Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! I think I have Zero Access rootkit


  • This topic is locked This topic is locked
16 replies to this topic

#1 loonyless1

loonyless1

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 18 July 2012 - 04:12 PM

I did some searching, and I think I have the Zero Access rootkit trojan.

AVG Free Edition keeps asking me to remove c:/windows/installer/various names.
AVG Free Edition keeps asking me to remove c:/windows/system32/services.exe.
It does this so often that it is hard to browse the internet.
Also my browser is redirecting me to other websites.
Should I consider a system restore? Or is that a bad idea?
Except for the system restore idea, I have no idea how to remove this trojan.

Help! Please.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 AM

Posted 21 July 2012 - 11:41 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 loonyless1

loonyless1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 21 July 2012 - 11:53 PM

Hello Gringo,


Here are the dds logs.

I do not have any new problems.
I still have what I originally asked for help with.
I have the Zero Access rootkit trojan.

I'm ready to do as asked.

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 AM

Posted 22 July 2012 - 12:16 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 loonyless1

loonyless1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 22 July 2012 - 10:35 AM

Hello Gringo,

Success! My computer is now working perfectly!

I did an AVG scan.
The scan found 7 potentially dangerous threats. All 7 had been quarantined by combofix.
That means that if I delete those 7 then my computer is completely clean.

Question
Can I delete them? Or must I leave them in quarantine?

I have attached the combofix log.

