Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Combofix, now unable to connect to network


  • This topic is locked This topic is locked
11 replies to this topic

#1 Nthdoctor

Nthdoctor

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 15 September 2012 - 04:29 PM

I was recently infected with the Live Security Platinum malware and took steps to remove it. After removal, Microsoft Security Essentials could not be started, saying The specified service does not exist as an installed service. On another site, I was told to run Combofix to try and correct the problem. Once I ran it, the problem waqs not fixed AND I am now unable to connection to my internet connection. I know there is no problems with the modem, as plugging directly into my laptop shows there is no problem with the connection. So now I am stuck and have received no assistance at the other site and thought I would see if I could get assistance here. I am currently running Windows Vista 64 bit. The internet connection shows as an unidentified network with access to Local Only. Here is the Log from Combofix. Thanks for any assistance.

ComboFix 12-09-14.03 - Owner 09/15/2012 9:19.1.6 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8173.6762 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\izipiz.dll
c:\users\Owner\Desktop\Comics\Transmetropolitan_Complete_Collection_CBR\_desktop.ini
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 10:05 . 2012-09-15 10:06 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-09-15 10:04 . 2012-09-15 10:04 -------- d-----w- C:\RegBackup
2012-09-15 10:03 . 2012-09-15 10:05 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-15 10:03 . 2012-09-15 10:03 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-09-15 04:57 . 2012-09-15 04:57 -------- d-----w- c:\program files (x86)\ESET
2012-09-15 04:46 . 2012-09-15 04:46 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-09-15 04:37 . 2012-09-15 04:46 -------- d-----w- c:\programdata\HitmanPro
2012-09-15 02:05 . 2012-09-15 03:31 -------- d-----w- c:\programdata\82C6692C00547533E7D4717B2F3B707C
2012-09-15 01:35 . 2012-09-15 13:10 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-09-15 01:35 . 2012-09-15 13:27 -------- d-----w- c:\program files (x86)\Steam
2012-08-29 00:11 . 2012-08-29 00:11 -------- d-----w- c:\windows\Sun
2012-08-24 22:59 . 2012-08-24 22:59 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-08-24 22:59 . 2012-08-24 22:59 -------- d-----w- c:\program files\DivX
2012-08-24 22:59 . 2012-08-24 22:59 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-08-24 22:58 . 2012-08-24 22:59 -------- d-----w- c:\program files (x86)\DivX
2012-08-24 22:53 . 2012-08-24 22:53 -------- d-----w- c:\program files (x86)\Turbine
2012-08-24 22:52 . 2012-08-24 22:52 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-08-24 22:52 . 2012-08-24 22:52 -------- d-----w- c:\program files (x86)\Real
2012-08-24 22:52 . 2012-08-24 22:52 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-24 22:52 . 2012-08-24 22:52 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-24 22:38 . 2012-08-24 22:38 -------- d-----w- c:\program files (x86)\mkv2vob
2012-08-24 22:38 . 2012-08-24 22:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-24 22:29 . 2012-08-24 22:29 -------- d-----w- c:\program files (x86)\uTorrent
2012-08-24 22:25 . 2012-08-24 22:25 -------- d-----w- c:\program files (x86)\MP3 Skype Recorder
2012-08-24 22:20 . 2012-08-24 22:20 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-24 22:20 . 2012-08-24 22:20 -------- d-----r- c:\program files (x86)\Skype
2012-08-24 22:15 . 2012-08-24 22:16 -------- d-----w- c:\program files (x86)\rftg
2012-08-24 22:13 . 2012-08-24 22:13 -------- d-----w- c:\program files (x86)\Propaganda
2012-08-24 22:11 . 2012-08-24 22:11 -------- d-----w- c:\program files (x86)\Mp3tag
2012-08-24 22:09 . 2012-08-24 22:09 -------- d-----w- c:\program files (x86)\Ken Ward's Zipper
2012-08-24 22:07 . 2012-08-24 22:08 -------- d-----w- c:\program files (x86)\Free M4a to MP3 Converter
2012-08-24 22:01 . 2012-08-24 22:02 -------- d-----w- c:\program files (x86)\CDisplay
2012-08-24 21:39 . 2008-01-21 02:47 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
2012-08-24 20:35 . 2012-08-24 20:37 -------- d-----w- c:\program files\Pale Moon
2012-08-24 12:26 . 2010-05-14 17:36 2108 ----a-w- C:\The PC TuneUp x64.bat
2012-08-23 19:38 . 2008-09-05 02:37 67584 ----a-w- c:\windows\system32\drivers\RTSTOR64.sys
2012-08-23 19:38 . 2008-05-06 21:41 6416928 ----a-w- c:\windows\system\DriveIcon.dll
2012-08-23 19:37 . 2012-08-23 19:37 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-08-23 19:34 . 2012-08-23 19:35 -------- d-----w- c:\program files (x86)\LibreOffice 3.6
2012-08-23 19:31 . 2012-08-23 19:31 -------- d-----w- c:\windows\en
2012-08-23 19:31 . 2012-08-23 19:31 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-08-23 19:30 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-08-23 19:30 . 2012-08-23 19:30 -------- d-----w- c:\windows\PCHEALTH
2012-08-23 19:30 . 2012-08-23 19:30 -------- d-----w- c:\program files\Windows Live
2012-08-23 19:28 . 2012-08-23 19:28 -------- d-----w- c:\program files (x86)\VideoLAN
2012-08-23 19:28 . 2012-08-23 19:28 -------- d-----w- c:\program files\Unlocker
2012-08-23 19:26 . 2012-08-23 19:26 -------- d-----w- c:\program files\TeraCopy
2012-08-23 19:23 . 2012-08-23 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-23 19:23 . 2012-08-23 19:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-23 19:23 . 2012-08-23 19:23 -------- d-----w- c:\programdata\SUPERSetup
2012-08-23 19:22 . 2012-08-24 20:40 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-08-23 19:13 . 2009-09-30 15:33 24576 ----a-w- c:\windows\SysWow64\AsIO.dll
2012-08-23 19:13 . 2009-08-04 14:28 13440 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
2012-08-23 19:13 . 2009-07-06 14:48 13368 ----a-w- c:\windows\SysWow64\drivers\AsUpIO.sys
2012-08-23 19:13 . 2012-08-23 19:38 -------- d-----w- c:\program files (x86)\InstallShield Installation Information
2012-08-23 19:13 . 2012-08-23 19:13 -------- d-----w- c:\program files (x86)\ASUS
2012-08-23 19:13 . 2012-08-23 19:13 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-08-23 19:12 . 2012-08-23 19:12 -------- d-----w- c:\program files\7-Zip
2012-08-23 19:08 . 2012-09-15 04:30 -------- d-----w- c:\program files (x86)\SpeedFan
2012-08-23 19:07 . 2012-08-23 19:07 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-08-23 18:56 . 2012-08-24 22:59 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-08-23 18:54 . 2012-09-15 02:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-23 18:54 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-23 18:53 . 2012-08-23 18:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-23 18:52 . 2012-08-23 18:52 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-23 18:52 . 2012-08-23 18:52 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-23 18:52 . 2012-08-23 18:52 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-23 18:52 . 2012-08-23 18:52 -------- d-----w- c:\program files (x86)\Java
2012-08-23 18:51 . 2012-08-23 18:51 289768 ----a-w- c:\windows\system32\javaws.exe
2012-08-23 18:51 . 2012-08-23 18:51 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-23 18:51 . 2012-08-23 18:51 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-23 18:51 . 2012-08-23 18:51 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-08-23 18:51 . 2012-08-23 18:51 189416 ----a-w- c:\windows\system32\javaw.exe
2012-08-23 18:51 . 2012-08-23 18:51 188904 ----a-w- c:\windows\system32\java.exe
2012-08-23 18:51 . 2012-08-23 18:51 -------- d-----w- c:\program files\Java
2012-08-23 18:47 . 2012-08-23 18:47 -------- d-----w- c:\program files (x86)\Google
2012-08-23 18:34 . 2012-08-23 18:34 -------- d-----w- c:\program files\GIMP 2
2012-08-23 18:27 . 2012-08-23 18:27 -------- d-----w- c:\program files (x86)\GPLGS
2012-08-23 18:27 . 2012-08-23 18:27 -------- d-----w- c:\program files (x86)\Acro Software
2012-08-23 18:27 . 2012-03-11 18:56 86608 ----a-w- c:\windows\system32\cpwmon64.dll
2012-08-23 18:26 . 2012-08-23 18:26 -------- d-----w- c:\program files (x86)\CDBurnerXP
2012-08-23 18:24 . 2012-08-24 20:39 -------- d-----w- c:\program files\CCleaner
2012-08-23 18:22 . 2012-08-23 18:22 -------- d-----w- c:\program files (x86)\BurnAware Free
2012-08-23 18:21 . 2012-08-23 18:21 -------- d-----w- c:\program files (x86)\Auslogics
2012-08-23 18:19 . 2012-08-23 18:19 -------- d-----w- c:\program files (x86)\Argente Software
2012-08-23 18:12 . 2012-08-23 18:12 -------- d-----w- c:\programdata\Raxco
2012-08-23 18:12 . 2012-09-15 04:28 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-23 18:10 . 2012-08-23 18:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-08-23 18:10 . 2012-08-23 18:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-08-23 18:10 . 2012-08-23 18:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-08-23 18:10 . 2012-08-23 18:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-08-23 18:10 . 2012-08-23 18:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-08-23 18:10 . 2012-08-23 18:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-08-23 18:10 . 2012-08-23 18:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-08-23 18:10 . 2012-08-23 18:10 -------- d-----w- c:\program files (x86)\QuickTime
2012-08-23 18:07 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-23 18:07 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-23 18:07 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-23 18:07 . 2012-08-23 18:07 -------- d-----w- c:\program files\iPod
2012-08-23 18:06 . 2012-08-23 18:07 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-08-23 18:06 . 2012-08-23 18:07 -------- d-----w- c:\program files\iTunes
2012-08-23 18:06 . 2012-08-23 18:07 -------- d-----w- c:\program files (x86)\iTunes
2012-08-23 18:06 . 2012-08-23 18:06 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-08-23 18:06 . 2012-08-23 18:06 -------- d-----w- c:\program files\Common Files\Apple
2012-08-23 18:06 . 2012-08-23 18:06 -------- d-----w- c:\program files\Bonjour
2012-08-23 18:06 . 2012-08-23 18:06 -------- d-----w- c:\program files (x86)\Bonjour
2012-08-23 18:06 . 2012-08-23 18:06 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-08-23 18:04 . 2012-08-23 18:04 -------- d-----w- c:\windows\SysWow64\Adobe
2012-08-23 18:03 . 2012-08-23 18:03 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 18:03 . 2012-08-23 18:03 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-23 18:03 . 2012-08-23 18:04 -------- d-----w- c:\windows\SysWow64\Macromed
2012-08-23 18:03 . 2012-08-23 18:03 -------- d-----w- c:\windows\system32\Macromed
2012-08-23 18:01 . 2012-08-23 18:01 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-08-23 15:29 . 2012-08-23 15:29 -------- d-----w- c:\program files (x86)\Western Digital Corporation
2012-08-23 08:31 . 2012-08-24 12:26 -------- d-----w- C:\Vent
2012-08-23 08:14 . 2012-08-24 12:56 -------- d-----w- c:\users\Public\Sony Online Entertainment
2012-08-23 08:07 . 2012-08-24 12:56 -------- d-----w- c:\users\Public\Games
2012-08-23 06:23 . 2012-08-24 13:02 -------- d-----w- c:\programdata\AVAST Software
2012-08-23 06:23 . 2012-08-23 06:23 -------- d-----w- c:\programdata\Apple Computer
2012-08-23 06:23 . 2012-08-23 06:23 -------- d-----w- c:\programdata\Apple
2012-08-23 06:23 . 2012-08-23 06:23 -------- d-----w- c:\programdata\!SASCORE
2012-08-23 06:03 . 2012-08-24 12:26 -------- d-----w- C:\Netgear
2012-08-23 06:03 . 2012-08-24 12:44 -------- d-----w- C:\found.000
2012-08-23 06:03 . 2012-08-24 12:26 -------- d-----w- C:\google
2012-08-23 06:03 . 2012-08-23 06:03 -------- d-----w- C:\Intel
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 07:00 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
2012-07-28 02:47 . 2012-07-28 02:47 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-28 02:47 . 2012-07-28 02:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-28 02:47 . 2012-07-28 02:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-28 02:47 . 2012-07-28 02:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-28 02:47 . 2012-07-28 02:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-28 02:46 . 2012-07-28 02:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-28 02:46 . 2012-07-28 02:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-28 02:44 . 2012-07-28 02:44 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-28 02:44 . 2012-07-28 02:44 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-27 02:14 . 2012-06-27 02:14 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"MP3 Skype Recorder"="c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-18 1975296]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-08-24 896400]
"Spotify Web Helper"="c:\users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-24 1193176]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-09-15 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-08-24 296096]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-24 26909544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2012-3-26 4656632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250568]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 18:03]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752501086-1229908396-1445059127-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 01:02]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752501086-1229908396-1445059127-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 01:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\Microsoft Office\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bjnzy427.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MsMpSvc
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
.
**************************************************************************
.
Completion time: 2012-09-15 09:31:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-15 13:31
.
Pre-Run: 289,861,419,008 bytes free
Post-Run: 290,375,933,952 bytes free
.
- - End Of File - - 12AFE7FACC33F2C3357755AE28D65E6B

