Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Patched_c.LXT


  • This topic is locked This topic is locked
28 replies to this topic

#1 QuantumWormhole

QuantumWormhole

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 28 June 2012 - 12:19 PM

Hello, my AVG continues to show me its popup window saying that there is an infection due to Trojan Patched_c.LXT coming from System32\services.exe
This happens every time I turn on my laptop.
I have followed your explanations, but I'm not able to activate the firewall, this is probably the effect of the virus.
Another problem: I know I have to check the options on the window of GMER, but some of them (from "System" to "Libraries" and also "Show all") are not accessible. I have run it however and attached the ark.txt file.
Many thanks in advance,

QuantumWormhole

P.S.: the DDS file is below:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Diego at 18:36:55 on 2012-06-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.6055.3939 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: KMPlayer Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: KMPlayer Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [<NO NAME>]
uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 10.188.0.1
TCP: Interfaces\{1F1AA81C-7A5B-4643-9754-355A43CBF8A6} : DhcpNameServer = 10.188.0.1
TCP: Interfaces\{1F1AA81C-7A5B-4643-9754-355A43CBF8A6}\356425027596649602055726C69636 : DhcpNameServer = 109.0.66.20 109.0.66.10
TCP: Interfaces\{1F1AA81C-7A5B-4643-9754-355A43CBF8A6}\7616D656D61637475627 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1F1AA81C-7A5B-4643-9754-355A43CBF8A6}\94E6475627E656470275966696273747D22402F48766F62746 : DhcpNameServer = 10.188.0.1
TCP: Interfaces\{1F1AA81C-7A5B-4643-9754-355A43CBF8A6}\F48766F62746D277966696273747D21313 : DhcpNameServer = 10.188.0.1
TCP: Interfaces\{1F1AA81C-7A5B-4643-9754-355A43CBF8A6}\F48766F62746D277966696273747D21373 : DhcpNameServer = 10.188.0.1
TCP: Interfaces\{1F1AA81C-7A5B-4643-9754-355A43CBF8A6}\F48766F62746D277966696273747D22323 : DhcpNameServer = 10.188.0.1
TCP: Interfaces\{1F1AA81C-7A5B-4643-9754-355A43CBF8A6}\F48766F62746D277966696273747D263 : DhcpNameServer = 10.188.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
BHO-X64: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
{8dcb7100-df86-4384-8842-8fa844297b3f}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{95B7759C-8C7F-4BF1-B163-73684A933233}
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [(Predefinito)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\8edknhka.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bee84bfcb-0013-49dd-b876-73d2ceb97606%7D&mid=18da11015ce747d19afba5662e134db7-0454e95180f141285acbdc39564a9b978bd76e4b&ds=AVG&v=11.1.0.7&lang=it&pr=fr&d=2012-06-08%2018%3A54%3A56&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-4 2009704]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-2-18 624856]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-8 935480]
R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Servizio Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-3 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-3 116648]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-06-27 20:23:56 -------- d-----w- C:\Users\Diego\AppData\Roaming\GetRightToGo
2012-06-27 19:50:30 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-22 16:11:54 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 16:11:35 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 16:11:18 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 16:11:18 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 16:08:40 -------- d-----w- C:\Users\Diego\AppData\Local\Macromedia
2012-06-19 15:35:14 4967624 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-14 21:06:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-14 21:06:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-14 16:23:28 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 16:20:18 -------- d-----r- C:\Program Files (x86)\Skype
2012-06-12 17:58:10 -------- d-----w- C:\Program Files (x86)\LenMus4.2.2
2012-06-11 15:51:25 -------- d-----w- C:\Program Files (x86)\Common Files\Steinberg
2012-06-11 15:32:08 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign
2012-06-11 15:31:49 -------- d-----w- C:\Program Files (x86)\East West
2012-06-09 00:19:20 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-09 00:19:20 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-08 16:55:14 -------- d-----w- C:\Users\Diego\AppData\Local\AVG Secure Search
2012-06-08 16:54:54 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-06-08 16:54:54 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-06-08 16:54:53 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-06-03 11:38:51 -------- d-----w- C:\Users\Diego\AppData\Roaming\Logia
2012-06-03 11:38:50 -------- d-----w- C:\Program Files (x86)\Logia
2012-06-02 14:41:25 491520 ----a-w- C:\Windows\SysWow64\msvcr80.dll
2012-06-02 14:41:24 -------- d-----w- C:\Program Files (x86)\LUXONIX
2012-06-02 14:40:49 -------- d-----w- C:\Data
2012-06-02 14:40:48 5711 ----a-w- C:\FLVDirect.exe
2012-06-02 13:41:06 -------- d-----w- C:\Users\Diego\AppData\Roaming\Image-Line
2012-06-02 13:11:50 -------- d-----w- C:\Users\Diego\.lilypond-fonts.cache-2
2012-06-02 13:00:19 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-06-02 13:00:19 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-06-02 13:00:19 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-06-02 12:59:48 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-06-02 12:58:45 225280 ----a-w- C:\Windows\SysWow64\rewire.dll
2012-06-02 12:58:45 -------- d-----w- C:\Program Files (x86)\VstPlugins
2012-06-02 12:58:38 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2012-06-02 12:58:34 -------- d-----w- C:\Program Files (x86)\Outsim
2012-06-02 12:56:17 -------- d-----w- C:\Program Files (x86)\Image-Line
.
==================== Find3M ====================
.
2012-06-25 16:38:04 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-06-22 16:08:02 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-22 16:08:02 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-05 15:25:22 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-22 11:51:38 25600 ----a-w- C:\Windows\System32\drivers\pccsmcfdx64.sys
2012-04-19 02:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
.
============= FINISH: 18:37:32,90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:04 AM

Posted 30 June 2012 - 12:16 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 QuantumWormhole

QuantumWormhole
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 30 June 2012 - 06:35 AM

Hi Gringo, many thanks for your help!
Below there is the FRST.txt file:


Scan result of Farbar Recovery Scan Tool Version: 30-06-2012 03
Ran by SYSTEM at 30-06-2012 13:26:35
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2226280 2011-05-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-31] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-31] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-31] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [370 2012-06-30] ()
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-12] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-26] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1104440 2012-06-08] ()
HKU\Diego\...\Run: [] [x]
HKU\Diego\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1084840 2012-05-16] (Nokia)
HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.188.0.1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()

==================== Services (Whitelisted) ======

2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5106744 2012-04-29] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [624856 2012-04-06] (Pandora.TV)
2 vToolbarUpdater11.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [935480 2012-06-08] ()

========================== Drivers (Whitelisted) =============

3 appliand; C:\Windows\System32\Drivers\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-03-13] (Atheros)
1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-25] (ASUS)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-21] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-18] (AVG Technologies CZ, s.r.o.)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [298656 2011-03-13] (Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [28832 2011-03-13] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [201376 2011-03-13] (Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [55456 2011-03-13] (Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [154272 2011-03-13] (Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [280224 2011-03-13] (Atheros)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [290920 2010-08-03] (Realtek Semiconductor Corp.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()
3 ALSysIO; \??\C:\Users\Diego\AppData\Local\Temp\ALSysIO64.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-28 09:14 - 2012-06-28 09:14 - 00000615 ____A C:\Users\Diego\Desktop\ark.txt
2012-06-28 08:48 - 2011-07-16 12:21 - 00302592 ____A C:\Users\Diego\Desktop\gmer.exe
2012-06-28 08:39 - 2012-06-28 08:39 - 00006165 ____A C:\Users\Diego\Desktop\Attach.txt
2012-06-28 08:38 - 2012-06-28 08:38 - 00030960 ____A C:\Users\Diego\Desktop\DDS.txt
2012-06-28 08:36 - 2012-06-28 08:36 - 00607260 ____R (Swearware) C:\Users\Diego\Desktop\dds.scr
2012-06-27 12:30 - 2012-06-27 12:30 - 01906163 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-27 12:23 - 2012-06-27 12:29 - 00000000 ____D C:\Users\Diego\AppData\Roaming\GetRightToGo
2012-06-27 12:14 - 2012-06-27 12:14 - 04570514 ____A (Swearware) C:\Users\Diego\Downloads\ComboFix.exe
2012-06-27 11:50 - 2012-06-27 11:50 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-26 11:16 - 2012-06-27 11:24 - 00000000 ____D C:\Users\Diego\Desktop\Bigliettino
2012-06-26 09:51 - 2012-06-26 09:51 - 01666053 ____A C:\Users\Diego\Downloads\Frloops - Violin Beat 2.mp3
2012-06-23 09:10 - 2012-06-23 09:10 - 00367987 ____A C:\Users\Diego\Desktop\RegalONE - Divertimento su Misura - Attivitą 2.mht
2012-06-23 09:04 - 2012-06-23 09:04 - 00246357 ____A C:\Users\Diego\Desktop\RegalONE - Divertimento su Misura - Attivitą.mht
2012-06-22 08:11 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 08:11 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 08:11 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 08:11 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 08:11 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 08:11 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 08:11 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 08:11 - 2012-06-02 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 08:11 - 2012-06-02 05:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-22 08:08 - 2012-06-22 08:08 - 00000000 ____D C:\Users\Diego\AppData\Local\Macromedia
2012-06-14 13:06 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 13:06 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 13:06 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 13:05 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 13:05 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 13:05 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 13:05 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 13:05 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 13:05 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 13:05 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 13:05 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 13:05 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 13:05 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 13:05 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 13:05 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 13:05 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 13:05 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 13:05 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 13:05 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 13:05 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 13:05 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 13:05 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 13:05 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 13:05 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 13:05 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 13:05 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 13:05 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 13:05 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-14 08:23 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 08:23 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-14 08:23 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-14 08:23 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-14 08:23 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-14 08:23 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 08:23 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 08:23 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 08:23 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 08:23 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 08:23 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 08:23 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 08:23 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-14 08:23 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-14 08:23 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-14 08:23 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-14 08:23 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-14 08:20 - 2012-06-21 08:26 - 00000000 ____D C:\Users\All Users\Skype
2012-06-14 08:20 - 2012-06-15 08:23 - 00000000 ____D C:\Users\Diego\AppData\Roaming\Skype
2012-06-14 08:20 - 2012-06-14 08:20 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-14 08:20 - 2012-06-14 08:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-06-14 08:19 - 2012-06-14 08:19 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Diego\Downloads\SkypeSetup.exe
2012-06-12 09:58 - 2012-06-12 09:58 - 00001114 ____A C:\Users\Diego\Desktop\lenmus 4.2.2.lnk
2012-06-12 09:58 - 2012-06-12 09:58 - 00000000 ____D C:\Program Files (x86)\LenMus4.2.2
2012-06-12 09:56 - 2012-06-12 09:56 - 08290742 ____A C:\Users\Diego\Downloads\lenmus_4.2.2_setup.exe
2012-06-11 08:31 - 2012-06-11 08:31 - 00000000 ____D C:\Users\Diego\Downloads\dxshell_v1.0.2b
2012-06-11 08:30 - 2012-06-11 08:30 - 00374170 ____A C:\Users\Diego\Downloads\dxshell_v1.0.2b.zip
2012-06-11 07:32 - 2012-06-11 07:32 - 00001147 ____A C:\Users\UpdatusUser\Desktop\Symphonic Choirs.lnk
2012-06-11 07:31 - 2012-06-11 07:51 - 00000000 ____D C:\Program Files (x86)\East West
2012-06-08 08:55 - 2012-06-08 08:55 - 00000000 ____D C:\Users\Diego\AppData\Local\AVG Secure Search
2012-06-08 08:54 - 2012-06-08 08:55 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-06-08 08:54 - 2012-06-08 08:54 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-06-03 03:38 - 2012-06-03 03:41 - 00000000 ____D C:\Program Files (x86)\Logia
2012-06-03 03:38 - 2012-06-03 03:38 - 00000000 ____D C:\Users\Diego\AppData\Roaming\Logia
2012-06-02 06:41 - 2012-06-02 06:41 - 00000000 ____D C:\Program Files (x86)\LUXONIX
2012-06-02 06:41 - 2005-03-23 22:26 - 00491520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2012-06-02 06:40 - 2012-06-02 06:40 - 00005711 ____A C:\FLVDirect.exe
2012-06-02 06:40 - 2012-06-02 06:40 - 00000000 ____D C:\Data
2012-06-02 05:41 - 2012-06-02 05:41 - 00000000 ____D C:\Users\Diego\AppData\Roaming\Image-Line
2012-06-02 05:11 - 2012-06-02 05:13 - 00000000 ____D C:\Users\Diego\.lilypond-fonts.cache-2
2012-06-02 05:00 - 2012-06-02 05:00 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-06-02 05:00 - 2012-06-02 05:00 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-06-02 05:00 - 2012-06-02 05:00 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-06-02 04:59 - 2012-06-02 04:59 - 00001144 ____A C:\Users\Diego\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2012-06-02 04:59 - 2012-06-02 04:59 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2012-06-02 04:58 - 2012-06-11 08:37 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2012-06-02 04:58 - 2012-06-02 04:58 - 00001152 ____A C:\Users\Public\Desktop\FL Studio 10.lnk
2012-06-02 04:58 - 2012-06-02 04:58 - 00000000 ____D C:\Users\Diego\Documents\Image-Line
2012-06-02 04:58 - 2012-06-02 04:58 - 00000000 ____D C:\Program Files (x86)\Outsim
2012-06-02 04:58 - 2009-09-15 01:14 - 01554944 ____A (HMS http://hp.vector.co.jp/authors/VA012897/) C:\Windows\SysWOW64\vorbis.acm
2012-06-02 04:58 - 2006-06-20 00:56 - 00225280 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\rewire.dll
2012-06-02 04:56 - 2012-06-02 04:58 - 00000000 ____D C:\Program Files (x86)\Image-Line
2012-06-02 04:54 - 2012-06-13 09:34 - 00000000 ____D C:\Users\Diego\Documents\Fruity Loops Studio 10


