10:52.0876 9180 usbprint - ok
20:10:52.0906 9180 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:10:52.0906 9180 USBSTOR - ok
20:10:52.0956 9180 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:10:52.0956 9180 usbuhci - ok
20:10:52.0996 9180 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:10:53.0006 9180 usbvideo - ok
20:10:53.0036 9180 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:10:53.0036 9180 UxSms - ok
20:10:53.0096 9180 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:10:53.0096 9180 VaultSvc - ok
20:10:53.0156 9180 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:10:53.0166 9180 vdrvroot - ok
20:10:53.0246 9180 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:10:53.0256 9180 vds - ok
20:10:53.0296 9180 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:10:53.0306 9180 vga - ok
20:10:53.0326 9180 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:10:53.0326 9180 VgaSave - ok
20:10:53.0386 9180 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:10:53.0386 9180 vhdmp - ok
20:10:53.0426 9180 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:10:53.0426 9180 viaide - ok
20:10:53.0456 9180 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:10:53.0466 9180 volmgr - ok
20:10:53.0536 9180 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:10:53.0536 9180 volmgrx - ok
20:10:53.0606 9180 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:10:53.0606 9180 volsnap - ok
20:10:53.0666 9180 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:10:53.0676 9180 vsmraid - ok
20:10:53.0816 9180 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:10:53.0836 9180 VSS - ok
20:10:53.0966 9180 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:10:53.0966 9180 vwifibus - ok
20:10:53.0996 9180 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:10:54.0006 9180 vwififlt - ok
20:10:54.0066 9180 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:10:54.0076 9180 W32Time - ok
20:10:54.0116 9180 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:10:54.0116 9180 WacomPen - ok
20:10:54.0176 9180 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:10:54.0176 9180 WANARP - ok
20:10:54.0186 9180 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:10:54.0196 9180 Wanarpv6 - ok
20:10:54.0316 9180 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:10:54.0336 9180 WatAdminSvc - ok
20:10:54.0476 9180 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:10:54.0496 9180 wbengine - ok
20:10:54.0616 9180 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:10:54.0626 9180 WbioSrvc - ok
20:10:54.0726 9180 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:10:54.0726 9180 wcncsvc - ok
20:10:54.0766 9180 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:10:54.0766 9180 WcsPlugInService - ok
20:10:54.0816 9180 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:10:54.0816 9180 Wd - ok
20:10:54.0906 9180 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:10:54.0906 9180 Wdf01000 - ok
20:10:54.0946 9180 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:10:54.0946 9180 WdiServiceHost - ok
20:10:54.0956 9180 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:10:54.0956 9180 WdiSystemHost - ok
20:10:55.0026 9180 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:10:55.0036 9180 WebClient - ok
20:10:55.0076 9180 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:10:55.0086 9180 Wecsvc - ok
20:10:55.0106 9180 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:10:55.0106 9180 wercplsupport - ok
20:10:55.0156 9180 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:10:55.0156 9180 WerSvc - ok
20:10:55.0226 9180 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:10:55.0226 9180 WfpLwf - ok
20:10:55.0256 9180 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:10:55.0256 9180 WIMMount - ok
20:10:55.0286 9180 WinHttpAutoProxySvc - ok
20:10:55.0346 9180 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:10:55.0356 9180 Winmgmt - ok
20:10:55.0526 9180 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:10:55.0556 9180 WinRM - ok
20:10:55.0726 9180 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:10:55.0726 9180 WinUsb - ok
20:10:55.0816 9180 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:10:55.0826 9180 Wlansvc - ok
20:10:56.0076 9180 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:10:56.0116 9180 wlidsvc - ok
20:10:56.0256 9180 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:10:56.0266 9180 WmiAcpi - ok
20:10:56.0336 9180 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:10:56.0336 9180 wmiApSrv - ok
20:10:56.0396 9180 WMPNetworkSvc - ok
20:10:56.0446 9180 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:10:56.0446 9180 WPCSvc - ok
20:10:56.0506 9180 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:10:56.0506 9180 WPDBusEnum - ok
20:10:56.0536 9180 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:10:56.0536 9180 ws2ifsl - ok
20:10:56.0546 9180 WSearch - ok
20:10:56.0786 9180 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:10:56.0806 9180 wuauserv - ok
20:10:56.0956 9180 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:10:56.0966 9180 WudfPf - ok
20:10:56.0996 9180 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:10:57.0006 9180 WUDFRd - ok
20:10:57.0056 9180 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:10:57.0056 9180 wudfsvc - ok
20:10:57.0106 9180 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:10:57.0106 9180 WwanSvc - ok
20:10:57.0226 9180 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
20:10:57.0236 9180 xnacc - ok
20:10:57.0296 9180 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
20:10:57.0306 9180 yukonw7 - ok
20:10:57.0356 9180 MBR (0x1B8) (87acfc728df076bf08c26cdb4bacd393) \Device\Harddisk0\DR0
20:10:57.0616 9180 \Device\Harddisk0\DR0 - ok
20:10:57.0636 9180 Boot (0x1200) (861b5a30743cbbcfb59db536b6d6a46e) \Device\Harddisk0\DR0\Partition0
20:10:57.0636 9180 \Device\Harddisk0\DR0\Partition0 - ok
20:10:57.0646 9180 Boot (0x1200) (6e033d607e4aa1e2501a1410e929b4ee) \Device\Harddisk0\DR0\Partition1
20:10:57.0656 9180 \Device\Harddisk0\DR0\Partition1 - ok
20:10:57.0676 9180 Boot (0x1200) (309b26b11bb6cf56f6e1b4e25135d888) \Device\Harddisk0\DR0\Partition2
20:10:57.0686 9180 \Device\Harddisk0\DR0\Partition2 - ok
20:10:57.0706 9180 Boot (0x1200) (ce06a6e5c11b293bd4bd2e0f72adf722) \Device\Harddisk0\DR0\Partition3
20:10:57.0706 9180 \Device\Harddisk0\DR0\Partition3 - ok
20:10:57.0706 9180 ============================================================
20:10:57.0706 9180 Scan finished
20:10:57.0706 9180 ============================================================
20:10:57.0716 4048 Detected object count: 0
20:10:57.0716 4048 Actual detected object count: 0








