Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect Removal Request (7search)


  • This topic is locked This topic is locked
18 replies to this topic

#1 CJ Photo

CJ Photo

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 18 July 2012 - 09:12 PM

This problem is on my daughter's PC. She's been having trouble with it crashing (Blue screen). Most of the blue screens seem to revolve around ntoskrnl.exe.

There is a browser redirect virus, that I'm hoping is actually the cause of some of the crashes. It redirects the search engine links to 7search.com. I've seen this issue addressed in the forums, so I'm sure that you guys are familiar with it.

I have been unable to install her latest McAfee Security suite on this PC, so as a result, there is no virus protection currently. I'm hoping that it will install properly after the fix.

Thank you ahead of time for they help!

cj

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Taylor at 22:03:31 on 2012-07-18
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.youtube.com/watch?v=yHjiNOZTgHo&feature=g-all-u&context=G2978890FAAAAAAAAAAA
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x3400&r=173612108707p0428v145w46i1v26q
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x3400&r=173612108707p0428v145w46i1v26q
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x3400&r=173612108707p0428v145w46i1v26q
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:53394
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar

\tbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar

\tbBitT.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexbho.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google

\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexhlp.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexhlp.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe"

UNATTENDED
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security

Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component

\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live

\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars

\Internet Explorer\skypeieplugin.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
LSP: mswsock.dll
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8DF20E62-8D88-4DE8-A56A-68E2790470BA} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B8A3A999-255E-4ED5-B171-0B2956AEBBE9} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
Notify: frumtel - C:\Windows\system32\config\systemprofile\AppData\Local\frumtel.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google

\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin

\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexhlp.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe"

UNATTENDED
mRun-x64: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\g341hkot.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Taylor\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-07-19 00:32:32 -------- d-----w- C:\Program Files (x86)\Cobian Backup 8
2012-07-18 23:43:41 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-18 23:43:37 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-07-18 23:04:05 -------- d-----w- C:\52495c86ba605862745365
2012-07-18 22:19:11 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-07-18 22:07:25 -------- d-----w- C:\Users\Taylor\AppData\Local\ElevatedDiagnostics
2012-07-17 21:38:14 -------- d-----w- C:\Users\Taylor\AppData\Roaming\McAfee
2012-07-17 21:03:25 -------- d-----w- C:\Program Files (x86)\NirSoft
2012-07-17 18:59:39 -------- d-----w- C:\Program Files\McAfee.com
2012-07-17 18:59:38 -------- d-----w- C:\Program Files\McAfee
2012-07-17 10:36:58 20480 ----a-w- C:\Windows\svchost.exe
2012-07-17 02:25:00 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-11 07:08:24 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-10 17:07:08 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-10 17:07:08 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-10 17:07:07 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-10 17:07:06 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-10 17:07:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-10 17:07:01 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-10 17:07:01 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-10 17:07:00 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-07-10 17:06:59 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-10 17:06:59 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-10 17:06:57 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-10 17:06:56 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-10 17:06:55 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-10 17:06:47 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-10 17:06:36 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-06-21 07:41:07 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 07:40:37 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 07:40:14 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 07:40:14 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-16 03:23:34 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-16 03:23:34 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 20:23:06 36734 ----a-w- C:\Windows\SysWow64\OggDSuninst.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
.
============= FINISH: 22:04:59.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:24 PM

Posted 19 July 2012 - 11:05 AM

please run the following:


download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CJ Photo

CJ Photo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 19 July 2012 - 03:50 PM

Thank you for the quick response. Here are the two files you requested:

FRST:

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 19-07-2012 16:36:47
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-09-03] (CANON INC.)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201512 2009-12-24] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [401192 2009-12-24] (Egis Technology Inc.)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [563744 2010-03-25] ()
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2011-10-12] ()
HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKU\Taylor\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-03-31] (Google Inc.)
HKU\Taylor\...\Run: [Google Update] "C:\Users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-27] (Google Inc.)
HKU\Taylor\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-07-09] ()
HKU\Taylor\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\Taylor\...\Winlogon: [Shell] explorer.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

==================== Services (Whitelisted) ======

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll [3417376 2012-03-27] ()
2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [451904 2009-06-04] ()
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
2 RichVideo; "C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe" [244904 2010-02-03] ()
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [x]

========================== Drivers (Whitelisted) =============

3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [339360 2009-04-29] (NVIDIA Corporation)
3 sj; \??\C:\AeriaGames\EdenEternal\sjcs64.sys [47224 2012-04-26] ()
3 dump_wmimmc; \??\C:\Users\Taylor\Documents\LunaPlus\GameGuard\dump_wmimmc.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 X6va003; \??\C:\Users\Taylor\AppData\Local\Temp\003CB42.tmp [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-18 18:05 - 2012-07-18 18:05 - 00015681 ____A C:\Users\Taylor\Desktop\DDS.txt
2012-07-18 18:05 - 2012-07-18 18:05 - 00007403 ____A C:\Users\Taylor\Desktop\Attach.txt
2012-07-18 16:50 - 2012-07-18 16:50 - 00607260 ____R (Swearware) C:\Users\Taylor\Desktop\dds.scr
2012-07-18 16:47 - 2012-07-18 16:47 - 00000474 ____A C:\Users\Taylor\Desktop\defogger_disable.log
2012-07-18 16:47 - 2012-07-18 16:47 - 00000000 ____A C:\Users\Taylor\defogger_reenable
2012-07-18 16:32 - 2012-07-18 16:32 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 8
2012-07-18 15:53 - 2012-07-18 15:53 - 00000512 ____A C:\Users\Taylor\Documents\MBR.dat
2012-07-18 15:51 - 2012-07-18 15:52 - 04731392 ____A (AVAST Software) C:\Users\Taylor\Desktop\aswMBR.exe
2012-07-18 15:43 - 2012-07-18 15:51 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-18 15:42 - 2012-07-18 15:42 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Taylor\Downloads\SpyHunter-Installer.exe
2012-07-18 15:16 - 2012-07-02 23:13 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-07-18 15:04 - 2012-07-18 15:04 - 00000000 ____D C:\52495c86ba605862745365
2012-07-18 15:02 - 2012-07-18 15:02 - 00000000 ____D C:\Users\All Users\Windows Genuine Advantage
2012-07-18 14:31 - 2012-07-18 14:31 - 00291472 ____A C:\Windows\Minidump\071812-32385-01.dmp
2012-07-18 14:24 - 2012-07-18 14:11 - 04840424 ____A (McAfee, Inc.) C:\Users\Taylor\Desktop\McAfeeSetup (2).exe
2012-07-18 14:11 - 2012-07-18 14:11 - 04840424 ____A (McAfee, Inc.) C:\Users\Taylor\Downloads\McAfeeSetup (2).exe
2012-07-17 14:05 - 2012-07-17 14:05 - 00291472 ____A C:\Windows\Minidump\071712-33009-01.dmp
2012-07-17 14:03 - 2012-07-17 14:03 - 00291472 ____A C:\Windows\Minidump\071712-30295-01.dmp
2012-07-17 13:38 - 2012-07-17 13:38 - 00002160 ____A C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
2012-07-17 13:38 - 2012-07-17 13:38 - 00000000 ____D C:\Users\Taylor\AppData\Roaming\McAfee
2012-07-17 13:37 - 2012-07-17 13:37 - 00526800 ____A (McAfee, Inc.) C:\Users\Taylor\Downloads\MVTInstaller.exe
2012-07-17 13:31 - 2012-07-17 13:31 - 04285248 ____A (McAfee, Inc.) C:\Users\Taylor\Downloads\McAfeeSetup (1).exe
2012-07-17 13:03 - 2012-07-17 13:03 - 00130247 ____A C:\Users\Taylor\Downloads\bluescreenview_setup.exe
2012-07-17 13:03 - 2012-07-17 13:03 - 00001339 ____A C:\Users\Taylor\Desktop\BlueScreenView.lnk
2012-07-17 13:03 - 2012-07-17 13:03 - 00000000 ____D C:\Program Files (x86)\NirSoft
2012-07-17 11:09 - 2012-07-17 11:09 - 00291472 ____A C:\Windows\Minidump\071712-30919-01.dmp
2012-07-17 11:06 - 2012-07-17 11:06 - 00291472 ____A C:\Windows\Minidump\071712-32198-01.dmp
2012-07-17 11:03 - 2012-07-17 11:03 - 00295840 ____A C:\Windows\Minidump\071712-51277-01.dmp
2012-07-17 10:59 - 2012-07-17 10:59 - 00000000 ____D C:\Program Files\McAfee.com
2012-07-17 10:59 - 2012-07-17 10:59 - 00000000 ____D C:\Program Files\McAfee
2012-07-17 02:36 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-16 18:25 - 2012-07-16 18:25 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-16 18:15 - 2012-07-16 18:15 - 04285248 ____A (McAfee, Inc.) C:\Users\Taylor\Downloads\McAfeeSetup.exe
2012-07-15 17:56 - 2012-07-15 17:56 - 00295840 ____A C:\Windows\Minidump\071512-91697-01.dmp
2012-07-15 17:42 - 2012-07-15 17:43 - 00295840 ____A C:\Windows\Minidump\071512-31917-01.dmp
2012-07-15 17:39 - 2012-07-15 17:39 - 00295840 ____A C:\Windows\Minidump\071512-33212-01.dmp
2012-07-15 17:36 - 2012-07-15 17:36 - 00295840 ____A C:\Windows\Minidump\071512-36847-01.dmp
2012-07-15 17:32 - 2012-07-15 17:32 - 00295840 ____A C:\Windows\Minidump\071512-33852-01.dmp
2012-07-15 17:30 - 2012-07-15 17:30 - 00295840 ____A C:\Windows\Minidump\071512-33275-01.dmp
2012-07-15 17:27 - 2012-07-15 17:27 - 00295840 ____A C:\Windows\Minidump\071512-38547-01.dmp
2012-07-10 23:08 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 23:02 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 23:02 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 23:02 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 23:02 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 23:02 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 23:02 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 23:02 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 23:02 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 23:02 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 23:02 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 23:02 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 23:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 23:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 23:02 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 23:02 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 23:02 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 23:02 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 23:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 23:02 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 23:02 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 23:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 23:02 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 23:02 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 23:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 23:02 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 23:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 23:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 23:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 09:07 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 09:07 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 09:07 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 09:07 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 09:07 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 09:07 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 09:07 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 09:07 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 09:07 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 09:07 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 09:06 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 09:06 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 09:06 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 09:06 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 09:06 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 07:44 - 2012-07-10 07:44 - 00014059 ____A C:\Users\Taylor\Desktop\hs_err_pid8152.log
2012-07-09 13:23 - 2012-07-09 13:23 - 00291472 ____A C:\Windows\Minidump\070912-35069-01.dmp
2012-07-09 13:19 - 2012-07-09 13:19 - 00291472 ____A C:\Windows\Minidump\070912-62197-01.dmp
2012-07-09 12:19 - 2012-07-09 12:19 - 00291472 ____A C:\Windows\Minidump\070912-58297-01.dmp
2012-07-09 12:04 - 2012-07-09 12:04 - 00291472 ____A C:\Windows\Minidump\070912-88187-01.dmp
2012-07-04 08:33 - 2012-07-04 08:33 - 00291472 ____A C:\Windows\Minidump\070412-35084-01.dmp
2012-06-25 12:11 - 2012-06-25 12:11 - 00291472 ____A C:\Windows\Minidump\062512-37315-01.dmp
2012-06-25 11:32 - 2012-06-25 11:32 - 00001015 ____A C:\Users\Taylor\Desktop\HetaOni ENGLISH v15.0b.lnk
2012-06-25 11:31 - 2012-06-25 11:39 - 00000000 ____D C:\Users\Taylor\Documents\HetaOni ENGLISH Version 15.0b
2012-06-25 11:27 - 2012-06-25 11:31 - 00000000 ____D C:\Users\Taylor\Desktop\HetaOni
2012-06-20 23:41 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-20 23:41 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-20 23:41 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-20 23:41 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-20 23:40 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-20 23:40 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-20 23:40 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-20 23:40 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-20 23:40 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 18:11 - 2012-06-20 18:11 - 00291472 ____A C:\Windows\Minidump\062012-36691-01.dmp