ComboFix 12-07-21.01 - Mel 21/07/2012 22:47:10.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.1880 [GMT -7:00]
Running from: c:\users\Mel\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Logo.ico
c:\users\Mel\AppData\Local\~GLH0006.TMP
c:\users\Mel\AppData\Local\~GLH0007.TMP
c:\users\Mel\AppData\Local\~GLH0008.TMP
c:\users\Mel\AppData\Local\~GLH000b.TMP
c:\users\Mel\AppData\Roaming\1186dbfe
c:\users\Mel\AppData\Roaming\11ee37f6
c:\users\Mel\AppData\Roaming\13e672ea
c:\users\Mel\AppData\Roaming\145b04e8
c:\users\Mel\AppData\Roaming\151af358
c:\users\Mel\AppData\Roaming\152d531
c:\users\Mel\AppData\Roaming\158199b5
c:\users\Mel\AppData\Roaming\15984d57
c:\users\Mel\AppData\Roaming\1603f3eb
c:\users\Mel\AppData\Roaming\17bbe2e1
c:\users\Mel\AppData\Roaming\183c50de
c:\users\Mel\AppData\Roaming\183ebe03
c:\users\Mel\AppData\Roaming\189b3ce8
c:\users\Mel\AppData\Roaming\18ecc748
c:\users\Mel\AppData\Roaming\19458eed
c:\users\Mel\AppData\Roaming\19b866f7
c:\users\Mel\AppData\Roaming\1a040fc9
c:\users\Mel\AppData\Roaming\1a5ddb28
c:\users\Mel\AppData\Roaming\1b27d0c
c:\users\Mel\AppData\Roaming\1c27a2e7
c:\users\Mel\AppData\Roaming\1c9c625d
c:\users\Mel\AppData\Roaming\1fd76b74
c:\users\Mel\AppData\Roaming\204a12c1
c:\users\Mel\AppData\Roaming\209581b5
c:\users\Mel\AppData\Roaming\2098c340
c:\users\Mel\AppData\Roaming\2103a603
c:\users\Mel\AppData\Roaming\21c06834
c:\users\Mel\AppData\Roaming\21ee9da
c:\users\Mel\AppData\Roaming\222d5183
c:\users\Mel\AppData\Roaming\26786e2f
c:\users\Mel\AppData\Roaming\271ecfc9
c:\users\Mel\AppData\Roaming\2b0409d1
c:\users\Mel\AppData\Roaming\2b6e4369
c:\users\Mel\AppData\Roaming\2c568d7e
c:\users\Mel\AppData\Roaming\2e9307fc
c:\users\Mel\AppData\Roaming\2ec3c573
c:\users\Mel\AppData\Roaming\2f1b17e4
c:\users\Mel\AppData\Roaming\333bb4f7
c:\users\Mel\AppData\Roaming\33ba4b51
c:\users\Mel\AppData\Roaming\34331d6c
c:\users\Mel\AppData\Roaming\35aa2329
c:\users\Mel\AppData\Roaming\362b77b1
c:\users\Mel\AppData\Roaming\4969b60f
c:\users\Mel\AppData\Roaming\49e7dff8
c:\users\Mel\AppData\Roaming\4b9aa43
c:\users\Mel\AppData\Roaming\506734a
c:\users\Mel\AppData\Roaming\56dff97
c:\users\Mel\AppData\Roaming\585774af
c:\users\Mel\AppData\Roaming\59010a14
c:\users\Mel\AppData\Roaming\59f64fc5
c:\users\Mel\AppData\Roaming\5a5ff4be
c:\users\Mel\AppData\Roaming\5d773c2a
c:\users\Mel\AppData\Roaming\5f96f887
c:\users\Mel\AppData\Roaming\61985992
c:\users\Mel\AppData\Roaming\61e82a79
c:\users\Mel\AppData\Roaming\623c1e42
c:\users\Mel\AppData\Roaming\62949b8f
c:\users\Mel\AppData\Roaming\62d539d
c:\users\Mel\AppData\Roaming\6889e90
c:\users\Mel\AppData\Roaming\6a49c2fe
c:\users\Mel\AppData\Roaming\6e97b881
c:\users\Mel\AppData\Roaming\6f06475c
c:\users\Mel\AppData\Roaming\6fc9dce
c:\users\Mel\AppData\Roaming\7577cca
c:\users\Mel\AppData\Roaming\7afdc542
c:\users\Mel\AppData\Roaming\7b1f3d7f
c:\users\Mel\AppData\Roaming\7b70c36d
c:\users\Mel\AppData\Roaming\7b87f9c
c:\users\Mel\AppData\Roaming\7b8e84e4
c:\users\Mel\AppData\Roaming\7c991162
c:\users\Mel\AppData\Roaming\7d21173d
c:\users\Mel\AppData\Roaming\7f080b5
c:\users\Mel\AppData\Roaming\7f76fadb
c:\users\Mel\AppData\Roaming\7f86e376
c:\users\Mel\AppData\Roaming\7ff05929
c:\users\Mel\AppData\Roaming\8028f8b0
c:\users\Mel\AppData\Roaming\80eabfd6
c:\users\Mel\AppData\Roaming\83019ee1
c:\users\Mel\AppData\Roaming\839b44e5
c:\users\Mel\AppData\Roaming\83fd6f0e
c:\users\Mel\AppData\Roaming\846fff60
c:\users\Mel\AppData\Roaming\84c0029e
c:\users\Mel\AppData\Roaming\8527468
c:\users\Mel\AppData\Roaming\860e530f
c:\users\Mel\AppData\Roaming\86710722
c:\users\Mel\AppData\Roaming\86a3796
c:\users\Mel\AppData\Roaming\87e83ef5
c:\users\Mel\AppData\Roaming\89c5b94
c:\users\Mel\AppData\Roaming\8cba7ca
c:\users\Mel\AppData\Roaming\8d61c1af
c:\users\Mel\AppData\Roaming\8dbf726d
c:\users\Mel\AppData\Roaming\8e18a849
c:\users\Mel\AppData\Roaming\8e72e07e
c:\users\Mel\AppData\Roaming\8e8178f7
c:\users\Mel\AppData\Roaming\8e84435
c:\users\Mel\AppData\Roaming\8f22bf29
c:\users\Mel\AppData\Roaming\920ed6d
c:\users\Mel\AppData\Roaming\93194d6
c:\users\Mel\AppData\Roaming\98c28578
c:\users\Mel\AppData\Roaming\9939d57a
c:\users\Mel\AppData\Roaming\9a58f424
c:\users\Mel\AppData\Roaming\9c9b331c
c:\users\Mel\AppData\Roaming\9d4fa9af
c:\users\Mel\AppData\Roaming\9da33d37
c:\users\Mel\AppData\Roaming\9dcba5fb
c:\users\Mel\AppData\Roaming\9e10eb5f
c:\users\Mel\AppData\Roaming\9e1a72f4
c:\users\Mel\AppData\Roaming\9e76bbb5
c:\users\Mel\AppData\Roaming\9ee2c37c
c:\users\Mel\AppData\Roaming\a0075e5c
c:\users\Mel\AppData\Roaming\a043b499
c:\users\Mel\AppData\Roaming\a0c6542f
c:\users\Mel\AppData\Roaming\a0ff7d77
c:\users\Mel\AppData\Roaming\a1379254
c:\users\Mel\AppData\Roaming\a1697889
c:\users\Mel\AppData\Roaming\a169bac4
c:\users\Mel\AppData\Roaming\a1d5dd1c
c:\users\Mel\AppData\Roaming\a51acb7f
c:\users\Mel\AppData\Roaming\a5843768
c:\users\Mel\AppData\Roaming\a5ee2394
c:\users\Mel\AppData\Roaming\a6665fcc
c:\users\Mel\AppData\Roaming\a744783
c:\users\Mel\AppData\Roaming\a866fb7f
c:\users\Mel\AppData\Roaming\a8cdcc5c
c:\users\Mel\AppData\Roaming\a91d971b
c:\users\Mel\AppData\Roaming\a9cc5de6
c:\users\Mel\AppData\Roaming\aa45f349
c:\users\Mel\AppData\Roaming\aa5bc97a
c:\users\Mel\AppData\Roaming\aaace963
c:\users\Mel\AppData\Roaming\aae7bae6
c:\users\Mel\AppData\Roaming\ab8e7069
c:\users\Mel\AppData\Roaming\ab93ccd2
c:\users\Mel\AppData\Roaming\abe4dbfc
c:\users\Mel\AppData\Roaming\ac1ba408
c:\users\Mel\AppData\Roaming\ac3d71eb
c:\users\Mel\AppData\Roaming\ac8b8875
c:\users\Mel\AppData\Roaming\ac8c9118
c:\users\Mel\AppData\Roaming\acfbb4d
c:\users\Mel\AppData\Roaming\acffc9b9
c:\users\Mel\AppData\Roaming\ad30aa9b
c:\users\Mel\AppData\Roaming\ad735b6f
c:\users\Mel\AppData\Roaming\ada2dece
c:\users\Mel\AppData\Roaming\adf19f18
c:\users\Mel\AppData\Roaming\aef8399a
c:\users\Mel\AppData\Roaming\af197247
c:\users\Mel\AppData\Roaming\af68a25a
c:\users\Mel\AppData\Roaming\af88be0b
c:\users\Mel\AppData\Roaming\afccc2dd
c:\users\Mel\AppData\Roaming\b03a447a
c:\users\Mel\AppData\Roaming\b3b38c1e
c:\users\Mel\AppData\Roaming\b4fec118
c:\users\Mel\AppData\Roaming\b507ea7a
c:\users\Mel\AppData\Roaming\b5f98bd9
c:\users\Mel\AppData\Roaming\b60db726
c:\users\Mel\AppData\Roaming\b8054f0e
c:\users\Mel\AppData\Roaming\b86fc1a8
c:\users\Mel\AppData\Roaming\b8d3e003
c:\users\Mel\AppData\Roaming\b936259f
c:\users\Mel\AppData\Roaming\b9986f1e
c:\users\Mel\AppData\Roaming\b9c4e77f
c:\users\Mel\AppData\Roaming\b9fb5cf7
c:\users\Mel\AppData\Roaming\ba46a8b9
c:\users\Mel\AppData\Roaming\ba5d967d
c:\users\Mel\AppData\Roaming\bad4740f
c:\users\Mel\AppData\Roaming\bb394118
c:\users\Mel\AppData\Roaming\bb5210dc
c:\users\Mel\AppData\Roaming\bc155482
c:\users\Mel\AppData\Roaming\bddbd36a
c:\users\Mel\AppData\Roaming\bdde4b8d
c:\users\Mel\AppData\Roaming\be4278c4
c:\users\Mel\AppData\Roaming\be512f6b
c:\users\Mel\AppData\Roaming\bec111b7
c:\users\Mel\AppData\Roaming\bfb0ef67
c:\users\Mel\AppData\Roaming\c03ba43d
c:\users\Mel\AppData\Roaming\c049e8ab
c:\users\Mel\AppData\Roaming\c0b8393d
c:\users\Mel\AppData\Roaming\c145bf3c
c:\users\Mel\AppData\Roaming\c1ae63d0
c:\users\Mel\AppData\Roaming\c323d82
c:\users\Mel\AppData\Roaming\c34e0e55
c:\users\Mel\AppData\Roaming\c3a41135
c:\users\Mel\AppData\Roaming\c4196d27
c:\users\Mel\AppData\Roaming\c42326db
c:\users\Mel\AppData\Roaming\c497d46b
c:\users\Mel\AppData\Roaming\c4f96336
c:\users\Mel\AppData\Roaming\c5079fa6
c:\users\Mel\AppData\Roaming\c549831b
c:\users\Mel\AppData\Roaming\c5839f8f
c:\users\Mel\AppData\Roaming\c647f983
c:\users\Mel\AppData\Roaming\c6a6e9e6
c:\users\Mel\AppData\Roaming\c836af8d
c:\users\Mel\AppData\Roaming\c87f8919
c:\users\Mel\AppData\Roaming\c8b29b5b
c:\users\Mel\AppData\Roaming\c8ff708f
c:\users\Mel\AppData\Roaming\c911d927
c:\users\Mel\AppData\Roaming\c990f4b7
c:\users\Mel\AppData\Roaming\c9987432
c:\users\Mel\AppData\Roaming\ca1b10c2
c:\users\Mel\AppData\Roaming\ca996bc
c:\users\Mel\AppData\Roaming\cac76563
c:\users\Mel\AppData\Roaming\cb2e4579
c:\users\Mel\AppData\Roaming\cb8fa8ac
c:\users\Mel\AppData\Roaming\cbfecc62
c:\users\Mel\AppData\Roaming\ccaee3ce
c:\users\Mel\AppData\Roaming\cd288e65
c:\users\Mel\AppData\Roaming\cd8d2440
c:\users\Mel\AppData\Roaming\cede1299
c:\users\Mel\AppData\Roaming\cf5a373c
c:\users\Mel\AppData\Roaming\dc025872
c:\users\Mel\AppData\Roaming\Desktopicon
c:\users\Mel\AppData\Roaming\dfd7b936
c:\users\Mel\AppData\Roaming\e0598064
c:\users\Mel\AppData\Roaming\e26ff125
c:\users\Mel\AppData\Roaming\e27922e0
c:\users\Mel\AppData\Roaming\e2e03f3b
c:\users\Mel\AppData\Roaming\e3e816e9
c:\users\Mel\AppData\Roaming\e4761438
c:\users\Mel\AppData\Roaming\e53c7269
c:\users\Mel\AppData\Roaming\e89f7b70
c:\users\Mel\AppData\Roaming\e9153ea6
c:\users\Mel\AppData\Roaming\e97ab923
c:\users\Mel\AppData\Roaming\ead9bfd6
c:\users\Mel\AppData\Roaming\eb4bc6a9
c:\users\Mel\AppData\Roaming\edbc18d5
c:\users\Mel\AppData\Roaming\ee2c6856
c:\users\Mel\AppData\Roaming\f165e99e
c:\users\Mel\AppData\Roaming\f4214402
c:\users\Mel\AppData\Roaming\f8e1fd32
c:\users\Mel\AppData\Roaming\f981cc92
c:\users\Mel\AppData\Roaming\fa0b57fa
c:\users\Mel\AppData\Roaming\fa5ca19a
c:\users\Mel\AppData\Roaming\faabbf1f
c:\users\Mel\AppData\Roaming\fafaa0bb
c:\users\Mel\AppData\Roaming\fb6b4301
c:\users\Mel\AppData\Roaming\fc15df98
c:\users\Mel\AppData\Roaming\ff3c188b
c:\users\Mel\AppData\Roaming\ff8ce8c6
c:\users\Mel\AppData\Roaming\inst.exe
c:\users\Mel\AppData\Roaming\vso_ts_preview.xml
c:\users\Mel\lame_enc_en.dll
c:\users\Mel\lametritonus_en.dll
c:\users\temp\dreamy.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\tmp\U
c:\windows\Installer\{94a5e0ad-6249-72ab-33f1-5984af0692be}\@
c:\windows\Installer\{94a5e0ad-6249-72ab-33f1-5984af0692be}\L\00000004.@
c:\windows\Installer\{94a5e0ad-6249-72ab-33f1-5984af0692be}\L\1afb2d56
c:\windows\Installer\{94a5e0ad-6249-72ab-33f1-5984af0692be}\L\201d3dde
c:\windows\Installer\{94a5e0ad-6249-72ab-33f1-5984af0692be}\U\00000004.@
c:\windows\Installer\{94a5e0ad-6249-72ab-33f1-5984af0692be}\U\00000008.@
c:\windows\Installer\{94a5e0ad-6249-72ab-33f1-5984af0692be}\U\000000cb.@
c:\windows\Installer\{94a5e0ad-6249-72ab-33f1-5984af0692be}\U\80000000.@
c:\windows\Installer\{94a5e0ad-6249-72ab-33f1-5984af0692be}\U\80000032.@
c:\windows\Installer\{94a5e0ad-6249-72ab-33f1-5984af0692be}\U\80000064.@
c:\windows\iun6002.exe
c:\windows\Minidump\dumpchk.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\~GLH006b.TMP
c:\windows\SysWow64\F7E201867D.dll
c:\windows\SysWow64\ioa30ru.dll
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
c:\windows\SysWow64\ssprs.dll
c:\windows\XSxS
H:\Autorun.inf
H:\Setup.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy3_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 06:01 . 2012-07-22 06:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 05:27 . 2012-07-19 05:27 -------- d-----w- c:\users\Mel\AppData\Roaming\LearnLift
2012-07-19 05:27 . 2012-07-19 05:27 -------- d-----w- c:\users\Mel\AppData\Local\LearnLift
2012-07-18 03:18 . 2012-07-18 03:18 328704 ----a-w- c:\windows\system32\services.exe.FD9DE7A1A4C507D2
2012-07-18 03:11 . 2012-07-18 03:11 328704 ----a-w- c:\windows\system32\services.exe.A014F6E008A1490B
2012-07-18 03:05 . 2012-07-18 03:05 328704 ----a-w- c:\windows\system32\services.exe.86D73E5AD5A59F6B
2012-07-18 01:39 . 2012-07-18 01:39 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-18 01:32 . 2012-07-18 02:39 -------- d-----w- c:\programdata\7531CCB10000FF0600001B16F875EF60
2012-07-16 18:40 . 2012-07-19 21:39 -------- d-----w- c:\program files (x86)\NoteTab 7
2012-07-16 04:23 . 2012-07-16 04:23 -------- d-----w- c:\program files (x86)\Common Files\IVA
2012-07-16 04:23 . 2012-07-16 04:23 -------- d-----w- c:\program files (x86)\Common Files\Nuance
2012-07-13 22:09 . 2012-07-13 23:21 -------- d-----w- c:\program files (x86)\Preclick
2012-07-13 16:34 . 2012-07-13 16:39 -------- d-----w- c:\users\Mel\AppData\Roaming\MAGIX
2012-07-13 16:34 . 2012-07-13 16:35 -------- d-----w- c:\program files (x86)\MAGIX
2012-07-13 16:33 . 2012-07-13 16:33 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-07-13 16:33 . 2012-07-13 16:39 -------- d-----w- c:\programdata\MAGIX
2012-07-13 16:33 . 2012-07-13 16:34 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2012-07-12 23:41 . 2011-09-09 23:22 778088 ------w- c:\windows\system32\HPDiscoPM5C12.dll
2012-07-12 16:45 . 2012-07-12 16:45 -------- d-----w- c:\program files\Atomic Alarm Clock
2012-07-12 13:36 . 2012-07-12 13:36 -------- d-----w- c:\users\Mel\AppData\Roaming\Angelic Software
2012-07-12 13:36 . 2012-07-12 13:43 -------- d-----w- c:\program files (x86)\Info Angel
2012-07-12 13:06 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 13:03 . 2012-07-12 13:05 -------- d-----w- c:\program files (x86)\Angel Writer
2012-07-12 12:53 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 08:48 . 2012-07-12 14:36 -------- d-----w- c:\program files (x86)\EditPlus 3
2012-07-11 08:19 . 2012-07-11 08:21 -------- d-----w- c:\users\Mel\AppData\Roaming\AbiSuite
2012-07-10 22:53 . 2012-07-10 22:53 -------- d-----w- c:\users\Mel\AppData\Roaming\NoteTab Std
2012-07-10 13:24 . 2007-12-07 09:01 81408 ----a-w- c:\windows\system32\E_IBCBAIA.DLL
2012-07-07 22:50 . 2012-07-11 17:35 -------- d-----w- C:\Python26
2012-07-07 15:03 . 2012-07-07 15:03 -------- d-----w- c:\users\Mel\.idlerc
2012-07-06 10:56 . 2012-07-06 10:57 -------- d-----w- c:\program files\WindowSpace
2012-07-06 07:13 . 2012-07-06 07:13 -------- d-----w- c:\users\Mel\AppData\Roaming\Hyperionics