aswmbr

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 20:12:41
-----------------------------
20:12:41.723 OS Version: Windows x64 6.1.7601 Service Pack 1
20:12:41.723 Number of processors: 2 586 0x603
20:12:41.725 ComputerName: USER-HP UserName: User
20:12:43.462 Initialize success
20:12:58.085 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
20:12:58.086 Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 11
20:12:58.100 Disk 0 MBR read successfully
20:12:58.102 Disk 0 MBR scan
20:12:58.104 Disk 0 unknown MBR code
20:12:58.110 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:12:58.125 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288233 MB offset 409600
20:12:58.155 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16708 MB offset 590710784
20:12:58.175 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
20:12:58.219 Disk 0 scanning C:\Windows\system32\drivers
20:13:07.817 Service scanning
20:13:37.957 Modules scanning
20:13:37.964 Disk 0 trace - called modules:
20:13:37.978 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
20:13:38.274 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800431c1e0]
20:13:38.279 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa80042a9040]
20:13:38.284 5 amdxata.sys[fffff8800111b7a8] -> nt!IofCallDriver -> \Device\00000064[0xfffffa80042a56f0]
20:13:38.291 Scan finished successfully
20:13:45.481 Disk 0 MBR has been saved successfully to "C:\Users\User\Documents\MBR.dat"
20:13:45.489 The log file has been saved successfully to "C:\Users\User\Documents\aswMBR.txt"
20:13:58.996 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
20:13:59.001 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"





I cant seem to upload my MBR.dat, should i upload it to a filesharing website?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:39 AM

Posted 02 July 2012 - 07:15 AM

I cant seem to upload my MBR.dat, should i upload it to a filesharing website?