============ 3 Months Modified Files ========================

2012-07-19 12:31 - 2009-07-06 23:57 - 01183153 ____A C:\Windows\WindowsUpdate.log
2012-07-19 12:27 - 2009-07-13 20:51 - 00058867 ____A C:\Windows\setupact.log
2012-07-19 12:22 - 2012-04-11 11:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-19 12:06 - 2011-05-11 12:24 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1179732529-2225027405-1555872750-1001UA.job
2012-07-19 11:37 - 2010-12-01 13:43 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-18 21:06 - 2011-05-11 12:24 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1179732529-2225027405-1555872750-1001Core.job
2012-07-18 20:37 - 2010-12-01 13:43 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-18 18:09 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-18 18:09 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-18 18:05 - 2012-07-18 18:05 - 00015681 ____A C:\Users\Taylor\Desktop\DDS.txt
2012-07-18 18:05 - 2012-07-18 18:05 - 00007403 ____A C:\Users\Taylor\Desktop\Attach.txt
2012-07-18 16:50 - 2012-07-18 16:50 - 00607260 ____R (Swearware) C:\Users\Taylor\Desktop\dds.scr
2012-07-18 16:47 - 2012-07-18 16:47 - 00000474 ____A C:\Users\Taylor\Desktop\defogger_disable.log
2012-07-18 16:47 - 2012-07-18 16:47 - 00000000 ____A C:\Users\Taylor\defogger_reenable
2012-07-18 16:05 - 2011-02-14 15:04 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-07-18 16:05 - 2010-03-31 14:14 - 00491012 ____A C:\Windows\PFRO.log
2012-07-18 16:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-18 15:53 - 2012-07-18 15:53 - 00000512 ____A C:\Users\Taylor\Documents\MBR.dat
2012-07-18 15:52 - 2012-07-18 15:51 - 04731392 ____A (AVAST Software) C:\Users\Taylor\Desktop\aswMBR.exe
2012-07-18 15:42 - 2012-07-18 15:42 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Taylor\Downloads\SpyHunter-Installer.exe
2012-07-18 14:31 - 2012-07-18 14:31 - 00291472 ____A C:\Windows\Minidump\071812-32385-01.dmp
2012-07-18 14:31 - 2011-07-13 23:26 - 423890066 ____A C:\Windows\MEMORY.DMP
2012-07-18 14:11 - 2012-07-18 14:24 - 04840424 ____A (McAfee, Inc.) C:\Users\Taylor\Desktop\McAfeeSetup (2).exe
2012-07-18 14:11 - 2012-07-18 14:11 - 04840424 ____A (McAfee, Inc.) C:\Users\Taylor\Downloads\McAfeeSetup (2).exe
2012-07-17 14:05 - 2012-07-17 14:05 - 00291472 ____A C:\Windows\Minidump\071712-33009-01.dmp
2012-07-17 14:03 - 2012-07-17 14:03 - 00291472 ____A C:\Windows\Minidump\071712-30295-01.dmp
2012-07-17 13:38 - 2012-07-17 13:38 - 00002160 ____A C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
2012-07-17 13:37 - 2012-07-17 13:37 - 00526800 ____A (McAfee, Inc.) C:\Users\Taylor\Downloads\MVTInstaller.exe
2012-07-17 13:31 - 2012-07-17 13:31 - 04285248 ____A (McAfee, Inc.) C:\Users\Taylor\Downloads\McAfeeSetup (1).exe
2012-07-17 13:03 - 2012-07-17 13:03 - 00130247 ____A C:\Users\Taylor\Downloads\bluescreenview_setup.exe
2012-07-17 13:03 - 2012-07-17 13:03 - 00001339 ____A C:\Users\Taylor\Desktop\BlueScreenView.lnk
2012-07-17 11:09 - 2012-07-17 11:09 - 00291472 ____A C:\Windows\Minidump\071712-30919-01.dmp
2012-07-17 11:06 - 2012-07-17 11:06 - 00291472 ____A C:\Windows\Minidump\071712-32198-01.dmp
2012-07-17 11:03 - 2012-07-17 11:03 - 00295840 ____A C:\Windows\Minidump\071712-51277-01.dmp
2012-07-16 18:15 - 2012-07-16 18:15 - 04285248 ____A (McAfee, Inc.) C:\Users\Taylor\Downloads\McAfeeSetup.exe
2012-07-15 19:23 - 2012-04-11 11:17 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-15 19:23 - 2011-05-26 12:28 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-15 17:56 - 2012-07-15 17:56 - 00295840 ____A C:\Windows\Minidump\071512-91697-01.dmp
2012-07-15 17:43 - 2012-07-15 17:42 - 00295840 ____A C:\Windows\Minidump\071512-31917-01.dmp
2012-07-15 17:39 - 2012-07-15 17:39 - 00295840 ____A C:\Windows\Minidump\071512-33212-01.dmp
2012-07-15 17:36 - 2012-07-15 17:36 - 00295840 ____A C:\Windows\Minidump\071512-36847-01.dmp
2012-07-15 17:32 - 2012-07-15 17:32 - 00295840 ____A C:\Windows\Minidump\071512-33852-01.dmp
2012-07-15 17:30 - 2012-07-15 17:30 - 00295840 ____A C:\Windows\Minidump\071512-33275-01.dmp
2012-07-15 17:27 - 2012-07-15 17:27 - 00295840 ____A C:\Windows\Minidump\071512-38547-01.dmp
2012-07-10 23:26 - 2009-07-13 20:45 - 02274944 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 23:07 - 2012-04-10 23:07 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-07-10 23:03 - 2011-01-09 15:53 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 07:44 - 2012-07-10 07:44 - 00014059 ____A C:\Users\Taylor\Desktop\hs_err_pid8152.log
2012-07-09 13:23 - 2012-07-09 13:23 - 00291472 ____A C:\Windows\Minidump\070912-35069-01.dmp
2012-07-09 13:19 - 2012-07-09 13:19 - 00291472 ____A C:\Windows\Minidump\070912-62197-01.dmp
2012-07-09 12:19 - 2012-07-09 12:19 - 00291472 ____A C:\Windows\Minidump\070912-58297-01.dmp
2012-07-09 12:04 - 2012-07-09 12:04 - 00291472 ____A C:\Windows\Minidump\070912-88187-01.dmp
2012-07-09 12:04 - 2009-07-13 21:08 - 00032552 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-04 08:33 - 2012-07-04 08:33 - 00291472 ____A C:\Windows\Minidump\070412-35084-01.dmp
2012-07-02 23:13 - 2012-07-18 15:16 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-06-25 12:11 - 2012-06-25 12:11 - 00291472 ____A C:\Windows\Minidump\062512-37315-01.dmp
2012-06-25 11:32 - 2012-06-25 11:32 - 00001015 ____A C:\Users\Taylor\Desktop\HetaOni ENGLISH v15.0b.lnk
2012-06-20 18:11 - 2012-06-20 18:11 - 00291472 ____A C:\Windows\Minidump\062012-36691-01.dmp
2012-06-13 06:11 - 2012-06-13 06:11 - 00291472 ____A C:\Windows\Minidump\061312-54272-01.dmp
2012-06-12 23:15 - 2009-07-13 21:13 - 00754662 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-12 18:32 - 2012-06-12 18:32 - 00013418 ____A C:\Users\Taylor\Desktop\hs_err_pid2856.log
2012-06-11 19:02 - 2012-07-10 23:08 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:30 - 2012-07-10 09:07 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-10 09:07 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 19:15 - 2012-06-08 19:15 - 00001030 ____A C:\Users\Public\Desktop\Livestream Procaster.lnk
2012-06-08 19:12 - 2012-06-08 19:11 - 18199256 ____A (Procaster) C:\Users\Taylor\Desktop\LivestreamProcaster.exe
2012-06-05 21:50 - 2012-07-10 09:07 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-10 09:07 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-10 09:07 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-10 09:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-04 17:05 - 2012-06-03 12:21 - 02220032 ____A C:\Users\Taylor\Documents\collab2.sai
2012-06-04 16:08 - 2012-06-04 16:08 - 00013417 ____A C:\Users\Taylor\Desktop\hs_err_pid8148.log
2012-06-04 16:08 - 2012-06-03 16:35 - 23011328 ____A C:\Users\Taylor\Documents\DSCF3228.sai
2012-06-02 14:19 - 2012-06-20 23:41 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 23:41 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 23:41 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 23:40 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 23:40 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-20 23:41 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-20 23:40 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-20 23:40 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-20 23:40 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 23:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 23:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 23:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 23:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 23:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 23:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 23:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 23:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 23:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 23:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 23:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 23:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 23:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 23:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 23:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 23:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 23:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 23:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 23:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 23:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 23:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 23:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 23:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 23:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 23:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 23:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:38 - 2012-07-10 09:07 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-10 09:06 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-10 09:07 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-10 09:07 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-10 09:07 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-10 09:06 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-10 09:06 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-10 09:06 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-10 09:06 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 11:33 - 2012-05-31 11:33 - 00295840 ____A C:\Windows\Minidump\053112-47517-01.dmp
2012-05-31 11:29 - 2012-05-31 11:29 - 00295784 ____A C:\Windows\Minidump\053112-58001-01.dmp
2012-05-31 11:23 - 2012-05-31 11:23 - 00295840 ____A C:\Windows\Minidump\053112-52587-01.dmp
2012-05-27 16:52 - 2011-03-16 14:31 - 00046592 ____A C:\Users\Taylor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-18 18:42 - 2012-05-18 18:42 - 00001918 ____A C:\Users\Public\Desktop\Star Stable 2.lnk
2012-05-18 18:13 - 2012-05-18 18:13 - 00000302 ____A C:\Windows\EReg515.dat
2012-05-18 18:13 - 2012-05-18 18:12 - 00001177 ____A C:\Windows\disney.ini
2012-05-15 12:23 - 2012-05-15 12:23 - 00036734 ____A C:\Windows\SysWOW64\OggDSuninst.exe
2012-05-15 12:22 - 2012-05-15 12:22 - 00002149 ____A C:\Users\Taylor\Desktop\Jump&Ride Riding Academy 3D.lnk
2012-05-15 12:13 - 2012-05-15 12:13 - 01606656 ____A C:\Users\Taylor\Desktop\SteamInstall.msi
2012-05-12 11:22 - 2012-05-12 11:22 - 00291472 ____A C:\Windows\Minidump\051212-45755-01.dmp
2012-05-04 18:21 - 2012-05-04 18:21 - 24585849 ____A (peppy) C:\Users\Taylor\Downloads\osu!install.exe
2012-05-01 21:32 - 2012-06-12 17:26 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:50 - 2012-06-12 17:25 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 09:24 - 2012-04-26 09:24 - 00001700 ____A C:\Users\Taylor\Desktop\Eden Eternal.lnk
2012-04-25 21:34 - 2012-06-12 17:26 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:34 - 2012-06-12 17:26 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:28 - 2012-06-12 17:26 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:59 - 2012-06-12 17:25 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:59 - 2012-06-12 17:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:59 - 2012-06-12 17:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:47 - 2012-06-12 17:25 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:47 - 2012-06-12 17:25 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:47 - 2012-06-12 17:25 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-21 11:35 - 2012-04-21 11:35 - 00007618 ____A C:\Users\Taylor\AppData\Local\Resmon.ResmonCfg
2012-04-21 04:49 - 2012-04-21 04:48 - 00291472 ____A C:\Windows\Minidump\042112-52353-01.dmp