2012-07-06 07:12 . 2012-07-06 07:18 -------- d-----w- c:\program files\FileBX
2012-07-05 19:11 . 2009-02-25 01:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-07-05 19:11 . 2009-02-25 01:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-07-05 19:11 . 2012-07-05 19:13 -------- d-----w- c:\program files (x86)\MagicDisc
2012-07-05 18:11 . 2012-07-05 18:11 -------- d-----w- c:\program files (x86)\MagicISO
2012-07-04 20:08 . 2012-07-04 20:08 -------- d-----w- c:\users\Mel\AppData\Local\Macromedia
2012-07-04 02:33 . 2012-07-04 02:33 -------- d-----w- c:\users\Mel\yBook
2012-07-04 02:32 . 1998-05-12 03:01 240944 ----a-w- c:\windows\SysWow64\RICHED.DLL
2012-07-04 02:00 . 2012-07-04 02:00 -------- d-----w- c:\users\Mel\KooBits4
2012-07-04 02:00 . 2012-07-04 02:00 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-07-04 01:07 . 2012-07-04 01:07 -------- d-----w- c:\users\Mel\AppData\Local\skybn
2012-07-04 00:51 . 2005-03-12 07:07 87040 ----a-w- c:\windows\system32\pdfcmnnt.dll
2012-07-04 00:51 . 1998-07-06 07:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-07-04 00:51 . 2012-07-04 00:51 -------- d-----w- c:\program files (x86)\PDFCreator
2012-07-03 15:36 . 2012-07-03 15:52 -------- d-----w- c:\program files (x86)\dictator
2012-07-03 14:25 . 2012-07-05 02:48 -------- d-----w- C:\AceReader Pro (Server)
2012-07-02 18:02 . 2012-07-02 18:02 -------- d-----w- c:\users\Mel\AppData\Roaming\MultiCommander
2012-07-02 18:02 . 2012-07-02 18:03 -------- d-----w- c:\program files (x86)\MultiCommander
2012-07-01 04:42 . 2012-07-04 20:37 -------- d-----w- c:\program files (x86)\ICE Book Reader Professional
2012-06-29 14:49 . 2012-06-29 16:07 -------- d-----w- c:\program files (x86)\Apply Word Wrap To Multiple Text Files Software
2012-06-29 00:23 . 2012-06-29 13:02 -------- d-----w- c:\program files (x86)\Text Master
2012-06-29 00:21 . 2012-06-29 00:21 -------- d-----w- c:\users\Mel\AppData\Local\Animal_Software
2012-06-28 14:45 . 2012-06-28 14:45 -------- d-----w- c:\users\Mel\AppData\Roaming\VoiceAttack
2012-06-28 06:31 . 2012-06-28 06:31 -------- d-----w- c:\users\Mel\AppData\Local\VoiceAttack.com
2012-06-28 06:27 . 2012-07-05 14:36 -------- d-----w- c:\program files (x86)\VoiceAttack
2012-06-25 23:19 . 2012-06-26 01:47 -------- d-----w- c:\program files (x86)\Bit Che
2012-06-25 23:19 . 2012-06-25 23:19 -------- d-----w- c:\users\Mel\AppData\Roaming\Convivea
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-25 18:27 . 2012-06-25 22:34 -------- d-----w- c:\users\Mel\AppData\Roaming\VAC
2012-06-25 16:39 . 2012-06-25 16:39 -------- d-----w- c:\program files (x86)\Harmony_Hollow_Software
2012-06-25 08:09 . 2012-06-28 22:49 -------- d-----w- C:\output
2012-06-24 22:29 . 2012-06-24 22:29 -------- d-----w- c:\programdata\NextUp
2012-06-24 22:23 . 2012-06-01 21:07 102768 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF13.dll
2012-06-24 22:23 . 2012-04-24 22:58 102736 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF12.dll
2012-06-24 22:23 . 2011-12-21 06:53 102736 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF9.dll
2012-06-24 22:23 . 2011-11-28 23:12 102736 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF8.dll
2012-06-24 22:23 . 2011-09-23 17:09 102736 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF7.dll
2012-06-24 22:23 . 2011-08-22 23:30 102736 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF6.dll
2012-06-24 22:23 . 2011-06-24 18:54 102736 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF5.dll
2012-06-24 22:23 . 2012-06-24 22:23 -------- d-----w- c:\users\Mel\AppData\Local\NextUp
2012-06-24 22:23 . 2012-06-08 15:29 102768 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3Adapter.dll
2012-06-24 22:23 . 2012-03-14 21:54 102736 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF11.dll
2012-06-24 22:23 . 2012-01-31 21:36 102736 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF10.dll
2012-06-24 19:43 . 2012-06-24 22:26 -------- d-----w- c:\program files (x86)\TotalExcelConverter
2012-06-24 18:08 . 2012-07-04 19:55 -------- d-----w- c:\users\Mel\Calibre Library
2012-06-24 17:39 . 2012-06-24 17:39 -------- d-----w- c:\program files (x86)\LWW
2012-06-24 06:05 . 2012-06-24 06:18 -------- d-----w- C:\Tmp
2012-06-24 06:00 . 2012-06-24 06:00 -------- d-----w- c:\program files (x86)\Moodysoft
2012-06-23 04:02 . 2012-07-03 16:58 -------- d-----w- c:\users\Mel\AppData\Local\010 Editor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 23:17 . 2012-04-05 04:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-18 23:17 . 2011-05-15 08:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 12:59 . 2010-01-17 18:54 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 20:46 . 2010-01-17 19:52 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 01:19 . 2012-06-14 01:19 65536 ----a-w- c:\windows\IFinst27.exe
2012-06-02 22:19 . 2012-06-19 14:21 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 14:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 14:22 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 14:22 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 14:21 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-19 14:21 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 14:22 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 14:21 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-19 14:21 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-01-17 18:54 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-13 15:49 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 15:49 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 15:49 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 15:48 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 05:32 . 2012-06-13 15:48 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-13 15:48 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 15:49 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 15:49 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 15:49 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 15:49 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 15:49 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 15:49 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 15:49 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 15:49 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 15:49 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2005-01-13 23:47 . 2005-01-13 23:47 61440 ----a-w- c:\program files (x86)\mdMod1.dll
2004-07-29 03:43 . 2004-07-29 03:43 24576 ----a-w- c:\program files (x86)\EnDeCrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2011-10-25 4287488]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2009-10-02 6821376]
"cdloader"="c:\users\Mel\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-12-16 5953992]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]
"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-04 144608]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-02-19 107000]
.
c:\users\Mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
deskview.lnk - e:\gold files\Desktop Tools Related\deskview\deskview.exe [2010-11-3 36864]
magicBlock.lnk - c:\program files (x86)\magicBlock\magicBlock.exe [2008-5-3 479232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - c:\program files (x86)\802.11n Wireless LAN\802.11n Wireless Adapter HW.72\WlanCU.exe [2010-11-8 454656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-05 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 250056]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6144]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-30 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-09-15 1061888]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-13 147248]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-30 834544]
R4 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
S0 3wareDrv;3wareDrv;c:\windows\system32\DRIVERS\3wareDrv.sys [2009-08-31 102400]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-03-31 133728]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-03-31 211040]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [2012-03-31 142944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-03-31 3450832]
S2 AtomicAlarmClock;Atomic Alarm Clock Time;c:\program files\Atomic Alarm Clock\timeserv.exe [2011-10-25 2062336]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 DSClockSyncTime;DS Clock Synchronization Service www.dualitysoft.com;c:\program files (x86)\DS Clock\dsetime.exe [2009-11-20 62264]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2008-07-11 145448]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-12-16 5881952]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-03-31 367200]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-02-03 82816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 23:17]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447197604-1126035691-2842377532-1000Core.job
- c:\users\Mel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-06 15:39]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447197604-1126035691-2842377532-1000UA.job
- c:\users\Mel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-06 15:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{887cdc33-0de3-4fd5-a5d3-eccd4b4b396c}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinAVAlarm"="c:\program files\AMCC\3DM2\WinAVAlarm.exe" [2009-10-24 547848]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-12-16 403096]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2010-01-08 742360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/advanced_search
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*
IE: >>> DIAL <<< - file://c:\windows\numb.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\obc4rrq4.default\
FF - prefs.js: browser.search.selectedEngine - hxxp://www.google.com/search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/advanced_search
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{90eee664-34b1-422a-a782-779af65cdf6d} - (no file)
ShellExecuteHooks-{E33EB92C-9A58-4524-8861-52E908D26E68} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-Magic File Renamer5.00 - c:\windows\iun6002.exe
AddRemove-Mp3tag - c:\program files (x86)\Mp3tag\Mp3tagUninstall.EXE
AddRemove-SwiftElite30 - c:\windows\iun6002.exe
AddRemove-TriKaraoke - c:\windows\iun6002.exe
AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
AddRemove-{23236FC2-648D-4ACF-AD16-68492D0F0AC9} - c:\programdata\{7A94EF79-C34B-444E-BECC-25AB7D77AA78}\Fbx64Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\3DM2]
"ImagePath"="c:\program files\AMCC\3DM2/3dm2.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="PhotoManager.9.alb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.eps"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.gif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.iff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.pcd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.png"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tga"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tiff"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.032"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bwf"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.flc"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fli"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.int"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="AIMP.kar"
"AIMP.Backup"="ACDSee Photo Manager 12.kar"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.m1a"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.m2a"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.m75"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mpv"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pics"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.qcp"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.qtpf"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sdv"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sfil"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.smf"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sml"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.swa"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ulw"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.vfw"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6C5350A-36EE-CB3B-8BB3-14D2F7989E33}*]
"iaddpdlcmnedmdldpe"=hex:6b,61,66,62,70,69,6d,70,62,6b,6e,6a,6f,69,70,69,6c,6a,
65,70,68,65,00,00
"hafdnoojmfekkffd"=hex:6c,62,6e,63,66,6b,6e,62,6c,63,62,69,69,6c,6e,6d,62,61,
70,67,66,6f,6f,67,62,67,61,70,66,6b,6b,69,61,6b,61,61,70,63,67,6f,6a,66,70,\
"hafdnoojjelkanjh"=hex:70,62,69,65,70,66,65,64,70,70,6d,67,66,67,69,67,68,70,
63,64,63,6f,67,6f,63,66,6e,69,6f,6e,68,70,6e,68,61,66,63,6f,6d,6c,65,6e,6d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\ProgID]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\Version]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\02\1b\0a/'l"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files (x86)\Memeo\AutoBackup\InstantBackup.exe
c:\users\Mel\AppData\Roaming\mjusbsp\magicJack.exe
c:\program files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
.
**************************************************************************
.
Completion time: 2012-07-21 23:17:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-22 06:17
.
Pre-Run: 34,518,622,208 bytes free
Post-Run: 33,984,192,512 bytes free
.
- - End Of File - - D4D3AD44CD7F14ED021E692F9E117FCE