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:18 PM

Posted 17 September 2012 - 01:32 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Using a good computer download these tools to a CD or Flash drive and copy the downloaded files to the Desktop of the problem computer.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
Click Go and copy/paste the log (Result.txt) into your next post.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Please post the logs for my review.

#3 Nthdoctor

Nthdoctor
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 17 September 2012 - 07:27 PM

Thank you so much for the assistance! Here are the logs you requested in order. DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
Run by Owner at 20:15:13 on 2012-09-17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8173.6754 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Spotify Web Helper] "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SpeedFan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\Microsoft Office\Office10\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bjnzy427.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-23 250568]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-23 114144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-11 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-09-15 13:31:37 -------- d-----w- C:\Users\Owner\AppData\Local\temp
2012-09-15 13:27:57 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-15 13:17:57 98816 ----a-w- C:\Windows\sed.exe
2012-09-15 13:17:57 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-15 13:17:57 256000 ----a-w- C:\Windows\PEV.exe
2012-09-15 13:17:57 208896 ----a-w- C:\Windows\MBR.exe
2012-09-15 10:06:02 806 ----a-w- C:\temp938.bat
2012-09-15 10:04:12 -------- d-----w- C:\RegBackup
2012-09-15 10:03:16 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-15 10:03:12 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-09-15 04:57:54 -------- d-----w- C:\Program Files (x86)\ESET
2012-09-15 04:46:39 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-09-15 04:37:31 -------- d-----w- C:\ProgramData\HitmanPro
2012-09-15 02:16:37 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-15 02:06:12 -------- d-----w- C:\Users\Owner\AppData\Local\{EE837407-FED9-11E1-8271-B8AC6F996F26}
2012-09-15 02:05:44 -------- d-----w- C:\ProgramData\82C6692C00547533E7D4717B2F3B707C
2012-09-15 01:35:28 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-09-15 01:35:27 -------- d-----w- C:\Program Files (x86)\Steam
2012-09-14 00:00:39 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A57B1C08-A856-4428-B7B3-CE239C0AFFE0}\mpengine.dll
2012-09-12 23:36:44 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-24 22:59:34 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-08-24 22:59:18 -------- d-----w- C:\Program Files\DivX
2012-08-24 22:59:16 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2012-08-24 22:58:30 -------- d-----w- C:\Program Files (x86)\DivX
2012-08-24 22:53:28 -------- d-----w- C:\Program Files (x86)\Turbine
2012-08-24 22:52:49 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-08-24 22:52:32 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-08-24 22:52:32 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-08-24 22:38:32 -------- d-----w- C:\Program Files (x86)\mkv2vob
2012-08-24 22:38:23 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-24 22:29:41 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-08-24 22:25:35 -------- d-----w- C:\Program Files (x86)\MP3 Skype Recorder
2012-08-24 22:20:54 -------- d-----r- C:\Program Files (x86)\Skype
2012-08-24 22:15:19 -------- d-----w- C:\Program Files (x86)\rftg
2012-08-24 22:13:01 -------- d-----w- C:\Program Files (x86)\Propaganda
2012-08-24 22:11:49 -------- d-----w- C:\Program Files (x86)\Mp3tag
2012-08-24 22:09:42 -------- d-----w- C:\Program Files (x86)\Ken Ward's Zipper
2012-08-24 22:07:06 -------- d-----w- C:\Program Files (x86)\Free M4a to MP3 Converter
2012-08-24 22:01:56 -------- d-----w- C:\Program Files (x86)\CDisplay
2012-08-24 21:43:07 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia
2012-08-24 21:39:02 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
2012-08-24 21:13:43 -------- d-----w- C:\Users\Owner\AppData\Roaming\Auslogics
2012-08-24 20:35:31 -------- d-----w- C:\Program Files\Pale Moon
2012-08-24 14:58:34 29184 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2012-08-24 13:03:05 254216 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll
2012-08-24 13:03:05 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-24 13:03:05 15616 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll
2012-08-24 12:26:30 2108 ----a-w- C:\The PC TuneUp x64.bat
2012-08-23 19:38:57 67584 ----a-w- C:\Windows\System32\drivers\RTSTOR64.sys
2012-08-23 19:38:57 6416928 ----a-w- C:\Windows\system\DriveIcon.dll
2012-08-23 19:37:47 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2012-08-23 19:37:46 -------- d-----w- C:\Users\Owner\AppData\Local\SlimWare Utilities Inc
2012-08-23 19:36:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\LibreOffice
2012-08-23 19:34:36 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.6
2012-08-23 19:31:50 -------- d-----w- C:\Windows\en
2012-08-23 19:31:13 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-08-23 19:30:42 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-08-23 19:30:38 -------- d-----w- C:\Windows\PCHEALTH
2012-08-23 19:28:40 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-08-23 19:28:00 -------- d-----w- C:\Program Files\Unlocker
2012-08-23 19:27:19 -------- d-----w- C:\Users\Owner\AppData\Roaming\TeraCopy
2012-08-23 19:26:10 -------- d-----w- C:\Program Files\TeraCopy
2012-08-23 19:24:36 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-08-23 19:23:31 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-08-23 19:23:31 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-08-23 19:23:22 -------- d-----w- C:\ProgramData\SUPERSetup
2012-08-23 19:22:08 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-08-23 19:15:53 -------- d-----w- C:\Windows\pss
2012-08-23 19:13:19 24576 ----a-w- C:\Windows\SysWow64\AsIO.dll
2012-08-23 19:13:19 13440 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys
2012-08-23 19:13:19 13368 ----a-w- C:\Windows\SysWow64\drivers\AsUpIO.sys
2012-08-23 19:13:16 -------- d-----w- C:\Program Files (x86)\ASUS
2012-08-23 19:13:10 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-08-23 19:13:10 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-08-23 19:13:10 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-08-23 19:13:10 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-08-23 19:13:09 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-08-23 19:08:48 -------- d-----w- C:\Program Files (x86)\SpeedFan
2012-08-23 19:07:18 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-08-23 18:54:04 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-23 18:54:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-23 18:52:10 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-23 18:52:10 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-23 18:52:07 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-23 18:51:24 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-08-23 18:51:24 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-08-23 18:51:21 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-08-23 18:47:16 -------- d-----w- C:\Users\Owner\AppData\Local\Google
2012-08-23 18:35:59 -------- d-----w- C:\Users\Owner\AppData\Local\fontconfig
2012-08-23 18:35:58 -------- d-----w- C:\Users\Owner\AppData\Local\gegl-0.2
2012-08-23 18:35:58 -------- d-----w- C:\Users\Owner\.gimp-2.8
2012-08-23 18:34:22 -------- d-----w- C:\Program Files\GIMP 2
2012-08-23 18:27:49 -------- d-----w- C:\Program Files (x86)\GPLGS
2012-08-23 18:27:08 86608 ----a-w- C:\Windows\System32\cpwmon64.dll
2012-08-23 18:27:08 -------- d-----w- C:\Program Files (x86)\Acro Software
2012-08-23 18:24:20 -------- d-----w- C:\Program Files\CCleaner
2012-08-23 18:22:08 -------- d-----w- C:\Program Files (x86)\BurnAware Free
2012-08-23 18:21:41 -------- d-----w- C:\Program Files (x86)\Auslogics
2012-08-23 18:19:17 -------- d-----w- C:\Program Files (x86)\Argente Software
2012-08-23 18:10:43 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-08-23 18:10:43 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-08-23 18:10:43 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-08-23 18:10:43 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-08-23 18:10:43 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-08-23 18:10:43 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-08-23 18:10:43 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-08-23 18:07:18 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-08-23 18:07:18 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-23 18:07:18 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-23 18:07:00 -------- d-----w- C:\Program Files\iPod
2012-08-23 18:06:59 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-08-23 18:06:59 -------- d-----w- C:\Program Files\iTunes
2012-08-23 18:06:59 -------- d-----w- C:\Program Files (x86)\iTunes
2012-08-23 18:06:53 -------- d-----w- C:\Users\Owner\AppData\Local\Apple
2012-08-23 18:06:39 -------- d-----w- C:\Program Files\Bonjour
2012-08-23 18:06:39 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-08-23 18:04:25 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-08-23 18:03:30 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 18:03:30 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-23 15:29:12 -------- d-----w- C:\Program Files (x86)\Western Digital Corporation
2012-08-23 14:51:10 -------- d-----w- C:\Users\Owner\AppData\Roaming\HD Tune Pro
2012-08-23 08:31:04 -------- d-----w- C:\Vent
2012-08-23 08:06:38 -------- d-----w- C:\Users\Owner\VASSAL
2012-08-23 08:06:38 -------- d-----w- C:\Users\Owner\Tracing
2012-08-23 08:06:36 -------- d-----w- C:\Users\Owner\Program Files
2012-08-23 07:25:55 -------- d-----r- C:\Users\Owner\Dropbox
2012-08-23 06:55:38 -------- d-----w- C:\Users\Owner\AppData\Roaming\uTorrent
2012-08-23 06:55:34 -------- d-----w- C:\Users\Owner\AppData\Roaming\Spotify
2012-08-23 06:55:19 -------- d-----w- C:\Users\Owner\AppData\Roaming\Mp3tag
2012-08-23 06:55:19 -------- d-----w- C:\Users\Owner\AppData\Roaming\MP3SkypeRecorder
2012-08-23 06:55:14 -------- d-----w- C:\Users\Owner\AppData\Roaming\Moonchild Productions
2012-08-23 06:55:12 -------- d-----w- C:\Users\Owner\AppData\Roaming\MixMeister Technology
2012-08-23 06:49:53 -------- d-----w- C:\Users\Owner\AppData\Local\Spotify
2012-08-23 06:49:53 -------- d-----w- C:\Users\Owner\AppData\Local\PMB Files
2012-08-23 06:49:46 -------- d-----w- C:\Users\Owner\AppData\Local\NCSoft
2012-08-23 06:44:03 -------- d-----w- C:\Users\Owner\AppData\Local\Mozilla
2012-08-23 06:44:02 -------- d-----w- C:\Users\Owner\AppData\Local\Moonchild Productions
2012-08-23 06:44:01 -------- d-----w- C:\Users\Owner\AppData\Local\Microsoft Games
2012-08-23 06:41:31 -------- d-----w- C:\Users\Owner\AppData\Local\Microsoft
2012-08-23 06:37:39 -------- d-----w- C:\Users\Owner\AppData\Local\DDMSettings
2012-08-23 06:37:39 -------- d-----w- C:\Users\Owner\AppData\Local\Conduit
2012-08-23 06:37:38 -------- d-----w- C:\Users\Owner\AppData\Local\assembly
2012-08-23 06:37:31 -------- d-----w- C:\Users\Owner\AppData\Local\Apps
2012-08-23 06:37:31 -------- d-----w- C:\Users\Owner\AppData\Local\ApplicationHistory
2012-08-23 06:37:25 -------- d-----w- C:\Users\Owner\AppData\Local\Apple Computer
2012-08-23 06:37:25 -------- d-----w- C:\Users\Owner\AppData\Local\Alexander_Nikiforov
2012-08-23 06:37:24 -------- d-----w- C:\Users\Owner\AppData\Local\Adobe
2012-08-23 06:37:24 -------- d-----w- C:\Users\Owner\.thumbnails
2012-08-23 06:37:21 -------- d-----w- C:\Users\Owner\.maptool
2012-08-23 06:37:21 -------- d-----w- C:\Users\Owner\.gimp-2.6
2012-08-23 06:23:50 -------- d-----w- C:\ProgramData\AVAST Software
2012-08-23 06:23:37 -------- d-----w- C:\ProgramData\!SASCORE
2012-08-23 06:03:24 -------- d-----w- C:\Netgear
2012-08-23 06:03:23 -------- d-----w- C:\Intel
2012-08-23 06:03:23 -------- d-----w- C:\Graphics
2012-08-23 06:03:23 -------- d-----w- C:\google
2012-08-23 06:03:23 -------- d-----w- C:\found.000
2012-08-23 06:03:22 -------- d-----w- C:\Drivers
2012-08-23 05:40:08 -------- d-----w- C:\Documents
2012-08-23 05:40:05 -------- d-----w- C:\Defragmenting Software
2012-08-23 05:39:55 -------- d-----w- C:\cabs
2012-08-23 02:58:14 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
2012-08-23 02:57:32 -------- d-----w- C:\Program Files (x86)\Common Files\L&H
2012-08-22 22:03:03 -------- d-----w- C:\Windows\Panther
2012-08-22 22:02:49 -------- d-----w- C:\Boot
2012-08-22 21:44:29 -------- d-----w- C:\Users\Owner\AppData\Local\AMD
2012-08-22 21:44:05 -------- d-----w- C:\Users\Owner\AppData\Local\ATI
2012-08-22 21:09:58 -------- d-----w- C:\Program Files (x86)\MSECache
2012-08-22 20:56:35 53248 ----a-w- C:\Windows\SysWow64\SSUBTMR6.DLL
2012-08-22 20:56:35 218432 ----a-w- C:\Windows\SysWow64\RICHTX32.OCX
2012-08-22 20:56:34 614992 ----a-w- C:\Windows\SysWow64\COMCTL32.OCX
2012-08-22 20:56:34 155984 ----a-w- C:\Windows\SysWow64\COMDLG32.OCX
2012-08-22 20:56:34 10752 ----a-w- C:\Windows\SysWow64\aamd532.dll
2012-08-22 20:56:34 1069376 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-08-22 20:46:47 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-08-22 20:46:47 59808 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll
2012-08-22 20:46:47 34720 ----a-w- C:\Windows\System32\LMIport.dll
2012-08-22 20:46:46 80800 ----a-w- C:\Windows\System32\LMIinit.dll
2012-08-22 20:34:11 -------- d-----w- C:\Program Files\Windows Portable Devices
2012-08-22 20:34:11 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
2012-08-22 20:15:58 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2012-08-22 20:15:58 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2012-08-22 20:15:57 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-08-22 20:15:57 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-08-22 20:15:51 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-08-22 20:15:51 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-08-22 20:07:54 -------- d-----w- C:\Users\Owner\AppData\Local\Windows Live
2012-08-22 20:07:52 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-08-22 20:05:34 754688 ----a-w- C:\Windows\SysWow64\webservices.dll
2012-08-22 20:05:34 1103872 ----a-w- C:\Windows\System32\webservices.dll
2012-08-22 19:59:51 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC40FB23-EF50-421A-9DF6-6AB8263EE88C}\gapaengine.dll
2012-08-22 19:57:49 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-08-22 19:57:47 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-08-22 19:56:16 345984 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 19:51:41 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-08-22 19:51:41 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-08-22 19:51:41 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-08-22 19:51:41 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-08-22 19:51:41 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-08-22 19:51:41 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-08-22 19:51:41 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-08-22 19:51:41 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-08-22 19:51:41 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-08-22 19:51:41 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-08-22 19:48:29 32768 ----a-w- C:\Windows\System32\nshhttp.dll
2012-08-22 19:48:29 24064 ----a-w- C:\Windows\SysWow64\nshhttp.dll
2012-08-22 19:48:28 620032 ----a-w- C:\Windows\System32\drivers\http.sys
2012-08-22 19:48:28 33792 ----a-w- C:\Windows\System32\httpapi.dll
2012-08-22 19:48:28 30720 ----a-w- C:\Windows\SysWow64\httpapi.dll
2012-08-22 19:45:06 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-08-22 19:39:09 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2012-08-22 19:39:09 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
2012-08-22 19:39:09 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2012-08-22 19:39:09 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2012-08-22 19:39:09 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2012-08-22 19:39:09 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
2012-08-22 19:38:48 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-08-22 19:38:48 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-08-22 19:38:48 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-08-22 19:38:48 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-22 19:38:48 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-22 19:38:48 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-08-22 19:38:48 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-08-22 19:36:32 -------- d-----w- C:\Program Files\CONEXANT
2012-08-22 19:35:11 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2012-08-22 19:35:11 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2012-08-22 19:35:11 171008 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2012-08-22 19:35:11 168960 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2012-08-22 19:33:59 68096 ----a-w- C:\Program Files\Windows Mail\wabmig.exe
2012-08-22 19:31:42 855040 ----a-w- C:\Windows\System32\schedsvc.dll
2012-08-22 19:31:42 655872 ----a-w- C:\Windows\System32\taskschd.dll
2012-08-22 19:31:41 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2012-08-22 19:31:41 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2012-08-22 19:31:41 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll
2012-08-22 19:31:41 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2012-08-22 19:31:41 267776 ----a-w- C:\Windows\System32\taskeng.exe
2012-08-22 19:31:41 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
2012-08-22 19:23:40 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-22 19:19:06 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-08-22 19:19:01 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-08-22 19:19:01 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-08-22 19:18:59 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-08-22 19:18:59 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-08-22 19:18:59 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-08-22 19:18:59 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-08-22 19:14:07 56448 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2012-08-22 19:02:23 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-08-22 19:02:02 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2012-08-22 19:02:02 -------- d-----w- C:\ProgramData\AMD
2012-08-22 18:52:26 -------- d-----w- C:\Windows\SysWow64\spool
2012-08-22 18:50:38 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
2012-08-22 18:49:50 792576 ----a-w- C:\Windows\System32\d3d11.dll
2012-08-22 18:47:34 -------- d-----w- C:\Users\Owner\AppData\Local\WindowsForUs
2012-08-22 18:47:15 51712 ----a-w- C:\Program Files\Common Files\System\uninstall.exe
2012-08-22 18:47:13 -------- d-----w- C:\Program Files\WinBubble
2012-08-22 18:29:38 -------- d-----w- C:\Program Files (x86)\EASEUS
2012-08-22 18:23:56 0 ----a-w- C:\Windows\ativpsrm.bin
2012-08-22 18:18:11 47104 ----a-w- C:\Windows\System32\RHCoInst64.dll
2012-08-22 18:18:11 304640 ----a-w- C:\Windows\System32\RH3DHT64.dll
2012-08-22 18:18:11 304640 ----a-w- C:\Windows\System32\RH3DAA64.dll
2012-08-22 18:18:11 202016 ----a-w- C:\Windows\System32\drivers\RtHDMIVX.sys
2012-08-22 18:18:11 1596416 ----a-w- C:\Windows\System32\RtkHDM64.dll
2012-08-22 18:18:11 1270784 ----a-w- C:\Windows\System32\RHDMEx64.dll
2012-08-22 18:17:48 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-08-22 18:15:53 -------- d-----w- C:\Windows\SysWow64\RTCOM
.
==================== Find3M ====================
.
2012-08-22 18:50:38 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2012-08-22 18:49:50 519680 ----a-w- C:\Windows\SysWow64\d3d11.dll
2012-08-22 18:49:50 449024 ----a-w- C:\Windows\System32\WMPhoto.dll
2012-08-22 18:49:50 369664 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2012-08-22 18:49:50 328192 ----a-w- C:\Windows\System32\dxdiag.exe
2012-08-22 18:49:50 321024 ----a-w- C:\Windows\SysWow64\PhotoMetadataHandler.dll
2012-08-22 18:49:50 262656 ----a-w- C:\Windows\System32\dxdiagn.dll
2012-08-22 18:49:50 252928 ----a-w- C:\Windows\SysWow64\dxdiag.exe
2012-08-22 18:49:50 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2012-08-22 18:49:50 195584 ----a-w- C:\Windows\SysWow64\dxdiagn.dll
2012-08-22 18:49:50 189440 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2012-08-22 18:49:50 1209856 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2012-08-22 18:49:49 974848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2012-08-22 18:49:49 411648 ----a-w- C:\Windows\System32\PhotoMetadataHandler.dll
2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll
2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-28 02:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-28 02:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-28 02:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-28 02:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-28 02:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-28 02:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-28 02:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-28 02:44:56 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-07-28 02:44:42 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll
2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-07-28 01:13:08 45056 ----a-w- C:\Windows\System32\atitmp64.dll
2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-06-27 02:14:52 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 20:15:36.87 ===============