ZeroAccess:
C:\Windows\Installer\{71a442af-ae72-9f78-c417-cf42c98cd53b}
C:\Windows\Installer\{71a442af-ae72-9f78-c417-cf42c98cd53b}\@
C:\Windows\Installer\{71a442af-ae72-9f78-c417-cf42c98cd53b}\L
C:\Windows\Installer\{71a442af-ae72-9f78-c417-cf42c98cd53b}\U
C:\Windows\Installer\{71a442af-ae72-9f78-c417-cf42c98cd53b}\L\00000004.@
C:\Windows\Installer\{71a442af-ae72-9f78-c417-cf42c98cd53b}\L\1afb2d56
C:\Windows\Installer\{71a442af-ae72-9f78-c417-cf42c98cd53b}\L\201d3dde
C:\Windows\Installer\{71a442af-ae72-9f78-c417-cf42c98cd53b}\U\00000004.@
C:\Windows\Installer\{71a442af-ae72-9f78-c417-cf42c98cd53b}\U\00000008.@
C:\Windows\Installer\{71a442af-ae72-9f78-c417-cf42c98cd53b}\U\000000cb.@
C:\Windows\Installer\{71a442af-ae72-9f78-c417-cf42c98cd53b}\U\80000000.@
C:\Windows\Installer\{71a442af-ae72-9f78-c417-cf42c98cd53b}\U\80000032.@
C:\Windows\Installer\{71a442af-ae72-9f78-c417-cf42c98cd53b}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Possible MBR infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3839.23 MB
Available physical RAM: 3110.74 MB
Total Pagefile: 3837.38 MB
Available Pagefile: 3101.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:917.73 GB) (Free:692.77 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13.67 GB) (Free:2.19 GB) NTFS
3 Drive f: (Sims3EP03) (CDROM) (Total:6.75 GB) (Free:0 GB) UDF
6 Drive i: () (Removable) (Total:0.96 GB) (Free:0.75 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 987 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 917 GB 13 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 13 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 917 GB Healthy

==================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 986 MB 16 KB

==================================================================================

Disk: 3
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT Removable 986 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-17 20:38

======================= End Of Log ==========================



Search:

Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-19 16:38:27
Running from I:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:24 PM

Posted 19 July 2012 - 04:03 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{71a442af-ae72-9f78-c417-cf42c98cd53b}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
2012-07-17 02:36 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CJ Photo

CJ Photo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 19 July 2012 - 05:29 PM

Thank you very much, once again, for the very quick response. Here are the logs:

fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-19 17:10:22 Run:1
Running from I:\

==============================================

C:\Windows\Installer\{71a442af-ae72-9f78-c417-cf42c98cd53b} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\svchost.exe moved successfully.

==== End of Fixlog ====


And combofix log:

ComboFix 12-07-19.02 - Taylor 07/19/2012 17:19:42.1.4 - x64
Running from: c:\users\Taylor\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\programdata\783383h8n008h676t544x5xqc2c4
c:\users\Taylor\AppData\Roaming\Esav
c:\users\Taylor\AppData\Roaming\Esav\odod.tuf
c:\users\Taylor\Documents\~WRD3044.tmp
c:\users\Taylor\Documents\~WRL0489.tmp
c:\users\Taylor\Documents\~WRL0576.tmp
c:\users\Taylor\Documents\~WRL0583.tmp
c:\users\Taylor\Documents\~WRL1325.tmp
c:\users\Taylor\Documents\~WRL2454.tmp
c:\windows\svchost.exe
c:\windows\SysWow64\config\systemprofile\0.47002019164138864.exe
c:\windows\SysWow64\config\systemprofile\Librarys\wgesdwx
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))
.
.
2012-07-20 00:36 . 2012-07-20 00:36 -------- d-----w- C:\FRST
2012-07-19 21:32 . 2012-07-19 21:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 00:32 . 2012-07-19 00:32 -------- d-----w- c:\program files (x86)\Cobian Backup 8
2012-07-18 23:43 . 2012-07-18 23:51 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-18 23:43 . 2012-07-18 23:43 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-18 23:04 . 2012-07-18 23:04 -------- d-----w- C:\52495c86ba605862745365
2012-07-18 22:19 . 2012-07-18 22:19 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-07-18 22:07 . 2012-07-18 22:35 -------- d-----w- c:\users\Taylor\AppData\Local\ElevatedDiagnostics
2012-07-17 21:38 . 2012-07-17 21:38 -------- d-----w- c:\users\Taylor\AppData\Roaming\McAfee
2012-07-17 21:03 . 2012-07-17 21:03 -------- d-----w- c:\program files (x86)\NirSoft
2012-07-17 18:59 . 2012-07-17 18:59 -------- d-----w- c:\program files\McAfee
2012-07-17 02:25 . 2012-07-17 02:25 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-11 07:08 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 17:07 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-07-10 17:07 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 17:07 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 17:07 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-10 17:07 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-10 17:07 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 17:07 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-10 17:07 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 17:07 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-10 17:06 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 17:06 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-10 17:06 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-10 17:06 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-10 17:06 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-10 17:06 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 17:06 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-21 07:41 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 07:41 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 07:41 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 07:41 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 07:40 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 07:40 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 07:40 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 07:40 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 07:40 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 03:23 . 2012-04-11 19:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-16 03:23 . 2011-05-26 20:28 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 07:03 . 2011-01-09 23:53 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-05-15 20:23 . 2012-05-15 20:23 36734 ----a-w- c:\windows\SysWow64\OggDSuninst.exe
2012-05-02 05:32 . 2012-06-13 01:26 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 01:25 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 01:26 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 01:26 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 01:26 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-13 01:25 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-13 01:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-13 01:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 01:25 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 01:25 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 01:25 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBit0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03 120176 ---ha-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-31 39408]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-09 3077528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-03-26 563744]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-10-12 646232]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\frumtel]
2012-07-18 22:43 15872 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\frumtel.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 135664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 250056]
R3 dump_wmimmc;dump_wmimmc;c:\users\Taylor\Documents\LunaPlus\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [2012-04-26 47224]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-03 1255736]
R3 X6va003;X6va003;c:\users\Taylor\AppData\Local\Temp\003CB42.tmp [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-07-13 7329648]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 719216]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-10-11 763904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-11-12 84584]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-05-19 18288]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 03:23]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 21:42]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 21:42]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1179732529-2225027405-1555872750-1001Core.job
- c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 09:53]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1179732529-2225027405-1555872750-1001UA.job
- c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 09:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06 137584 ---ha-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.youtube.com/watch?v=yHjiNOZTgHo&feature=g-all-u&context=G2978890FAAAAAAAAAAA
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x3400&r=173612108707p0428v145w46i1v26q
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:53394
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\g341hkot.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-OggDS - c:\windows\system32\OggDSuninst.exe
AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Taylor\AppData\Local\Temp\003CB42.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"=hex:51,66,7a,6c,4c,1d,38,12,c4,f1,d4,
8c,0d,b7,42,06,f0,18,f4,98,5c,39,e1,33
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:34,6c,70,e3,14,19,cd,01
.
[HKEY_USERS\S-1-5-21-1179732529-2225027405-1555872750-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1179732529-2225027405-1555872750-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1179732529-2225027405-1555872750-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:15,81,5f,32,86,25,4e,bb,e8,71,8a,89,43,dc,9f,58,96,3a,5f,7d,85,d9,b3,
00,c8,53,24,6a,6e,2f,2a,3e,e0,5b,04,1d,b4,ef,34,8d,b3,be,3b,48,cf,8b,c8,c6,\
"??"=hex:d9,eb,e8,87,54,a1,8d,80,f0,7a,3a,0f,c2,c7,4d,2a
.
[HKEY_USERS\S-1-5-21-1179732529-2225027405-1555872750-1001\Software\SecuROM\License information*]
"datasecu"=hex:ea,b8,f0,10,6a,ca,31,a7,bd,10,50,1a,70,9e,f3,f3,e7,09,9d,d3,0f,
47,a2,df,5b,e2,80,21,f2,27,9f,81,0e,a3,dc,b3,e4,6a,00,71,9b,ec,7c,98,7a,31,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-07-19 18:26:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-19 22:26
.
Pre-Run: 766,693,105,664 bytes free
Post-Run: 771,500,318,720 bytes free
.
- - End Of File - - FBE5333BF6D55FDA536BAC109B8046E3