Attached Files


Edited by gringo_pr, 22 July 2012 - 11:52 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 AM

Posted 22 July 2012 - 11:51 AM

Greetings

Please don't attach the reports to the thread - it is allot easier for us if you just copy and paste the the reports (see my edit above)

I am glad things are working better but that is only one step on the road to getting clean

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 loonyless1

loonyless1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 22 July 2012 - 12:49 PM

Hello Gringo

I have pasted the TDSSKiller log.

aswMBR.exe keeps shutting down with error message that it has stopped working. What sould I do?




Below is TDSSKiller log.

10:26:51.0671 6344 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
10:26:52.0391 6344 ============================================================
10:26:52.0391 6344 Current date / time: 2012/07/22 10:26:52.0391
10:26:52.0391 6344 SystemInfo:
10:26:52.0391 6344
10:26:52.0391 6344 OS Version: 6.1.7601 ServicePack: 1.0
10:26:52.0391 6344 Product type: Workstation
10:26:52.0391 6344 ComputerName: MEL
10:26:52.0391 6344 UserName: Mel
10:26:52.0391 6344 Windows directory: C:\Windows
10:26:52.0391 6344 System windows directory: C:\Windows
10:26:52.0391 6344 Running under WOW64
10:26:52.0391 6344 Processor architecture: Intel x64
10:26:52.0391 6344 Number of processors: 4
10:26:52.0391 6344 Page size: 0x1000
10:26:52.0391 6344 Boot type: Normal boot
10:26:52.0391 6344 ============================================================
10:26:53.0361 6344 Drive \Device\Harddisk1\DR1 - Size: 0x12BFFFFFE00 (1200.00 Gb), SectorSize: 0x200, Cylinders: 0x905C6, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000048
10:26:53.0371 6344 Drive \Device\Harddisk2\DR2 - Size: 0x18E7C000200 (1593.94 Gb), SectorSize: 0x200, Cylinders: 0x32CCB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
10:26:53.0391 6344 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:26:53.0411 6344 Drive \Device\Harddisk7\DR7 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:26:53.0431 6344 Drive \Device\Harddisk8\DR8 - Size: 0x11C0000 (0.02 Gb), SectorSize: 0x200, Cylinders: 0x2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:26:53.0441 6344 ============================================================
10:26:53.0441 6344 \Device\Harddisk1\DR1:
10:26:53.0441 6344 MBR partitions:
10:26:53.0441 6344 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:26:53.0441 6344 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x18FC8000
10:26:53.0451 6344 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x18FFAC7A, BlocksNum 0x7D0052F0
10:26:53.0451 6344 \Device\Harddisk2\DR2:
10:26:53.0451 6344 MBR partitions:
10:26:53.0471 6344 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xC73DB00B
10:26:53.0471 6344 \Device\Harddisk0\DR0:
10:26:53.0471 6344 MBR partitions:
10:26:53.0471 6344 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x106C830, BlocksNum 0x73699191
10:26:53.0471 6344 \Device\Harddisk7\DR7:
10:26:53.0471 6344 MBR partitions:
10:26:53.0471 6344 \Device\Harddisk7\DR7\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA86741
10:26:53.0471 6344 \Device\Harddisk8\DR8:
10:26:53.0481 6344 Invalid mbr signature
10:26:53.0481 6344 ============================================================
10:26:53.0551 6344 C: <-> \Device\Harddisk1\DR1\Partition1
10:26:53.0581 6344 H: <-> \Device\Harddisk7\DR7\Partition0
10:26:53.0601 6344 D: <-> \Device\Harddisk1\DR1\Partition2
10:26:53.0631 6344 E: <-> \Device\Harddisk2\DR2\Partition0
10:26:53.0681 6344 F: <-> \Device\Harddisk0\DR0\Partition0
10:26:53.0681 6344 ============================================================
10:26:53.0681 6344 Initialize success
10:26:53.0681 6344 ============================================================
10:26:58.0041 5772 ============================================================
10:26:58.0041 5772 Scan started
10:26:58.0041 5772 Mode: Manual;
10:26:58.0041 5772 ============================================================
10:26:58.0801 5772 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:26:58.0811 5772 1394ohci - ok
10:26:58.0981 5772 3DM2 (f1ef74e19f26dbceea4ac73c767a5142) C:\Program Files\AMCC\3DM2/3dm2.exe
10:26:58.0981 5772 Suspicious file (Hidden): C:\Program Files\AMCC\3DM2/3dm2.exe. md5: f1ef74e19f26dbceea4ac73c767a5142
10:26:58.0981 5772 3DM2 ( HiddenFile.Multi.Generic ) - warning
10:26:58.0981 5772 3DM2 - detected HiddenFile.Multi.Generic (1)
10:26:59.0091 5772 3wareDrv (c42d2bd350f6a86f4e30eec5336c28c1) C:\Windows\system32\DRIVERS\3wareDrv.sys
10:26:59.0101 5772 3wareDrv - ok
10:26:59.0531 5772 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:26:59.0541 5772 ACPI - ok
10:26:59.0581 5772 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:26:59.0671 5772 AcpiPmi - ok
10:26:59.0881 5772 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:26:59.0901 5772 AdobeFlashPlayerUpdateSvc - ok
10:26:59.0981 5772 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:27:00.0001 5772 adp94xx - ok
10:27:00.0052 5772 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:27:00.0092 5772 adpahci - ok
10:27:00.0132 5772 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:27:00.0152 5772 adpu320 - ok
10:27:00.0182 5772 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:27:00.0192 5772 AeLookupSvc - ok
10:27:00.0362 5772 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:27:00.0372 5772 AFD - ok
10:27:00.0412 5772 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:27:00.0432 5772 agp440 - ok
10:27:00.0462 5772 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:27:00.0462 5772 ALG - ok
10:27:00.0472 5772 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:27:00.0482 5772 aliide - ok
10:27:00.0492 5772 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:27:00.0492 5772 amdide - ok
10:27:00.0532 5772 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:27:00.0642 5772 AmdK8 - ok
10:27:00.0672 5772 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:27:00.0722 5772 AmdPPM - ok
10:27:00.0782 5772 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:27:00.0792 5772 amdsata - ok
10:27:00.0822 5772 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:27:00.0832 5772 amdsbs - ok
10:27:00.0852 5772 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:27:00.0852 5772 amdxata - ok
10:27:00.0892 5772 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:27:00.0952 5772 AppID - ok
10:27:00.0972 5772 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:27:00.0972 5772 AppIDSvc - ok
10:27:01.0012 5772 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:27:01.0012 5772 Appinfo - ok
10:27:01.0072 5772 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
10:27:01.0072 5772 AppMgmt - ok
10:27:01.0112 5772 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:27:01.0112 5772 arc - ok
10:27:01.0142 5772 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:27:01.0162 5772 arcsas - ok
10:27:01.0242 5772 aspnet_state - ok
10:27:01.0272 5772 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:27:01.0272 5772 AsyncMac - ok
10:27:01.0302 5772 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:27:01.0302 5772 atapi - ok
10:27:01.0512 5772 AtomicAlarmClock (16639653b1a68db3c5a4e72cbc7dae73) C:\Program Files\Atomic Alarm Clock\timeserv.exe
10:27:01.0532 5772 AtomicAlarmClock - ok
10:27:01.0662 5772 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:27:01.0682 5772 AudioEndpointBuilder - ok
10:27:01.0682 5772 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:27:01.0682 5772 AudioSrv - ok
10:27:02.0492 5772 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
10:27:02.0552 5772 AVGIDSAgent - ok
10:27:02.0762 5772 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
10:27:02.0772 5772 AVGIDSDriver - ok
10:27:02.0822 5772 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
10:27:02.0822 5772 AVGIDSFilter - ok
10:27:02.0852 5772 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
10:27:02.0852 5772 AVGIDSHA - ok
10:27:02.0902 5772 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
10:27:02.0922 5772 Avgldx64 - ok
10:27:02.0952 5772 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
10:27:02.0962 5772 Avgmfx64 - ok
10:27:02.0992 5772 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
10:27:02.0992 5772 Avgrkx64 - ok
10:27:03.0032 5772 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
10:27:03.0042 5772 Avgtdia - ok
10:27:03.0162 5772 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
10:27:03.0172 5772 avgwd - ok
10:27:03.0222 5772 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:27:03.0232 5772 AxInstSV - ok
10:27:03.0312 5772 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:27:03.0432 5772 b06bdrv - ok
10:27:03.0502 5772 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:27:03.0522 5772 b57nd60a - ok
10:27:03.0562 5772 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:27:03.0572 5772 BDESVC - ok
10:27:03.0592 5772 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:27:03.0632 5772 Beep - ok
10:27:03.0752 5772 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:27:03.0762 5772 BFE - ok
10:27:03.0852 5772 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:27:03.0872 5772 BITS - ok
10:27:03.0932 5772 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:27:03.0962 5772 blbdrive - ok
10:27:04.0002 5772 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:27:04.0002 5772 bowser - ok
10:27:04.0012 5772 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:27:04.0052 5772 BrFiltLo - ok
10:27:04.0072 5772 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:27:04.0772 5772 BrFiltUp - ok
10:27:05.0492 5772 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:27:05.0522 5772 BridgeMP - ok
10:27:05.0642 5772 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:27:05.0642 5772 Browser - ok
10:27:05.0712 5772 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:27:05.0762 5772 Brserid - ok
10:27:05.0802 5772 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:27:05.0802 5772 BrSerWdm - ok
10:27:05.0822 5772 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:27:05.0832 5772 BrUsbMdm - ok
10:27:05.0842 5772 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:27:05.0892 5772 BrUsbSer - ok
10:27:05.0922 5772 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
10:27:06.0082 5772 BTCFilterService - ok
10:27:06.0132 5772 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:27:06.0172 5772 BTHMODEM - ok
10:27:06.0232 5772 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:27:06.0232 5772 bthserv - ok
10:27:06.0262 5772 catchme - ok
10:27:06.0302 5772 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:27:06.0302 5772 cdfs - ok
10:27:06.0342 5772 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:27:06.0392 5772 cdrom - ok
10:27:06.0452 5772 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:27:06.0452 5772 CertPropSvc - ok
10:27:06.0482 5772 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:27:06.0482 5772 circlass - ok
10:27:06.0542 5772 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:27:06.0552 5772 CLFS - ok
10:27:06.0642 5772 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:27:06.0652 5772 clr_optimization_v2.0.50727_32 - ok
10:27:06.0692 5772 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:27:06.0702 5772 clr_optimization_v2.0.50727_64 - ok
10:27:06.0832 5772 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:27:06.0832 5772 clr_optimization_v4.0.30319_32 - ok
10:27:06.0882 5772 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:27:06.0882 5772 clr_optimization_v4.0.30319_64 - ok
10:27:06.0892 5772 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:27:06.0912 5772 CmBatt - ok
10:27:06.0932 5772 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:27:06.0942 5772 cmdide - ok
10:27:07.0012 5772 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
10:27:07.0022 5772 CNG - ok
10:27:07.0042 5772 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:27:07.0042 5772 Compbatt - ok
10:27:07.0072 5772 CompFilter64 (59d203c3f46f3ca536ecac0e084cd887) C:\Windows\system32\DRIVERS\lvbflt64.sys
10:27:07.0082 5772 CompFilter64 - ok
10:27:07.0112 5772 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:27:07.0132 5772 CompositeBus - ok
10:27:07.0132 5772 COMSysApp - ok
10:27:07.0142 5772 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:27:07.0152 5772 crcdisk - ok
10:27:07.0202 5772 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:27:07.0212 5772 CryptSvc - ok
10:27:07.0412 5772 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:27:07.0742 5772 CSC - ok
10:27:07.0982 5772 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
10:27:07.0992 5772 CscService - ok
10:27:08.0082 5772 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:27:08.0092 5772 DcomLaunch - ok
10:27:08.0162 5772 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:27:08.0172 5772 defragsvc - ok
10:27:08.0232 5772 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:27:08.0232 5772 DfsC - ok
10:27:08.0282 5772 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:27:08.0292 5772 Dhcp - ok
10:27:08.0312 5772 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:27:08.0312 5772 discache - ok
10:27:08.0362 5772 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:27:08.0362 5772 Disk - ok
10:27:08.0402 5772 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:27:08.0402 5772 Dnscache - ok
10:27:08.0472 5772 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:27:08.0482 5772 dot3svc - ok