============ 3 Months Modified Files ========================

2012-06-30 03:20 - 2012-05-03 05:07 - 00001144 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-30 03:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-30 03:20 - 2009-07-13 20:51 - 00075183 ____A C:\Windows\setupact.log
2012-06-30 03:15 - 2009-07-13 20:45 - 00003072 _____ C:\Windows\System32\umstartup.etl
2012-06-30 03:05 - 2011-11-03 21:37 - 01434958 ____A C:\Windows\WindowsUpdate.log
2012-06-30 03:05 - 2011-02-18 20:35 - 00710660 ____A C:\Windows\System32\perfh010.dat
2012-06-30 03:05 - 2011-02-18 20:35 - 00131936 ____A C:\Windows\System32\perfc010.dat
2012-06-30 03:05 - 2009-07-13 21:13 - 01573890 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-30 03:05 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-30 03:05 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-30 02:39 - 2009-07-13 21:08 - 00032618 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-29 13:25 - 2012-03-31 04:09 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-29 13:12 - 2012-05-03 05:07 - 00001148 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-29 08:22 - 2012-02-10 08:02 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-06-28 09:14 - 2012-06-28 09:14 - 00000615 ____A C:\Users\Diego\Desktop\ark.txt
2012-06-28 08:39 - 2012-06-28 08:39 - 00006165 ____A C:\Users\Diego\Desktop\Attach.txt
2012-06-28 08:38 - 2012-06-28 08:38 - 00030960 ____A C:\Users\Diego\Desktop\DDS.txt
2012-06-28 08:36 - 2012-06-28 08:36 - 00607260 ____R (Swearware) C:\Users\Diego\Desktop\dds.scr
2012-06-28 08:21 - 2011-04-12 17:39 - 00403692 ____A C:\Windows\PFRO.log
2012-06-27 12:30 - 2012-06-27 12:30 - 01906163 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-27 12:19 - 2009-07-13 20:45 - 04838880 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-27 12:14 - 2012-06-27 12:14 - 04570514 ____A (Swearware) C:\Users\Diego\Downloads\ComboFix.exe
2012-06-27 10:31 - 2012-02-10 08:02 - 00065208 ____A C:\Users\Diego\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-27 09:43 - 2012-02-25 04:21 - 00000132 ____A C:\Users\Diego\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-06-27 09:32 - 2012-02-15 10:19 - 01683456 __ASH C:\Users\Diego\Desktop\Thumbs.db
2012-06-26 09:51 - 2012-06-26 09:51 - 01666053 ____A C:\Users\Diego\Downloads\Frloops - Violin Beat 2.mp3
2012-06-23 12:57 - 2012-02-24 14:51 - 00000132 ____A C:\Users\Diego\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-23 09:10 - 2012-06-23 09:10 - 00367987 ____A C:\Users\Diego\Desktop\RegalONE - Divertimento su Misura - Attivitą 2.mht
2012-06-23 09:04 - 2012-06-23 09:04 - 00246357 ____A C:\Users\Diego\Desktop\RegalONE - Divertimento su Misura - Attivitą.mht
2012-06-22 08:08 - 2012-03-31 04:09 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-22 08:08 - 2012-02-29 10:41 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-15 08:21 - 2011-11-03 22:00 - 00002278 ____A C:\Windows\System32\AutoRunFilter.ini
2012-06-15 08:21 - 2011-11-03 22:00 - 00001480 ____A C:\Windows\System32\ServiceFilter.ini
2012-06-14 13:10 - 2012-02-10 08:29 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-14 10:17 - 2012-02-14 15:15 - 00000343 ____A C:\Users\Diego\Desktop\Nuovo documento di testo.txt
2012-06-14 08:20 - 2012-06-14 08:20 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-14 08:19 - 2012-06-14 08:19 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Diego\Downloads\SkypeSetup.exe
2012-06-12 09:58 - 2012-06-12 09:58 - 00001114 ____A C:\Users\Diego\Desktop\lenmus 4.2.2.lnk
2012-06-12 09:56 - 2012-06-12 09:56 - 08290742 ____A C:\Users\Diego\Downloads\lenmus_4.2.2_setup.exe
2012-06-12 00:21 - 2012-03-10 10:13 - 00000981 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-06-11 08:30 - 2012-06-11 08:30 - 00374170 ____A C:\Users\Diego\Downloads\dxshell_v1.0.2b.zip
2012-06-11 07:32 - 2012-06-11 07:32 - 00001147 ____A C:\Users\UpdatusUser\Desktop\Symphonic Choirs.lnk
2012-06-02 14:19 - 2012-06-22 08:11 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 08:11 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 08:11 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 08:11 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 08:11 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 08:11 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 08:11 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 09:29 - 2012-05-21 09:17 - 00000321 ____A C:\Users\Diego\Desktop\Nuovo documento di testo (5).txt
2012-06-02 06:40 - 2012-06-02 06:40 - 00005711 ____A C:\FLVDirect.exe
2012-06-02 05:19 - 2012-06-22 08:11 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:15 - 2012-06-22 08:11 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 05:00 - 2012-06-02 05:00 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-06-02 05:00 - 2012-06-02 05:00 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-06-02 05:00 - 2012-06-02 05:00 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-06-02 04:59 - 2012-06-02 04:59 - 00001144 ____A C:\Users\Diego\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2012-06-02 04:58 - 2012-06-02 04:58 - 00001152 ____A C:\Users\Public\Desktop\FL Studio 10.lnk
2012-05-24 08:25 - 2012-05-24 08:25 - 00002091 ____A C:\Users\Public\Desktop\Nokia Suite.lnk
2012-05-24 08:24 - 2011-11-03 21:51 - 00041524 ____A C:\Windows\DPINST.LOG
2012-05-17 18:47 - 2012-06-14 13:05 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-14 13:05 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-14 13:05 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-14 13:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-14 13:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-14 13:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-14 13:05 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-14 13:05 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-14 13:05 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-14 13:05 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-14 13:05 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-14 13:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-14 13:06 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-14 13:05 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-14 13:05 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-14 13:05 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-14 13:05 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-14 13:05 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-14 13:05 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 13:05 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-14 13:05 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-14 13:05 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 13:05 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-14 13:05 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 13:05 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-14 13:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 13:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 13:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-14 08:23 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 07:35 - 2012-05-10 04:20 - 00047786 ____A C:\Users\Diego\Desktop\Toy Model 3.lyx
2012-05-11 07:30 - 2012-05-10 04:20 - 00045395 ____A C:\Users\Diego\Desktop\Toy Model 3.lyx~
2012-05-10 09:33 - 2012-05-10 09:33 - 00721033 ____A C:\Users\Diego\Desktop\Rimpatrio dei cervelli, scattano gli incentivi per il rientro_ Irpef sui redditi da lavoro super scontata - Il Sole 24 ORE.mht
2012-05-10 04:14 - 2012-05-10 04:13 - 80248066 ____A C:\Users\Diego\Downloads\LyX-2.0.3-2-Installer.exe
2012-05-05 07:39 - 2012-02-11 03:18 - 00000949 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-05 07:25 - 2012-03-31 07:25 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 03:06 - 2012-06-14 08:23 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-14 08:23 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 08:23 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 06:24 - 2012-05-02 04:59 - 00003946 ____A C:\Users\Diego\Desktop\Nuovo documento di testo (4).txt
2012-05-03 05:07 - 2012-05-03 05:07 - 00002214 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-05-03 05:06 - 2012-05-03 05:06 - 00739816 ____A (Google Inc.) C:\Users\Diego\Downloads\GoogleEarthSetup.exe
2012-04-30 21:40 - 2012-06-14 08:23 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-14 08:23 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 10:41 - 2012-04-27 10:41 - 00002788 ____A C:\Users\Public\Desktop\Nero StartSmart.lnk
2012-04-27 10:41 - 2012-04-27 10:41 - 00002692 ____A C:\Users\Public\Desktop\Nero Home.lnk
2012-04-25 21:41 - 2012-06-14 08:23 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-14 08:23 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-14 08:23 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 10:43 - 2012-04-25 08:53 - 141441529 ____A C:\Users\Diego\Desktop\[PSP]Metal.Slug.Double.XX.[USA][FIX].-.[ESPALPSP.com].rar
2012-04-23 21:37 - 2012-06-14 08:23 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-14 08:23 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-14 08:23 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-14 08:23 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-14 08:23 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-14 08:23 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-22 12:25 - 2012-04-22 08:06 - 00000051 ____A C:\Users\Diego\Desktop\Nuovo documento di testo (2).txt
2012-04-22 03:51 - 2012-02-11 03:53 - 00025600 ____A (Nokia) C:\Windows\System32\Drivers\pccsmcfdx64.sys
2012-04-18 18:50 - 2012-04-18 18:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-04-17 11:39 - 2012-04-17 11:39 - 00001009 ____A C:\Users\Diego\Desktop\Alarm.lnk
2012-04-13 12:29 - 2012-04-13 12:29 - 00272930 ____A C:\Users\Diego\Desktop\Motore grafico - Wikipedia.mht
2012-04-07 04:31 - 2012-06-14 08:23 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-14 08:23 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll


ZeroAccess:
C:\Windows\Installer\{8e332967-9d87-6826-99f8-79db66641bd3}
C:\Windows\Installer\{8e332967-9d87-6826-99f8-79db66641bd3}\@
C:\Windows\Installer\{8e332967-9d87-6826-99f8-79db66641bd3}\L
C:\Windows\Installer\{8e332967-9d87-6826-99f8-79db66641bd3}\U
C:\Windows\Installer\{8e332967-9d87-6826-99f8-79db66641bd3}\L\00000004.@
C:\Windows\Installer\{8e332967-9d87-6826-99f8-79db66641bd3}\L\201d3dde
C:\Windows\Installer\{8e332967-9d87-6826-99f8-79db66641bd3}\L\55490ac4
C:\Windows\Installer\{8e332967-9d87-6826-99f8-79db66641bd3}\U\00000004.@
C:\Windows\Installer\{8e332967-9d87-6826-99f8-79db66641bd3}\U\00000008.@
C:\Windows\Installer\{8e332967-9d87-6826-99f8-79db66641bd3}\U\000000cb.@
C:\Windows\Installer\{8e332967-9d87-6826-99f8-79db66641bd3}\U\80000000.@
C:\Windows\Installer\{8e332967-9d87-6826-99f8-79db66641bd3}\U\80000032.@
C:\Windows\Installer\{8e332967-9d87-6826-99f8-79db66641bd3}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6054.7 MB
Available physical RAM: 5381.38 MB
Total Pagefile: 6052.84 MB
Available Pagefile: 5370.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:89.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:394.07 GB) NTFS
4 Drive f: (FLASHDRIVE) (Removable) (Total:14.91 GB) (Free:2.06 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 279 GB 25 GB
Partition 3 Primary 394 GB 304 GB