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:24 PM

Posted 19 July 2012 - 05:44 PM

Please run the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic461338.html/page__pid__2771413#entry2771413

Collect::
c:\windows\System32\config\systemprofile\AppData\Local\frumtel.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\frumtel]

DDS::
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:53394

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 CJ Photo

CJ Photo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 19 July 2012 - 07:00 PM

Thank you! Here are the logs:

Combfix:

ComboFix 12-07-19.02 - Taylor 07/19/2012 18:51:20.2.4 - x64
Running from: c:\users\Taylor\Desktop\ComboFix.exe
Command switches used :: c:\users\Taylor\Desktop\CFScript.txt
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))
.
.
2012-07-20 00:36 . 2012-07-20 00:36 -------- d-----w- C:\FRST
2012-07-19 23:34 . 2012-07-19 23:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 00:32 . 2012-07-19 00:32 -------- d-----w- c:\program files (x86)\Cobian Backup 8
2012-07-18 23:43 . 2012-07-18 23:51 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-18 23:43 . 2012-07-18 23:43 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-18 23:04 . 2012-07-18 23:04 -------- d-----w- C:\52495c86ba605862745365
2012-07-18 22:19 . 2012-07-18 22:19 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-07-18 22:07 . 2012-07-18 22:35 -------- d-----w- c:\users\Taylor\AppData\Local\ElevatedDiagnostics
2012-07-17 21:38 . 2012-07-17 21:38 -------- d-----w- c:\users\Taylor\AppData\Roaming\McAfee
2012-07-17 21:03 . 2012-07-17 21:03 -------- d-----w- c:\program files (x86)\NirSoft
2012-07-17 18:59 . 2012-07-17 18:59 -------- d-----w- c:\program files\McAfee
2012-07-17 02:25 . 2012-07-17 02:25 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-11 07:08 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 17:07 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-07-10 17:07 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 17:07 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 17:07 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-10 17:07 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-10 17:07 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 17:07 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-10 17:07 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 17:07 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-10 17:06 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 17:06 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-10 17:06 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-10 17:06 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-10 17:06 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-10 17:06 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 17:06 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-21 07:41 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 07:41 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 07:41 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 07:41 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 07:40 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 07:40 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 07:40 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 07:40 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 07:40 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 03:23 . 2012-04-11 19:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-16 03:23 . 2011-05-26 20:28 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 07:03 . 2011-01-09 23:53 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-05-15 20:23 . 2012-05-15 20:23 36734 ----a-w- c:\windows\SysWow64\OggDSuninst.exe
2012-05-02 05:32 . 2012-06-13 01:26 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 01:25 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 01:26 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 01:26 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 01:26 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-13 01:25 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-13 01:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-13 01:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 01:25 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 01:25 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 01:25 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-19_22.20.16 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-03-17 00:31 . 2012-07-19 21:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-03-17 00:31 . 2012-07-19 22:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-19 23:35 . 2012-07-19 23:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-19 21:34 . 2012-07-19 21:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-19 23:35 . 2012-07-19 23:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-19 21:34 . 2012-07-19 21:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-16 20:53 . 2012-07-19 22:20 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-03-16 20:53 . 2012-07-19 21:35 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2009-07-14 05:01 . 2012-07-19 21:33 390468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-19 23:34 390468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-06-16 07:31 . 2012-07-19 21:34 4226852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1179732529-2225027405-1555872750-1001-8192.dat
+ 2011-06-16 07:31 . 2012-07-19 23:34 4226852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1179732529-2225027405-1555872750-1001-8192.dat
- 2009-07-14 04:54 . 2012-07-19 22:20 13352960 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-19 23:36 13352960 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-19 22:20 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-19 23:36 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-17 14:22 . 2012-07-19 23:34 15190376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-03-17 14:22 . 2012-07-19 21:08 15190376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBit0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03 120176 ---ha-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-31 39408]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-09 3077528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-03-26 563744]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-10-12 646232]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 135664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 250056]
R3 dump_wmimmc;dump_wmimmc;c:\users\Taylor\Documents\LunaPlus\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [2012-04-26 47224]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-03 1255736]
R3 X6va003;X6va003;c:\users\Taylor\AppData\Local\Temp\003CB42.tmp [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-07-13 7329648]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 719216]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-10-11 763904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-11-12 84584]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-05-19 18288]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 03:23]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 21:42]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 21:42]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1179732529-2225027405-1555872750-1001Core.job
- c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 09:53]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1179732529-2225027405-1555872750-1001UA.job
- c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 09:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06 137584 ---ha-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.youtube.com/watch?v=yHjiNOZTgHo&feature=g-all-u&context=G2978890FAAAAAAAAAAA
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x3400&r=173612108707p0428v145w46i1v26q
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\g341hkot.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Taylor\AppData\Local\Temp\003CB42.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"=hex:51,66,7a,6c,4c,1d,38,12,c4,f1,d4,
8c,0d,b7,42,06,f0,18,f4,98,5c,39,e1,33
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:34,6c,70,e3,14,19,cd,01
.
[HKEY_USERS\S-1-5-21-1179732529-2225027405-1555872750-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1179732529-2225027405-1555872750-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1179732529-2225027405-1555872750-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:15,81,5f,32,86,25,4e,bb,e8,71,8a,89,43,dc,9f,58,96,3a,5f,7d,85,d9,b3,
00,c8,53,24,6a,6e,2f,2a,3e,e0,5b,04,1d,b4,ef,34,8d,b3,be,3b,48,cf,8b,c8,c6,\
"??"=hex:d9,eb,e8,87,54,a1,8d,80,f0,7a,3a,0f,c2,c7,4d,2a
.
[HKEY_USERS\S-1-5-21-1179732529-2225027405-1555872750-1001\Software\SecuROM\License information*]
"datasecu"=hex:ea,b8,f0,10,6a,ca,31,a7,bd,10,50,1a,70,9e,f3,f3,e7,09,9d,d3,0f,
47,a2,df,5b,e2,80,21,f2,27,9f,81,0e,a3,dc,b3,e4,6a,00,71,9b,ec,7c,98,7a,31,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-07-19 19:51:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-19 23:51
ComboFix2.txt 2012-07-19 22:26
.
Pre-Run: 771,549,958,144 bytes free
Post-Run: 770,803,625,984 bytes free
.
- - End Of File - - BC9FCB1183A5DE4D7491C4AD75DC529C

TDSSKiller:

19:54:59.0250 8040 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
19:54:59.0521 8040 ============================================================
19:54:59.0521 8040 Current date / time: 2012/07/19 19:54:59.0521
19:54:59.0521 8040 SystemInfo:
19:54:59.0521 8040
19:54:59.0521 8040 OS Version: 6.1.7600 ServicePack: 0.0
19:54:59.0521 8040 Product type: Workstation
19:54:59.0521 8040 ComputerName: TAYLOR-PC
19:54:59.0521 8040 UserName: Taylor
19:54:59.0521 8040 Windows directory: C:\Windows
19:54:59.0521 8040 System windows directory: C:\Windows
19:54:59.0521 8040 Running under WOW64
19:54:59.0521 8040 Processor architecture: Intel x64
19:54:59.0521 8040 Number of processors: 4
19:54:59.0522 8040 Page size: 0x1000
19:54:59.0522 8040 Boot type: Normal boot
19:54:59.0522 8040 ============================================================
19:55:02.0857 8040 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:55:02.0866 8040 Drive \Device\Harddisk3\DR3 - Size: 0x3DB00000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:55:02.0867 8040 ============================================================
19:55:02.0867 8040 \Device\Harddisk0\DR0:
19:55:02.0868 8040 MBR partitions:
19:55:02.0868 8040 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
19:55:02.0868 8040 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x72B7BDB0
19:55:02.0868 8040 \Device\Harddisk3\DR3:
19:55:02.0868 8040 MBR partitions:
19:55:02.0868 8040 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1ED7E0
19:55:02.0868 8040 ============================================================
19:55:02.0881 8040 C: <-> \Device\Harddisk0\DR0\Partition1
19:55:02.0881 8040 ============================================================
19:55:02.0881 8040 Initialize success
19:55:02.0881 8040 ============================================================
19:55:21.0120 7560 ============================================================
19:55:21.0120 7560 Scan started
19:55:21.0120 7560 Mode: Manual; TDLFS;
19:55:21.0120 7560 ============================================================
19:55:24.0269 7560 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:55:24.0272 7560 1394ohci - ok
19:55:24.0301 7560 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:55:24.0305 7560 ACPI - ok
19:55:24.0321 7560 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:55:24.0322 7560 AcpiPmi - ok
19:55:24.0452 7560 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:55:24.0456 7560 AdobeFlashPlayerUpdateSvc - ok
19:55:24.0497 7560 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:55:24.0512 7560 adp94xx - ok
19:55:24.0545 7560 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:55:24.0549 7560 adpahci - ok
19:55:24.0565 7560 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:55:24.0567 7560 adpu320 - ok
19:55:24.0590 7560 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:55:24.0591 7560 AeLookupSvc - ok
19:55:24.0647 7560 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:55:24.0661 7560 AFD - ok
19:55:24.0687 7560 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:55:24.0688 7560 agp440 - ok
19:55:24.0915 7560 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
19:55:24.0915 7560 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
19:55:24.0922 7560 Akamai ( HiddenFile.Multi.Generic ) - warning
19:55:24.0922 7560 Akamai - detected HiddenFile.Multi.Generic (1)
19:55:24.0965 7560 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:55:24.0966 7560 ALG - ok
19:55:24.0983 7560 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:55:24.0984 7560 aliide - ok
19:55:24.0999 7560 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:55:25.0000 7560 amdide - ok
19:55:25.0007 7560 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:55:25.0009 7560 AmdK8 - ok
19:55:25.0036 7560 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:55:25.0037 7560 AmdPPM - ok
19:55:25.0074 7560 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:55:25.0075 7560 amdsata - ok
19:55:25.0093 7560 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:55:25.0096 7560 amdsbs - ok
19:55:25.0106 7560 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:55:25.0107 7560 amdxata - ok
19:55:25.0121 7560 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:55:25.0123 7560 AppID - ok
19:55:25.0135 7560 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:55:25.0137 7560 AppIDSvc - ok
19:55:25.0157 7560 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
19:55:25.0159 7560 Appinfo - ok
19:55:25.0252 7560 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:55:25.0255 7560 Apple Mobile Device - ok
19:55:25.0277 7560 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:55:25.0278 7560 arc - ok
19:55:25.0299 7560 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:55:25.0301 7560 arcsas - ok
19:55:25.0348 7560 aspnet_state - ok
19:55:25.0367 7560 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:55:25.0368 7560 AsyncMac - ok
19:55:25.0379 7560 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:55:25.0380 7560 atapi - ok
19:55:25.0418 7560 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:55:25.0438 7560 AudioEndpointBuilder - ok
19:55:25.0445 7560 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:55:25.0448 7560 AudioSrv - ok
19:55:25.0464 7560 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
19:55:25.0466 7560 AxInstSV - ok
19:55:25.0496 7560 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:55:25.0512 7560 b06bdrv - ok
19:55:25.0544 7560 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:55:25.0547 7560 b57nd60a - ok
19:55:25.0575 7560 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:55:25.0577 7560 BDESVC - ok
19:55:25.0583 7560 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:55:25.0584 7560 Beep - ok
19:55:25.0623 7560 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
19:55:25.0643 7560 BFE - ok
19:55:25.0724 7560 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
19:55:25.0749 7560 BITS - ok
19:55:25.0780 7560 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:55:25.0781 7560 blbdrive - ok
19:55:25.0874 7560 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:55:25.0879 7560 Bonjour Service - ok
19:55:25.0916 7560 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:55:25.0917 7560 bowser - ok
19:55:25.0929 7560 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:55:25.0929 7560 BrFiltLo - ok
19:55:25.0943 7560 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:55:25.0944 7560 BrFiltUp - ok
19:55:25.0965 7560 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:55:25.0967 7560 BridgeMP - ok
19:55:25.0990 7560 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
19:55:25.0992 7560 Browser - ok
19:55:26.0023 7560 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:55:26.0026 7560 Brserid - ok
19:55:26.0044 7560 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:55:26.0045 7560 BrSerWdm - ok
19:55:26.0065 7560 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:55:26.0066 7560 BrUsbMdm - ok
19:55:26.0073 7560 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:55:26.0075 7560 BrUsbSer - ok
19:55:26.0119 7560 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:55:26.0165 7560 BTHMODEM - ok
19:55:26.0239 7560 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:55:26.0241 7560 bthserv - ok
19:55:26.0254 7560 catchme - ok
19:55:26.0294 7560 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:55:26.0296 7560 cdfs - ok
19:55:26.0320 7560 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:55:26.0323 7560 cdrom - ok
19:55:26.0346 7560 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:55:26.0348 7560 CertPropSvc - ok
19:55:26.0365 7560 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:55:26.0366 7560 circlass - ok
19:55:26.0399 7560 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:55:26.0403 7560 CLFS - ok
19:55:26.0423 7560 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:55:26.0425 7560 clr_optimization_v2.0.50727_32 - ok
19:55:26.0441 7560 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:55:26.0442 7560 clr_optimization_v2.0.50727_64 - ok
19:55:26.0568 7560 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:55:26.0569 7560 clr_optimization_v4.0.30319_32 - ok
19:55:26.0596 7560 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:55:26.0598 7560 clr_optimization_v4.0.30319_64 - ok
19:55:26.0616 7560 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:55:26.0617 7560 CmBatt - ok
19:55:26.0626 7560 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:55:26.0627 7560 cmdide - ok
19:55:26.0677 7560 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
19:55:26.0693 7560 CNG - ok
19:55:26.0723 7560 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:55:26.0724 7560 Compbatt - ok
19:55:26.0741 7560 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:55:26.0742 7560 CompositeBus - ok
19:55:26.0746 7560 COMSysApp - ok
19:55:26.0757 7560 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:55:26.0758 7560 crcdisk - ok
19:55:26.0800 7560 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
19:55:26.0802 7560 CryptSvc - ok
19:55:26.0920 7560 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:55:26.0924 7560 cvhsvc - ok
19:55:26.0968 7560 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:55:26.0975 7560 DcomLaunch - ok
19:55:27.0008 7560 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:55:27.0012 7560 defragsvc - ok
19:55:27.0067 7560 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:55:27.0068 7560 DfsC - ok
19:55:27.0098 7560 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
19:55:27.0102 7560 Dhcp - ok
19:55:27.0110 7560 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:55:27.0111 7560 discache - ok
19:55:27.0117 7560 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:55:27.0118 7560 Disk - ok
19:55:27.0138 7560 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
19:55:27.0141 7560 Dnscache - ok
19:55:27.0181 7560 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
19:55:27.0184 7560 dot3svc - ok
19:55:27.0207 7560 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
19:55:27.0209 7560 DPS - ok
19:55:27.0235 7560 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:55:27.0236 7560 drmkaud - ok
19:55:27.0360 7560 dump_wmimmc - ok
19:55:27.0433 7560 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:55:27.0456 7560 DXGKrnl - ok
19:55:27.0488 7560 EagleX64 - ok
19:55:27.0503 7560 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:55:27.0505 7560 EapHost - ok
19:55:27.0633 7560 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:55:27.0691 7560 ebdrv - ok
19:55:27.0757 7560 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
19:55:27.0759 7560 EFS - ok
19:55:27.0833 7560 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
19:55:27.0841 7560 ehRecvr - ok
19:55:27.0894 7560 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:55:27.0896 7560 ehSched - ok
19:55:27.0964 7560 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:55:27.0971 7560 elxstor - ok
19:55:28.0016 7560 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:55:28.0017 7560 ErrDev - ok
19:55:28.0060 7560 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:55:28.0065 7560 EventSystem - ok
19:55:28.0089 7560 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:55:28.0092 7560 exfat - ok
19:55:28.0112 7560 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:55:28.0115 7560 fastfat - ok
19:55:28.0178 7560 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
19:55:28.0192 7560 Fax - ok
19:55:28.0232 7560 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:55:28.0233 7560 fdc - ok
19:55:28.0244 7560 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:55:28.0245 7560 fdPHost - ok
19:55:28.0256 7560 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:55:28.0257 7560 FDResPub - ok
19:55:28.0268 7560 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:55:28.0270 7560 FileInfo - ok
19:55:28.0286 7560 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:55:28.0287 7560 Filetrace - ok
19:55:28.0418 7560 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:55:28.0460 7560 FLEXnet Licensing Service - ok
19:55:28.0547 7560 FlipShare Service (1c8401072e39784cda54e1ba8d8ee845) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
19:55:28.0551 7560 FlipShare Service - ok
19:55:28.0581 7560 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:55:28.0581 7560 flpydisk - ok
19:55:28.0606 7560 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:55:28.0609 7560 FltMgr - ok
19:55:28.0693 7560 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
19:55:28.0776 7560 FontCache - ok
19:55:28.0861 7560 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:55:28.0862 7560 FontCache3.0.0.0 - ok
19:55:28.0945 7560 ForceWare Intelligent Application Manager (IAM) (a9ff65ea14e4cabfcc1bb8ece111a249) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
19:55:28.0980 7560 ForceWare Intelligent Application Manager (IAM) - ok
19:55:29.0006 7560 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:55:29.0007 7560 FsDepends - ok
19:55:29.0074 7560 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
19:55:29.0075 7560 Fs_Rec - ok
19:55:29.0122 7560 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:55:29.0125 7560 fvevol - ok
19:55:29.0132 7560 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:55:29.0133 7560 gagp30kx - ok
19:55:29.0216 7560 GameConsoleService (6858c318e8daa40e747e6fb9b214e104) C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
19:55:29.0218 7560 GameConsoleService - ok
19:55:29.0248 7560 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:55:29.0249 7560 GEARAspiWDM - ok
19:55:29.0307 7560 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
19:55:29.0323 7560 gpsvc - ok
19:55:29.0425 7560 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
19:55:29.0431 7560 Greg_Service - ok
19:55:29.0495 7560 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:55:29.0496 7560 gupdate - ok
19:55:29.0530 7560 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:55:29.0531 7560 gupdatem - ok
19:55:29.0561 7560 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:55:29.0564 7560 gusvc - ok
19:55:29.0620 7560 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:55:29.0621 7560 hcw85cir - ok
19:55:29.0656 7560 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:55:29.0670 7560 HdAudAddService - ok
19:55:29.0701 7560 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:55:29.0702 7560 HDAudBus - ok
19:55:29.0715 7560 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:55:29.0716 7560 HidBatt - ok
19:55:29.0728 7560 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:55:29.0730 7560 HidBth - ok
19:55:29.0744 7560 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:55:29.0745 7560 HidIr - ok
19:55:29.0765 7560 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:55:29.0766 7560 hidserv - ok
19:55:29.0793 7560 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:55:29.0794 7560 HidUsb - ok
19:55:29.0819 7560 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
19:55:29.0821 7560 hkmsvc - ok
19:55:29.0845 7560 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
19:55:29.0848 7560 HomeGroupListener - ok
19:55:29.0869 7560 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
19:55:29.0871 7560 HomeGroupProvider - ok
19:55:29.0891 7560 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:55:29.0892 7560 HpSAMD - ok
19:55:29.0945 7560 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:55:29.0959 7560 HTTP - ok
19:55:29.0999 7560 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:55:30.0000 7560 hwpolicy - ok
19:55:30.0023 7560 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:55:30.0024 7560 i8042prt - ok
19:55:30.0072 7560 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:55:30.0077 7560 iaStorV - ok
19:55:30.0180 7560 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:55:30.0181 7560 IDriverT - ok
19:55:30.0273 7560 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:55:30.0287 7560 idsvc - ok
19:55:30.0320 7560 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:55:30.0321 7560 iirsp - ok
19:55:30.0366 7560 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
19:55:30.0375 7560 IKEEXT - ok
19:55:30.0478 7560 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
19:55:30.0520 7560 IntcAzAudAddService - ok
19:55:30.0589 7560 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:55:30.0590 7560 intelide - ok
19:55:30.0609 7560 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:55:30.0651 7560 intelppm - ok
19:55:30.0670 7560 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:55:30.0673 7560 IPBusEnum - ok
19:55:30.0680 7560 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:55:30.0682 7560 IpFilterDriver - ok
19:55:30.0752 7560 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
19:55:30.0759 7560 iphlpsvc - ok