Not required. Both logs are clean.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

Please post the log and let me know what problem persists.

#8 hf44

hf44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 02 July 2012 - 04:09 PM

ComboFix 12-07-02.01 - User 07/02/2012 16:13:45.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2396 [GMT -4:00]
Running from: c:\users\User\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Complitly
c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx
c:\program files (x86)\Complitly\FireFoxExtension.exe
c:\program files (x86)\Complitly\InstTracker.exe
c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files (x86)\Complitly\support@Complitly.com\install.rdf
c:\program files (x86)\Complitly\unins000.dat
c:\program files (x86)\Complitly\unins000.exe
c:\program files (x86)\DealBulldog Toolbar
c:\users\User\AppData\Local\TempDIR
c:\users\User\AppData\Roaming\cacaoweb
c:\users\User\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\User\AppData\Roaming\cacaoweb\errorlog.txt
c:\users\User\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\User\AppData\Roaming\cacaoweb\replicating3BB973C118EF49EA14BE4A69F0F8E9B2.cacao
c:\users\User\AppData\Roaming\cacaoweb\replicating8D458778C0499AEA6A58142697C834F7.cacao
c:\users\User\AppData\Roaming\cacaoweb\replicatingF63B6E496B44F5D9BD48927712A23666.cacao
c:\users\User\AppData\Roaming\cacaoweb\storage.db
c:\users\User\Desktop\cacaoweb.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-02 20:22 . 2012-07-02 20:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 20:22 . 2012-07-02 20:22 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-02 17:07 . 2009-07-14 01:39 328704 ----a-w- c:\windows\SysWow64\services.exe
2012-07-01 22:23 . 2012-07-01 22:23 -------- d-----w- c:\program files (x86)\iExplorer
2012-07-01 22:07 . 2012-07-01 22:07 -------- d-----w- c:\program files (x86)\i-Funbox DevTeam
2012-07-01 02:52 . 2012-07-02 20:15 -------- d-----w- c:\users\User\AppData\Local\CrashDumps
2012-06-26 03:40 . 2012-06-26 03:40 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-26 03:40 . 2012-06-14 22:20 85472 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-26 03:17 . 2012-07-02 17:09 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-06-26 03:16 . 2012-07-02 17:09 -------- d-----w- c:\program files\Common Files\McAfee
2012-06-26 03:16 . 2012-06-26 03:18 -------- d-----w- c:\program files\McAfee
2012-06-26 03:16 . 2012-06-26 03:19 -------- d-----w- c:\program files (x86)\McAfee
2012-06-25 23:43 . 2012-06-26 00:04 -------- d-----w- c:\users\User\AppData\Local\NPE
2012-06-25 21:44 . 2012-06-26 02:30 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-06-25 01:33 . 2012-06-25 01:33 -------- d-----w- c:\users\User\jagexcache
2012-06-24 23:24 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 23:24 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 23:24 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 23:24 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 23:24 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 23:24 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 23:24 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 23:23 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 23:23 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 22:03 . 2012-06-22 22:03 -------- d-----w- C:\.jagex_cache_32
2012-06-15 16:54 . 2012-06-15 16:54 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-06-13 02:01 . 2012-06-13 02:01 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-13 02:01 . 2012-06-13 02:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-06-12 22:48 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 22:48 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 22:48 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 22:48 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 22:48 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-12 22:48 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-12 22:48 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-12 22:47 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 22:47 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 22:47 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-12 22:47 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-12 22:47 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 22:47 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 22:47 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 22:47 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-12 22:47 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-12 22:47 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-11 03:09 . 2012-06-11 03:09 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-06-11 03:09 . 2012-06-11 03:09 -------- d-----w- c:\programdata\Malwarebytes
2012-06-10 02:39 . 2012-06-10 02:39 -------- d-----w- c:\users\User\AppData\Local\Macromedia
2012-06-09 22:57 . 2012-06-19 00:23 -------- d-----w- c:\users\User\AppData\Roaming\U3