10:27:08.0552 5772 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
10:27:08.0562 5772 Dot4 - ok
10:27:08.0602 5772 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
10:27:08.0612 5772 Dot4Print - ok
10:27:08.0632 5772 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
10:27:08.0662 5772 dot4usb - ok
10:27:08.0702 5772 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:27:08.0702 5772 DPS - ok
10:27:08.0802 5772 DragonSvc (f7bda38afbda04f0a89deba767eeda79) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
10:27:08.0802 5772 DragonSvc - ok
10:27:08.0832 5772 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:27:08.0842 5772 drmkaud - ok
10:27:08.0922 5772 DSClockSyncTime (6e0ee2d4470273f64826d49c441e65ea) C:\Program Files (x86)\DS Clock\dsetime.exe
10:27:08.0922 5772 DSClockSyncTime - ok
10:27:09.0012 5772 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:27:09.0042 5772 DXGKrnl - ok
10:27:09.0082 5772 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:27:09.0092 5772 EapHost - ok
10:27:09.0292 5772 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:27:09.0342 5772 ebdrv - ok
10:27:09.0462 5772 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:27:09.0462 5772 EFS - ok
10:27:09.0532 5772 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:27:09.0542 5772 ehRecvr - ok
10:27:09.0582 5772 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:27:09.0582 5772 ehSched - ok
10:27:09.0672 5772 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:27:09.0692 5772 elxstor - ok
10:27:09.0712 5772 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:27:09.0752 5772 ErrDev - ok
10:27:09.0822 5772 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:27:09.0842 5772 EventSystem - ok
10:27:09.0902 5772 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:27:09.0932 5772 exfat - ok
10:27:10.0022 5772 Fabs - ok
10:27:10.0072 5772 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:27:10.0082 5772 fastfat - ok
10:27:10.0612 5772 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:27:10.0622 5772 Fax - ok
10:27:10.0642 5772 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:27:10.0672 5772 fdc - ok
10:27:10.0682 5772 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:27:10.0682 5772 fdPHost - ok
10:27:10.0712 5772 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:27:10.0722 5772 FDResPub - ok
10:27:10.0732 5772 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:27:10.0732 5772 FileInfo - ok
10:27:10.0762 5772 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:27:10.0762 5772 Filetrace - ok
10:27:10.0942 5772 FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
10:27:11.0012 5772 FirebirdServerMAGIXInstance - ok
10:27:11.0192 5772 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:27:11.0242 5772 FLEXnet Licensing Service - ok
10:27:11.0392 5772 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:27:11.0452 5772 flpydisk - ok
10:27:11.0512 5772 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:27:11.0532 5772 FltMgr - ok
10:27:11.0592 5772 fltsrv (e94e042bc24bb301767a8125d529b705) C:\Windows\system32\DRIVERS\fltsrv.sys
10:27:11.0592 5772 fltsrv - ok
10:27:11.0702 5772 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:27:11.0722 5772 FontCache - ok
10:27:11.0792 5772 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:27:11.0822 5772 FontCache3.0.0.0 - ok
10:27:11.0862 5772 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:27:11.0862 5772 FsDepends - ok
10:27:11.0902 5772 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:27:11.0912 5772 Fs_Rec - ok
10:27:11.0972 5772 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:27:11.0972 5772 fvevol - ok
10:27:12.0002 5772 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:27:12.0012 5772 gagp30kx - ok
10:27:12.0052 5772 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:27:12.0052 5772 GEARAspiWDM - ok
10:27:12.0142 5772 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:27:12.0162 5772 gpsvc - ok
10:27:12.0162 5772 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:27:12.0222 5772 hcw85cir - ok
10:27:12.0282 5772 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:27:12.0282 5772 HdAudAddService - ok
10:27:12.0322 5772 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:27:12.0322 5772 HDAudBus - ok
10:27:12.0322 5772 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:27:12.0362 5772 HidBatt - ok
10:27:12.0402 5772 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:27:12.0432 5772 HidBth - ok
10:27:12.0472 5772 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:27:12.0492 5772 HidIr - ok
10:27:12.0522 5772 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:27:12.0532 5772 hidserv - ok
10:27:12.0562 5772 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:27:12.0832 5772 HidUsb - ok
10:27:13.0042 5772 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:27:13.0042 5772 hkmsvc - ok
10:27:13.0082 5772 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:27:13.0082 5772 HomeGroupListener - ok
10:27:13.0122 5772 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:27:13.0132 5772 HomeGroupProvider - ok
10:27:13.0292 5772 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:27:13.0302 5772 hpqcxs08 - ok
10:27:13.0352 5772 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:27:13.0352 5772 hpqddsvc - ok
10:27:13.0402 5772 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:27:13.0412 5772 HpSAMD - ok
10:27:13.0552 5772 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
10:27:13.0572 5772 HPSLPSVC - ok
10:27:13.0772 5772 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:27:13.0782 5772 HTTP - ok
10:27:13.0792 5772 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:27:13.0792 5772 hwpolicy - ok
10:27:13.0852 5772 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:27:13.0862 5772 i8042prt - ok
10:27:13.0942 5772 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:27:13.0962 5772 iaStorV - ok
10:27:14.0092 5772 ICDSPTSV (05c0a75ba2f910f69a643ee4f9767acf) C:\Windows\SysWOW64\IcdSptSv.exe
10:27:14.0142 5772 ICDSPTSV - ok
10:27:14.0272 5772 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:27:14.0282 5772 IDriverT - ok
10:27:14.0442 5772 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:27:14.0512 5772 idsvc - ok
10:27:14.0642 5772 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:27:14.0652 5772 iirsp - ok
10:27:14.0782 5772 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:27:14.0792 5772 IKEEXT - ok
10:27:14.0832 5772 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:27:14.0832 5772 intelide - ok
10:27:14.0872 5772 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:27:14.0882 5772 intelppm - ok
10:27:14.0932 5772 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:27:14.0942 5772 IPBusEnum - ok
10:27:14.0972 5772 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:27:15.0022 5772 IpFilterDriver - ok
10:27:15.0122 5772 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:27:15.0142 5772 iphlpsvc - ok
10:27:15.0172 5772 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:27:15.0202 5772 IPMIDRV - ok
10:27:15.0632 5772 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:27:15.0702 5772 IPNAT - ok
10:27:15.0722 5772 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:27:15.0722 5772 IRENUM - ok
10:27:15.0762 5772 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:27:15.0762 5772 isapnp - ok
10:27:15.0822 5772 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:27:15.0832 5772 iScsiPrt - ok
10:27:15.0852 5772 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:27:15.0852 5772 kbdclass - ok
10:27:15.0872 5772 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:27:15.0872 5772 kbdhid - ok
10:27:15.0892 5772 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:27:15.0892 5772 KeyIso - ok
10:27:15.0892 5772 KMService - ok
10:27:15.0932 5772 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
10:27:15.0932 5772 KSecDD - ok
10:27:15.0972 5772 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
10:27:15.0972 5772 KSecPkg - ok
10:27:15.0982 5772 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:27:15.0992 5772 ksthunk - ok
10:27:16.0122 5772 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:27:16.0172 5772 KtmRm - ok
10:27:16.0232 5772 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:27:16.0242 5772 LanmanServer - ok
10:27:16.0272 5772 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:27:16.0282 5772 LanmanWorkstation - ok
10:27:16.0322 5772 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:27:16.0322 5772 lltdio - ok
10:27:16.0372 5772 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:27:16.0432 5772 lltdsvc - ok
10:27:16.0432 5772 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:27:16.0442 5772 lmhosts - ok
10:27:16.0482 5772 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:27:16.0492 5772 LSI_FC - ok
10:27:16.0562 5772 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:27:16.0592 5772 LSI_SAS - ok
10:27:16.0622 5772 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:27:16.0622 5772 LSI_SAS2 - ok
10:27:16.0652 5772 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:27:16.0652 5772 LSI_SCSI - ok
10:27:16.0702 5772 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:27:16.0702 5772 luafv - ok
10:27:16.0772 5772 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
10:27:16.0792 5772 LVRS64 - ok
10:27:17.0092 5772 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
10:27:17.0142 5772 LVUVC64 - ok
10:27:17.0382 5772 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
10:27:17.0382 5772 MBAMProtector - ok
10:27:17.0532 5772 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:27:17.0552 5772 MBAMService - ok
10:27:17.0612 5772 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
10:27:17.0732 5772 mcdbus - ok
10:27:17.0772 5772 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:27:18.0002 5772 Mcx2Svc - ok
10:27:18.0342 5772 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
10:27:18.0352 5772 MDM - ok
10:27:18.0392 5772 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:27:18.0392 5772 megasas - ok
10:27:18.0452 5772 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:27:18.0462 5772 MegaSR - ok
10:27:18.0502 5772 MemeoBackgroundService (671a03ca9cd0259ccbb7b78a9ce234ec) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
10:27:18.0502 5772 MemeoBackgroundService - ok
10:27:18.0562 5772 Microsoft SharePoint Workspace Audit Service - ok
10:27:18.0592 5772 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:27:18.0592 5772 MMCSS - ok
10:27:18.0632 5772 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:27:18.0692 5772 Modem - ok
10:27:18.0722 5772 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:27:18.0722 5772 monitor - ok
10:27:18.0752 5772 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
10:27:18.0822 5772 motandroidusb - ok
10:27:18.0842 5772 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
10:27:18.0902 5772 motccgp - ok
10:27:18.0922 5772 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
10:27:18.0982 5772 motccgpfl - ok
10:27:18.0992 5772 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
10:27:19.0052 5772 motmodem - ok
10:27:19.0142 5772 MotoHelper (9dfd34e6841c460b5d992a1c5327ae69) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
10:27:19.0162 5772 MotoHelper - ok
10:27:19.0172 5772 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
10:27:19.0202 5772 MotoSwitchService - ok
10:27:19.0242 5772 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
10:27:19.0302 5772 Motousbnet - ok
10:27:19.0342 5772 motusbdevice (d075b1d964a314d240f5498773ee89df) C:\Windows\system32\DRIVERS\motusbdevice.sys
10:27:19.0442 5772 motusbdevice - ok
10:27:19.0492 5772 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:27:19.0512 5772 mouclass - ok
10:27:19.0532 5772 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:27:19.0532 5772 mouhid - ok
10:27:19.0562 5772 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:27:19.0572 5772 mountmgr - ok
10:27:19.0632 5772 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:27:19.0642 5772 MozillaMaintenance - ok
10:27:19.0682 5772 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:27:19.0702 5772 mpio - ok
10:27:19.0722 5772 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:27:19.0722 5772 mpsdrv - ok
10:27:19.0822 5772 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:27:19.0842 5772 MpsSvc - ok
10:27:19.0882 5772 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:27:19.0932 5772 MRxDAV - ok
10:27:19.0972 5772 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:27:19.0972 5772 mrxsmb - ok
10:27:20.0022 5772 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:27:20.0042 5772 mrxsmb10 - ok
10:27:20.0082 5772 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:27:20.0092 5772 mrxsmb20 - ok
10:27:20.0112 5772 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:27:20.0122 5772 msahci - ok
10:27:20.0172 5772 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:27:20.0172 5772 msdsm - ok
10:27:20.0212 5772 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:27:20.0342 5772 MSDTC - ok
10:27:20.0372 5772 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:27:20.0382 5772 Msfs - ok
10:27:20.0392 5772 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:27:20.0392 5772 mshidkmdf - ok
10:27:20.0402 5772 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:27:20.0402 5772 msisadrv - ok
10:27:20.0822 5772 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:27:20.0872 5772 MSiSCSI - ok
10:27:20.0872 5772 msiserver - ok