19:55:30.0766 7560 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:55:30.0768 7560 IPMIDRV - ok
19:55:30.0779 7560 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:55:30.0780 7560 IPNAT - ok
19:55:30.0880 7560 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
19:55:30.0889 7560 iPod Service - ok
19:55:30.0907 7560 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:55:30.0908 7560 IRENUM - ok
19:55:30.0918 7560 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:55:30.0919 7560 isapnp - ok
19:55:30.0955 7560 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:55:30.0958 7560 iScsiPrt - ok
19:55:30.0978 7560 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:55:30.0979 7560 kbdclass - ok
19:55:30.0996 7560 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:55:30.0997 7560 kbdhid - ok
19:55:31.0031 7560 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:55:31.0032 7560 KeyIso - ok
19:55:31.0073 7560 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
19:55:31.0075 7560 KSecDD - ok
19:55:31.0084 7560 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
19:55:31.0086 7560 KSecPkg - ok
19:55:31.0098 7560 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:55:31.0099 7560 ksthunk - ok
19:55:31.0129 7560 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:55:31.0134 7560 KtmRm - ok
19:55:31.0173 7560 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
19:55:31.0177 7560 LanmanServer - ok
19:55:31.0222 7560 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
19:55:31.0225 7560 LanmanWorkstation - ok
19:55:31.0243 7560 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:55:31.0245 7560 lltdio - ok
19:55:31.0275 7560 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:55:31.0279 7560 lltdsvc - ok
19:55:31.0321 7560 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:55:31.0322 7560 lmhosts - ok
19:55:31.0340 7560 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:55:31.0341 7560 LSI_FC - ok
19:55:31.0351 7560 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:55:31.0352 7560 LSI_SAS - ok
19:55:31.0360 7560 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:55:31.0361 7560 LSI_SAS2 - ok
19:55:31.0372 7560 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:55:31.0374 7560 LSI_SCSI - ok
19:55:31.0394 7560 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:55:31.0396 7560 luafv - ok
19:55:31.0434 7560 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:55:31.0435 7560 LVPr2M64 - ok
19:55:31.0439 7560 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:55:31.0439 7560 LVPr2Mon - ok
19:55:31.0504 7560 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
19:55:31.0506 7560 LVPrcS64 - ok
19:55:31.0545 7560 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
19:55:31.0549 7560 LVRS64 - ok
19:55:31.0834 7560 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
19:55:31.0930 7560 LVUVC64 - ok
19:55:32.0044 7560 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:55:32.0046 7560 McAfee SiteAdvisor Service - ok
19:55:32.0135 7560 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
19:55:32.0139 7560 McComponentHostService - ok
19:55:32.0146 7560 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:55:32.0149 7560 McMPFSvc - ok
19:55:32.0203 7560 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:55:32.0205 7560 mcmscsvc - ok
19:55:32.0210 7560 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:55:32.0211 7560 McNaiAnn - ok
19:55:32.0227 7560 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:55:32.0229 7560 McNASvc - ok
19:55:32.0245 7560 McODS - ok
19:55:32.0259 7560 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:55:32.0261 7560 McProxy - ok
19:55:32.0349 7560 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
19:55:32.0350 7560 Mcx2Svc - ok
19:55:32.0430 7560 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:55:32.0431 7560 megasas - ok
19:55:32.0447 7560 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:55:32.0450 7560 MegaSR - ok
19:55:32.0466 7560 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:55:32.0468 7560 MMCSS - ok
19:55:32.0483 7560 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:55:32.0484 7560 Modem - ok
19:55:32.0505 7560 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:55:32.0506 7560 monitor - ok
19:55:32.0513 7560 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:55:32.0514 7560 mouclass - ok
19:55:32.0530 7560 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:55:32.0531 7560 mouhid - ok
19:55:32.0553 7560 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:55:32.0555 7560 mountmgr - ok
19:55:32.0579 7560 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:55:32.0581 7560 mpio - ok
19:55:32.0597 7560 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:55:32.0599 7560 mpsdrv - ok
19:55:32.0651 7560 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
19:55:32.0665 7560 MpsSvc - ok
19:55:32.0685 7560 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:55:32.0687 7560 MRxDAV - ok
19:55:32.0733 7560 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:55:32.0735 7560 mrxsmb - ok
19:55:32.0786 7560 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:55:32.0790 7560 mrxsmb10 - ok
19:55:32.0812 7560 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:55:32.0814 7560 mrxsmb20 - ok
19:55:32.0819 7560 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:55:32.0819 7560 msahci - ok
19:55:32.0845 7560 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:55:32.0847 7560 msdsm - ok
19:55:32.0870 7560 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:55:32.0872 7560 MSDTC - ok
19:55:32.0894 7560 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:55:32.0895 7560 Msfs - ok
19:55:32.0907 7560 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:55:32.0908 7560 mshidkmdf - ok
19:55:32.0919 7560 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:55:32.0920 7560 msisadrv - ok
19:55:32.0954 7560 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:55:32.0956 7560 MSiSCSI - ok
19:55:32.0961 7560 msiserver - ok
19:55:32.0979 7560 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:55:32.0980 7560 MSK80Service - ok
19:55:33.0006 7560 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:55:33.0007 7560 MSKSSRV - ok
19:55:33.0020 7560 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:55:33.0020 7560 MSPCLOCK - ok
19:55:33.0029 7560 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:55:33.0030 7560 MSPQM - ok
19:55:33.0066 7560 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:55:33.0070 7560 MsRPC - ok
19:55:33.0083 7560 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:55:33.0084 7560 mssmbios - ok
19:55:33.0095 7560 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:55:33.0096 7560 MSTEE - ok
19:55:33.0113 7560 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:55:33.0114 7560 MTConfig - ok
19:55:33.0153 7560 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:55:33.0198 7560 Mup - ok
19:55:33.0230 7560 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
19:55:33.0231 7560 mwlPSDFilter - ok
19:55:33.0235 7560 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
19:55:33.0235 7560 mwlPSDNServ - ok
19:55:33.0244 7560 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
19:55:33.0245 7560 mwlPSDVDisk - ok
19:55:33.0327 7560 MWLService (22a4905c958beb68d78385b633c1351b) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
19:55:33.0331 7560 MWLService - ok
19:55:33.0371 7560 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
19:55:33.0387 7560 napagent - ok
19:55:33.0421 7560 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:55:33.0425 7560 NativeWifiP - ok
19:55:33.0476 7560 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:55:33.0484 7560 NDIS - ok
19:55:33.0489 7560 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:55:33.0490 7560 NdisCap - ok
19:55:33.0516 7560 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:55:33.0517 7560 NdisTapi - ok
19:55:33.0535 7560 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:55:33.0536 7560 Ndisuio - ok
19:55:33.0552 7560 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:55:33.0554 7560 NdisWan - ok
19:55:33.0563 7560 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:55:33.0564 7560 NDProxy - ok
19:55:33.0642 7560 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:55:33.0655 7560 Nero BackItUp Scheduler 4.0 - ok
19:55:33.0661 7560 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:55:33.0662 7560 NetBIOS - ok
19:55:33.0699 7560 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:55:33.0702 7560 NetBT - ok
19:55:33.0742 7560 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:55:33.0743 7560 Netlogon - ok
19:55:33.0789 7560 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:55:33.0793 7560 Netman - ok
19:55:33.0828 7560 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:55:33.0845 7560 netprofm - ok
19:55:33.0899 7560 netr28x (254af6df67eafa8c6e0aa0d316487673) C:\Windows\system32\DRIVERS\netr28x.sys
19:55:33.0917 7560 netr28x - ok
19:55:33.0973 7560 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:55:33.0975 7560 NetTcpPortSharing - ok
19:55:33.0988 7560 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:55:33.0989 7560 nfrd960 - ok
19:55:34.0027 7560 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
19:55:34.0031 7560 NlaSvc - ok
19:55:34.0062 7560 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:55:34.0064 7560 Npfs - ok
19:55:34.0079 7560 npggsvc - ok
19:55:34.0084 7560 NPPTNT2 - ok
19:55:34.0098 7560 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:55:34.0100 7560 nsi - ok
19:55:34.0116 7560 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:55:34.0116 7560 nsiproxy - ok
19:55:34.0208 7560 nSvcIp (c04f5def37e55f6a34428b050f44d3d6) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
19:55:34.0211 7560 nSvcIp - ok
19:55:34.0306 7560 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:55:34.0331 7560 Ntfs - ok
19:55:34.0391 7560 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:55:34.0392 7560 Null - ok
19:55:34.0455 7560 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
19:55:34.0461 7560 NVENETFD - ok
19:55:34.0527 7560 NVHDA (181e7fe39211e04128a30708906627d8) C:\Windows\system32\drivers\nvhda64v.sys
19:55:34.0528 7560 NVHDA - ok
19:55:34.0850 7560 nvlddmkm (5dcca70aab720c07cea8d4f5ea6db83d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:55:35.0060 7560 nvlddmkm - ok
19:55:35.0127 7560 NVNET (956a1f47826514c1ea0c295fe13c7377) C:\Windows\system32\DRIVERS\nvmf6264.sys
19:55:35.0131 7560 NVNET - ok
19:55:35.0217 7560 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:55:35.0236 7560 nvraid - ok
19:55:35.0262 7560 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys
19:55:35.0264 7560 nvsmu - ok
19:55:35.0305 7560 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:55:35.0307 7560 nvstor - ok
19:55:35.0329 7560 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys
19:55:35.0330 7560 nvstor64 - ok
19:55:35.0362 7560 nvsvc (902bb5d857538cc31163009959df0116) C:\Windows\system32\nvvsvc.exe
19:55:35.0367 7560 nvsvc - ok
19:55:35.0391 7560 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:55:35.0393 7560 nv_agp - ok
19:55:35.0407 7560 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:55:35.0408 7560 ohci1394 - ok
19:55:35.0487 7560 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:55:35.0491 7560 ose - ok
19:55:35.0709 7560 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:55:35.0789 7560 osppsvc - ok
19:55:35.0870 7560 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:55:35.0874 7560 p2pimsvc - ok
19:55:35.0923 7560 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:55:35.0940 7560 p2psvc - ok
19:55:35.0950 7560 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:55:35.0951 7560 Parport - ok
19:55:35.0988 7560 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
19:55:35.0989 7560 partmgr - ok
19:55:36.0000 7560 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:55:36.0003 7560 PcaSvc - ok
19:55:36.0017 7560 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:55:36.0020 7560 pci - ok
19:55:36.0030 7560 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:55:36.0032 7560 pciide - ok
19:55:36.0058 7560 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:55:36.0061 7560 pcmcia - ok
19:55:36.0071 7560 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:55:36.0072 7560 pcw - ok
19:55:36.0116 7560 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:55:36.0138 7560 PEAUTH - ok
19:55:36.0240 7560 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:55:36.0241 7560 PerfHost - ok
19:55:36.0342 7560 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
19:55:36.0406 7560 pla - ok
19:55:36.0486 7560 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
19:55:36.0491 7560 PlugPlay - ok
19:55:36.0504 7560 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:55:36.0505 7560 PNRPAutoReg - ok
19:55:36.0523 7560 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:55:36.0525 7560 PNRPsvc - ok
19:55:36.0627 7560 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
19:55:36.0642 7560 PolicyAgent - ok
19:55:36.0686 7560 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:55:36.0689 7560 Power - ok
19:55:36.0713 7560 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:55:36.0715 7560 PptpMiniport - ok
19:55:36.0733 7560 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:55:36.0734 7560 Processor - ok
19:55:36.0768 7560 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
19:55:36.0771 7560 ProfSvc - ok
19:55:36.0809 7560 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:55:36.0810 7560 ProtectedStorage - ok
19:55:36.0818 7560 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:55:36.0820 7560 Psched - ok
19:55:36.0899 7560 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:55:36.0983 7560 ql2300 - ok
19:55:37.0034 7560 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:55:37.0036 7560 ql40xx - ok
19:55:37.0063 7560 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:55:37.0067 7560 QWAVE - ok
19:55:37.0075 7560 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:55:37.0076 7560 QWAVEdrv - ok
19:55:37.0092 7560 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:55:37.0093 7560 RasAcd - ok
19:55:37.0116 7560 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:55:37.0117 7560 RasAgileVpn - ok
19:55:37.0129 7560 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:55:37.0132 7560 RasAuto - ok
19:55:37.0145 7560 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:55:37.0147 7560 Rasl2tp - ok
19:55:37.0183 7560 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
19:55:37.0187 7560 RasMan - ok
19:55:37.0215 7560 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:55:37.0217 7560 RasPppoe - ok
19:55:37.0224 7560 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:55:37.0225 7560 RasSstp - ok
19:55:37.0255 7560 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:55:37.0258 7560 rdbss - ok
19:55:37.0290 7560 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:55:37.0291 7560 rdpbus - ok
19:55:37.0309 7560 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:55:37.0309 7560 RDPCDD - ok
19:55:37.0322 7560 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:55:37.0323 7560 RDPENCDD - ok
19:55:37.0337 7560 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:55:37.0338 7560 RDPREFMP - ok
19:55:37.0374 7560 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
19:55:37.0377 7560 RDPWD - ok
19:55:37.0390 7560 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:55:37.0393 7560 rdyboost - ok
19:55:37.0459 7560 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:55:37.0461 7560 RemoteAccess - ok
19:55:37.0474 7560 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:55:37.0477 7560 RemoteRegistry - ok
19:55:37.0533 7560 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
19:55:37.0536 7560 RichVideo - ok
19:55:37.0549 7560 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:55:37.0551 7560 RpcEptMapper - ok
19:55:37.0554 7560 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:55:37.0555 7560 RpcLocator - ok
19:55:37.0588 7560 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:55:37.0592 7560 RpcSs - ok
19:55:37.0642 7560 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:55:37.0643 7560 rspndr - ok
19:55:37.0648 7560 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:55:37.0649 7560 SamSs - ok
19:55:37.0672 7560 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:55:37.0674 7560 sbp2port - ok
19:55:37.0692 7560 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:55:37.0695 7560 SCardSvr - ok
19:55:37.0700 7560 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:55:37.0701 7560 scfilter - ok
19:55:37.0781 7560 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
19:55:37.0801 7560 Schedule - ok