==================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 279 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 394 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FLASHDRIVE FAT32 Removable 14 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-23 05:32

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:04 AM

Posted 30 June 2012 - 11:25 AM

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 QuantumWormhole

QuantumWormhole
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 30 June 2012 - 11:53 AM

Hello Gringo, here is the Search.txt file:


Farbar Recovery Scan Tool Version: 30-06-2012 03
Ran by SYSTEM at 2012-06-30 18:42:04
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:04 AM

Posted 30 June 2012 - 03:00 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{8e332967-9d87-6826-99f8-79db66641bd3}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 QuantumWormhole

QuantumWormhole
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 30 June 2012 - 03:22 PM

Hello,

I don't know it is important or not, but I forgot to say that once every 2 or more hours there was a new window of Firefox that was opened automatically with some advertisements.
This time when I have restarted the laptop I haven't seen the avg popup window, but maybe it's too early and it will appear later.
However the log file is below:



Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 30-06-2012 03
Ran by SYSTEM at 2012-06-30 22:13:30 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{8e332967-9d87-6826-99f8-79db66641bd3} moved successfully.

==== End of Fixlog ====

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:04 AM

Posted 30 June 2012 - 03:50 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 QuantumWormhole

QuantumWormhole
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 30 June 2012 - 04:15 PM

Hello,

I have a small problem. I have disabled avg for 15 minutes following the instructions, but combofix says that "AVG Anti-Virus Free Edition 2012" antivirus and antispyware are still active, even if they aren't.
Is it better to uninstall avg directly?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:04 AM

Posted 30 June 2012 - 08:45 PM

Greetings


considering I don't like AVG at this time go ahead and uninstall it and later I will show you a better free antivirus



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 QuantumWormhole

QuantumWormhole
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 01 July 2012 - 04:36 AM

Hello,

I have uninstalled avg and restarted the laptop just to be sure the everything was removed correctly.
However, when I tried to run combofix, it still told me that avg was active.
This time I tried to risk, and I let combofix to go on.
When it finished, I wasn't able to open firefox or notepad due to some error message.
So I restarted the laptop and this time everything was fine fortunately.
Now I don't have any antivirus installed.
However in the Windows Task Manager I see that a lot of strange processes are still running, with names like "AcroRd.exe*32", "ATKOSD.exe*32", "DMedia.exe*32", etc.
Regards,

QW

P.S.: hops sure, the log file is below:



ComboFix 12-06-30.01 - Diego 01/07/2012 11:06:38.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.6055.4299 [GMT 2:00]
Eseguito da: c:\users\Diego\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\Lp_setup.exe
C:\FLVDirect.exe
c:\programdata\FullRemove.exe
c:\users\Diego\AppData\Roaming\OfferBox
c:\users\Diego\AppData\Roaming\OfferBox\config.xml
c:\users\Diego\AppData\Roaming\OfferBox\run.log
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\iun6002.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-01 al 2012-07-01 )))))))))))))))))))))))))))))))))))
.
.
2012-07-01 09:13 . 2012-07-01 09:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-01 09:13 . 2012-07-01 09:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-30 21:26 . 2012-06-30 21:26 -------- d-----w- C:\FRST
2012-06-27 20:23 . 2012-06-27 20:29 -------- d-----w- c:\users\Diego\AppData\Roaming\GetRightToGo
2012-06-27 19:50 . 2012-06-27 19:50 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-22 16:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 16:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 16:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 16:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 16:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 16:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 16:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 16:11 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 16:11 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 16:08 . 2012-06-22 16:08 -------- d-----w- c:\users\Diego\AppData\Local\Macromedia
2012-06-19 15:35 . 2012-06-19 15:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-14 21:06 . 2012-05-18 01:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-14 21:06 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-14 16:23 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 16:20 . 2012-06-15 16:23 -------- d-----w- c:\users\Diego\AppData\Roaming\Skype
2012-06-14 16:20 . 2012-06-14 16:20 -------- d-----r- c:\program files (x86)\Skype
2012-06-14 16:20 . 2012-06-14 16:20 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-14 16:20 . 2012-06-21 16:26 -------- d-----w- c:\programdata\Skype
2012-06-12 17:58 . 2012-06-12 17:58 -------- d-----w- c:\program files (x86)\LenMus4.2.2
2012-06-11 15:51 . 2012-06-11 15:51 -------- d-----w- c:\program files (x86)\Common Files\Steinberg
2012-06-11 15:32 . 2012-06-11 15:32 -------- d-----w- c:\program files (x86)\Common Files\Digidesign
2012-06-11 15:31 . 2012-06-11 15:51 -------- d-----w- c:\program files (x86)\East West
2012-06-09 00:19 . 2012-06-09 00:19 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-09 00:19 . 2012-06-09 00:19 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-03 11:38 . 2012-06-03 11:38 -------- d-----w- c:\users\Diego\AppData\Roaming\Logia
2012-06-03 11:38 . 2012-06-03 11:41 -------- d-----w- c:\program files (x86)\Logia
2012-06-02 14:41 . 2005-03-24 06:26 491520 ----a-w- c:\windows\SysWow64\msvcr80.dll
2012-06-02 14:41 . 2012-06-02 14:41 -------- d-----w- c:\program files (x86)\LUXONIX
2012-06-02 13:41 . 2012-06-02 13:41 -------- d-----w- c:\users\Diego\AppData\Roaming\Image-Line
2012-06-02 13:11 . 2012-06-02 13:13 -------- d-----w- c:\users\Diego\.lilypond-fonts.cache-2
2012-06-02 13:00 . 2012-06-02 13:00 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-06-02 13:00 . 2012-06-02 13:00 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-06-02 13:00 . 2012-06-02 13:00 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-06-02 12:59 . 2012-06-02 12:59 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-06-02 12:58 . 2012-06-11 16:37 -------- d-----w- c:\program files (x86)\VstPlugins
2012-06-02 12:58 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-06-02 12:58 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-06-02 12:58 . 2012-06-02 12:58 -------- d-----w- c:\program files (x86)\Outsim
2012-06-02 12:56 . 2012-06-02 12:58 -------- d-----w- c:\program files (x86)\Image-Line
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-01 09:14 . 2012-02-10 16:02 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-06-22 16:08 . 2012-03-31 12:09 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-22 16:08 . 2012-02-29 18:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 15:25 . 2012-03-31 15:25 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-22 11:51 . 2012-02-11 11:53 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-11-4 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 250056]
R3 ALSysIO;ALSysIO;c:\users\Diego\AppData\Local\Temp\ALSysIO64.sys [x]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 116648]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-06 624856]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 16:08]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:07]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.188.0.1
FF - ProfilePath - c:\users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\8edknhka.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bee84bfcb-0013-49dd-b876-73d2ceb97606%7D&mid=18da11015ce747d19afba5662e134db7-0454e95180f141285acbdc39564a9b978bd76e4b&ds=AVG&v=11.1.0.7&lang=it&pr=fr&d=2012-06-08%2018%3A54%3A56&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-WYSIWYG_Web_Builder_8 - c:\windows\iun6002.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-01 11:20:19 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2012-07-01 09:20
.
Pre-Run: 98.002.219.008 byte disponibili
Post-Run: 98.797.191.168 byte disponibili
.
- - End Of File - - B7009045663AD0887DC2EBA9F5EFB99C

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:04 AM

Posted 01 July 2012 - 12:36 PM

Greetings

here is a better free antivirus - Microsoft Security Essentials

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 QuantumWormhole

QuantumWormhole
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 01 July 2012 - 01:38 PM

Hello Gringo,

tdsskiller has worked perfectly, and the log is below.
However I have a problem with aswMBR.
In fact the first time it worked only for some minutes and then it crashed: the famous blue window with white sentences appeared, saying something like "the process has been stopped to avoid damage to your computer".
So I had to turn off it manually and to restart it.
Then I have run aswMBR again, but this time, after several minutes, when it started to check the torrent folder, aswMBR suddenly stopped to work (no blue window this time however), so I don't have its log file.
Therefore here I have only the tdsskiller log:



19:49:13.0738 8188 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
19:49:14.0123 8188 ============================================================
19:49:14.0123 8188 Current date / time: 2012/07/01 19:49:14.0123
19:49:14.0123 8188 SystemInfo:
19:49:14.0123 8188
19:49:14.0124 8188 OS Version: 6.1.7601 ServicePack: 1.0
19:49:14.0124 8188 Product type: Workstation
19:49:14.0124 8188 ComputerName: DIEGO-PC
19:49:14.0124 8188 UserName: Diego
19:49:14.0124 8188 Windows directory: C:\Windows
19:49:14.0124 8188 System windows directory: C:\Windows
19:49:14.0124 8188 Running under WOW64
19:49:14.0124 8188 Processor architecture: Intel x64
19:49:14.0124 8188 Number of processors: 4
19:49:14.0124 8188 Page size: 0x1000
19:49:14.0124 8188 Boot type: Normal boot
19:49:14.0124 8188 ============================================================
19:49:16.0012 8188 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:49:16.0063 8188 ============================================================
19:49:16.0063 8188 \Device\Harddisk0\DR0:
19:49:16.0063 8188 MBR partitions:
19:49:16.0063 8188 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x22EE8800
19:49:16.0063 8188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x260E9000, BlocksNum 0x3145C800
19:49:16.0063 8188 ============================================================
19:49:16.0100 8188 C: <-> \Device\Harddisk0\DR0\Partition0
19:49:16.0147 8188 D: <-> \Device\Harddisk0\DR0\Partition1
19:49:16.0147 8188 ============================================================
19:49:16.0147 8188 Initialize success
19:49:16.0147 8188 ============================================================
19:49:18.0854 7416 ============================================================
19:49:18.0854 7416 Scan started
19:49:18.0854 7416 Mode: Manual;
19:49:18.0854 7416 ============================================================
19:49:19.0246 7416 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:49:19.0258 7416 1394ohci - ok
19:49:19.0365 7416 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:49:19.0381 7416 ACPI - ok
19:49:19.0425 7416 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:49:19.0431 7416 AcpiPmi - ok
19:49:19.0568 7416 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:49:19.0569 7416 AdobeARMservice - ok
19:49:19.0682 7416 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:49:19.0788 7416 AdobeFlashPlayerUpdateSvc - ok
19:49:19.0859 7416 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:49:19.0875 7416 adp94xx - ok
19:49:19.0912 7416 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:49:19.0923 7416 adpahci - ok
19:49:19.0935 7416 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:49:19.0949 7416 adpu320 - ok
19:49:19.0982 7416 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:49:20.0004 7416 AeLookupSvc - ok
19:49:20.0083 7416 AFBAgent (69fd46fac0d9c4a8ecd522ac6a7481f5) C:\Windows\system32\FBAgent.exe
19:49:20.0087 7416 AFBAgent - ok
19:49:20.0151 7416 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:49:20.0171 7416 AFD - ok
19:49:20.0247 7416 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:49:20.0256 7416 agp440 - ok
19:49:20.0302 7416 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:49:20.0325 7416 ALG - ok
19:49:20.0352 7416 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:49:20.0359 7416 aliide - ok
19:49:20.0465 7416 ALSysIO - ok
19:49:20.0500 7416 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:49:20.0507 7416 amdide - ok
19:49:20.0518 7416 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:49:20.0527 7416 AmdK8 - ok
19:49:20.0532 7416 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:49:20.0541 7416 AmdPPM - ok
19:49:20.0571 7416 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:49:20.0580 7416 amdsata - ok
19:49:20.0605 7416 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:49:20.0621 7416 amdsbs - ok
19:49:20.0641 7416 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:49:20.0649 7416 amdxata - ok
19:49:20.0691 7416 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:49:20.0702 7416 AppID - ok
19:49:20.0718 7416 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:49:20.0738 7416 AppIDSvc - ok
19:49:20.0760 7416 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:49:20.0776 7416 Appinfo - ok
19:49:20.0831 7416 appliand (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
19:49:20.0839 7416 appliand - ok
19:49:20.0854 7416 appliandMP (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
19:49:20.0854 7416 appliandMP - ok
19:49:20.0902 7416 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:49:20.0911 7416 arc - ok
19:49:20.0940 7416 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:49:20.0948 7416 arcsas - ok
19:49:21.0036 7416 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
19:49:21.0037 7416 ASLDRService - ok
19:49:21.0112 7416 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:49:21.0120 7416 ASMMAP64 - ok
19:49:21.0146 7416 asmthub3 (0aa7a996792fb0287b33a57a8093ae44) C:\Windows\system32\DRIVERS\asmthub3.sys
19:49:21.0162 7416 asmthub3 - ok
19:49:21.0217 7416 asmtxhci (125dc3abf5bfccfe82ad17d078e0b9ec) C:\Windows\system32\DRIVERS\asmtxhci.sys
19:49:21.0237 7416 asmtxhci - ok
19:49:21.0270 7416 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:49:21.0277 7416 AsyncMac - ok
19:49:21.0311 7416 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:49:21.0318 7416 atapi - ok
19:49:21.0361 7416 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
19:49:21.0372 7416 AthBTPort - ok
19:49:21.0434 7416 Atheros Bt&Wlan Coex Agent (4c4a576818ea028257c624ae36ff7a03) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
19:49:21.0436 7416 Atheros Bt&Wlan Coex Agent - ok
19:49:21.0459 7416 AtherosSvc (21753130331188c4b474e1d3b396e629) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
19:49:21.0460 7416 AtherosSvc - ok
19:49:21.0654 7416 athr (b4174564ad5834a1680610572477878c) C:\Windows\system32\DRIVERS\athrx.sys
19:49:21.0689 7416 athr - ok
19:49:21.0813 7416 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
19:49:21.0815 7416 ATKGFNEXSrv - ok
19:49:21.0968 7416 ATKWMIACPIIO (ac31727f9946e9009480708e4d1b9986) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
19:49:21.0975 7416 ATKWMIACPIIO - ok
19:49:22.0148 7416 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:49:22.0173 7416 AudioEndpointBuilder - ok
19:49:22.0180 7416 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:49:22.0183 7416 AudioSrv - ok
19:49:22.0231 7416 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:49:22.0251 7416 AxInstSV - ok
19:49:22.0337 7416 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:49:22.0352 7416 b06bdrv - ok
19:49:22.0395 7416 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:49:22.0408 7416 b57nd60a - ok
19:49:22.0495 7416 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:49:22.0529 7416 BBSvc - ok
19:49:22.0567 7416 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:49:22.0583 7416 BDESVC - ok
19:49:22.0622 7416 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:49:22.0628 7416 Beep - ok
19:49:22.0705 7416 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:49:22.0731 7416 BFE - ok
19:49:22.0804 7416 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
19:49:22.0834 7416 BITS - ok
19:49:22.0899 7416 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:49:22.0908 7416 blbdrive - ok
19:49:22.0949 7416 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:49:22.0959 7416 bowser - ok
19:49:22.0980 7416 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:49:22.0987 7416 BrFiltLo - ok
19:49:22.0999 7416 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:49:23.0005 7416 BrFiltUp - ok
19:49:23.0040 7416 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:49:23.0049 7416 BridgeMP - ok
19:49:23.0079 7416 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:49:23.0095 7416 Browser - ok
19:49:23.0133 7416 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:49:23.0145 7416 Brserid - ok
19:49:23.0161 7416 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:49:23.0169 7416 BrSerWdm - ok
19:49:23.0200 7416 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:49:23.0208 7416 BrUsbMdm - ok
19:49:23.0221 7416 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:49:23.0227 7416 BrUsbSer - ok
19:49:23.0293 7416 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
19:49:23.0313 7416 BTATH_A2DP - ok
19:49:23.0364 7416 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
19:49:23.0374 7416 BTATH_BUS - ok
19:49:23.0425 7416 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
19:49:23.0441 7416 BTATH_HCRP - ok
19:49:23.0454 7416 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
19:49:23.0463 7416 BTATH_LWFLT - ok
19:49:23.0478 7416 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
19:49:23.0492 7416 BTATH_RCP - ok
19:49:23.0555 7416 BtFilter (aa0f5afcf077c5246589b32eceeae566) C:\Windows\system32\DRIVERS\btfilter.sys
19:49:23.0571 7416 BtFilter - ok
19:49:23.0618 7416 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:49:23.0628 7416 BthEnum - ok
19:49:23.0672 7416 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:49:23.0683 7416 BTHMODEM - ok
19:49:23.0722 7416 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:49:23.0732 7416 BthPan - ok
19:49:23.0797 7416 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
19:49:23.0814 7416 BTHPORT - ok
19:49:23.0854 7416 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:49:23.0873 7416 bthserv - ok
19:49:23.0891 7416 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
19:49:23.0902 7416 BTHUSB - ok
19:49:23.0932 7416 catchme - ok
19:49:23.0970 7416 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:49:23.0979 7416 cdfs - ok
19:49:24.0019 7416 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:49:24.0030 7416 cdrom - ok
19:49:24.0074 7416 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:49:24.0092 7416 CertPropSvc - ok
19:49:24.0134 7416 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:49:24.0143 7416 circlass - ok
19:49:24.0190 7416 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:49:24.0213 7416 CLFS - ok
19:49:24.0295 7416 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:49:24.0353 7416 clr_optimization_v2.0.50727_32 - ok
19:49:24.0412 7416 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:49:24.0423 7416 clr_optimization_v2.0.50727_64 - ok
19:49:24.0502 7416 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:49:24.0515 7416 clr_optimization_v4.0.30319_32 - ok
19:49:24.0585 7416 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:49:24.0598 7416 clr_optimization_v4.0.30319_64 - ok
19:49:24.0624 7416 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:49:24.0631 7416 CmBatt - ok
19:49:24.0645 7416 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:49:24.0651 7416 cmdide - ok
19:49:24.0715 7416 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:49:24.0735 7416 CNG - ok
19:49:24.0787 7416 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:49:24.0793 7416 Compbatt - ok
19:49:24.0818 7416 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:49:24.0824 7416 CompositeBus - ok
19:49:24.0836 7416 COMSysApp - ok
19:49:24.0857 7416 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:49:24.0864 7416 crcdisk - ok
19:49:24.0927 7416 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:49:24.0945 7416 CryptSvc - ok
19:49:25.0081 7416 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:49:25.0085 7416 cvhsvc - ok
19:49:25.0149 7416 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:49:25.0155 7416 DcomLaunch - ok
19:49:25.0182 7416 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:49:25.0202 7416 defragsvc - ok
19:49:25.0255 7416 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:49:25.0263 7416 DfsC - ok
19:49:25.0312 7416 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:49:25.0333 7416 Dhcp - ok
19:49:25.0341 7416 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:49:25.0349 7416 discache - ok
19:49:25.0393 7416 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:49:25.0405 7416 Disk - ok
19:49:25.0446 7416 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:49:25.0464 7416 Dnscache - ok
19:49:25.0505 7416 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:49:25.0524 7416 dot3svc - ok
19:49:25.0539 7416 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:49:25.0557 7416 DPS - ok
19:49:25.0582 7416 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:49:25.0587 7416 drmkaud - ok
19:49:25.0643 7416 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:49:25.0665 7416 DXGKrnl - ok
19:49:25.0703 7416 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:49:25.0721 7416 EapHost - ok
19:49:25.0906 7416 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:49:25.0958 7416 ebdrv - ok
19:49:26.0059 7416 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:49:26.0071 7416 EFS - ok
19:49:26.0176 7416 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:49:26.0207 7416 ehRecvr - ok
19:49:26.0231 7416 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:49:26.0253 7416 ehSched - ok
19:49:26.0327 7416 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:49:26.0344 7416 elxstor - ok
19:49:26.0357 7416 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:49:26.0363 7416 ErrDev - ok
19:49:26.0412 7416 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:49:26.0434 7416 EventSystem - ok
19:49:26.0470 7416 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:49:26.0483 7416 exfat - ok
19:49:26.0513 7416 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:49:26.0525 7416 fastfat - ok
19:49:26.0587 7416 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:49:26.0631 7416 Fax - ok
19:49:26.0640 7416 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:49:26.0647 7416 fdc - ok
19:49:26.0667 7416 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:49:26.0680 7416 fdPHost - ok
19:49:26.0696 7416 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:49:26.0711 7416 FDResPub - ok
19:49:26.0748 7416 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:49:26.0759 7416 FileInfo - ok
19:49:26.0774 7416 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:49:26.0786 7416 Filetrace - ok
19:49:26.0802 7416 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:49:26.0809 7416 flpydisk - ok
19:49:26.0850 7416 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:49:26.0867 7416 FltMgr - ok
19:49:26.0952 7416 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:49:26.0992 7416 FontCache - ok
19:49:27.0082 7416 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:49:27.0083 7416 FontCache3.0.0.0 - ok
19:49:27.0121 7416 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:49:27.0129 7416 FsDepends - ok
19:49:27.0168 7416 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
19:49:27.0178 7416 fssfltr - ok
19:49:27.0310 7416 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:49:27.0466 7416 fsssvc - ok
19:49:27.0575 7416 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:49:27.0584 7416 Fs_Rec - ok
19:49:27.0624 7416 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:49:27.0637 7416 fvevol - ok
19:49:27.0672 7416 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:49:27.0680 7416 gagp30kx - ok
19:49:27.0750 7416 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:49:27.0776 7416 gpsvc - ok
19:49:27.0906 7416 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:49:27.0944 7416 gupdate - ok
19:49:27.0972 7416 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:49:27.0973 7416 gupdatem - ok
19:49:28.0005 7416 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:49:28.0012 7416 hcw85cir - ok
19:49:28.0083 7416 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:49:28.0104 7416 HdAudAddService - ok
19:49:28.0164 7416 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:49:28.0173 7416 HDAudBus - ok
19:49:28.0178 7416 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:49:28.0184 7416 HidBatt - ok
19:49:28.0203 7416 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:49:28.0214 7416 HidBth - ok
19:49:28.0242 7416 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:49:28.0250 7416 HidIr - ok
19:49:28.0284 7416 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:49:28.0299 7416 hidserv - ok
19:49:28.0329 7416 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:49:28.0338 7416 HidUsb - ok