10:27:20.0912 5772 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:27:20.0932 5772 MSKSSRV - ok
10:27:20.0942 5772 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:27:20.0982 5772 MSPCLOCK - ok
10:27:20.0992 5772 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:27:21.0052 5772 MSPQM - ok
10:27:21.0122 5772 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:27:21.0132 5772 MsRPC - ok
10:27:21.0152 5772 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:27:21.0152 5772 mssmbios - ok
10:27:21.0162 5772 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:27:21.0202 5772 MSTEE - ok
10:27:21.0212 5772 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:27:21.0222 5772 MTConfig - ok
10:27:21.0302 5772 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:27:21.0312 5772 Mup - ok
10:27:21.0392 5772 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:27:21.0402 5772 napagent - ok
10:27:21.0462 5772 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:27:21.0462 5772 NativeWifiP - ok
10:27:21.0572 5772 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:27:21.0592 5772 NDIS - ok
10:27:21.0612 5772 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:27:21.0662 5772 NdisCap - ok
10:27:21.0672 5772 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:27:21.0712 5772 NdisTapi - ok
10:27:21.0752 5772 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:27:21.0752 5772 Ndisuio - ok
10:27:21.0802 5772 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:27:21.0842 5772 NdisWan - ok
10:27:21.0882 5772 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:27:21.0902 5772 NDProxy - ok
10:27:21.0952 5772 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
10:27:21.0952 5772 Net Driver HPZ12 - ok
10:27:21.0972 5772 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:27:21.0972 5772 NetBIOS - ok
10:27:22.0032 5772 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:27:22.0032 5772 NetBT - ok
10:27:22.0062 5772 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:27:22.0062 5772 Netlogon - ok
10:27:22.0152 5772 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:27:22.0162 5772 Netman - ok
10:27:22.0222 5772 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:27:22.0232 5772 netprofm - ok
10:27:22.0342 5772 netr28ux (eed1fbde98cf5f6d5c0c5b27ab1f68ec) C:\Windows\system32\DRIVERS\netr28ux.sys
10:27:22.0422 5772 netr28ux - ok
10:27:22.0492 5772 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:27:22.0492 5772 NetTcpPortSharing - ok
10:27:22.0522 5772 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:27:22.0522 5772 nfrd960 - ok
10:27:22.0572 5772 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:27:22.0572 5772 NlaSvc - ok
10:27:22.0602 5772 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:27:22.0602 5772 Npfs - ok
10:27:22.0622 5772 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:27:22.0622 5772 nsi - ok
10:27:22.0632 5772 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:27:22.0632 5772 nsiproxy - ok
10:27:22.0752 5772 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:27:22.0772 5772 Ntfs - ok
10:27:22.0892 5772 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:27:23.0122 5772 Null - ok
10:27:24.0182 5772 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:27:24.0272 5772 nvlddmkm - ok
10:27:24.0432 5772 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:27:24.0452 5772 nvraid - ok
10:27:24.0482 5772 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:27:24.0492 5772 nvstor - ok
10:27:24.0552 5772 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
10:27:24.0572 5772 nvsvc - ok
10:27:24.0622 5772 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:27:24.0622 5772 nv_agp - ok
10:27:24.0652 5772 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:27:24.0652 5772 ohci1394 - ok
10:27:24.0772 5772 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:27:24.0792 5772 ose - ok
10:27:24.0892 5772 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:27:24.0912 5772 ose64 - ok
10:27:25.0202 5772 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:27:25.0402 5772 osppsvc - ok
10:27:25.0972 5772 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:27:25.0992 5772 p2pimsvc - ok
10:27:26.0062 5772 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:27:26.0062 5772 p2psvc - ok
10:27:26.0132 5772 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:27:26.0162 5772 Parport - ok
10:27:26.0192 5772 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:27:26.0192 5772 partmgr - ok
10:27:26.0222 5772 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:27:26.0232 5772 PcaSvc - ok
10:27:26.0272 5772 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:27:26.0272 5772 pci - ok
10:27:26.0302 5772 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:27:26.0302 5772 pciide - ok
10:27:26.0352 5772 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:27:26.0372 5772 pcmcia - ok
10:27:26.0412 5772 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
10:27:26.0472 5772 pcouffin - ok
10:27:26.0472 5772 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:27:26.0472 5772 pcw - ok
10:27:26.0542 5772 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:27:26.0552 5772 PEAUTH - ok
10:27:26.0662 5772 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
10:27:26.0672 5772 PeerDistSvc - ok
10:27:26.0762 5772 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:27:26.0772 5772 PerfHost - ok
10:27:26.0942 5772 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:27:26.0962 5772 pla - ok
10:27:27.0112 5772 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:27:27.0122 5772 PlugPlay - ok
10:27:27.0182 5772 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
10:27:27.0192 5772 Pml Driver HPZ12 - ok
10:27:27.0212 5772 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:27:27.0212 5772 PNRPAutoReg - ok
10:27:27.0282 5772 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:27:27.0292 5772 PNRPsvc - ok
10:27:27.0382 5772 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:27:27.0442 5772 PolicyAgent - ok
10:27:27.0472 5772 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:27:27.0492 5772 Power - ok
10:27:27.0572 5772 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:27:27.0602 5772 PptpMiniport - ok
10:27:27.0632 5772 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:27:27.0642 5772 Processor - ok
10:27:27.0692 5772 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:27:27.0702 5772 ProfSvc - ok
10:27:27.0722 5772 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:27:27.0722 5772 ProtectedStorage - ok
10:27:27.0782 5772 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:27:27.0782 5772 Psched - ok
10:27:27.0892 5772 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:27:27.0912 5772 ql2300 - ok
10:27:28.0402 5772 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:27:28.0422 5772 ql40xx - ok
10:27:28.0472 5772 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:27:28.0482 5772 QWAVE - ok
10:27:28.0492 5772 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:27:28.0492 5772 QWAVEdrv - ok
10:27:28.0502 5772 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:27:28.0562 5772 RasAcd - ok
10:27:28.0612 5772 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:27:28.0652 5772 RasAgileVpn - ok
10:27:28.0662 5772 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:27:28.0662 5772 RasAuto - ok
10:27:28.0702 5772 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:27:28.0762 5772 Rasl2tp - ok
10:27:28.0822 5772 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:27:28.0842 5772 RasMan - ok
10:27:28.0862 5772 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:27:28.0912 5772 RasPppoe - ok
10:27:28.0942 5772 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:27:28.0942 5772 RasSstp - ok
10:27:28.0992 5772 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:27:29.0002 5772 rdbss - ok
10:27:29.0012 5772 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:27:29.0012 5772 rdpbus - ok
10:27:29.0022 5772 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:27:29.0022 5772 RDPCDD - ok
10:27:29.0072 5772 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
10:27:29.0152 5772 RDPDR - ok
10:27:29.0172 5772 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:27:29.0172 5772 RDPENCDD - ok
10:27:29.0192 5772 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:27:29.0192 5772 RDPREFMP - ok
10:27:29.0262 5772 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
10:27:29.0352 5772 RdpVideoMiniport - ok
10:27:29.0392 5772 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:27:29.0472 5772 RDPWD - ok
10:27:29.0512 5772 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:27:29.0522 5772 rdyboost - ok
10:27:29.0572 5772 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:27:29.0582 5772 RemoteAccess - ok
10:27:29.0612 5772 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:27:29.0612 5772 RemoteRegistry - ok
10:27:29.0642 5772 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:27:29.0652 5772 RpcEptMapper - ok
10:27:29.0662 5772 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:27:29.0662 5772 RpcLocator - ok
10:27:29.0782 5772 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:27:29.0782 5772 RpcSs - ok
10:27:29.0802 5772 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:27:29.0802 5772 rspndr - ok
10:27:29.0852 5772 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:27:29.0892 5772 RTL8167 - ok
10:27:29.0912 5772 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
10:27:29.0932 5772 s3cap - ok
10:27:29.0952 5772 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:27:29.0952 5772 SamSs - ok
10:27:30.0022 5772 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
10:27:30.0022 5772 SASDIFSV - ok
10:27:30.0052 5772 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
10:27:30.0052 5772 SASENUM - ok
10:27:30.0082 5772 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys
10:27:30.0082 5772 SASKUTIL - ok
10:27:30.0182 5772 SbieDrv (687cdadd7b13529e6d6eda30b3f67051) C:\Program Files\Sandboxie\SbieDrv.sys
10:27:30.0192 5772 SbieDrv - ok
10:27:30.0222 5772 SbieSvc (4cdb30762d89264ff570d2c64ba9b8a6) C:\Program Files\Sandboxie\SbieSvc.exe
10:27:30.0222 5772 SbieSvc - ok
10:27:30.0272 5772 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:27:30.0272 5772 sbp2port - ok
10:27:30.0302 5772 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:27:30.0302 5772 SCardSvr - ok
10:27:30.0342 5772 SCDEmu (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys
10:27:30.0372 5772 SCDEmu - ok
10:27:30.0402 5772 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:27:30.0402 5772 scfilter - ok
10:27:30.0502 5772 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:27:30.0522 5772 Schedule - ok
10:27:30.0552 5772 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:27:30.0552 5772 SCPolicySvc - ok
10:27:30.0942 5772 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:27:30.0942 5772 SDRSVC - ok
10:27:31.0022 5772 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
10:27:31.0022 5772 SeagateDashboardService - ok
10:27:31.0082 5772 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:27:31.0082 5772 secdrv - ok
10:27:31.0122 5772 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:27:31.0132 5772 seclogon - ok
10:27:31.0162 5772 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:27:31.0162 5772 SENS - ok
10:27:31.0172 5772 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:27:31.0172 5772 SensrSvc - ok
10:27:31.0212 5772 Sentinel64 (255476b54c82a89416efdf09fd62f107) C:\Windows\System32\Drivers\Sentinel64.sys
10:27:31.0212 5772 Sentinel64 - ok
10:27:31.0232 5772 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:27:31.0232 5772 Serenum - ok
10:27:31.0262 5772 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:27:31.0302 5772 Serial - ok
10:27:31.0332 5772 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:27:31.0342 5772 sermouse - ok
10:27:31.0392 5772 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:27:31.0402 5772 SessionEnv - ok
10:27:31.0432 5772 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:27:31.0442 5772 sffdisk - ok
10:27:31.0452 5772 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:27:31.0482 5772 sffp_mmc - ok
10:27:31.0492 5772 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:27:31.0492 5772 sffp_sd - ok
10:27:31.0512 5772 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:27:31.0532 5772 sfloppy - ok
10:27:31.0652 5772 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:27:31.0662 5772 SharedAccess - ok
10:27:31.0732 5772 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:27:31.0742 5772 ShellHWDetection - ok
10:27:31.0762 5772 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:27:31.0762 5772 SiSRaid2 - ok
10:27:31.0782 5772 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:27:31.0792 5772 SiSRaid4 - ok
10:27:31.0822 5772 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:27:31.0872 5772 Smb - ok
10:27:31.0892 5772 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:27:31.0892 5772 SNMPTRAP - ok
10:27:31.0902 5772 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:27:31.0902 5772 spldr - ok
10:27:31.0982 5772 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:27:31.0992 5772 Spooler - ok
10:27:32.0222 5772 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:27:32.0282 5772 sppsvc - ok
10:27:32.0422 5772 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:27:32.0422 5772 sppuinotify - ok
10:27:32.0552 5772 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