19:55:37.0818 7560 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:55:37.0819 7560 SCPolicySvc - ok
19:55:37.0841 7560 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
19:55:37.0845 7560 SDRSVC - ok
19:55:37.0856 7560 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:55:37.0857 7560 secdrv - ok
19:55:37.0871 7560 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
19:55:37.0872 7560 seclogon - ok
19:55:37.0883 7560 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:55:37.0885 7560 SENS - ok
19:55:37.0898 7560 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:55:37.0899 7560 SensrSvc - ok
19:55:37.0916 7560 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:55:37.0917 7560 Serenum - ok
19:55:37.0925 7560 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:55:37.0927 7560 Serial - ok
19:55:37.0932 7560 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:55:37.0934 7560 sermouse - ok
19:55:37.0951 7560 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
19:55:37.0953 7560 SessionEnv - ok
19:55:37.0972 7560 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:55:37.0973 7560 sffdisk - ok
19:55:37.0991 7560 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:55:37.0992 7560 sffp_mmc - ok
19:55:38.0000 7560 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:55:38.0001 7560 sffp_sd - ok
19:55:38.0011 7560 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:55:38.0011 7560 sfloppy - ok
19:55:38.0097 7560 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:55:38.0160 7560 Sftfs - ok
19:55:38.0240 7560 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:55:38.0243 7560 sftlist - ok
19:55:38.0292 7560 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:55:38.0295 7560 Sftplay - ok
19:55:38.0316 7560 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:55:38.0317 7560 Sftredir - ok
19:55:38.0341 7560 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:55:38.0342 7560 Sftvol - ok
19:55:38.0398 7560 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:55:38.0400 7560 sftvsa - ok
19:55:38.0425 7560 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:55:38.0429 7560 SharedAccess - ok
19:55:38.0454 7560 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
19:55:38.0459 7560 ShellHWDetection - ok
19:55:38.0464 7560 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:55:38.0465 7560 SiSRaid2 - ok
19:55:38.0473 7560 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:55:38.0475 7560 SiSRaid4 - ok
19:55:38.0605 7560 sj (4523268768f70049ea95ffdf8354b4fa) C:\AeriaGames\EdenEternal\sjcs64.sys
19:55:38.0606 7560 sj - ok
19:55:38.0826 7560 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:55:38.0886 7560 Skype C2C Service - ok
19:55:38.0965 7560 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:55:38.0967 7560 SkypeUpdate - ok
19:55:39.0015 7560 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:55:39.0017 7560 Smb - ok
19:55:39.0044 7560 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:55:39.0046 7560 SNMPTRAP - ok
19:55:39.0050 7560 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:55:39.0051 7560 spldr - ok
19:55:39.0097 7560 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
19:55:39.0110 7560 Spooler - ok
19:55:39.0256 7560 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
19:55:39.0311 7560 sppsvc - ok
19:55:39.0342 7560 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:55:39.0344 7560 sppuinotify - ok
19:55:39.0402 7560 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:55:39.0418 7560 srv - ok
19:55:39.0453 7560 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:55:39.0457 7560 srv2 - ok
19:55:39.0495 7560 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:55:39.0497 7560 srvnet - ok
19:55:39.0522 7560 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:55:39.0526 7560 SSDPSRV - ok
19:55:39.0545 7560 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:55:39.0546 7560 SstpSvc - ok
19:55:39.0590 7560 Steam Client Service - ok
19:55:39.0596 7560 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:55:39.0597 7560 stexstor - ok
19:55:39.0649 7560 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
19:55:39.0657 7560 stisvc - ok
19:55:39.0668 7560 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:55:39.0669 7560 swenum - ok
19:55:39.0708 7560 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:55:39.0722 7560 swprv - ok
19:55:39.0812 7560 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
19:55:39.0830 7560 SysMain - ok
19:55:39.0900 7560 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
19:55:39.0902 7560 TabletInputService - ok
19:55:40.0203 7560 TabletServicePen (0314b23f5f6661483084b9ce0822d0bf) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
19:55:40.0334 7560 TabletServicePen - ok
19:55:40.0393 7560 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
19:55:40.0398 7560 TapiSrv - ok
19:55:40.0429 7560 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:55:40.0431 7560 TBS - ok
19:55:40.0611 7560 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
19:55:40.0691 7560 Tcpip - ok
19:55:40.0841 7560 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
19:55:40.0851 7560 TCPIP6 - ok
19:55:40.0902 7560 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:55:40.0903 7560 tcpipreg - ok
19:55:40.0918 7560 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:55:40.0919 7560 TDPIPE - ok
19:55:40.0952 7560 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
19:55:40.0953 7560 TDTCP - ok
19:55:40.0976 7560 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:55:40.0977 7560 tdx - ok
19:55:40.0995 7560 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:55:40.0996 7560 TermDD - ok
19:55:41.0036 7560 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
19:55:41.0066 7560 TermService - ok
19:55:41.0083 7560 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:55:41.0085 7560 Themes - ok
19:55:41.0099 7560 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:55:41.0100 7560 THREADORDER - ok
19:55:41.0165 7560 TouchServicePen (be897cae477dd8a149b3db77472af87d) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
19:55:41.0181 7560 TouchServicePen - ok
19:55:41.0200 7560 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:55:41.0202 7560 TrkWks - ok
19:55:41.0243 7560 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
19:55:41.0245 7560 TrustedInstaller - ok
19:55:41.0264 7560 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:55:41.0265 7560 tssecsrv - ok
19:55:41.0291 7560 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:55:41.0294 7560 tunnel - ok
19:55:41.0309 7560 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:55:41.0310 7560 uagp35 - ok
19:55:41.0334 7560 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:55:41.0337 7560 udfs - ok
19:55:41.0349 7560 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:55:41.0351 7560 UI0Detect - ok
19:55:41.0358 7560 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:55:41.0359 7560 uliagpkx - ok
19:55:41.0378 7560 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:55:41.0379 7560 umbus - ok
19:55:41.0394 7560 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:55:41.0395 7560 UmPass - ok
19:55:41.0449 7560 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
19:55:41.0451 7560 Updater Service - ok
19:55:41.0480 7560 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:55:41.0485 7560 upnphost - ok
19:55:41.0527 7560 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
19:55:41.0529 7560 USBAAPL64 - ok
19:55:41.0571 7560 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
19:55:41.0573 7560 usbaudio - ok
19:55:41.0615 7560 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:55:41.0616 7560 usbccgp - ok
19:55:41.0631 7560 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:55:41.0632 7560 usbcir - ok
19:55:41.0663 7560 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
19:55:41.0665 7560 usbehci - ok
19:55:41.0702 7560 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:55:41.0705 7560 usbhub - ok
19:55:41.0715 7560 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
19:55:41.0716 7560 usbohci - ok
19:55:41.0721 7560 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:55:41.0722 7560 usbprint - ok
19:55:41.0753 7560 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:55:41.0755 7560 USBSTOR - ok
19:55:41.0772 7560 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
19:55:41.0773 7560 usbuhci - ok
19:55:41.0777 7560 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:55:41.0779 7560 UxSms - ok
19:55:41.0800 7560 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:55:41.0801 7560 VaultSvc - ok
19:55:41.0818 7560 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:55:41.0819 7560 vdrvroot - ok
19:55:41.0856 7560 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
19:55:41.0869 7560 vds - ok
19:55:41.0884 7560 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:55:41.0885 7560 vga - ok
19:55:41.0903 7560 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:55:41.0904 7560 VgaSave - ok
19:55:41.0917 7560 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:55:41.0919 7560 vhdmp - ok
19:55:41.0923 7560 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:55:41.0924 7560 viaide - ok
19:55:41.0940 7560 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:55:41.0941 7560 volmgr - ok
19:55:41.0971 7560 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:55:41.0976 7560 volmgrx - ok
19:55:42.0019 7560 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:55:42.0095 7560 volsnap - ok
19:55:42.0134 7560 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:55:42.0137 7560 vsmraid - ok
19:55:42.0234 7560 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
19:55:42.0250 7560 VSS - ok
19:55:42.0336 7560 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:55:42.0337 7560 vwifibus - ok
19:55:42.0343 7560 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:55:42.0344 7560 vwififlt - ok
19:55:42.0371 7560 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:55:42.0377 7560 W32Time - ok
19:55:42.0424 7560 wacmoumonitor (8d7d3a085b7b73d178d4c15106f16f3b) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
19:55:42.0425 7560 wacmoumonitor - ok
19:55:42.0440 7560 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
19:55:42.0441 7560 wacommousefilter - ok
19:55:42.0445 7560 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:55:42.0446 7560 WacomPen - ok
19:55:42.0459 7560 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
19:55:42.0460 7560 wacomvhid - ok
19:55:42.0485 7560 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:55:42.0486 7560 WANARP - ok
19:55:42.0490 7560 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:55:42.0491 7560 Wanarpv6 - ok
19:55:42.0601 7560 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:55:42.0638 7560 WatAdminSvc - ok
19:55:42.0711 7560 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
19:55:42.0728 7560 wbengine - ok
19:55:42.0789 7560 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:55:42.0793 7560 WbioSrvc - ok
19:55:42.0844 7560 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
19:55:42.0849 7560 wcncsvc - ok
19:55:42.0870 7560 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:55:42.0872 7560 WcsPlugInService - ok
19:55:42.0877 7560 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:55:42.0878 7560 Wd - ok
19:55:42.0908 7560 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:55:42.0915 7560 Wdf01000 - ok
19:55:42.0923 7560 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:55:42.0925 7560 WdiServiceHost - ok
19:55:42.0929 7560 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:55:42.0930 7560 WdiSystemHost - ok
19:55:42.0983 7560 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
19:55:42.0987 7560 WebClient - ok
19:55:43.0011 7560 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:55:43.0014 7560 Wecsvc - ok
19:55:43.0028 7560 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:55:43.0030 7560 wercplsupport - ok
19:55:43.0040 7560 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:55:43.0043 7560 WerSvc - ok
19:55:43.0052 7560 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:55:43.0053 7560 WfpLwf - ok
19:55:43.0072 7560 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:55:43.0073 7560 WIMMount - ok
19:55:43.0094 7560 WinDefend - ok
19:55:43.0101 7560 WinHttpAutoProxySvc - ok
19:55:43.0139 7560 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:55:43.0143 7560 Winmgmt - ok
19:55:43.0252 7560 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
19:55:43.0302 7560 WinRM - ok
19:55:43.0428 7560 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
19:55:43.0429 7560 WinUsb - ok
19:55:43.0491 7560 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:55:43.0524 7560 Wlansvc - ok
19:55:43.0718 7560 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:55:43.0766 7560 wlidsvc - ok
19:55:43.0818 7560 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:55:43.0819 7560 WmiAcpi - ok
19:55:43.0837 7560 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:55:43.0839 7560 wmiApSrv - ok
19:55:43.0855 7560 WMPNetworkSvc - ok
19:55:43.0881 7560 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:55:43.0883 7560 WPCSvc - ok
19:55:43.0899 7560 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
19:55:43.0901 7560 WPDBusEnum - ok
19:55:43.0918 7560 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:55:43.0919 7560 ws2ifsl - ok
19:55:43.0975 7560 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
19:55:43.0978 7560 wscsvc - ok
19:55:43.0981 7560 WSearch - ok
19:55:44.0118 7560 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:55:44.0163 7560 wuauserv - ok
19:55:44.0202 7560 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:55:44.0204 7560 WudfPf - ok
19:55:44.0226 7560 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:55:44.0228 7560 WUDFRd - ok
19:55:44.0243 7560 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
19:55:44.0245 7560 wudfsvc - ok
19:55:44.0262 7560 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:55:44.0266 7560 WwanSvc - ok
19:55:44.0313 7560 X6va003 - ok
19:55:44.0338 7560 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
19:55:44.0360 7560 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
19:55:44.0360 7560 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
19:55:44.0379 7560 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:55:44.0379 7560 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:55:44.0384 7560 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk3\DR3
19:55:46.0526 7560 \Device\Harddisk3\DR3 - ok
19:55:46.0544 7560 Boot (0x1200) (2b73b44cd2ef0d9b534db59edf0e41c7) \Device\Harddisk0\DR0\Partition0
19:55:46.0546 7560 \Device\Harddisk0\DR0\Partition0 - ok
19:55:46.0549 7560 Boot (0x1200) (37236ce9cb2cb41b0f64d9238f7545e5) \Device\Harddisk0\DR0\Partition1
19:55:46.0550 7560 \Device\Harddisk0\DR0\Partition1 - ok
19:55:46.0556 7560 Boot (0x1200) (32c90da97bca8a8f6e434a76c88465ff) \Device\Harddisk3\DR3\Partition0
19:55:46.0557 7560 \Device\Harddisk3\DR3\Partition0 - ok
19:55:46.0558 7560 ============================================================
19:55:46.0558 7560 Scan finished
19:55:46.0558 7560 ============================================================
19:55:46.0575 6964 Detected object count: 3
19:55:46.0575 6964 Actual detected object count: 3
19:55:58.0145 6964 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:55:58.0145 6964 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:55:58.0622 6964 \Device\Harddisk0\DR0\# - copied to quarantine
19:55:58.0623 6964 \Device\Harddisk0\DR0 - copied to quarantine
19:55:58.0649 6964 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
19:55:58.0651 6964 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
19:55:58.0654 6964 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:55:58.0659 6964 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:55:58.0667 6964 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
19:55:58.0676 6964 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
19:55:58.0677 6964 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
19:55:58.0678 6964 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
19:55:58.0679 6964 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
19:55:58.0680 6964 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
19:55:58.0682 6964 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
19:55:58.0683 6964 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
19:55:58.0684 6964 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
19:55:58.0685 6964 \Device\Harddisk0\DR0 - ok
19:55:59.0031 6964 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
19:55:59.0031 6964 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:55:59.0031 6964 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:56:24.0234 4280 Deinitialize success