MiniToolBox:
MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 17-09-2012 at 20:17:51
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : M5A78L-M_LX_PLU
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : C8-60-00-9C-35-BE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::88e9:3afd:79a4:ce89%10(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.206.137(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 180903936
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-C6-DA-B6-C8-60-00-9C-35-BE
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2774F3A4-C4D1-4E36-B1A7-686DA7628E69}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for :

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...c8 60 00 9c 35 be ...... Realtek PCIe GBE Family Controller
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.{2774F3A4-C4D1-4E36-B1A7-686DA7628E69}
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.206.137 266
169.254.206.137 255.255.255.255 On-link 169.254.206.137 266
169.254.255.255 255.255.255.255 On-link 169.254.206.137 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.206.137 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.206.137 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 266 fe80::/64 On-link
10 266 fe80::88e9:3afd:79a4:ce89/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 04 C:\Windows\SysWOW64\nwprovau.dll [File Not found] ()
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/17/2012 05:27:22 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/17/2012 05:24:22 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/17/2012 05:20:29 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/16/2012 08:50:24 PM) (Source: Application Error) (User: )
Description: Faulting application Fuel.Service.exe, version 1.0.0.0, time stamp 0x501fefb5, faulting module Device.dll, version 4.1.0.0, time stamp 0x4f55e10b, exception code 0xc0000005, fault offset 0x00000000000033c1,
process id 0x838, application start time 0xFuel.Service.exe0.

Error: (09/16/2012 02:09:20 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/16/2012 02:06:19 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/16/2012 02:02:26 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/16/2012 02:01:36 PM) (Source: Application Error) (User: )
Description: Faulting application Fuel.Service.exe, version 1.0.0.0, time stamp 0x501fefb5, faulting module Device.dll, version 4.1.0.0, time stamp 0x4f55e10b, exception code 0xc0000005, fault offset 0x00000000000033c1,
process id 0xbe8, application start time 0xFuel.Service.exe0.

Error: (09/16/2012 01:58:51 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/16/2012 01:54:58 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9


System errors:
=============
Error: (09/17/2012 08:14:16 PM) (Source: DCOM) (User: M5A78L-M_LX_PLU)
Description: application-specificLocalActivation{0C0A3666-30C9-11D0-8F20-00805F2CD064}M5A78L-M_LX_PLUOwnerS-1-5-21-2752501086-1229908396-1445059127-1000LocalHost (Using LRPC)

Error: (09/17/2012 05:30:33 PM) (Source: DCOM) (User: M5A78L-M_LX_PLU)
Description: application-specificLocalActivation{0C0A3666-30C9-11D0-8F20-00805F2CD064}M5A78L-M_LX_PLUOwnerS-1-5-21-2752501086-1229908396-1445059127-1000LocalHost (Using LRPC)

Error: (09/17/2012 05:30:32 PM) (Source: DCOM) (User: M5A78L-M_LX_PLU)
Description: application-specificLocalActivation{0C0A3666-30C9-11D0-8F20-00805F2CD064}M5A78L-M_LX_PLUOwnerS-1-5-21-2752501086-1229908396-1445059127-1000LocalHost (Using LRPC)

Error: (09/17/2012 05:27:22 PM) (Source: Service Control Manager) (User: )
Description: Print Spooler3

Error: (09/17/2012 05:24:22 PM) (Source: Service Control Manager) (User: )
Description: Print Spooler2600001Restart the service

Error: (09/17/2012 05:21:22 PM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (09/17/2012 05:21:22 PM) (Source: Service Control Manager) (User: )
Description: Print Spooler1600001Restart the service

Error: (09/17/2012 05:21:22 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Player Network Sharing ServiceUPnP Device Host%%1068

Error: (09/17/2012 05:21:22 PM) (Source: Service Control Manager) (User: )
Description: UPnP Device HostSSDP Discovery%%0

Error: (09/17/2012 05:21:22 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy Agent%%10044


Microsoft Office Sessions:
=========================
Error: (09/17/2012 05:27:22 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/17/2012 05:24:22 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/17/2012 05:20:29 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/16/2012 08:50:24 PM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c183801cd94358d685611

Error: (09/16/2012 02:09:20 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/16/2012 02:06:19 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/16/2012 02:02:26 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/16/2012 02:01:36 PM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c1be801cd94348223682d

Error: (09/16/2012 01:58:51 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/16/2012 01:54:58 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9


**** End of log ****

FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by Owner (administrator) on 17-09-2012 at 20:19:18
Running from "C:\Users\Owner\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-04-11 12:23] - [2009-04-11 12:23] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-08-22 15:33] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-08-22 15:34] - [2012-03-30 08:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2012-08-22 15:32] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-04-11 12:23] - [2009-04-11 12:23] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-04-11 12:23] - [2009-04-11 12:23] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-04-11 12:23] - [2009-04-11 12:23] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-04-11 12:22] - [2009-04-11 12:22] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-04-11 12:23] - [2009-04-11 12:23] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-04-11 12:23] - [2009-04-11 12:23] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-04-11 12:22] - [2009-04-11 12:22] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-08-22 15:34] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-04-11 12:23] - [2009-04-11 12:23] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

Thanks again, and please, let me know if you need any more information.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:18 PM

Posted 18 September 2012 - 07:21 AM

Quoted from this Microsoft article.
http://support.microsoft.com/kb/811259

Manual steps to recover from Winsock2 corruption for Windows Vista users

Winsock corruption can cause connectivity problems. To resolve this issue by using Network Diagnostics in Windows Vista, follow these steps:
Click , the Windows icons (Bottom left) and then click Network.
Click Network and Sharing Center.
In the Network and Sharing Center box, click Diagnose and Repair.
Note You may also access the Network and Sharing Center in Control Panel.

Reset Winsock for Windows Vista

To reset Winsock for Windows Vista, follow these steps:
Click , Windows icons (Bottom left) type cmd in the Start Search box, right-click cmd.exe, click Run as administrator, and then press Continue.
Type netsh winsock reset at the command prompt, and then press ENTER.

Note If the command is typed incorrectly, you will receive an error message. Type the command again. When the command is completed successfully, a confirmation appears, followed by a new command prompt. Then, go to step 3.
Type exit, and then press ENTER.

Restart the computer normally.

Do you now have an internet connection?

#5 Nthdoctor

Nthdoctor
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 18 September 2012 - 05:09 PM

Thank you for the advice. I have tried to run the netsh command, but get the message "Access is denied". I am running it as an administrator, have tried several times just to be sure, but the command box is certainly showing administrator. Any advice on how to get this command to work?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:18 PM

Posted 19 September 2012 - 08:35 AM

Try this.

Disable the UAC (User Account Control) - Vista
http://www.computerperformance.co.uk/vista/user_account_control.htm#How_to_Disable_User_Account_Control_%28UAC

#7 Nthdoctor

Nthdoctor
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 19 September 2012 - 10:22 PM

Ok, still couldn't get it to work, but finally realized that i had a restore point from when I ran combofix. Once I restored the system to this point, the internet connection worked again. We still have the original problem that Windows Securities Essentials won't start, and I cannot activate the firewall. Is this fixable or shall i just invest in an outside source like Avast or Kapersky and set up a firewall through them?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:18 PM

Posted 20 September 2012 - 07:18 AM

Restoring the Computer may have re install the malware.

Please run the Farbar Service Scanner and post a fresh FSS.txt log.

===

Run these tools also and post the logs for my review.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

+++++++

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

#9 Nthdoctor

Nthdoctor
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 20 September 2012 - 04:34 PM

Ran the scans you asked for. TDSSKILLER found no infected files so no reboot was required.