19:49:28.0365 7416 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:49:28.0385 7416 hkmsvc - ok
19:49:28.0406 7416 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:49:28.0427 7416 HomeGroupListener - ok
19:49:28.0467 7416 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:49:28.0485 7416 HomeGroupProvider - ok
19:49:28.0514 7416 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:49:28.0522 7416 HpSAMD - ok
19:49:28.0589 7416 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:49:28.0611 7416 HTTP - ok
19:49:28.0634 7416 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:49:28.0640 7416 hwpolicy - ok
19:49:28.0670 7416 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:49:28.0682 7416 i8042prt - ok
19:49:28.0754 7416 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
19:49:28.0756 7416 iaStor - ok
19:49:28.0806 7416 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:49:28.0832 7416 iaStorV - ok
19:49:28.0956 7416 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:49:28.0984 7416 idsvc - ok
19:49:29.0671 7416 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:49:29.0937 7416 igfx - ok
19:49:30.0064 7416 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:49:30.0073 7416 iirsp - ok
19:49:30.0159 7416 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:49:30.0225 7416 IKEEXT - ok
19:49:30.0424 7416 IntcAzAudAddService (9f573c952961f444f400489e81eca381) C:\Windows\system32\drivers\RTKVHD64.sys
19:49:30.0464 7416 IntcAzAudAddService - ok
19:49:30.0617 7416 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:49:30.0632 7416 IntcDAud - ok
19:49:30.0652 7416 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:49:30.0659 7416 intelide - ok
19:49:30.0687 7416 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:49:30.0694 7416 intelppm - ok
19:49:30.0708 7416 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:49:30.0726 7416 IPBusEnum - ok
19:49:30.0746 7416 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:49:30.0756 7416 IpFilterDriver - ok
19:49:30.0819 7416 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:49:30.0844 7416 iphlpsvc - ok
19:49:30.0856 7416 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:49:30.0865 7416 IPMIDRV - ok
19:49:30.0894 7416 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:49:30.0906 7416 IPNAT - ok
19:49:30.0928 7416 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:49:30.0934 7416 IRENUM - ok
19:49:30.0947 7416 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:49:30.0954 7416 isapnp - ok
19:49:30.0983 7416 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:49:30.0998 7416 iScsiPrt - ok
19:49:31.0020 7416 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:49:31.0030 7416 kbdclass - ok
19:49:31.0061 7416 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:49:31.0073 7416 kbdhid - ok
19:49:31.0123 7416 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
19:49:31.0130 7416 kbfiltr - ok
19:49:31.0170 7416 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:49:31.0171 7416 KeyIso - ok
19:49:31.0186 7416 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:49:31.0197 7416 KSecDD - ok
19:49:31.0211 7416 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:49:31.0225 7416 KSecPkg - ok
19:49:31.0257 7416 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:49:31.0265 7416 ksthunk - ok
19:49:31.0321 7416 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:49:31.0341 7416 KtmRm - ok
19:49:31.0373 7416 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
19:49:31.0381 7416 L1C - ok
19:49:31.0420 7416 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:49:31.0441 7416 LanmanServer - ok
19:49:31.0468 7416 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:49:31.0485 7416 LanmanWorkstation - ok
19:49:31.0507 7416 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:49:31.0516 7416 lltdio - ok
19:49:31.0556 7416 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:49:31.0577 7416 lltdsvc - ok
19:49:31.0589 7416 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:49:31.0602 7416 lmhosts - ok
19:49:31.0635 7416 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:49:31.0644 7416 LSI_FC - ok
19:49:31.0653 7416 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:49:31.0662 7416 LSI_SAS - ok
19:49:31.0667 7416 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:49:31.0675 7416 LSI_SAS2 - ok
19:49:31.0696 7416 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:49:31.0705 7416 LSI_SCSI - ok
19:49:31.0737 7416 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:49:31.0750 7416 luafv - ok
19:49:31.0784 7416 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:49:31.0801 7416 Mcx2Svc - ok
19:49:31.0821 7416 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:49:31.0830 7416 megasas - ok
19:49:31.0908 7416 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:49:31.0934 7416 MegaSR - ok
19:49:31.0998 7416 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
19:49:32.0011 7416 MEIx64 - ok
19:49:32.0037 7416 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:49:32.0038 7416 MMCSS - ok
19:49:32.0060 7416 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:49:32.0067 7416 Modem - ok
19:49:32.0096 7416 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:49:32.0102 7416 monitor - ok
19:49:32.0153 7416 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:49:32.0163 7416 mouclass - ok
19:49:32.0184 7416 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:49:32.0193 7416 mouhid - ok
19:49:32.0211 7416 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:49:32.0222 7416 mountmgr - ok
19:49:32.0304 7416 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:49:32.0359 7416 MozillaMaintenance - ok
19:49:32.0426 7416 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
19:49:32.0440 7416 MpFilter - ok
19:49:32.0471 7416 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:49:32.0480 7416 mpio - ok
19:49:32.0501 7416 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:49:32.0510 7416 mpsdrv - ok
19:49:32.0588 7416 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:49:32.0618 7416 MpsSvc - ok
19:49:32.0651 7416 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:49:32.0663 7416 MRxDAV - ok
19:49:32.0697 7416 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:49:32.0711 7416 mrxsmb - ok
19:49:32.0741 7416 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:49:32.0756 7416 mrxsmb10 - ok
19:49:32.0791 7416 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:49:32.0802 7416 mrxsmb20 - ok
19:49:32.0819 7416 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:49:32.0826 7416 msahci - ok
19:49:32.0848 7416 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:49:32.0860 7416 msdsm - ok
19:49:32.0894 7416 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:49:32.0914 7416 MSDTC - ok
19:49:32.0952 7416 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:49:32.0960 7416 Msfs - ok
19:49:32.0974 7416 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:49:32.0981 7416 mshidkmdf - ok
19:49:32.0992 7416 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:49:33.0000 7416 msisadrv - ok
19:49:33.0029 7416 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:49:33.0048 7416 MSiSCSI - ok
19:49:33.0051 7416 msiserver - ok
19:49:33.0083 7416 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:49:33.0091 7416 MSKSSRV - ok
19:49:33.0209 7416 MsMpSvc (dabd871ad6cca95a99ef130b8969cd43) C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:49:33.0209 7416 MsMpSvc - ok
19:49:33.0238 7416 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:49:33.0245 7416 MSPCLOCK - ok
19:49:33.0266 7416 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:49:33.0273 7416 MSPQM - ok
19:49:33.0304 7416 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:49:33.0319 7416 MsRPC - ok
19:49:33.0332 7416 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:49:33.0341 7416 mssmbios - ok
19:49:33.0357 7416 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:49:33.0363 7416 MSTEE - ok
19:49:33.0380 7416 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:49:33.0386 7416 MTConfig - ok
19:49:33.0401 7416 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:49:33.0413 7416 Mup - ok
19:49:33.0458 7416 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:49:33.0479 7416 napagent - ok
19:49:33.0533 7416 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:49:33.0547 7416 NativeWifiP - ok
19:49:33.0711 7416 NBService (2637f26312ecceeb6f110e95f1ece243) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
19:49:33.0792 7416 NBService - ok
19:49:33.0874 7416 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
19:49:33.0903 7416 NDIS - ok
19:49:33.0946 7416 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:49:33.0954 7416 NdisCap - ok
19:49:33.0971 7416 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:49:33.0980 7416 NdisTapi - ok
19:49:33.0992 7416 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:49:33.0999 7416 Ndisuio - ok
19:49:34.0019 7416 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:49:34.0031 7416 NdisWan - ok
19:49:34.0054 7416 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:49:34.0064 7416 NDProxy - ok
19:49:34.0076 7416 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:49:34.0086 7416 NetBIOS - ok
19:49:34.0100 7416 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:49:34.0114 7416 NetBT - ok
19:49:34.0160 7416 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:49:34.0161 7416 Netlogon - ok
19:49:34.0204 7416 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:49:34.0222 7416 Netman - ok
19:49:34.0258 7416 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:49:34.0281 7416 netprofm - ok
19:49:34.0366 7416 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:49:34.0385 7416 NetTcpPortSharing - ok
19:49:34.0422 7416 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:49:34.0430 7416 nfrd960 - ok
19:49:34.0471 7416 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:49:34.0482 7416 NisDrv - ok
19:49:34.0614 7416 NisSrv (e902dcb1e5a08fbab6a48cc0791d1cef) C:\Program Files\Microsoft Security Client\NisSrv.exe
19:49:34.0636 7416 NisSrv - ok
19:49:34.0688 7416 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:49:34.0711 7416 NlaSvc - ok
19:49:34.0718 7416 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:49:34.0727 7416 Npfs - ok
19:49:34.0740 7416 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:49:34.0754 7416 nsi - ok
19:49:34.0784 7416 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:49:34.0790 7416 nsiproxy - ok
19:49:34.0905 7416 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:49:34.0939 7416 Ntfs - ok
19:49:35.0051 7416 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:49:35.0057 7416 Null - ok
19:49:35.0748 7416 nvlddmkm (07ca1d99512ee5ef99e954a13f3bffa8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:49:36.0024 7416 nvlddmkm - ok
19:49:36.0161 7416 nvpciflt (a8db9ebd9887a9820dbc1878f0301ee7) C:\Windows\system32\DRIVERS\nvpciflt.sys
19:49:36.0172 7416 nvpciflt - ok
19:49:36.0211 7416 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:49:36.0223 7416 nvraid - ok
19:49:36.0238 7416 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:49:36.0248 7416 nvstor - ok
19:49:36.0331 7416 NVSvc (9007a22a1938a9ef81ca5122121eccd8) C:\Windows\system32\nvvsvc.exe
19:49:36.0342 7416 NVSvc - ok
19:49:36.0513 7416 nvUpdatusService (00572c26c6dcf99362068fb7283b7126) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:49:36.0533 7416 nvUpdatusService - ok
19:49:36.0694 7416 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:49:36.0707 7416 nv_agp - ok
19:49:36.0728 7416 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:49:36.0737 7416 ohci1394 - ok
19:49:36.0828 7416 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:49:36.0856 7416 ose - ok
19:49:37.0152 7416 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:49:37.0588 7416 osppsvc - ok
19:49:37.0711 7416 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:49:37.0739 7416 p2pimsvc - ok
19:49:37.0779 7416 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:49:37.0801 7416 p2psvc - ok
19:49:37.0904 7416 PanService (77cdc6c43d8c3e05d0e21b36eaabebae) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
19:49:38.0340 7416 PanService - ok
19:49:38.0388 7416 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:49:38.0398 7416 Parport - ok
19:49:38.0426 7416 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:49:38.0435 7416 partmgr - ok
19:49:38.0460 7416 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:49:38.0478 7416 PcaSvc - ok
19:49:38.0528 7416 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:49:38.0535 7416 pccsmcfd - ok
19:49:38.0568 7416 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:49:38.0580 7416 pci - ok
19:49:38.0596 7416 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:49:38.0601 7416 pciide - ok
19:49:38.0629 7416 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:49:38.0642 7416 pcmcia - ok
19:49:38.0658 7416 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:49:38.0667 7416 pcw - ok
19:49:38.0716 7416 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:49:38.0730 7416 PEAUTH - ok
19:49:38.0807 7416 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:49:38.0820 7416 PerfHost - ok
19:49:38.0978 7416 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:49:39.0009 7416 pla - ok
19:49:39.0083 7416 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:49:39.0105 7416 PlugPlay - ok
19:49:39.0129 7416 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:49:39.0145 7416 PNRPAutoReg - ok
19:49:39.0176 7416 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:49:39.0179 7416 PNRPsvc - ok
19:49:39.0220 7416 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:49:39.0240 7416 PolicyAgent - ok
19:49:39.0279 7416 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:49:39.0296 7416 Power - ok
19:49:39.0357 7416 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:49:39.0369 7416 PptpMiniport - ok
19:49:39.0387 7416 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:49:39.0394 7416 Processor - ok
19:49:39.0424 7416 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:49:39.0444 7416 ProfSvc - ok
19:49:39.0482 7416 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:49:39.0483 7416 ProtectedStorage - ok
19:49:39.0538 7416 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:49:39.0549 7416 Psched - ok
19:49:39.0683 7416 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:49:39.0755 7416 ql2300 - ok
19:49:39.0952 7416 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:49:39.0972 7416 ql40xx - ok
19:49:40.0008 7416 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:49:40.0028 7416 QWAVE - ok
19:49:40.0049 7416 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:49:40.0059 7416 QWAVEdrv - ok
19:49:40.0074 7416 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:49:40.0081 7416 RasAcd - ok
19:49:40.0110 7416 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:49:40.0120 7416 RasAgileVpn - ok
19:49:40.0172 7416 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:49:40.0188 7416 RasAuto - ok
19:49:40.0228 7416 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:49:40.0239 7416 Rasl2tp - ok
19:49:40.0285 7416 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:49:40.0310 7416 RasMan - ok
19:49:40.0333 7416 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:49:40.0342 7416 RasPppoe - ok
19:49:40.0371 7416 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:49:40.0381 7416 RasSstp - ok
19:49:40.0427 7416 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:49:40.0445 7416 rdbss - ok
19:49:40.0468 7416 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:49:40.0476 7416 rdpbus - ok
19:49:40.0500 7416 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:49:40.0507 7416 RDPCDD - ok
19:49:40.0517 7416 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:49:40.0523 7416 RDPENCDD - ok
19:49:40.0542 7416 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:49:40.0547 7416 RDPREFMP - ok
19:49:40.0608 7416 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:49:40.0630 7416 RDPWD - ok
19:49:40.0668 7416 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:49:40.0682 7416 rdyboost - ok
19:49:40.0711 7416 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:49:40.0728 7416 RemoteAccess - ok