2012-06-07 19:13 . 2012-06-07 19:13 -------- d-----w- c:\users\User\AppData\Roaming\Copyright © 2011-2012 RealNetworks
2012-06-07 19:13 . 2012-06-07 19:13 -------- d-----w- c:\users\User\AppData\Local\IsolatedStorage
2012-06-07 06:39 . 2012-06-07 06:39 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-06 04:26 . 2012-06-26 04:55 -------- d-----w- C:\sn0wbreeze
2012-06-05 19:04 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7060F48-40A4-4CB3-BD62-C47ED962DD78}\mpengine.dll
2012-06-05 18:57 . 2012-06-26 00:19 -------- d-----w- c:\program files (x86)\Project64 1.6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-02 02:36 . 2012-05-12 18:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-02 02:36 . 2012-02-11 17:28 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 02:13 . 2012-05-12 19:12 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-19 01:24 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-19 01:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-18 04:11 . 2012-05-18 04:11 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-18 04:11 . 2010-07-11 05:29 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-08 21:32 . 2012-04-08 21:31 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-05 02:42 . 2012-04-05 02:04 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-04-05 02:42 . 2012-04-05 02:42 770912 ----a-w- c:\windows\SysWow64\Msfdbqp.dll
2012-04-05 02:42 . 2012-04-05 02:42 511328 ----a-w- c:\windows\SysWow64\Synchronization2.dll
2012-04-05 02:42 . 2012-04-05 02:42 397152 ----a-w- c:\windows\SysWow64\Msfdbse.dll
2012-04-05 02:42 . 2012-04-05 02:42 253280 ----a-w- c:\windows\SysWow64\MetaStore2.dll
2012-04-05 02:42 . 2012-04-05 02:42 230240 ----a-w- c:\windows\SysWow64\Msfdb.dll
2012-04-05 02:42 . 2012-04-05 02:42 189792 ----a-w- c:\windows\SysWow64\SimpleProviders2.dll
2012-04-05 02:42 . 2012-04-05 02:42 171360 ----a-w- c:\windows\SysWow64\FileSyncProvider2.dll
2012-04-05 02:42 . 2012-04-05 02:42 156512 ----a-w- c:\windows\SysWow64\FeedSync2.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-12 137536]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"ooVoo.exe"="c:\program files (x86)\ooVoo\ooVoo.exe" [2012-05-16 25243768]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0321111340680693mcinstcleanup;McAfee Application Installer Cleanup (0321111340680693);c:\users\User\AppData\Local\Temp\032111~1.EXE [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-03 22528]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 35112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-05 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-17 202752]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-25 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-06-17 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-17 188928]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-08 283200]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 02:36]
.
2012-07-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-859470954-980683245-3061103797-1000Core.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-18 06:18]
.
2012-07-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-859470954-980683245-3061103797-1000UA.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-18 06:18]
.
2012-07-01 c:\windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - User.job
- c:\program files (x86)\Frontline Registry Cleaner\REGCLEANER.exe [2010-05-08 20:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
2011-09-09 01:21 167416 ----a-w- c:\users\User\AppData\Roaming\Complitly\64\Complitly64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} - hxxp://68.41.109.166/cab/DownloadCenter_8300.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qvlj97ar.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7aeb3efd-e564-43f1-b658-5058a7c5743b} - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2012-07-02 16:35:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-02 20:35
.
Pre-Run: 118,627,487,744 bytes free
Post-Run: 121,614,004,224 bytes free
.
- - End Of File - - B5801BDEED462D6CB2AB4F314AA4AFD5

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:39 AM

Posted 03 July 2012 - 07:42 AM

Looking good.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what problem persists.

#10 hf44

hf44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 03 July 2012 - 04:56 PM

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Frontline Registry Cleaner
Java™ 6 Update 32
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:39 AM

Posted 04 July 2012 - 07:46 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 32


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#12 hf44

hf44
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 05 July 2012 - 12:07 AM

Thank you so much! You are a life saver!

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:39 AM

Posted 11 July 2012 - 09:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users