10:27:32.0602 5772 sptd - ok
10:27:32.0672 5772 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:27:32.0682 5772 srv - ok
10:27:32.0712 5772 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:27:32.0712 5772 srv2 - ok
10:27:32.0742 5772 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:27:32.0742 5772 srvnet - ok
10:27:32.0802 5772 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:27:32.0802 5772 SSDPSRV - ok
10:27:32.0832 5772 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:27:32.0832 5772 SstpSvc - ok
10:27:32.0852 5772 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:27:32.0852 5772 stexstor - ok
10:27:32.0882 5772 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
10:27:32.0922 5772 StillCam - ok
10:27:33.0002 5772 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:27:33.0022 5772 stisvc - ok
10:27:33.0042 5772 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
10:27:33.0042 5772 storflt - ok
10:27:33.0082 5772 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
10:27:33.0132 5772 storvsc - ok
10:27:33.0492 5772 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:27:33.0512 5772 swenum - ok
10:27:33.0562 5772 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:27:33.0572 5772 swprv - ok
10:27:33.0702 5772 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:27:33.0732 5772 SysMain - ok
10:27:33.0852 5772 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:27:33.0852 5772 TabletInputService - ok
10:27:33.0962 5772 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:27:33.0982 5772 TapiSrv - ok
10:27:34.0012 5772 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:27:34.0012 5772 TBS - ok
10:27:34.0172 5772 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:27:34.0192 5772 Tcpip - ok
10:27:34.0402 5772 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:27:34.0402 5772 TCPIP6 - ok
10:27:34.0472 5772 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:27:34.0472 5772 tcpipreg - ok
10:27:34.0492 5772 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:27:34.0542 5772 TDPIPE - ok
10:27:34.0572 5772 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:27:34.0602 5772 TDTCP - ok
10:27:34.0642 5772 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:27:34.0652 5772 tdx - ok
10:27:34.0672 5772 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:27:34.0682 5772 TermDD - ok
10:27:34.0762 5772 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:27:34.0782 5772 TermService - ok
10:27:34.0792 5772 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:27:34.0802 5772 Themes - ok
10:27:34.0832 5772 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:27:34.0832 5772 THREADORDER - ok
10:27:34.0862 5772 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:27:34.0862 5772 TrkWks - ok
10:27:34.0932 5772 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:27:34.0952 5772 TrustedInstaller - ok
10:27:34.0982 5772 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:27:34.0982 5772 tssecsrv - ok
10:27:35.0012 5772 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:27:35.0072 5772 TsUsbFlt - ok
10:27:35.0072 5772 tsusbhub - ok
10:27:35.0132 5772 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:27:35.0172 5772 tunnel - ok
10:27:35.0202 5772 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:27:35.0212 5772 uagp35 - ok
10:27:35.0272 5772 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:27:35.0322 5772 udfs - ok
10:27:35.0342 5772 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:27:35.0352 5772 UI0Detect - ok
10:27:35.0392 5772 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:27:35.0392 5772 uliagpkx - ok
10:27:35.0432 5772 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:27:35.0472 5772 umbus - ok
10:27:35.0492 5772 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:27:35.0502 5772 UmPass - ok
10:27:35.0552 5772 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
10:27:35.0562 5772 UmRdpService - ok
10:27:35.0692 5772 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
10:27:35.0702 5772 UMVPFSrv - ok
10:27:36.0122 5772 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:27:36.0132 5772 upnphost - ok
10:27:36.0172 5772 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:27:36.0182 5772 usbaudio - ok
10:27:36.0212 5772 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:27:36.0212 5772 usbccgp - ok
10:27:36.0262 5772 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:27:36.0282 5772 usbcir - ok
10:27:36.0312 5772 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:27:36.0392 5772 usbehci - ok
10:27:36.0462 5772 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:27:36.0482 5772 usbhub - ok
10:27:36.0492 5772 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:27:36.0502 5772 usbohci - ok
10:27:36.0552 5772 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:27:36.0582 5772 usbprint - ok
10:27:36.0602 5772 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:27:36.0612 5772 usbscan - ok
10:27:36.0632 5772 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:27:36.0722 5772 USBSTOR - ok
10:27:36.0732 5772 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
10:27:36.0732 5772 usbuhci - ok
10:27:36.0792 5772 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
10:27:36.0812 5772 usbvideo - ok
10:27:36.0832 5772 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:27:36.0832 5772 UxSms - ok
10:27:36.0862 5772 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:27:36.0862 5772 VaultSvc - ok
10:27:36.0932 5772 VBoxNetAdp (e705a3a384e7569fa2f1a3a29bdc5240) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
10:27:36.0942 5772 VBoxNetAdp - ok
10:27:36.0962 5772 VBoxNetFlt - ok
10:27:37.0002 5772 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:27:37.0002 5772 vdrvroot - ok
10:27:37.0082 5772 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:27:37.0092 5772 vds - ok
10:27:37.0122 5772 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:27:37.0122 5772 vga - ok
10:27:37.0132 5772 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:27:37.0192 5772 VgaSave - ok
10:27:37.0252 5772 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:27:37.0262 5772 vhdmp - ok
10:27:37.0272 5772 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:27:37.0272 5772 viaide - ok
10:27:37.0342 5772 vidsflt61 (2dfd1eb9de564460003de1605a275e8d) C:\Windows\system32\DRIVERS\vsflt61.sys
10:27:37.0342 5772 vidsflt61 - ok
10:27:37.0392 5772 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
10:27:37.0402 5772 vmbus - ok
10:27:37.0422 5772 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
10:27:37.0422 5772 VMBusHID - ok
10:27:37.0422 5772 VMnetAdapter - ok
10:27:37.0452 5772 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:27:37.0452 5772 volmgr - ok
10:27:37.0522 5772 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:27:37.0532 5772 volmgrx - ok
10:27:37.0592 5772 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:27:37.0592 5772 volsnap - ok
10:27:37.0642 5772 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:27:37.0642 5772 vsmraid - ok
10:27:37.0762 5772 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:27:37.0782 5772 VSS - ok
10:27:37.0892 5772 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:27:37.0932 5772 vwifibus - ok
10:27:37.0962 5772 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:27:38.0012 5772 vwififlt - ok
10:27:38.0072 5772 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:27:38.0082 5772 W32Time - ok
10:27:38.0102 5772 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:27:38.0202 5772 WacomPen - ok
10:27:38.0262 5772 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:27:38.0462 5772 WANARP - ok
10:27:38.0502 5772 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:27:38.0502 5772 Wanarpv6 - ok
10:27:38.0852 5772 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:27:38.0872 5772 wbengine - ok
10:27:38.0972 5772 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:27:38.0972 5772 WbioSrvc - ok
10:27:39.0082 5772 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:27:39.0092 5772 wcncsvc - ok
10:27:39.0112 5772 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:27:39.0112 5772 WcsPlugInService - ok
10:27:39.0152 5772 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:27:39.0162 5772 Wd - ok
10:27:39.0202 5772 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
10:27:39.0252 5772 WDC_SAM - ok
10:27:39.0332 5772 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:27:39.0342 5772 Wdf01000 - ok
10:27:39.0362 5772 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:27:39.0362 5772 WdiServiceHost - ok
10:27:39.0362 5772 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:27:39.0362 5772 WdiSystemHost - ok
10:27:39.0422 5772 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:27:39.0422 5772 WebClient - ok
10:27:39.0452 5772 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:27:39.0452 5772 Wecsvc - ok
10:27:39.0482 5772 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:27:39.0482 5772 wercplsupport - ok
10:27:39.0502 5772 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:27:39.0502 5772 WerSvc - ok
10:27:39.0522 5772 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:27:39.0542 5772 WfpLwf - ok
10:27:39.0552 5772 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:27:39.0552 5772 WIMMount - ok
10:27:39.0612 5772 WinDefend - ok
10:27:39.0622 5772 WinHttpAutoProxySvc - ok
10:27:39.0722 5772 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:27:39.0732 5772 Winmgmt - ok
10:27:39.0872 5772 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:27:39.0892 5772 WinRM - ok
10:27:40.0042 5772 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:27:40.0052 5772 WinUsb - ok
10:27:40.0132 5772 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:27:40.0142 5772 Wlansvc - ok
10:27:40.0362 5772 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:27:40.0392 5772 wlidsvc - ok
10:27:40.0462 5772 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
10:27:40.0472 5772 WmBEnum - ok
10:27:40.0522 5772 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
10:27:40.0532 5772 WmFilter - ok
10:27:40.0552 5772 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:27:40.0552 5772 WmiAcpi - ok
10:27:40.0592 5772 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:27:40.0592 5772 wmiApSrv - ok
10:27:40.0652 5772 WMPNetworkSvc - ok
10:27:40.0672 5772 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
10:27:40.0682 5772 WmVirHid - ok
10:27:40.0712 5772 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
10:27:40.0722 5772 WmXlCore - ok
10:27:40.0732 5772 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:27:40.0742 5772 WPCSvc - ok
10:27:40.0772 5772 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:27:40.0782 5772 WPDBusEnum - ok
10:27:40.0802 5772 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:27:40.0942 5772 ws2ifsl - ok
10:27:41.0242 5772 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:27:41.0272 5772 wscsvc - ok
10:27:41.0282 5772 WSearch - ok
10:27:41.0452 5772 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:27:41.0472 5772 wuauserv - ok
10:27:41.0582 5772 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:27:41.0582 5772 WudfPf - ok
10:27:41.0632 5772 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:27:41.0642 5772 WUDFRd - ok
10:27:41.0672 5772 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:27:41.0672 5772 wudfsvc - ok
10:27:41.0722 5772 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:27:41.0732 5772 WwanSvc - ok
10:27:41.0782 5772 MBR (0x1B8) (d1ad4c53eadd115593e05fa56d6b9dea) \Device\Harddisk1\DR1
10:27:42.0092 5772 \Device\Harddisk1\DR1 - ok
10:27:42.0102 5772 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
10:27:42.0162 5772 \Device\Harddisk2\DR2 - ok
10:27:42.0182 5772 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
10:27:42.0272 5772 \Device\Harddisk0\DR0 - ok
10:27:42.0362 5772 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk7\DR7
10:27:42.0602 5772 \Device\Harddisk7\DR7 - ok
10:27:42.0652 5772 MBR (0x1B8) (3ff3f0d3cdb1b741716c865d46d1107e) \Device\Harddisk8\DR8
10:27:43.0592 5772 \Device\Harddisk8\DR8 - ok
10:27:43.0712 5772 Boot (0x1200) (4bc3929c482d8390ae66de00a2197889) \Device\Harddisk1\DR1\Partition0
10:27:43.0732 5772 \Device\Harddisk1\DR1\Partition0 - ok
10:27:43.0742 5772 Boot (0x1200) (21beb0b59758b371cf87f23f8e9a474d) \Device\Harddisk1\DR1\Partition1
10:27:43.0742 5772 \Device\Harddisk1\DR1\Partition1 - ok
10:27:43.0762 5772 Boot (0x1200) (013613a6eb8599aacdade8d573eba597) \Device\Harddisk1\DR1\Partition2
10:27:43.0762 5772 \Device\Harddisk1\DR1\Partition2 - ok
10:27:43.0782 5772 Boot (0x1200) (4bd37efbd072302580be091adc69f8c5) \Device\Harddisk2\DR2\Partition0
10:27:43.0782 5772 \Device\Harddisk2\DR2\Partition0 - ok
10:27:43.0782 5772 Boot (0x1200) (823a4653819bd71b087fc44eab274426) \Device\Harddisk0\DR0\Partition0
10:27:43.0782 5772 \Device\Harddisk0\DR0\Partition0 - ok
10:27:43.0902 5772 Boot (0x1200) (648030e3ccdcc514ce22aa2899d1ee28) \Device\Harddisk7\DR7\Partition0
10:27:44.0352 5772 \Device\Harddisk7\DR7\Partition0 - ok
10:27:44.0352 5772 ============================================================
10:27:44.0352 5772 Scan finished
10:27:44.0352 5772 ============================================================
10:27:44.0362 6544 Detected object count: 1
10:27:44.0362 6544 Actual detected object count: 1
10:28:06.0372 6544 3DM2 ( HiddenFile.Multi.Generic ) - skipped by user
10:28:06.0372 6544 3DM2 ( HiddenFile.Multi.Generic ) - User select action: Skip