FSS Log:

Farbar Service Scanner Version: 19-09-2012
Ran by Owner (administrator) on 20-09-2012 at 17:24:09
Running from "C:\Users\Owner\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-04-11 12:23] - [2009-04-11 12:23] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-08-22 15:33] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-08-22 15:34] - [2012-03-30 08:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2012-08-22 15:32] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-04-11 12:23] - [2009-04-11 12:23] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-04-11 12:23] - [2009-04-11 12:23] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-04-11 12:23] - [2009-04-11 12:23] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-04-11 12:22] - [2009-04-11 12:22] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-04-11 12:23] - [2009-04-11 12:23] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-04-11 12:23] - [2009-04-11 12:23] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-04-11 12:22] - [2009-04-11 12:22] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-08-22 15:34] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-04-11 12:23] - [2009-04-11 12:23] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

TDSS Log:



17:25:49.0192 3512 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:25:49.0550 3512 ============================================================
17:25:49.0550 3512 Current date / time: 2012/09/20 17:25:49.0550
17:25:49.0550 3512 SystemInfo:
17:25:49.0550 3512
17:25:49.0550 3512 OS Version: 6.0.6002 ServicePack: 2.0
17:25:49.0550 3512 Product type: Workstation
17:25:49.0550 3512 ComputerName: M5A78L-M_LX_PLU
17:25:49.0550 3512 UserName: Owner
17:25:49.0550 3512 Windows directory: C:\Windows
17:25:49.0550 3512 System windows directory: C:\Windows
17:25:49.0550 3512 Running under WOW64
17:25:49.0550 3512 Processor architecture: Intel x64
17:25:49.0550 3512 Number of processors: 6
17:25:49.0550 3512 Page size: 0x1000
17:25:49.0550 3512 Boot type: Normal boot
17:25:49.0550 3512 ============================================================
17:25:49.0831 3512 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:25:49.0847 3512 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:25:49.0847 3512 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:25:49.0878 3512 ============================================================
17:25:49.0878 3512 \Device\Harddisk2\DR2:
17:25:49.0878 3512 MBR partitions:
17:25:49.0878 3512 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
17:25:49.0878 3512 \Device\Harddisk0\DR0:
17:25:49.0878 3512 MBR partitions:
17:25:49.0878 3512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3F9CDA41
17:25:49.0878 3512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F9D2100, BlocksNum 0x34D33700
17:25:49.0878 3512 \Device\Harddisk1\DR1:
17:25:49.0878 3512 MBR partitions:
17:25:49.0878 3512 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1768FB9
17:25:49.0878 3512 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x176CEB7, BlocksNum 0x23CC080A
17:25:49.0878 3512 ============================================================
17:25:49.0909 3512 G: <-> \Device\Harddisk1\DR1\Partition2
17:25:49.0925 3512 H: <-> \Device\Harddisk2\DR2\Partition1
17:25:49.0956 3512 S: <-> \Device\Harddisk1\DR1\Partition1
17:25:49.0987 3512 F: <-> \Device\Harddisk0\DR0\Partition2
17:25:50.0003 3512 C: <-> \Device\Harddisk0\DR0\Partition1
17:25:50.0003 3512 ============================================================
17:25:50.0003 3512 Initialize success
17:25:50.0003 3512 ============================================================
17:26:18.0379 2856 ============================================================
17:26:18.0379 2856 Scan started
17:26:18.0379 2856 Mode: Manual;
17:26:18.0379 2856 ============================================================
17:26:18.0660 2856 ================ Scan system memory ========================
17:26:18.0660 2856 System memory - ok
17:26:18.0660 2856 ================ Scan services =============================
17:26:18.0707 2856 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:26:18.0707 2856 !SASCORE - ok
17:26:18.0925 2856 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:26:18.0925 2856 ACPI - ok
17:26:18.0988 2856 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:26:18.0988 2856 AdobeARMservice - ok
17:26:19.0034 2856 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:26:19.0034 2856 AdobeFlashPlayerUpdateSvc - ok
17:26:19.0066 2856 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:26:19.0081 2856 adp94xx - ok
17:26:19.0112 2856 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:26:19.0112 2856 adpahci - ok
17:26:19.0128 2856 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:26:19.0128 2856 adpu160m - ok
17:26:19.0144 2856 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:26:19.0144 2856 adpu320 - ok
17:26:19.0190 2856 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:26:19.0190 2856 AeLookupSvc - ok
17:26:19.0206 2856 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
17:26:19.0206 2856 AFD - ok
17:26:19.0222 2856 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:26:19.0222 2856 agp440 - ok
17:26:19.0237 2856 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:26:19.0237 2856 aic78xx - ok
17:26:19.0253 2856 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
17:26:19.0253 2856 ALG - ok
17:26:19.0268 2856 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
17:26:19.0268 2856 aliide - ok
17:26:19.0284 2856 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:26:19.0284 2856 AMD External Events Utility - ok
17:26:19.0315 2856 AMD FUEL Service - ok
17:26:19.0331 2856 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
17:26:19.0331 2856 amdide - ok
17:26:19.0346 2856 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
17:26:19.0346 2856 amdiox64 - ok
17:26:19.0362 2856 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:26:19.0362 2856 AmdK8 - ok
17:26:19.0518 2856 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:26:19.0565 2856 amdkmdag - ok
17:26:19.0596 2856 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:26:19.0596 2856 amdkmdap - ok
17:26:19.0612 2856 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:26:19.0612 2856 AODDriver4.1 - ok
17:26:19.0643 2856 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
17:26:19.0643 2856 Appinfo - ok
17:26:19.0674 2856 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:26:19.0674 2856 Apple Mobile Device - ok
17:26:19.0705 2856 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
17:26:19.0705 2856 arc - ok
17:26:19.0705 2856 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:26:19.0705 2856 arcsas - ok
17:26:19.0752 2856 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
17:26:19.0752 2856 AsIO - ok
17:26:19.0799 2856 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:26:19.0799 2856 aspnet_state - ok
17:26:19.0799 2856 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
17:26:19.0799 2856 AsUpIO - ok
17:26:19.0908 2856 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:26:19.0908 2856 AsyncMac - ok
17:26:19.0908 2856 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
17:26:19.0908 2856 atapi - ok
17:26:19.0939 2856 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:26:19.0939 2856 AudioEndpointBuilder - ok
17:26:19.0939 2856 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:26:19.0939 2856 AudioSrv - ok
17:26:19.0970 2856 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
17:26:19.0970 2856 BFE - ok
17:26:20.0002 2856 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
17:26:20.0002 2856 BITS - ok
17:26:20.0017 2856 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:26:20.0017 2856 blbdrive - ok
17:26:20.0048 2856 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:26:20.0048 2856 Bonjour Service - ok
17:26:20.0064 2856 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:26:20.0064 2856 bowser - ok
17:26:20.0080 2856 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:26:20.0080 2856 BrFiltLo - ok
17:26:20.0095 2856 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:26:20.0095 2856 BrFiltUp - ok
17:26:20.0111 2856 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
17:26:20.0111 2856 Browser - ok
17:26:20.0126 2856 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
17:26:20.0126 2856 Brserid - ok
17:26:20.0142 2856 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:26:20.0142 2856 BrSerWdm - ok
17:26:20.0158 2856 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:26:20.0158 2856 BrUsbMdm - ok
17:26:20.0158 2856 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:26:20.0158 2856 BrUsbSer - ok
17:26:20.0189 2856 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:26:20.0189 2856 BTHMODEM - ok
17:26:20.0236 2856 [ 797C36E597F9FC4EFD88E6E0E98ABE37 ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys
17:26:20.0236 2856 CAXHWBS2 - ok
17:26:20.0251 2856 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:26:20.0251 2856 cdfs - ok
17:26:20.0267 2856 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:26:20.0267 2856 cdrom - ok
17:26:20.0298 2856 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
17:26:20.0298 2856 CertPropSvc - ok
17:26:20.0314 2856 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
17:26:20.0314 2856 circlass - ok
17:26:20.0329 2856 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
17:26:20.0329 2856 CLFS - ok
17:26:20.0376 2856 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:26:20.0376 2856 clr_optimization_v2.0.50727_32 - ok
17:26:20.0392 2856 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:26:20.0392 2856 clr_optimization_v2.0.50727_64 - ok
17:26:20.0423 2856 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:26:20.0423 2856 clr_optimization_v4.0.30319_32 - ok
17:26:20.0438 2856 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:26:20.0438 2856 clr_optimization_v4.0.30319_64 - ok
17:26:20.0454 2856 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:26:20.0454 2856 cmdide - ok
17:26:20.0470 2856 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:26:20.0470 2856 Compbatt - ok
17:26:20.0470 2856 COMSysApp - ok
17:26:20.0485 2856 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:26:20.0485 2856 crcdisk - ok
17:26:20.0501 2856 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:26:20.0501 2856 CryptSvc - ok
17:26:20.0532 2856 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:26:20.0548 2856 DcomLaunch - ok
17:26:20.0563 2856 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:26:20.0563 2856 DfsC - ok
17:26:20.0641 2856 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
17:26:20.0672 2856 DFSR - ok
17:26:20.0719 2856 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:26:20.0719 2856 Dhcp - ok
17:26:20.0735 2856 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
17:26:20.0735 2856 disk - ok
17:26:20.0750 2856 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:26:20.0750 2856 Dnscache - ok
17:26:20.0766 2856 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
17:26:20.0766 2856 dot3svc - ok
17:26:20.0782 2856 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
17:26:20.0782 2856 DPS - ok
17:26:20.0797 2856 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:26:20.0797 2856 drmkaud - ok
17:26:20.0828 2856 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:26:20.0828 2856 DXGKrnl - ok
17:26:20.0860 2856 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
17:26:20.0860 2856 E1G60 - ok
17:26:20.0875 2856 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
17:26:20.0891 2856 EapHost - ok
17:26:20.0891 2856 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
17:26:20.0891 2856 Ecache - ok
17:26:20.0922 2856 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:26:20.0938 2856 ehRecvr - ok
17:26:20.0938 2856 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
17:26:20.0938 2856 ehSched - ok
17:26:20.0953 2856 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
17:26:20.0953 2856 ehstart - ok
17:26:20.0969 2856 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:26:20.0969 2856 elxstor - ok
17:26:20.0984 2856 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:26:21.0000 2856 EMDMgmt - ok
17:26:21.0016 2856 [ C2D322C84530DB37D3E8E1C7E011BF16 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:26:21.0016 2856 ErrDev - ok
17:26:21.0047 2856 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
17:26:21.0047 2856 EventSystem - ok
17:26:21.0062 2856 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
17:26:21.0062 2856 exfat - ok
17:26:21.0094 2856 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:26:21.0094 2856 fastfat - ok
17:26:21.0109 2856 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:26:21.0109 2856 fdc - ok
17:26:21.0109 2856 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
17:26:21.0109 2856 fdPHost - ok
17:26:21.0140 2856 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
17:26:21.0140 2856 FDResPub - ok
17:26:21.0140 2856 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:26:21.0140 2856 FileInfo - ok
17:26:21.0156 2856 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:26:21.0156 2856 Filetrace - ok
17:26:21.0187 2856 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:26:21.0187 2856 flpydisk - ok
17:26:21.0187 2856 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:26:21.0203 2856 FltMgr - ok
17:26:21.0234 2856 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
17:26:21.0250 2856 FontCache - ok
17:26:21.0281 2856 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:26:21.0281 2856 FontCache3.0.0.0 - ok
17:26:21.0312 2856 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:26:21.0312 2856 fssfltr - ok
17:26:21.0374 2856 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:26:21.0390 2856 fsssvc - ok
17:26:21.0421 2856 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:26:21.0421 2856 Fs_Rec - ok
17:26:21.0437 2856 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:26:21.0437 2856 gagp30kx - ok
17:26:21.0437 2856 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:26:21.0437 2856 GEARAspiWDM - ok
17:26:21.0468 2856 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
17:26:21.0484 2856 gpsvc - ok
17:26:21.0515 2856 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:26:21.0515 2856 gusvc - ok
17:26:21.0546 2856 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:26:21.0562 2856 HdAudAddService - ok
17:26:21.0577 2856 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:26:21.0593 2856 HDAudBus - ok
17:26:21.0593 2856 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:26:21.0593 2856 HidBth - ok
17:26:21.0624 2856 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:26:21.0624 2856 HidIr - ok
17:26:21.0624 2856 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
17:26:21.0640 2856 hidserv - ok
17:26:21.0640 2856 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:26:21.0640 2856 HidUsb - ok
17:26:21.0655 2856 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
17:26:21.0655 2856 hkmsvc - ok
17:26:21.0671 2856 [ A27E8AF2CAAC5E2693E6D4E2FCE9B54F ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:26:21.0671 2856 HpCISSs - ok