19:49:40.0749 7416 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:49:40.0766 7416 RemoteRegistry - ok
19:49:40.0802 7416 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:49:40.0813 7416 RFCOMM - ok
19:49:40.0838 7416 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:49:40.0854 7416 RpcEptMapper - ok
19:49:40.0882 7416 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:49:40.0893 7416 RpcLocator - ok
19:49:40.0945 7416 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:49:40.0950 7416 RpcSs - ok
19:49:40.0982 7416 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:49:40.0992 7416 rspndr - ok
19:49:41.0058 7416 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
19:49:41.0072 7416 RSUSBVSTOR - ok
19:49:41.0151 7416 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:49:41.0167 7416 RTL8167 - ok
19:49:41.0203 7416 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:49:41.0205 7416 SamSs - ok
19:49:41.0239 7416 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:49:41.0251 7416 sbp2port - ok
19:49:41.0303 7416 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:49:41.0327 7416 SCardSvr - ok
19:49:41.0334 7416 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:49:41.0342 7416 scfilter - ok
19:49:41.0444 7416 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:49:41.0493 7416 Schedule - ok
19:49:41.0521 7416 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:49:41.0522 7416 SCPolicySvc - ok
19:49:41.0564 7416 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:49:41.0584 7416 SDRSVC - ok
19:49:41.0698 7416 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:49:41.0701 7416 SeaPort - ok
19:49:41.0772 7416 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:49:41.0781 7416 secdrv - ok
19:49:41.0799 7416 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:49:41.0813 7416 seclogon - ok
19:49:41.0831 7416 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:49:41.0846 7416 SENS - ok
19:49:41.0864 7416 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:49:41.0881 7416 SensrSvc - ok
19:49:41.0963 7416 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
19:49:41.0970 7416 Serenum - ok
19:49:42.0027 7416 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:49:42.0036 7416 Serial - ok
19:49:42.0089 7416 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:49:42.0105 7416 sermouse - ok
19:49:42.0264 7416 ServiceLayer (c15b813f2fdb44f87f23312472c6e790) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:49:42.0271 7416 ServiceLayer - ok
19:49:42.0309 7416 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:49:42.0326 7416 SessionEnv - ok
19:49:42.0334 7416 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:49:42.0341 7416 sffdisk - ok
19:49:42.0377 7416 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:49:42.0384 7416 sffp_mmc - ok
19:49:42.0400 7416 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:49:42.0406 7416 sffp_sd - ok
19:49:42.0411 7416 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:49:42.0418 7416 sfloppy - ok
19:49:42.0493 7416 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:49:42.0515 7416 Sftfs - ok
19:49:42.0622 7416 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:49:42.0633 7416 sftlist - ok
19:49:42.0669 7416 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:49:42.0688 7416 Sftplay - ok
19:49:42.0702 7416 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:49:42.0711 7416 Sftredir - ok
19:49:42.0718 7416 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:49:42.0726 7416 Sftvol - ok
19:49:42.0762 7416 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:49:42.0764 7416 sftvsa - ok
19:49:42.0818 7416 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:49:42.0864 7416 SharedAccess - ok
19:49:42.0928 7416 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:49:42.0981 7416 ShellHWDetection - ok
19:49:43.0004 7416 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
19:49:43.0011 7416 SiSGbeLH - ok
19:49:43.0025 7416 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:49:43.0031 7416 SiSRaid2 - ok
19:49:43.0042 7416 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:49:43.0050 7416 SiSRaid4 - ok
19:49:43.0279 7416 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:49:43.0328 7416 Skype C2C Service - ok
19:49:43.0420 7416 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:49:43.0523 7416 SkypeUpdate - ok
19:49:43.0689 7416 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:49:43.0699 7416 Smb - ok
19:49:43.0739 7416 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:49:43.0752 7416 SNMPTRAP - ok
19:49:43.0770 7416 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:49:43.0778 7416 spldr - ok
19:49:43.0825 7416 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:49:43.0851 7416 Spooler - ok
19:49:44.0087 7416 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:49:44.0208 7416 sppsvc - ok
19:49:44.0312 7416 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:49:44.0338 7416 sppuinotify - ok
19:49:44.0450 7416 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:49:44.0481 7416 srv - ok
19:49:44.0536 7416 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:49:44.0551 7416 srv2 - ok
19:49:44.0584 7416 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:49:44.0609 7416 srvnet - ok
19:49:44.0645 7416 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:49:44.0665 7416 SSDPSRV - ok
19:49:44.0680 7416 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:49:44.0696 7416 SstpSvc - ok
19:49:44.0717 7416 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:49:44.0724 7416 stexstor - ok
19:49:44.0798 7416 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:49:44.0821 7416 stisvc - ok
19:49:44.0851 7416 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:49:44.0858 7416 swenum - ok
19:49:45.0002 7416 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:49:45.0060 7416 SwitchBoard - ok
19:49:45.0109 7416 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:49:45.0134 7416 swprv - ok
19:49:45.0279 7416 SynTP (7e8902f9929a5d9ffd0f545332ce0f10) C:\Windows\system32\DRIVERS\SynTP.sys
19:49:45.0311 7416 SynTP - ok
19:49:45.0521 7416 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:49:45.0585 7416 SysMain - ok
19:49:45.0722 7416 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:49:45.0739 7416 TabletInputService - ok
19:49:45.0775 7416 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:49:45.0796 7416 TapiSrv - ok
19:49:45.0824 7416 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:49:45.0848 7416 TBS - ok
19:49:46.0010 7416 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:49:46.0093 7416 Tcpip - ok
19:49:46.0468 7416 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:49:46.0476 7416 TCPIP6 - ok
19:49:46.0678 7416 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:49:46.0689 7416 tcpipreg - ok
19:49:46.0702 7416 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:49:46.0708 7416 TDPIPE - ok
19:49:46.0735 7416 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:49:46.0742 7416 TDTCP - ok
19:49:46.0764 7416 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:49:46.0776 7416 tdx - ok
19:49:46.0801 7416 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
19:49:46.0814 7416 TermDD - ok
19:49:46.0876 7416 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:49:46.0906 7416 TermService - ok
19:49:46.0918 7416 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:49:46.0934 7416 Themes - ok
19:49:46.0970 7416 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:49:46.0971 7416 THREADORDER - ok
19:49:47.0004 7416 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:49:47.0022 7416 TrkWks - ok
19:49:47.0102 7416 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:49:47.0105 7416 TrustedInstaller - ok
19:49:47.0126 7416 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:49:47.0133 7416 tssecsrv - ok
19:49:47.0156 7416 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:49:47.0164 7416 TsUsbFlt - ok
19:49:47.0169 7416 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:49:47.0177 7416 TsUsbGD - ok
19:49:47.0208 7416 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:49:47.0219 7416 tunnel - ok
19:49:47.0240 7416 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
19:49:47.0247 7416 TurboB - ok
19:49:47.0363 7416 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:49:47.0380 7416 TurboBoost - ok
19:49:47.0392 7416 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:49:47.0400 7416 uagp35 - ok
19:49:47.0444 7416 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:49:47.0457 7416 udfs - ok
19:49:47.0483 7416 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:49:47.0500 7416 UI0Detect - ok
19:49:47.0530 7416 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:49:47.0539 7416 uliagpkx - ok
19:49:47.0577 7416 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:49:47.0584 7416 umbus - ok
19:49:47.0599 7416 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:49:47.0607 7416 UmPass - ok
19:49:47.0642 7416 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:49:47.0662 7416 upnphost - ok
19:49:47.0691 7416 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:49:47.0699 7416 usbccgp - ok
19:49:47.0730 7416 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:49:47.0740 7416 usbcir - ok
19:49:47.0767 7416 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:49:47.0775 7416 usbehci - ok
19:49:47.0819 7416 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:49:47.0834 7416 usbhub - ok
19:49:47.0858 7416 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:49:47.0864 7416 usbohci - ok
19:49:47.0879 7416 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
19:49:47.0887 7416 usbprint - ok
19:49:47.0918 7416 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
19:49:47.0925 7416 usbser - ok
19:49:47.0957 7416 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:49:47.0966 7416 USBSTOR - ok
19:49:47.0983 7416 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:49:47.0989 7416 usbuhci - ok
19:49:48.0056 7416 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:49:48.0066 7416 usbvideo - ok
19:49:48.0101 7416 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:49:48.0116 7416 UxSms - ok
19:49:48.0150 7416 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:49:48.0151 7416 VaultSvc - ok
19:49:48.0187 7416 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:49:48.0194 7416 vdrvroot - ok
19:49:48.0267 7416 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:49:48.0308 7416 vds - ok
19:49:48.0343 7416 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:49:48.0349 7416 vga - ok
19:49:48.0363 7416 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:49:48.0370 7416 VgaSave - ok
19:49:48.0401 7416 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:49:48.0415 7416 vhdmp - ok
19:49:48.0424 7416 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:49:48.0431 7416 viaide - ok
19:49:48.0451 7416 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:49:48.0460 7416 volmgr - ok
19:49:48.0492 7416 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:49:48.0507 7416 volmgrx - ok
19:49:48.0532 7416 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:49:48.0554 7416 volsnap - ok
19:49:48.0589 7416 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:49:48.0598 7416 vsmraid - ok
19:49:48.0710 7416 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:49:48.0781 7416 VSS - ok
19:49:48.0941 7416 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:49:48.0949 7416 vwifibus - ok
19:49:48.0963 7416 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:49:48.0972 7416 vwififlt - ok
19:49:49.0045 7416 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:49:49.0067 7416 W32Time - ok
19:49:49.0092 7416 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:49:49.0099 7416 WacomPen - ok
19:49:49.0133 7416 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:49:49.0148 7416 WANARP - ok
19:49:49.0158 7416 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:49:49.0159 7416 Wanarpv6 - ok
19:49:49.0310 7416 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:49:49.0572 7416 WatAdminSvc - ok
19:49:49.0662 7416 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:49:49.0722 7416 wbengine - ok
19:49:49.0866 7416 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:49:49.0896 7416 WbioSrvc - ok
19:49:49.0936 7416 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:49:49.0957 7416 wcncsvc - ok
19:49:49.0973 7416 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:49:49.0989 7416 WcsPlugInService - ok
19:49:50.0050 7416 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:49:50.0057 7416 Wd - ok
19:49:50.0128 7416 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:49:50.0155 7416 Wdf01000 - ok
19:49:50.0188 7416 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:49:50.0204 7416 WdiServiceHost - ok
19:49:50.0207 7416 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:49:50.0209 7416 WdiSystemHost - ok
19:49:50.0236 7416 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:49:50.0263 7416 WebClient - ok
19:49:50.0316 7416 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:49:50.0336 7416 Wecsvc - ok
19:49:50.0368 7416 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:49:50.0385 7416 wercplsupport - ok
19:49:50.0412 7416 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:49:50.0430 7416 WerSvc - ok
19:49:50.0494 7416 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:49:50.0510 7416 WfpLwf - ok
19:49:50.0585 7416 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
19:49:50.0597 7416 WimFltr - ok
19:49:50.0613 7416 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:49:50.0621 7416 WIMMount - ok
19:49:50.0686 7416 WinDefend - ok
19:49:50.0691 7416 WinHttpAutoProxySvc - ok
19:49:50.0734 7416 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:49:50.0755 7416 Winmgmt - ok
19:49:50.0874 7416 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:49:50.0962 7416 WinRM - ok
19:49:51.0179 7416 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:49:51.0222 7416 Wlansvc - ok
19:49:51.0294 7416 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:49:51.0311 7416 wlcrasvc - ok
19:49:51.0490 7416 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:49:51.0533 7416 wlidsvc - ok
19:49:51.0703 7416 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:49:51.0710 7416 WmiAcpi - ok
19:49:51.0773 7416 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:49:51.0810 7416 wmiApSrv - ok
19:49:51.0861 7416 WMPNetworkSvc - ok
19:49:51.0948 7416 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:49:51.0961 7416 WPCSvc - ok
19:49:51.0993 7416 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:49:52.0019 7416 WPDBusEnum - ok
19:49:52.0101 7416 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:49:52.0110 7416 ws2ifsl - ok
19:49:52.0200 7416 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:49:52.0217 7416 wscsvc - ok
19:49:52.0219 7416 WSearch - ok
19:49:52.0421 7416 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:49:52.0464 7416 wuauserv - ok
19:49:52.0604 7416 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:49:52.0620 7416 WudfPf - ok
19:49:52.0643 7416 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:49:52.0656 7416 WUDFRd - ok
19:49:52.0686 7416 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:49:52.0703 7416 wudfsvc - ok
19:49:52.0719 7416 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:49:52.0739 7416 WwanSvc - ok
19:49:52.0884 7416 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:49:52.0890 7416 YahooAUService - ok
19:49:52.0936 7416 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:49:53.0231 7416 \Device\Harddisk0\DR0 - ok
19:49:53.0244 7416 Boot (0x1200) (bf59654c36cbdf50b9e7154162cead4a) \Device\Harddisk0\DR0\Partition0
19:49:53.0245 7416 \Device\Harddisk0\DR0\Partition0 - ok
19:49:53.0266 7416 Boot (0x1200) (92eb8660f80ee7b9ec1382b23b7a2dc5) \Device\Harddisk0\DR0\Partition1
19:49:53.0267 7416 \Device\Harddisk0\DR0\Partition1 - ok
19:49:53.0267 7416 ============================================================
19:49:53.0267 7416 Scan finished
19:49:53.0268 7416 ============================================================
19:49:53.0280 4616 Detected object count: 0
19:49:53.0280 4616 Actual detected object count: 0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:04 AM