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 AM

Posted 22 July 2012 - 05:48 PM

Greetings loonyless1

That is ok about aswMBR we will just keep moving


At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 loonyless1

loonyless1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 22 July 2012 - 07:07 PM

Hello Gringo,

I ran combofix.exe using notepad.
Here is the combofix logfile.

I have had no problems for some time.
After running the script everything on my computer seems to be working fine.



ComboFix 12-07-21.01 - Mel 22/07/2012 16:35:38.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.1286 [GMT -7:00]
Running from: c:\users\Public\Desktop\ComboFix.exe
Command switches used :: c:\users\Public\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mel\AppData\Roaming\inst.exe
c:\users\Mel\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 23:48 . 2012-07-22 23:48 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2012-07-22 23:48 . 2012-07-22 23:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-22 23:48 . 2012-07-22 23:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 23:48 . 2012-07-22 23:48 -------- d-----w- c:\users\ASPNET\AppData\Local\temp
2012-07-22 23:48 . 2012-07-22 23:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-22 22:19 . 2012-07-22 22:20 -------- d-----w- c:\program files\Classic Shell
2012-07-19 05:27 . 2012-07-19 05:27 -------- d-----w- c:\users\Mel\AppData\Roaming\LearnLift
2012-07-19 05:27 . 2012-07-19 05:27 -------- d-----w- c:\users\Mel\AppData\Local\LearnLift
2012-07-18 03:18 . 2012-07-18 03:18 328704 ----a-w- c:\windows\system32\services.exe.FD9DE7A1A4C507D2
2012-07-18 03:11 . 2012-07-18 03:11 328704 ----a-w- c:\windows\system32\services.exe.A014F6E008A1490B
2012-07-18 03:05 . 2012-07-18 03:05 328704 ----a-w- c:\windows\system32\services.exe.86D73E5AD5A59F6B
2012-07-18 01:39 . 2012-07-18 01:39 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-18 01:32 . 2012-07-18 02:39 -------- d-----w- c:\programdata\7531CCB10000FF0600001B16F875EF60
2012-07-16 18:40 . 2012-07-19 21:39 -------- d-----w- c:\program files (x86)\NoteTab 7
2012-07-16 04:23 . 2012-07-16 04:23 -------- d-----w- c:\program files (x86)\Common Files\IVA
2012-07-16 04:23 . 2012-07-16 04:23 -------- d-----w- c:\program files (x86)\Common Files\Nuance
2012-07-13 22:09 . 2012-07-13 23:21 -------- d-----w- c:\program files (x86)\Preclick
2012-07-13 16:34 . 2012-07-13 16:39 -------- d-----w- c:\users\Mel\AppData\Roaming\MAGIX
2012-07-13 16:34 . 2012-07-13 16:35 -------- d-----w- c:\program files (x86)\MAGIX
2012-07-13 16:33 . 2012-07-13 16:33 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-07-13 16:33 . 2012-07-13 16:39 -------- d-----w- c:\programdata\MAGIX
2012-07-13 16:33 . 2012-07-13 16:34 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2012-07-12 23:41 . 2011-09-09 23:22 778088 ------w- c:\windows\system32\HPDiscoPM5C12.dll
2012-07-12 16:45 . 2012-07-12 16:45 -------- d-----w- c:\program files\Atomic Alarm Clock
2012-07-12 13:06 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 13:03 . 2012-07-22 06:40 -------- d-----w- c:\program files (x86)\Angel Writer
2012-07-12 12:53 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 08:48 . 2012-07-12 14:36 -------- d-----w- c:\program files (x86)\EditPlus 3
2012-07-11 08:19 . 2012-07-11 08:21 -------- d-----w- c:\users\Mel\AppData\Roaming\AbiSuite
2012-07-10 22:53 . 2012-07-10 22:53 -------- d-----w- c:\users\Mel\AppData\Roaming\NoteTab Std
2012-07-10 13:24 . 2007-12-07 09:01 81408 ----a-w- c:\windows\system32\E_IBCBAIA.DLL
2012-07-07 22:50 . 2012-07-11 17:35 -------- d-----w- C:\Python26
2012-07-07 15:03 . 2012-07-07 15:03 -------- d-----w- c:\users\Mel\.idlerc
2012-07-06 07:13 . 2012-07-06 07:13 -------- d-----w- c:\users\Mel\AppData\Roaming\Hyperionics
2012-07-06 07:12 . 2012-07-06 07:18 -------- d-----w- c:\program files\FileBX
2012-07-05 19:11 . 2009-02-25 01:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-07-05 19:11 . 2009-02-25 01:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-07-05 19:11 . 2012-07-05 19:13 -------- d-----w- c:\program files (x86)\MagicDisc
2012-07-05 18:11 . 2012-07-05 18:11 -------- d-----w- c:\program files (x86)\MagicISO
2012-07-04 20:08 . 2012-07-04 20:08 -------- d-----w- c:\users\Mel\AppData\Local\Macromedia
2012-07-04 02:33 . 2012-07-04 02:33 -------- d-----w- c:\users\Mel\yBook
2012-07-04 02:32 . 1998-05-12 03:01 240944 ----a-w- c:\windows\SysWow64\RICHED.DLL
2012-07-04 02:00 . 2012-07-04 02:00 -------- d-----w- c:\users\Mel\KooBits4
2012-07-04 02:00 . 2012-07-04 02:00 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-07-04 01:07 . 2012-07-04 01:07 -------- d-----w- c:\users\Mel\AppData\Local\skybn
2012-07-03 15:36 . 2012-07-03 15:52 -------- d-----w- c:\program files (x86)\dictator
2012-07-03 14:25 . 2012-07-05 02:48 -------- d-----w- C:\AceReader Pro (Server)
2012-07-02 18:02 . 2012-07-02 18:02 -------- d-----w- c:\users\Mel\AppData\Roaming\MultiCommander
2012-07-02 18:02 . 2012-07-02 18:03 -------- d-----w- c:\program files (x86)\MultiCommander
2012-07-01 04:42 . 2012-07-04 20:37 -------- d-----w- c:\program files (x86)\ICE Book Reader Professional
2012-06-29 14:49 . 2012-06-29 16:07 -------- d-----w- c:\program files (x86)\Apply Word Wrap To Multiple Text Files Software
2012-06-29 00:23 . 2012-06-29 13:02 -------- d-----w- c:\program files (x86)\Text Master
2012-06-29 00:21 . 2012-06-29 00:21 -------- d-----w- c:\users\Mel\AppData\Local\Animal_Software
2012-06-28 14:45 . 2012-06-28 14:45 -------- d-----w- c:\users\Mel\AppData\Roaming\VoiceAttack
2012-06-28 06:31 . 2012-06-28 06:31 -------- d-----w- c:\users\Mel\AppData\Local\VoiceAttack.com
2012-06-28 06:27 . 2012-07-05 14:36 -------- d-----w- c:\program files (x86)\VoiceAttack
2012-06-25 23:19 . 2012-06-26 01:47 -------- d-----w- c:\program files (x86)\Bit Che
2012-06-25 23:19 . 2012-06-25 23:19 -------- d-----w- c:\users\Mel\AppData\Roaming\Convivea
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-25 18:27 . 2012-06-25 22:34 -------- d-----w- c:\users\Mel\AppData\Roaming\VAC
2012-06-25 16:39 . 2012-06-25 16:39 -------- d-----w- c:\program files (x86)\Harmony_Hollow_Software
2012-06-25 08:09 . 2012-06-28 22:49 -------- d-----w- C:\output
2012-06-24 22:29 . 2012-06-24 22:29 -------- d-----w- c:\programdata\NextUp
2012-06-24 22:23 . 2012-06-01 21:07 102768 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF13.dll
2012-06-24 22:23 . 2012-04-24 22:58 102736 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF12.dll
2012-06-24 22:23 . 2011-12-21 06:53 102736 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF9.dll
2012-06-24 22:23 . 2011-11-28 23:12 102736 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF8.dll
2012-06-24 22:23 . 2011-09-23 17:09 102736 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF7.dll
2012-06-24 22:23 . 2011-08-22 23:30 102736 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF6.dll
2012-06-24 22:23 . 2011-06-24 18:54 102736 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF5.dll
2012-06-24 22:23 . 2012-06-24 22:23 -------- d-----w- c:\users\Mel\AppData\Local\NextUp
2012-06-24 22:23 . 2012-06-08 15:29 102768 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3Adapter.dll
2012-06-24 22:23 . 2012-03-14 21:54 102736 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF11.dll
2012-06-24 22:23 . 2012-01-31 21:36 102736 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3AdapterFF10.dll
2012-06-24 19:43 . 2012-06-24 22:26 -------- d-----w- c:\program files (x86)\TotalExcelConverter
2012-06-24 18:08 . 2012-07-04 19:55 -------- d-----w- c:\users\Mel\Calibre Library
2012-06-24 17:39 . 2012-06-24 17:39 -------- d-----w- c:\program files (x86)\LWW
2012-06-24 06:05 . 2012-06-24 06:18 -------- d-----w- C:\Tmp
2012-06-24 06:00 . 2012-06-24 06:00 -------- d-----w- c:\program files (x86)\Moodysoft
2012-06-23 04:02 . 2012-07-03 16:58 -------- d-----w- c:\users\Mel\AppData\Local\010 Editor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 22:07 . 2010-02-03 16:35 82816 ----a-w- c:\users\Mel\AppData\Roaming\pcouffin.sys
2012-07-18 23:17 . 2012-04-05 04:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-18 23:17 . 2011-05-15 08:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 12:59 . 2010-01-17 18:54 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 20:46 . 2010-01-17 19:52 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 01:19 . 2012-06-14 01:19 65536 ----a-w- c:\windows\IFinst27.exe
2012-06-02 22:19 . 2012-06-19 14:21 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 14:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 14:22 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 14:22 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 14:21 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-19 14:21 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 14:22 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 14:21 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-19 14:21 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-01-17 18:54 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-13 15:49 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 15:49 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 15:49 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 15:48 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 05:32 . 2012-06-13 15:48 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-13 15:48 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 15:49 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 15:49 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 15:49 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 15:49 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 15:49 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 15:49 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 15:49 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 15:49 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 15:49 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2005-01-13 23:47 . 2005-01-13 23:47 61440 ----a-w- c:\program files (x86)\mdMod1.dll
2004-07-29 03:43 . 2004-07-29 03:43 24576 ----a-w- c:\program files (x86)\EnDeCrypt.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-22_06.04.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-17 19:48 . 2012-07-22 06:51 78722 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-22 23:53 42140 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-17 19:22 . 2012-07-22 23:53 23470 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-447197604-1126035691-2842377532-1000_UserData.bin
- 2012-04-03 22:32 . 2012-06-03 22:59 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
+ 2012-04-03 22:32 . 2012-07-22 22:15 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
+ 2007-04-19 21:10 . 2007-04-19 21:10 65888 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.8173\SEQCHK10.DLL
+ 2007-04-19 21:07 . 2007-04-19 21:07 61280 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.8173\MSOHTMED.EXE
+ 2010-01-20 10:16 . 2012-07-22 23:48 5544 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-22 06:04 . 2012-07-22 06:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-22 23:51 . 2012-07-22 23:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-22 06:04 . 2012-07-22 06:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-22 23:51 . 2012-07-22 23:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-22 06:02 740100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-22 23:48 740100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-04-03 22:32 . 2012-06-03 22:59 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2012-04-03 22:32 . 2012-07-22 22:15 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2012-07-22 22:18 . 2012-07-22 22:18 4521984 c:\windows\Installer\34f102a.msi
+ 2010-12-29 14:54 . 2012-07-22 23:48 54048024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-447197604-1126035691-2842377532-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2012-06-30 16:03 610304 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2011-10-25 4287488]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2009-10-02 6821376]
"cdloader"="c:\users\Mel\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 910208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]
"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-04 144608]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-02-19 107000]
.
c:\users\Mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
deskview.lnk - e:\gold files\Desktop Tools Related\deskview\deskview.exe [2010-11-3 36864]
magicBlock.lnk - c:\program files (x86)\magicBlock\magicBlock.exe [2008-5-3 479232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - c:\program files (x86)\802.11n Wireless LAN\802.11n Wireless Adapter HW.72\WlanCU.exe [2010-11-8 454656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2008-07-11 145448]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 250056]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6144]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-30 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-09-15 1061888]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-02-03 82816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-13 147248]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-30 834544]
R4 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
S0 3wareDrv;3wareDrv;c:\windows\system32\DRIVERS\3wareDrv.sys [2009-08-31 102400]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-03-31 133728]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [2012-03-31 142944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AtomicAlarmClock;Atomic Alarm Clock Time;c:\program files\Atomic Alarm Clock\timeserv.exe [2011-10-25 2062336]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-05 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 DSClockSyncTime;DS Clock Synchronization Service www.dualitysoft.com;c:\program files (x86)\DS Clock\dsetime.exe [2009-11-20 62264]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 23:17]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447197604-1126035691-2842377532-1000Core.job
- c:\users\Mel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-06 15:39]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447197604-1126035691-2842377532-1000UA.job
- c:\users\Mel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-06 15:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{887cdc33-0de3-4fd5-a5d3-eccd4b4b396c}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2012-06-30 16:04 740352 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinAVAlarm"="c:\program files\AMCC\3DM2\WinAVAlarm.exe" [2009-10-24 547848]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2012-06-30 159744]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2010-01-08 742360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/advanced_search
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*
IE: >>> DIAL <<< - file://c:\windows\numb.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\Classic Shell\ClassicIE9_32.exe
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\obc4rrq4.default\
FF - prefs.js: browser.search.selectedEngine - hxxp://www.google.com/search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/advanced_search
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{E33EB92C-9A58-4524-8861-52E908D26E68} - (no file)
AddRemove-Aurora 12.0a2 (x86 en-US) - c:\program files (x86)\Aurora\uninstall\helper.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\3DM2]
"ImagePath"="c:\program files\AMCC\3DM2/3dm2.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="PhotoManager.9.alb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.eps"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.gif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.iff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.pcd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.png"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tga"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tiff"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.032"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bwf"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.flc"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fli"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.int"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="AIMP.kar"
"AIMP.Backup"="ACDSee Photo Manager 12.kar"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.m1a"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.m2a"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.m75"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mpv"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pics"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.qcp"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.qtpf"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sdv"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sfil"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.smf"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sml"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447197604-1126035691-2842377532-1000)
"Progid"="ACDSee Photo Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.swa"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ulw"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.vfw"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-447197604-1126035691-2842377532-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6C5350A-36EE-CB3B-8BB3-14D2F7989E33}*]
"iaddpdlcmnedmdldpe"=hex:6b,61,66,62,70,69,6d,70,62,6b,6e,6a,6f,69,70,69,6c,6a,
65,70,68,65,00,00
"hafdnoojmfekkffd"=hex:6c,62,6e,63,66,6b,6e,62,6c,63,62,69,69,6c,6e,6d,62,61,
70,67,66,6f,6f,67,62,67,61,70,66,6b,6b,69,61,6b,61,61,70,63,67,6f,6a,66,70,\
"hafdnoojjelkanjh"=hex:70,62,69,65,70,66,65,64,70,70,6d,67,66,67,69,67,68,70,
63,64,63,6f,67,6f,63,66,6e,69,6f,6e,68,70,6e,68,61,66,63,6f,6d,6c,65,6e,6d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\ProgID]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\Version]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\02\1b\0a/'l"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files (x86)\Memeo\AutoBackup\InstantBackup.exe
c:\program files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
.
**************************************************************************
.
Completion time: 2012-07-22 17:01:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-23 00:01
.
Pre-Run: 36,238,180,352 bytes free
Post-Run: 36,357,292,032 bytes free
.
- - End Of File - - 3B5AF2D488339F5F6209A044FA7941FC

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 AM

Posted 22 July 2012 - 08:05 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Java™ 6 Update 31
Vuze
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 loonyless1

loonyless1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 22 July 2012 - 09:20 PM

Hello Gringo,

I uninstalled:
Adobe Reader 9.5.1
Java™ 6 Update 31
Vuze

I download and install Revo Uninstaller Free.
I installing the latest Adobe Reader.
I uninstalled previous versions of Adobe Reader.
I installed Java.
I ran CC Cleaner.

Below are:
Log From MBAM
and
report from Hijackthis

I have had no problems for some time.
My computer is currently working fine.


_______________________________________________________________________________________________________________

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.22.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mel :: MEL [administrator]

22/07/2012 6:29:07 PM
mbam-log-2012-07-22 (18-29-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280440
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

_________________________________________________________________________________________________________________



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:04:23 PM, on 22/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\802.11n Wireless LAN\802.11n Wireless Adapter HW.72\WlanCU.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Acoustica MP3 CD Burner\cdburner.exe
C:\Program Files (x86)\NoteTab 7\NotePro.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\GPSoftware\Directory Opus\dopusx64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Public\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\Mel\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: deskview.lnk = E:\Gold Files\Desktop Tools Related\deskview\deskview.exe
O4 - Startup: magicBlock.lnk = C:\Program Files (x86)\magicBlock\magicBlock.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files (x86)\802.11n Wireless LAN\802.11n Wireless Adapter HW.72\WlanCU.exe
O8 - Extra context menu item: >>> DIAL <<< - file://C:\Windows\numb.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: 3ware 3DM2 (3DM2) - LSI - C:\Program Files\AMCC\3DM2/3dm2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Atomic Alarm Clock Time (AtomicAlarmClock) - Unknown owner - C:\Program Files\Atomic Alarm Clock\timeserv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: DS Clock Synchronization Service www.dualitysoft.com (DSClockSyncTime) - Duality Software - C:\Program Files (x86)\DS Clock\dsetime.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\Windows\SysWOW64\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15410 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 AM

Posted 22 July 2012 - 09:31 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
      O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
      O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
      O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
      O4 - Startup: deskview.lnk = E:\Gold Files\Desktop Tools Related\deskview\deskview.exe
      O4 - Startup: magicBlock.lnk = C:\Program Files (x86)\magicBlock\magicBlock.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 loonyless1

loonyless1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 23 July 2012 - 09:45 AM

Hello Gringo,

The results of the ESET Online Scan were:
No threats were found.

I Ran HijackThis.
I put a check beside all of the items listed below (if present):
11 items
I clicked on the "Fix Checked" button

Question:

I used DeFogger to disable my CD Emulation drivers.
I never re-enabled these drivers.
Shouldn't I do that?

Reason I ask is that I have an error message when I try to run a program called
"VoiceAttack".
The error message says:
a device attached to the system is not functioning. I didn't have that error message before we started removing my virus.

Anyway, in case we are finished, thanks Gringo.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 AM

Posted 23 July 2012 - 01:24 PM

Greetings

"VoiceAttack". - have you tried to reinstall it?


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 loonyless1

loonyless1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 23 July 2012 - 04:27 PM

Hello Gringo,

I tried to uninstall combofix.
But I got a message that windows could not find combofix.

I ran OTCleanIt.exe. I rebooted.
I guess it did it's job. But I don't really know for sure.
I had moved all the tools from the desktop to a new and seperate folder for convenient storage.

Regarding VoiceAttack.
I tried uninstalling and reinstalling VoiceAttack.
It did not help.
But re-enabling my Emulation drivers worked perfectly! VoiceAttack now works normally!

I'm keeping the 3 tools that you recommend keeping.

I carefully read all your recommendations listed at the bottom of the post. I agree with all of them. Nice job Gringo. Thanks.

I found your comment about Microsoft Security Essentials very interesting.

You are saying that I must uninstall AVG Free Edition and then install Microsoft Security Essentials. Right?
I had thought that the two of them could co-exist together. But you are saying that's not true. Right?

Also, doing a system restore when I first got this virus would have accomplished nothing. Right?

Again, Thanks Gringo.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users