17:26:21.0702 2856 [ 1E260B33F6555146A0B826F047238C00 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
17:26:21.0718 2856 HSF_DPV - ok
17:26:21.0749 2856 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:26:21.0764 2856 HTTP - ok
17:26:21.0780 2856 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:26:21.0780 2856 i2omp - ok
17:26:21.0811 2856 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:26:21.0811 2856 i8042prt - ok
17:26:21.0827 2856 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:26:21.0827 2856 iaStorV - ok
17:26:21.0874 2856 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:26:21.0874 2856 idsvc - ok
17:26:21.0889 2856 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:26:21.0889 2856 iirsp - ok
17:26:21.0920 2856 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
17:26:21.0936 2856 IKEEXT - ok
17:26:22.0014 2856 [ F2744FD54BE1580BE05916D1C755C92A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:26:22.0045 2856 IntcAzAudAddService - ok
17:26:22.0061 2856 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
17:26:22.0061 2856 intelide - ok
17:26:22.0076 2856 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:26:22.0076 2856 intelppm - ok
17:26:22.0092 2856 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:26:22.0092 2856 IPBusEnum - ok
17:26:22.0108 2856 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:26:22.0108 2856 IpFilterDriver - ok
17:26:22.0108 2856 [ E41DD7038DB14AE9D35B47B10BDCE58A ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:26:22.0123 2856 IPMIDRV - ok
17:26:22.0139 2856 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:26:22.0139 2856 IPNAT - ok
17:26:22.0170 2856 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:26:22.0170 2856 iPod Service - ok
17:26:22.0186 2856 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:26:22.0186 2856 IRENUM - ok
17:26:22.0217 2856 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:26:22.0217 2856 isapnp - ok
17:26:22.0232 2856 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:26:22.0232 2856 iScsiPrt - ok
17:26:22.0248 2856 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:26:22.0248 2856 iteatapi - ok
17:26:22.0264 2856 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:26:22.0264 2856 iteraid - ok
17:26:22.0279 2856 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:26:22.0279 2856 kbdclass - ok
17:26:22.0279 2856 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:26:22.0279 2856 kbdhid - ok
17:26:22.0295 2856 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
17:26:22.0295 2856 KeyIso - ok
17:26:22.0326 2856 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:26:22.0326 2856 KSecDD - ok
17:26:22.0357 2856 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:26:22.0357 2856 ksthunk - ok
17:26:22.0388 2856 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
17:26:22.0404 2856 KtmRm - ok
17:26:22.0420 2856 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:26:22.0420 2856 LanmanServer - ok
17:26:22.0435 2856 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:26:22.0435 2856 LanmanWorkstation - ok
17:26:22.0451 2856 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:26:22.0451 2856 lltdio - ok
17:26:22.0466 2856 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:26:22.0482 2856 lltdsvc - ok
17:26:22.0482 2856 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:26:22.0482 2856 lmhosts - ok
17:26:22.0498 2856 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:26:22.0498 2856 LSI_FC - ok
17:26:22.0513 2856 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:26:22.0513 2856 LSI_SAS - ok
17:26:22.0529 2856 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:26:22.0529 2856 LSI_SCSI - ok
17:26:22.0544 2856 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
17:26:22.0544 2856 luafv - ok
17:26:22.0576 2856 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:26:22.0576 2856 Mcx2Svc - ok
17:26:22.0622 2856 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
17:26:22.0622 2856 MDM - ok
17:26:22.0638 2856 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:26:22.0638 2856 mdmxsdk - ok
17:26:22.0638 2856 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
17:26:22.0638 2856 megasas - ok
17:26:22.0654 2856 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:26:22.0669 2856 MegaSR - ok
17:26:22.0700 2856 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
17:26:22.0700 2856 MMCSS - ok
17:26:22.0716 2856 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
17:26:22.0716 2856 Modem - ok
17:26:22.0732 2856 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:26:22.0732 2856 monitor - ok
17:26:22.0747 2856 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:26:22.0747 2856 mouclass - ok
17:26:22.0747 2856 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:26:22.0747 2856 mouhid - ok
17:26:22.0778 2856 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:26:22.0778 2856 MountMgr - ok
17:26:22.0778 2856 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:26:22.0778 2856 MozillaMaintenance - ok
17:26:22.0825 2856 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:26:22.0825 2856 MpFilter - ok
17:26:22.0841 2856 [ CBB01A298CB24D250017CEA54884BBA8 ] mpio C:\Windows\system32\drivers\mpio.sys
17:26:22.0841 2856 mpio - ok
17:26:22.0856 2856 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:26:22.0856 2856 mpsdrv - ok
17:26:22.0872 2856 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:26:22.0872 2856 Mraid35x - ok
17:26:22.0888 2856 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:26:22.0888 2856 MRxDAV - ok
17:26:22.0888 2856 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:26:22.0888 2856 mrxsmb - ok
17:26:22.0903 2856 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:26:22.0919 2856 mrxsmb10 - ok
17:26:22.0934 2856 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:26:22.0934 2856 mrxsmb20 - ok
17:26:22.0934 2856 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
17:26:22.0934 2856 msahci - ok
17:26:22.0950 2856 [ 0DB324146494D45417905B7009858937 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:26:22.0950 2856 msdsm - ok
17:26:22.0981 2856 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
17:26:22.0981 2856 MSDTC - ok
17:26:22.0997 2856 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:26:22.0997 2856 Msfs - ok
17:26:23.0012 2856 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:26:23.0012 2856 msisadrv - ok
17:26:23.0028 2856 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:26:23.0028 2856 MSiSCSI - ok
17:26:23.0028 2856 msiserver - ok
17:26:23.0059 2856 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:26:23.0059 2856 MSKSSRV - ok
17:26:23.0090 2856 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:26:23.0090 2856 MSPCLOCK - ok
17:26:23.0090 2856 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:26:23.0090 2856 MSPQM - ok
17:26:23.0106 2856 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:26:23.0106 2856 MsRPC - ok
17:26:23.0122 2856 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:26:23.0122 2856 mssmbios - ok
17:26:23.0137 2856 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:26:23.0137 2856 MSTEE - ok
17:26:23.0168 2856 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
17:26:23.0168 2856 MTsensor - ok
17:26:23.0184 2856 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
17:26:23.0184 2856 Mup - ok
17:26:23.0200 2856 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
17:26:23.0215 2856 napagent - ok
17:26:23.0231 2856 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:26:23.0231 2856 NativeWifiP - ok
17:26:23.0262 2856 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:26:23.0278 2856 NDIS - ok
17:26:23.0278 2856 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:26:23.0278 2856 NdisTapi - ok
17:26:23.0324 2856 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:26:23.0324 2856 Ndisuio - ok
17:26:23.0340 2856 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:26:23.0340 2856 NdisWan - ok
17:26:23.0356 2856 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:26:23.0356 2856 NDProxy - ok
17:26:23.0371 2856 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:26:23.0371 2856 NetBIOS - ok
17:26:23.0387 2856 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:26:23.0402 2856 netbt - ok
17:26:23.0402 2856 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
17:26:23.0402 2856 Netlogon - ok
17:26:23.0434 2856 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
17:26:23.0449 2856 Netman - ok
17:26:23.0465 2856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:26:23.0465 2856 NetMsmqActivator - ok
17:26:23.0465 2856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:26:23.0465 2856 NetPipeActivator - ok
17:26:23.0480 2856 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
17:26:23.0496 2856 netprofm - ok
17:26:23.0496 2856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:26:23.0496 2856 NetTcpActivator - ok
17:26:23.0496 2856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:26:23.0496 2856 NetTcpPortSharing - ok
17:26:23.0512 2856 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:26:23.0512 2856 nfrd960 - ok
17:26:23.0527 2856 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:26:23.0527 2856 NisDrv - ok
17:26:23.0558 2856 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
17:26:23.0558 2856 NisSrv - ok
17:26:23.0574 2856 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
17:26:23.0590 2856 NlaSvc - ok
17:26:23.0590 2856 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:26:23.0590 2856 Npfs - ok
17:26:23.0605 2856 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
17:26:23.0605 2856 nsi - ok
17:26:23.0621 2856 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:26:23.0621 2856 nsiproxy - ok
17:26:23.0652 2856 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:26:23.0668 2856 Ntfs - ok
17:26:23.0683 2856 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
17:26:23.0683 2856 Null - ok
17:26:23.0699 2856 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:26:23.0699 2856 nvraid - ok
17:26:23.0699 2856 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:26:23.0699 2856 nvstor - ok
17:26:23.0714 2856 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:26:23.0714 2856 nv_agp - ok
17:26:23.0746 2856 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:26:23.0746 2856 ohci1394 - ok
17:26:23.0777 2856 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:26:23.0777 2856 p2pimsvc - ok
17:26:23.0808 2856 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
17:26:23.0808 2856 p2psvc - ok
17:26:23.0839 2856 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:26:23.0839 2856 Parport - ok
17:26:23.0839 2856 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:26:23.0839 2856 partmgr - ok
17:26:23.0855 2856 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
17:26:23.0855 2856 PcaSvc - ok
17:26:23.0870 2856 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
17:26:23.0870 2856 pci - ok
17:26:23.0870 2856 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
17:26:23.0870 2856 pciide - ok
17:26:23.0886 2856 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:26:23.0902 2856 pcmcia - ok
17:26:23.0933 2856 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:26:23.0933 2856 PEAUTH - ok
17:26:24.0011 2856 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:26:24.0011 2856 PerfHost - ok
17:26:24.0058 2856 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
17:26:24.0073 2856 pla - ok
17:26:24.0104 2856 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:26:24.0104 2856 PlugPlay - ok
17:26:24.0120 2856 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:26:24.0120 2856 PNRPAutoReg - ok
17:26:24.0136 2856 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:26:24.0136 2856 PNRPsvc - ok
17:26:24.0151 2856 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:26:24.0167 2856 PolicyAgent - ok
17:26:24.0198 2856 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:26:24.0198 2856 PptpMiniport - ok
17:26:24.0214 2856 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:26:24.0214 2856 Processor - ok
17:26:24.0245 2856 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
17:26:24.0245 2856 ProfSvc - ok
17:26:24.0245 2856 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
17:26:24.0245 2856 ProtectedStorage - ok
17:26:24.0276 2856 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:26:24.0276 2856 PSched - ok
17:26:24.0307 2856 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:26:24.0323 2856 ql2300 - ok
17:26:24.0338 2856 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:26:24.0338 2856 ql40xx - ok
17:26:24.0354 2856 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
17:26:24.0354 2856 QWAVE - ok
17:26:24.0370 2856 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:26:24.0370 2856 QWAVEdrv - ok
17:26:24.0370 2856 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:26:24.0370 2856 RasAcd - ok
17:26:24.0370 2856 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
17:26:24.0370 2856 RasAuto - ok
17:26:24.0401 2856 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:26:24.0401 2856 Rasl2tp - ok
17:26:24.0416 2856 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
17:26:24.0416 2856 RasMan - ok
17:26:24.0432 2856 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:26:24.0432 2856 RasPppoe - ok
17:26:24.0448 2856 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:26:24.0448 2856 RasSstp - ok
17:26:24.0463 2856 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:26:24.0463 2856 rdbss - ok
17:26:24.0463 2856 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:26:24.0463 2856 RDPCDD - ok
17:26:24.0479 2856 [ AE23E79B13FEB62939E2CA1189E71735 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:26:24.0494 2856 rdpdr - ok
17:26:24.0494 2856 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:26:24.0494 2856 RDPENCDD - ok
17:26:24.0510 2856 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:26:24.0510 2856 RDPWD - ok
17:26:24.0541 2856 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:26:24.0541 2856 RemoteAccess - ok
17:26:24.0541 2856 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:26:24.0557 2856 RemoteRegistry - ok
17:26:24.0572 2856 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
17:26:24.0572 2856 RpcLocator - ok
17:26:24.0588 2856 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
17:26:24.0588 2856 RpcSs - ok
17:26:24.0619 2856 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:26:24.0619 2856 rspndr - ok
17:26:24.0650 2856 [ 483C537E69FA97C77F7FE0E2E1C1F102 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
17:26:24.0650 2856 RTHDMIAzAudService - ok
17:26:24.0666 2856 [ A6284C8C29CCCCAD9109C4DA5CD916BD ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
17:26:24.0682 2856 RTL8169 - ok
17:26:24.0682 2856 [ 4E4BC6821740236BE77B089C7A173F5C ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS
17:26:24.0682 2856 RTSTOR - ok
17:26:24.0697 2856 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
17:26:24.0697 2856 SamSs - ok