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:24 PM

Posted 19 July 2012 - 07:10 PM

Hi,

Please re-run TDSSKiller and let me know if you can select a "cure" option for these entries

19:55:59.0031 6964 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:55:59.0031 6964 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

if so, please allow TDSSKiller to cure

post the resulting log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 CJ Photo

CJ Photo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 19 July 2012 - 07:20 PM

The only options i have for the two entries that come up are:

Skip
Copy to Quarantine
Delete

I've left TDSSKiller open at that step until I hear back from you.

thanks!

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:24 PM

Posted 19 July 2012 - 07:27 PM

ok, just skip them, thanks

please run the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 CJ Photo

CJ Photo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 20 July 2012 - 05:45 AM

The malware bytes scan returned no threats found, though I've still attached the log file below. The ESET scan was unfortunately interrupted overnight by a microsoft update reload of the PC. It had scanned for over 2 hours before I went to bed and found several threats. I am rerunning the scan before I leave for work today and will post the results when I get home this evening.

Thank you!

MalewareBytes log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.15

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Taylor :: TAYLOR-PC [administrator]

7/19/2012 8:30:35 PM
mbam-log-2012-07-19 (20-30-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198821
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:24 PM

Posted 20 July 2012 - 06:15 AM

ok, thank-you

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CJ Photo

CJ Photo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 20 July 2012 - 03:25 PM

Ok...here are the results from the ESET scan:

C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
C:\FRST\Quarantine\{71a442af-ae72-9f78-c417-cf42c98cd53b}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{71a442af-ae72-9f78-c417-cf42c98cd53b}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{71a442af-ae72-9f78-c417-cf42c98cd53b}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{71a442af-ae72-9f78-c417-cf42c98cd53b}\U\80000064.@ Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\SysWOW64\config\systemprofile\0.47002019164138864.exe.vir a variant of Win32/TrojanProxy.Agent.NIS trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_19.54.59\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_19.54.59\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_19.54.59\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_19.54.59\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_19.54.59\mbr0000\tdlfs0000\tsk0004.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_19.54.59\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_19.54.59\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_19.54.59\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Default\aaecommkfogcifkemmdcjejdgiaejlid\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VX3M780A\Is-it-bad-to-wear-flip-flops-on-a-plane-436994[1].htm HTML/IFrame.M trojan cleaned by deleting - quarantined
C:\Users\Taylor\AppData\Local\{B339139C-8429-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\frumtel.dll a variant of Win32/TrojanProxy.Agent.NIS trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\{71a442af-ae72-9f78-c417-cf42c98cd53b}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\{B339139C-8429-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:24 PM

Posted 20 July 2012 - 03:47 PM

Please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT


Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 CJ Photo

CJ Photo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 20 July 2012 - 09:24 PM

I was able to update Adobe reader and Java. I was also finally able to install the McAfee Security package and run windows updated. So, I think it's safe to say we are about as close to 100% as we can hope to be at this point.

Thank you so much for the awesome help! You completely rock! I was blown away by the speed and quality of your responses!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users