Posted 01 July 2012 - 04:35 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 QuantumWormhole

QuantumWormhole
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 02 July 2012 - 11:35 AM

Hello, here is the log file:



Scan result of Farbar Recovery Scan Tool Version: 30-06-2012 03
Ran by SYSTEM at 02-07-2012 18:26:04
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2226280 2011-05-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-31] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-31] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-31] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271552 2012-05-02] (Microsoft Corporation)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [370 2012-07-02] ()
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-12] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-26] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKU\Diego\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1084840 2012-05-16] (Nokia)
HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.188.0.1
AppInit_DLLs: C:\Windows\System32\nvinitx.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()

==================== Services (Whitelisted) ======

2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-05-02] (Microsoft Corporation)
2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [624856 2012-04-06] (Pandora.TV)

========================== Drivers (Whitelisted) =============

3 appliand; C:\Windows\System32\Drivers\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-03-13] (Atheros)
1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-25] (ASUS)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [298656 2011-03-13] (Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [28832 2011-03-13] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [201376 2011-03-13] (Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [55456 2011-03-13] (Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [154272 2011-03-13] (Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [280224 2011-03-13] (Atheros)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [290920 2010-08-03] (Realtek Semiconductor Corp.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()
3 ALSysIO; \??\C:\Users\Diego\AppData\Local\Temp\ALSysIO64.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-01 10:00 - 2012-07-01 10:00 - 00262144 ____A C:\Windows\Minidump\070112-45302-01.dmp
2012-07-01 10:00 - 2012-07-01 10:00 - 00000000 ____D C:\Windows\Minidump
2012-07-01 09:59 - 2012-07-01 09:59 - 766039391 ____A C:\Windows\MEMORY.DMP
2012-07-01 09:51 - 2012-07-01 09:51 - 04731392 ____A (AVAST Software) C:\Users\Diego\Desktop\aswMBR.exe
2012-07-01 09:50 - 2012-07-01 09:50 - 00066950 ____A C:\Users\Diego\Desktop\TDSSKiller.txt
2012-07-01 09:48 - 2012-07-01 09:48 - 02134616 ____A (Kaspersky Lab ZAO) C:\Users\Diego\Desktop\tdsskiller.exe
2012-07-01 09:45 - 2012-07-01 09:45 - 00001912 ____A C:\Windows\epplauncher.mif
2012-07-01 09:43 - 2012-07-01 09:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-01 09:43 - 2012-07-01 09:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-01 09:41 - 2012-07-01 09:42 - 12655872 ____A (Microsoft Corporation) C:\Users\Diego\Downloads\mseinstall.exe
2012-07-01 01:20 - 2012-07-01 01:20 - 00022907 ____A C:\Users\Diego\Desktop\ComboFix.txt
2012-07-01 01:20 - 2012-07-01 01:20 - 00022907 ____A C:\ComboFix.txt
2012-06-30 14:54 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-30 14:54 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-30 14:54 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-30 14:54 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-30 14:54 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-30 14:54 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-30 14:54 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-30 14:54 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-30 13:26 - 2012-06-30 13:26 - 00000000 ____D C:\FRST
2012-06-30 13:00 - 2012-07-01 01:20 - 00000000 ____D C:\Qoobox
2012-06-30 13:00 - 2012-07-01 01:19 - 00000000 ____D C:\Windows\erdnt
2012-06-30 12:54 - 2012-06-30 12:55 - 00001517 ____A C:\Users\Diego\Desktop\spiegazione.txt
2012-06-30 08:42 - 2012-06-30 08:46 - 00000599 ____A C:\Users\Diego\Desktop\Search.txt
2012-06-30 03:27 - 2012-06-30 03:28 - 00037111 ____A C:\Users\Diego\Desktop\FRST.txt
2012-06-28 09:14 - 2012-06-28 09:14 - 00000615 ____A C:\Users\Diego\Desktop\ark.txt
2012-06-28 08:48 - 2011-07-16 12:21 - 00302592 ____A C:\Users\Diego\Desktop\gmer.exe
2012-06-28 08:39 - 2012-06-28 08:39 - 00006165 ____A C:\Users\Diego\Desktop\Attach.txt
2012-06-28 08:38 - 2012-06-28 08:38 - 00030960 ____A C:\Users\Diego\Desktop\DDS.txt
2012-06-28 08:36 - 2012-06-28 08:36 - 00607260 ____R (Swearware) C:\Users\Diego\Desktop\dds.scr
2012-06-27 12:30 - 2012-06-27 12:30 - 01906163 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-27 12:23 - 2012-06-27 12:29 - 00000000 ____D C:\Users\Diego\AppData\Roaming\GetRightToGo
2012-06-27 12:14 - 2012-06-30 12:59 - 04567958 ____R (Swearware) C:\Users\Diego\Desktop\ComboFix.exe
2012-06-27 11:50 - 2012-06-27 11:50 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-26 11:16 - 2012-06-27 11:24 - 00000000 ____D C:\Users\Diego\Desktop\Bigliettino
2012-06-26 09:51 - 2012-06-26 09:51 - 01666053 ____A C:\Users\Diego\Downloads\Frloops - Violin Beat 2.mp3
2012-06-23 09:10 - 2012-06-23 09:10 - 00367987 ____A C:\Users\Diego\Desktop\RegalONE - Divertimento su Misura - Attivitą 2.mht
2012-06-23 09:04 - 2012-06-23 09:04 - 00246357 ____A C:\Users\Diego\Desktop\RegalONE - Divertimento su Misura - Attivitą.mht
2012-06-22 08:11 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 08:11 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 08:11 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 08:11 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 08:11 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 08:11 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 08:11 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 08:11 - 2012-06-02 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 08:11 - 2012-06-02 05:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-22 08:08 - 2012-06-22 08:08 - 00000000 ____D C:\Users\Diego\AppData\Local\Macromedia
2012-06-14 13:06 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 13:06 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 13:06 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 13:05 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 13:05 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 13:05 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 13:05 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 13:05 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 13:05 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 13:05 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 13:05 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 13:05 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 13:05 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 13:05 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 13:05 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 13:05 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 13:05 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 13:05 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 13:05 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 13:05 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 13:05 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 13:05 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 13:05 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 13:05 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 13:05 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 13:05 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 13:05 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 13:05 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-14 08:23 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 08:23 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-14 08:23 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-14 08:23 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-14 08:23 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-14 08:23 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 08:23 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 08:23 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 08:23 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 08:23 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 08:23 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 08:23 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 08:23 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-14 08:23 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-14 08:23 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-14 08:23 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-14 08:23 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-14 08:20 - 2012-06-21 08:26 - 00000000 ____D C:\Users\All Users\Skype
2012-06-14 08:20 - 2012-06-15 08:23 - 00000000 ____D C:\Users\Diego\AppData\Roaming\Skype
2012-06-14 08:20 - 2012-06-14 08:20 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-14 08:20 - 2012-06-14 08:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-06-14 08:19 - 2012-06-14 08:19 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Diego\Downloads\SkypeSetup.exe
2012-06-12 09:58 - 2012-06-12 09:58 - 00001114 ____A C:\Users\Diego\Desktop\lenmus 4.2.2.lnk
2012-06-12 09:58 - 2012-06-12 09:58 - 00000000 ____D C:\Program Files (x86)\LenMus4.2.2
2012-06-12 09:56 - 2012-06-12 09:56 - 08290742 ____A C:\Users\Diego\Downloads\lenmus_4.2.2_setup.exe
2012-06-11 08:31 - 2012-06-11 08:31 - 00000000 ____D C:\Users\Diego\Downloads\dxshell_v1.0.2b
2012-06-11 08:30 - 2012-06-11 08:30 - 00374170 ____A C:\Users\Diego\Downloads\dxshell_v1.0.2b.zip
2012-06-11 07:32 - 2012-06-11 07:32 - 00001147 ____A C:\Users\UpdatusUser\Desktop\Symphonic Choirs.lnk
2012-06-11 07:31 - 2012-06-11 07:51 - 00000000 ____D C:\Program Files (x86)\East West
2012-06-03 03:38 - 2012-06-03 03:41 - 00000000 ____D C:\Program Files (x86)\Logia
2012-06-03 03:38 - 2012-06-03 03:38 - 00000000 ____D C:\Users\Diego\AppData\Roaming\Logia
2012-06-02 06:41 - 2012-06-02 06:41 - 00000000 ____D C:\Program Files (x86)\LUXONIX
2012-06-02 06:41 - 2005-03-23 22:26 - 00491520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2012-06-02 05:41 - 2012-06-02 05:41 - 00000000 ____D C:\Users\Diego\AppData\Roaming\Image-Line
2012-06-02 05:11 - 2012-06-02 05:13 - 00000000 ____D C:\Users\Diego\.lilypond-fonts.cache-2
2012-06-02 05:00 - 2012-06-02 05:00 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-06-02 05:00 - 2012-06-02 05:00 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-06-02 05:00 - 2012-06-02 05:00 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-06-02 04:59 - 2012-06-02 04:59 - 00001144 ____A C:\Users\Diego\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2012-06-02 04:59 - 2012-06-02 04:59 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2012-06-02 04:58 - 2012-06-11 08:37 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2012-06-02 04:58 - 2012-06-02 04:58 - 00001152 ____A C:\Users\Public\Desktop\FL Studio 10.lnk
2012-06-02 04:58 - 2012-06-02 04:58 - 00000000 ____D C:\Users\Diego\Documents\Image-Line
2012-06-02 04:58 - 2012-06-02 04:58 - 00000000 ____D C:\Program Files (x86)\Outsim
2012-06-02 04:58 - 2009-09-15 01:14 - 01554944 ____A (HMS http://hp.vector.co.jp/authors/VA012897/) C:\Windows\SysWOW64\vorbis.acm
2012-06-02 04:58 - 2006-06-20 00:56 - 00225280 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\rewire.dll
2012-06-02 04:56 - 2012-06-02 04:58 - 00000000 ____D C:\Program Files (x86)\Image-Line
2012-06-02 04:54 - 2012-06-13 09:34 - 00000000 ____D C:\Users\Diego\Documents\Fruity Loops Studio 10