17:26:24.0728 2856 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:26:24.0728 2856 SASDIFSV - ok
17:26:24.0744 2856 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:26:24.0744 2856 SASKUTIL - ok
17:26:24.0760 2856 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:26:24.0760 2856 sbp2port - ok
17:26:24.0775 2856 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:26:24.0791 2856 SCardSvr - ok
17:26:24.0822 2856 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
17:26:24.0838 2856 Schedule - ok
17:26:24.0853 2856 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:26:24.0853 2856 SCPolicySvc - ok
17:26:24.0869 2856 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:26:24.0869 2856 SDRSVC - ok
17:26:24.0884 2856 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:26:24.0884 2856 secdrv - ok
17:26:24.0900 2856 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
17:26:24.0900 2856 seclogon - ok
17:26:24.0900 2856 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
17:26:24.0900 2856 SENS - ok
17:26:24.0916 2856 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:26:24.0916 2856 Serenum - ok
17:26:24.0931 2856 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:26:24.0931 2856 Serial - ok
17:26:24.0947 2856 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:26:24.0947 2856 sermouse - ok
17:26:24.0947 2856 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
17:26:24.0947 2856 SessionEnv - ok
17:26:24.0962 2856 [ 3A19C899BCF0EA24CFEC2038E6A489DB ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:26:24.0962 2856 sffdisk - ok
17:26:24.0978 2856 [ DBBD3FD8AF718966AF768A754E07E8C0 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:26:24.0978 2856 sffp_mmc - ok
17:26:24.0978 2856 [ FDCA63A2EEE528585EB66CEAC183EC22 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:26:24.0978 2856 sffp_sd - ok
17:26:24.0978 2856 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:26:24.0978 2856 sfloppy - ok
17:26:25.0009 2856 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:26:25.0025 2856 ShellHWDetection - ok
17:26:25.0025 2856 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:26:25.0025 2856 SiSRaid2 - ok
17:26:25.0040 2856 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:26:25.0040 2856 SiSRaid4 - ok
17:26:25.0087 2856 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:26:25.0087 2856 SkypeUpdate - ok
17:26:25.0118 2856 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
17:26:25.0165 2856 slsvc - ok
17:26:25.0165 2856 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:26:25.0165 2856 SLUINotify - ok
17:26:25.0181 2856 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:26:25.0181 2856 Smb - ok
17:26:25.0181 2856 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:26:25.0181 2856 SNMPTRAP - ok
17:26:25.0243 2856 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
17:26:25.0243 2856 speedfan - ok
17:26:25.0259 2856 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
17:26:25.0259 2856 spldr - ok
17:26:25.0274 2856 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
17:26:25.0274 2856 Spooler - ok
17:26:25.0290 2856 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
17:26:25.0290 2856 srv - ok
17:26:25.0306 2856 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:26:25.0321 2856 srv2 - ok
17:26:25.0337 2856 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:26:25.0337 2856 srvnet - ok
17:26:25.0352 2856 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:26:25.0352 2856 SSDPSRV - ok
17:26:25.0368 2856 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:26:25.0368 2856 SstpSvc - ok
17:26:25.0399 2856 Steam Client Service - ok
17:26:25.0415 2856 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
17:26:25.0430 2856 stisvc - ok
17:26:25.0430 2856 [ 85BF0B7CE3D9B6D1611E05872E1C3E56 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
17:26:25.0430 2856 SWDUMon - ok
17:26:25.0446 2856 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:26:25.0446 2856 swenum - ok
17:26:25.0462 2856 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
17:26:25.0462 2856 swprv - ok
17:26:25.0477 2856 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:26:25.0477 2856 Symc8xx - ok
17:26:25.0493 2856 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:26:25.0493 2856 Sym_hi - ok
17:26:25.0493 2856 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:26:25.0493 2856 Sym_u3 - ok
17:26:25.0524 2856 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
17:26:25.0524 2856 SysMain - ok
17:26:25.0540 2856 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:26:25.0540 2856 TabletInputService - ok
17:26:25.0555 2856 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:26:25.0555 2856 TapiSrv - ok
17:26:25.0571 2856 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
17:26:25.0571 2856 TBS - ok
17:26:25.0602 2856 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:26:25.0602 2856 Tcpip - ok
17:26:25.0633 2856 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:26:25.0633 2856 Tcpip6 - ok
17:26:25.0680 2856 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:26:25.0680 2856 tcpipreg - ok
17:26:25.0696 2856 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:26:25.0696 2856 TDPIPE - ok
17:26:25.0696 2856 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:26:25.0696 2856 TDTCP - ok
17:26:25.0711 2856 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:26:25.0711 2856 tdx - ok
17:26:25.0727 2856 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:26:25.0727 2856 TermDD - ok
17:26:25.0742 2856 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
17:26:25.0758 2856 TermService - ok
17:26:25.0774 2856 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
17:26:25.0774 2856 Themes - ok
17:26:25.0774 2856 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
17:26:25.0789 2856 THREADORDER - ok
17:26:25.0805 2856 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
17:26:25.0805 2856 TrkWks - ok
17:26:25.0836 2856 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:26:25.0836 2856 TrustedInstaller - ok
17:26:25.0836 2856 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:26:25.0836 2856 tssecsrv - ok
17:26:25.0852 2856 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:26:25.0852 2856 tunmp - ok
17:26:25.0867 2856 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:26:25.0867 2856 tunnel - ok
17:26:25.0883 2856 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:26:25.0883 2856 uagp35 - ok
17:26:25.0898 2856 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:26:25.0914 2856 udfs - ok
17:26:25.0930 2856 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:26:25.0930 2856 UI0Detect - ok
17:26:25.0930 2856 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:26:25.0945 2856 uliagpkx - ok
17:26:25.0961 2856 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:26:25.0961 2856 uliahci - ok
17:26:25.0976 2856 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:26:25.0976 2856 UlSata - ok
17:26:25.0992 2856 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:26:25.0992 2856 ulsata2 - ok
17:26:25.0992 2856 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:26:25.0992 2856 umbus - ok
17:26:26.0039 2856 [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
17:26:26.0039 2856 UnlockerDriver5 - ok
17:26:26.0070 2856 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
17:26:26.0070 2856 upnphost - ok
17:26:26.0086 2856 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:26:26.0086 2856 USBAAPL64 - ok
17:26:26.0117 2856 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:26:26.0117 2856 usbaudio - ok
17:26:26.0148 2856 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:26:26.0148 2856 usbccgp - ok
17:26:26.0164 2856 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:26:26.0164 2856 usbcir - ok
17:26:26.0179 2856 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:26:26.0179 2856 usbehci - ok
17:26:26.0179 2856 [ 5AE9C87A1ED4B243942B3FDDD902134B ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
17:26:26.0179 2856 usbfilter - ok
17:26:26.0195 2856 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:26:26.0195 2856 usbhub - ok
17:26:26.0226 2856 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:26:26.0226 2856 usbohci - ok
17:26:26.0226 2856 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:26:26.0226 2856 usbprint - ok
17:26:26.0257 2856 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:26:26.0257 2856 usbscan - ok
17:26:26.0273 2856 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:26:26.0273 2856 USBSTOR - ok
17:26:26.0288 2856 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:26:26.0288 2856 usbuhci - ok
17:26:26.0304 2856 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
17:26:26.0304 2856 UxSms - ok
17:26:26.0320 2856 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
17:26:26.0320 2856 vds - ok
17:26:26.0335 2856 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:26:26.0335 2856 vga - ok
17:26:26.0335 2856 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:26:26.0335 2856 VgaSave - ok
17:26:26.0351 2856 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
17:26:26.0351 2856 viaide - ok
17:26:26.0366 2856 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:26:26.0366 2856 volmgr - ok
17:26:26.0382 2856 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:26:26.0382 2856 volmgrx - ok
17:26:26.0398 2856 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:26:26.0398 2856 volsnap - ok
17:26:26.0413 2856 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:26:26.0413 2856 vsmraid - ok
17:26:26.0444 2856 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
17:26:26.0460 2856 VSS - ok
17:26:26.0460 2856 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
17:26:26.0476 2856 W32Time - ok
17:26:26.0507 2856 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:26:26.0507 2856 WacomPen - ok
17:26:26.0522 2856 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:26:26.0522 2856 Wanarp - ok
17:26:26.0522 2856 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:26:26.0522 2856 Wanarpv6 - ok
17:26:26.0554 2856 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:26:26.0569 2856 wcncsvc - ok
17:26:26.0569 2856 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:26:26.0569 2856 WcsPlugInService - ok
17:26:26.0585 2856 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
17:26:26.0585 2856 Wd - ok
17:26:26.0616 2856 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:26:26.0616 2856 Wdf01000 - ok
17:26:26.0632 2856 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:26:26.0632 2856 WdiServiceHost - ok
17:26:26.0632 2856 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:26:26.0647 2856 WdiSystemHost - ok
17:26:26.0647 2856 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
17:26:26.0647 2856 WebClient - ok
17:26:26.0663 2856 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:26:26.0663 2856 Wecsvc - ok
17:26:26.0663 2856 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:26:26.0663 2856 wercplsupport - ok
17:26:26.0678 2856 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
17:26:26.0678 2856 WerSvc - ok
17:26:26.0694 2856 [ CBDEB4B3B5CF8C49ACC221D45F1C50C1 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
17:26:26.0710 2856 winachsf - ok
17:26:26.0710 2856 WinDefend - ok
17:26:26.0710 2856 WinHttpAutoProxySvc - ok
17:26:26.0788 2856 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:26:26.0788 2856 Winmgmt - ok
17:26:26.0819 2856 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
17:26:26.0866 2856 WinRM - ok
17:26:26.0897 2856 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:26:26.0897 2856 Wlansvc - ok
17:26:26.0928 2856 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:26:26.0928 2856 wlcrasvc - ok
17:26:26.0975 2856 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:26:26.0990 2856 wlidsvc - ok
17:26:27.0022 2856 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:26:27.0022 2856 WmiAcpi - ok
17:26:27.0053 2856 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:26:27.0053 2856 wmiApSrv - ok
17:26:27.0053 2856 WMPNetworkSvc - ok
17:26:27.0084 2856 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:26:27.0084 2856 WPCSvc - ok
17:26:27.0100 2856 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:26:27.0100 2856 WPDBusEnum - ok
17:26:27.0178 2856 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:26:27.0193 2856 WPFFontCache_v0400 - ok
17:26:27.0209 2856 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:26:27.0209 2856 ws2ifsl - ok
17:26:27.0224 2856 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
17:26:27.0224 2856 wscsvc - ok
17:26:27.0224 2856 WSearch - ok
17:26:27.0287 2856 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:26:27.0287 2856 wuauserv - ok
17:26:27.0318 2856 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:26:27.0318 2856 WUDFRd - ok
17:26:27.0334 2856 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:26:27.0334 2856 wudfsvc - ok
17:26:27.0334 2856 [ 2F2CE5E47B014F52BC722AE28B19CBF3 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
17:26:27.0334 2856 XAudio - ok
17:26:27.0365 2856 [ A337887A4E3396A3EA5D6E54FA431C84 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
17:26:27.0365 2856 XAudioService - ok
17:26:27.0380 2856 ================ Scan global ===============================
17:26:27.0412 2856 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
17:26:27.0443 2856 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:26:27.0443 2856 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:26:27.0490 2856 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
17:26:27.0490 2856 [Global] - ok
17:26:27.0490 2856 ================ Scan MBR ==================================
17:26:27.0490 2856 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
17:26:27.0490 2856 \Device\Harddisk2\DR2 - ok
17:26:27.0505 2856 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:26:27.0770 2856 \Device\Harddisk0\DR0 - ok
17:26:27.0786 2856 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:26:27.0786 2856 \Device\Harddisk1\DR1 - ok
17:26:27.0786 2856 ================ Scan VBR ==================================
17:26:27.0786 2856 [ 62838605A2C2544BA7BD4AE55D553C43 ] \Device\Harddisk2\DR2\Partition1
17:26:27.0786 2856 \Device\Harddisk2\DR2\Partition1 - ok
17:26:27.0786 2856 [ BA88166759B991D4A4B31C98E70F8448 ] \Device\Harddisk0\DR0\Partition1
17:26:27.0786 2856 \Device\Harddisk0\DR0\Partition1 - ok
17:26:27.0802 2856 [ 8F331E57BE1B2BABA335E2B838148721 ] \Device\Harddisk0\DR0\Partition2
17:26:27.0802 2856 \Device\Harddisk0\DR0\Partition2 - ok
17:26:27.0817 2856 [ CDD5F0F8DC62B891B482899207030EC4 ] \Device\Harddisk1\DR1\Partition1
17:26:27.0817 2856 \Device\Harddisk1\DR1\Partition1 - ok
17:26:27.0817 2856 [ FC656F03426E25770EB6948C43434DDF ] \Device\Harddisk1\DR1\Partition2
17:26:27.0817 2856 \Device\Harddisk1\DR1\Partition2 - ok
17:26:27.0817 2856 ============================================================
17:26:27.0817 2856 Scan finished
17:26:27.0817 2856 ============================================================
17:26:27.0817 4412 Detected object count: 0
17:26:27.0817 4412 Actual detected object count: 0


MBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-20 17:29:26
-----------------------------
17:29:26.297 OS Version: Windows x64 6.0.6002 Service Pack 2
17:29:26.297 Number of processors: 6 586 0x102
17:29:26.297 ComputerName: M5A78L-M_LX_PLU UserName: Owner
17:29:27.264 Initialize success
17:29:43.435 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
17:29:43.435 Disk 0 Vendor: WDC_WD1001FALS-00Y6A0 05.01D05 Size: 953869MB BusType: 3
17:29:43.435 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-5
17:29:43.435 Disk 1 Vendor: WDC_WD3200AAJS-22VWA0 12.01B02 Size: 305245MB BusType: 3
17:29:43.435 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-6
17:29:43.435 Disk 2 Vendor: WDC_WD3200AAJS-22VWA0 12.01B02 Size: 305245MB BusType: 3
17:29:43.451 Disk 0 MBR read successfully
17:29:43.451 Disk 0 MBR scan
17:29:43.451 Disk 0 Windows VISTA default MBR code
17:29:43.451 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 521115 MB offset 2048
17:29:43.451 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 432742 MB offset 1067262208
17:29:43.467 Disk 0 scanning C:\Windows\system32\drivers
17:29:46.446 Service scanning
17:29:53.934 Modules scanning
17:29:54.433 Disk 0 trace - called modules:
17:29:54.433 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:29:54.449 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008c78790]
17:29:54.449 3 CLASSPNP.SYS[fffffa6000dd1c33] -> nt!IofCallDriver -> [0xfffffa80079d4520]
17:29:54.449 5 acpi.sys[fffffa60008fafde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa80079d0940]
17:29:54.449 Scan finished successfully
17:30:09.425 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
17:30:09.425 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

I have attached the zipped MBR.dat file as requested. Thank you again for your time.

Attached Files

  • Attached File  MBR.zip   555bytes   0 downloads


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:18 PM

Posted 21 September 2012 - 08:01 AM

Please download Vista.zip file from here: http://www.smartestc...y-network-keys/
Unzip the file to a temporary folder your desktop.

These files will be extracted:
afd.reg
bit.reg
bfe.reg
mpssvc.reg
nsiproxy.reg
sdrsvc.reg
tdx.reg
wscsvc.reg
windefend.reg
wuauserv.reg

legacy_afd.reg
legacy_bfe.reg
Legacy_bit.reg
legacy_mpssvc.reg
legacy_nsiproxy.reg
legacy_sdrsvc.reg
legacy_tdx.reg
Legacy_windefend.reg
legacy_wscsvc.reg
legacy_wuauserv.reg

start_services.bat


Double-click each one of these 4 files
bfe.reg
mpssvc.reg
legacy_bfe.reg
legacy_mpssvc.reg


in turn and click Yes to add it to the Registry
Allow registry merge.
When the 4 file have been executed.

Restart computer.


Note: Ignore this error:
"Cannot import C:\...\Desktop\Legacy_xxx.reg:
Not all data was successfully written to the registry. Some keys are open by the system or other processes."

Just continue executing the remaining .reg files if any.

===

If the Firewall issue persists run this fix.
http://support.microsoft.com/mats/windows_firewall_diagnostic/en-us


How is it now?

Please post a fresh copy of the FSS log (Farbar Service Scanner) for my review.

#11 Nthdoctor

Nthdoctor
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 25 September 2012 - 05:38 PM

Everything is working great again! Thank you ever so much for all the help.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:18 PM

Posted 26 September 2012 - 07:25 AM

Glad we could help.

You can delete the tools we used.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users