============ 3 Months Modified Files ========================

2012-07-02 08:24 - 2011-11-03 21:37 - 01555725 ____A C:\Windows\WindowsUpdate.log
2012-07-02 08:24 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-02 08:24 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-02 08:22 - 2011-02-18 20:35 - 00712788 ____A C:\Windows\System32\perfh010.dat
2012-07-02 08:22 - 2011-02-18 20:35 - 00132964 ____A C:\Windows\System32\perfc010.dat
2012-07-02 08:22 - 2009-07-13 21:13 - 01580538 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-02 08:18 - 2012-02-10 08:02 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-07-02 08:17 - 2012-05-03 05:07 - 00001144 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-02 08:17 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-02 08:17 - 2009-07-13 20:51 - 00075967 ____A C:\Windows\setupact.log
2012-07-01 12:25 - 2012-03-31 04:09 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-01 12:12 - 2012-05-03 05:07 - 00001148 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-01 10:00 - 2012-07-01 10:00 - 00262144 ____A C:\Windows\Minidump\070112-45302-01.dmp
2012-07-01 09:59 - 2012-07-01 09:59 - 766039391 ____A C:\Windows\MEMORY.DMP
2012-07-01 09:51 - 2012-07-01 09:51 - 04731392 ____A (AVAST Software) C:\Users\Diego\Desktop\aswMBR.exe
2012-07-01 09:50 - 2012-07-01 09:50 - 00066950 ____A C:\Users\Diego\Desktop\TDSSKiller.txt
2012-07-01 09:48 - 2012-07-01 09:48 - 02134616 ____A (Kaspersky Lab ZAO) C:\Users\Diego\Desktop\tdsskiller.exe
2012-07-01 09:45 - 2012-07-01 09:45 - 00001912 ____A C:\Windows\epplauncher.mif
2012-07-01 09:43 - 2012-03-17 03:42 - 01602346 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-01 09:42 - 2012-07-01 09:41 - 12655872 ____A (Microsoft Corporation) C:\Users\Diego\Downloads\mseinstall.exe
2012-07-01 01:20 - 2012-07-01 01:20 - 00022907 ____A C:\Users\Diego\Desktop\ComboFix.txt
2012-07-01 01:20 - 2012-07-01 01:20 - 00022907 ____A C:\ComboFix.txt
2012-07-01 01:15 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-01 01:14 - 2011-04-12 17:39 - 00405118 ____A C:\Windows\PFRO.log
2012-06-30 12:59 - 2012-06-27 12:14 - 04567958 ____R (Swearware) C:\Users\Diego\Desktop\ComboFix.exe
2012-06-30 12:55 - 2012-06-30 12:54 - 00001517 ____A C:\Users\Diego\Desktop\spiegazione.txt
2012-06-30 08:46 - 2012-06-30 08:42 - 00000599 ____A C:\Users\Diego\Desktop\Search.txt
2012-06-30 03:28 - 2012-06-30 03:27 - 00037111 ____A C:\Users\Diego\Desktop\FRST.txt
2012-06-30 03:15 - 2009-07-13 20:45 - 00003072 _____ C:\Windows\System32\umstartup.etl
2012-06-30 02:39 - 2009-07-13 21:08 - 00032618 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-28 09:14 - 2012-06-28 09:14 - 00000615 ____A C:\Users\Diego\Desktop\ark.txt
2012-06-28 08:39 - 2012-06-28 08:39 - 00006165 ____A C:\Users\Diego\Desktop\Attach.txt
2012-06-28 08:38 - 2012-06-28 08:38 - 00030960 ____A C:\Users\Diego\Desktop\DDS.txt
2012-06-28 08:36 - 2012-06-28 08:36 - 00607260 ____R (Swearware) C:\Users\Diego\Desktop\dds.scr
2012-06-27 12:30 - 2012-06-27 12:30 - 01906163 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-27 12:19 - 2009-07-13 20:45 - 04838880 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-27 10:31 - 2012-02-10 08:02 - 00065208 ____A C:\Users\Diego\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-27 09:43 - 2012-02-25 04:21 - 00000132 ____A C:\Users\Diego\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-06-27 09:32 - 2012-02-15 10:19 - 01683456 __ASH C:\Users\Diego\Desktop\Thumbs.db
2012-06-26 09:51 - 2012-06-26 09:51 - 01666053 ____A C:\Users\Diego\Downloads\Frloops - Violin Beat 2.mp3
2012-06-23 12:57 - 2012-02-24 14:51 - 00000132 ____A C:\Users\Diego\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-23 09:10 - 2012-06-23 09:10 - 00367987 ____A C:\Users\Diego\Desktop\RegalONE - Divertimento su Misura - Attivitą 2.mht
2012-06-23 09:04 - 2012-06-23 09:04 - 00246357 ____A C:\Users\Diego\Desktop\RegalONE - Divertimento su Misura - Attivitą.mht
2012-06-22 08:08 - 2012-03-31 04:09 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-22 08:08 - 2012-02-29 10:41 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-15 08:21 - 2011-11-03 22:00 - 00002278 ____A C:\Windows\System32\AutoRunFilter.ini
2012-06-15 08:21 - 2011-11-03 22:00 - 00001480 ____A C:\Windows\System32\ServiceFilter.ini
2012-06-14 13:10 - 2012-02-10 08:29 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-14 10:17 - 2012-02-14 15:15 - 00000343 ____A C:\Users\Diego\Desktop\Nuovo documento di testo.txt
2012-06-14 08:20 - 2012-06-14 08:20 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-14 08:19 - 2012-06-14 08:19 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Diego\Downloads\SkypeSetup.exe
2012-06-12 09:58 - 2012-06-12 09:58 - 00001114 ____A C:\Users\Diego\Desktop\lenmus 4.2.2.lnk
2012-06-12 09:56 - 2012-06-12 09:56 - 08290742 ____A C:\Users\Diego\Downloads\lenmus_4.2.2_setup.exe
2012-06-11 08:30 - 2012-06-11 08:30 - 00374170 ____A C:\Users\Diego\Downloads\dxshell_v1.0.2b.zip
2012-06-11 07:32 - 2012-06-11 07:32 - 00001147 ____A C:\Users\UpdatusUser\Desktop\Symphonic Choirs.lnk
2012-06-02 14:19 - 2012-06-22 08:11 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 08:11 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 08:11 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 08:11 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 08:11 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 08:11 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 08:11 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 09:29 - 2012-05-21 09:17 - 00000321 ____A C:\Users\Diego\Desktop\Nuovo documento di testo (5).txt
2012-06-02 05:19 - 2012-06-22 08:11 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:15 - 2012-06-22 08:11 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 05:00 - 2012-06-02 05:00 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-06-02 05:00 - 2012-06-02 05:00 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-06-02 05:00 - 2012-06-02 05:00 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-06-02 04:59 - 2012-06-02 04:59 - 00001144 ____A C:\Users\Diego\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2012-06-02 04:58 - 2012-06-02 04:58 - 00001152 ____A C:\Users\Public\Desktop\FL Studio 10.lnk
2012-05-24 08:25 - 2012-05-24 08:25 - 00002091 ____A C:\Users\Public\Desktop\Nokia Suite.lnk
2012-05-24 08:24 - 2011-11-03 21:51 - 00041524 ____A C:\Windows\DPINST.LOG
2012-05-17 18:47 - 2012-06-14 13:05 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-14 13:05 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-14 13:05 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-14 13:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-14 13:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-14 13:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-14 13:05 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-14 13:05 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-14 13:05 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-14 13:05 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-14 13:05 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-14 13:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-14 13:06 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-14 13:05 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-14 13:05 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-14 13:05 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-14 13:05 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-14 13:05 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-14 13:05 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 13:05 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-14 13:05 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-14 13:05 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 13:05 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-14 13:05 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 13:05 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-14 13:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 13:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 13:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-14 08:23 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 07:35 - 2012-05-10 04:20 - 00047786 ____A C:\Users\Diego\Desktop\Toy Model 3.lyx
2012-05-11 07:30 - 2012-05-10 04:20 - 00045395 ____A C:\Users\Diego\Desktop\Toy Model 3.lyx~
2012-05-10 09:33 - 2012-05-10 09:33 - 00721033 ____A C:\Users\Diego\Desktop\Rimpatrio dei cervelli, scattano gli incentivi per il rientro_ Irpef sui redditi da lavoro super scontata - Il Sole 24 ORE.mht
2012-05-10 04:14 - 2012-05-10 04:13 - 80248066 ____A C:\Users\Diego\Downloads\LyX-2.0.3-2-Installer.exe
2012-05-05 07:39 - 2012-02-11 03:18 - 00000949 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-05 07:25 - 2012-03-31 07:25 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 03:06 - 2012-06-14 08:23 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-14 08:23 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 08:23 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 06:24 - 2012-05-02 04:59 - 00003946 ____A C:\Users\Diego\Desktop\Nuovo documento di testo (4).txt
2012-05-03 05:07 - 2012-05-03 05:07 - 00002214 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-05-03 05:06 - 2012-05-03 05:06 - 00739816 ____A (Google Inc.) C:\Users\Diego\Downloads\GoogleEarthSetup.exe
2012-04-30 21:40 - 2012-06-14 08:23 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-14 08:23 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 10:41 - 2012-04-27 10:41 - 00002788 ____A C:\Users\Public\Desktop\Nero StartSmart.lnk
2012-04-27 10:41 - 2012-04-27 10:41 - 00002692 ____A C:\Users\Public\Desktop\Nero Home.lnk
2012-04-25 21:41 - 2012-06-14 08:23 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-14 08:23 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-14 08:23 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 10:43 - 2012-04-25 08:53 - 141441529 ____A C:\Users\Diego\Desktop\[PSP]Metal.Slug.Double.XX.[USA][FIX].-.[ESPALPSP.com].rar
2012-04-23 21:37 - 2012-06-14 08:23 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-14 08:23 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-14 08:23 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-14 08:23 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-14 08:23 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-14 08:23 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-22 12:25 - 2012-04-22 08:06 - 00000051 ____A C:\Users\Diego\Desktop\Nuovo documento di testo (2).txt
2012-04-22 03:51 - 2012-02-11 03:53 - 00025600 ____A (Nokia) C:\Windows\System32\Drivers\pccsmcfdx64.sys
2012-04-17 11:39 - 2012-04-17 11:39 - 00001009 ____A C:\Users\Diego\Desktop\Alarm.lnk
2012-04-13 12:29 - 2012-04-13 12:29 - 00272930 ____A C:\Users\Diego\Desktop\Motore grafico - Wikipedia.mht
2012-04-07 04:31 - 2012-06-14 08:23 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-14 08:23 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-04 07:52 - 2012-04-04 07:52 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-04-04 07:52 - 2012-04-04 07:52 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6054.7 MB
Available physical RAM: 5381.56 MB
Total Pagefile: 6052.84 MB
Available Pagefile: 5371.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:89.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:394.07 GB) NTFS
4 Drive f: (FLASHDRIVE) (Removable) (Total:14.91 GB) (Free:2.06 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 279 GB 25 GB
Partition 3 Primary 394 GB 304 GB

==================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 279 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 394 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FLASHDRIVE FAT32 Removable 14 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-23 05:32

======================= End Of Log ==========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users