Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS log of malware infected computer


  • This topic is locked This topic is locked
26 replies to this topic

#1 Quackas

Quackas

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 21 September 2012 - 11:23 AM

As requested here http://www.bleepingcomputer.com/forums/topic468897.html by boopme.

I am almost 100% sure I have viruses on my computer I have run TDSSkiller,aswMBR,ESET online scanner,malwarebytes-anti-malware, mini toolbox, FSS, adware cleaner, Windows repair tool, rkill. They all seemed to help; I feel I have backed this virus into a corner but without someone to go over the logs I can't know for sure and as I said my windows defender won't update error code 0x80240022 and now my windows update gives error code 80246008. I haven't been able to update to SP2 for vista for over a year it always said I don't have permission but I am the only person who uses this laptop, I am set in administrator... Help would be greatly appreciated!




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 10.7.2
Run by Quackas at 9:14:04 on 2012-09-21
.
============== Running Processes ===============
.
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\DllHost.exe
C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1845\Blizzard Launcher.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Quackas\Downloads\Defogger.exe
C:\Users\Quackas\Downloads\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sonystyle.ca/vaio
uDefault_Page_URL = hxxp://www.sonystyle.ca/vaio
mDefault_Page_URL = hxxp://www.sonystyle.ca/vaio
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
uRun: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\Quackas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{02E13A18-46BE-4B41-BE1E-E19DE021F239} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Quackas\AppData\Roaming\Mozilla\Firefox\Profiles\wclvtdyh.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://duckduckgo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Users\Quackas\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? btwl2cap;Bluetooth L2CAP Service
R? CAXHWAZL;CAXHWAZL
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? cpudrv64;cpudrv64
R? cpuz130;cpuz130
R? ENTECH64;ENTECH64
R? gupdate;Google Update Service (gupdate)
R? libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1
R? libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1
R? MatSvc;Microsoft Automated Troubleshooting Service
R? MotioninJoyUSBFilter;MotioninJoy USB Filter Driver
R? MozillaMaintenance;Mozilla Maintenance Service
R? NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit
R? PerfHost;Performance Counter DLL Host
R? SOHCImp;VAIO Media plus Content Importer
R? SOHDms;VAIO Media plus Digital Media Server
R? SOHDs;VAIO Media plus Device Searcher
R? SwitchBoard;Adobe SwitchBoard
R? USBAAPL64;Apple Mobile USB Driver
R? VCFw;VAIO Content Folder Watcher
R? VcmXmlIfHelper;VAIO Content Metadata XML Interface
R? WinRing0_1_2_0;WinRing0_1_2_0
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect
S? IntcHdmiAddService;Intel® High Definition Audio HDMI
S? LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter
S? LHidEqd;Logitech SetPoint Unifying KMDF HID Filter
S? MBAMScheduler;MBAMScheduler
S? MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver
S? NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit
S? PxHlpa64;PxHlpa64
S? RtkAudioService;Realtek Audio Service
S? SFEP;Sony Firmware Extension Parser
S? SmartDefragDriver;SmartDefragDriver
S? StarWindServiceAE;StarWind AE Service
S? uCamMonitor;CamMonitor
S? VAIO Power Management;VAIO Power Management
S? VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager
S? yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller
.
=============== Created Last 30 ================
.
2012-09-21 09:29:39 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2D1D37D4-0290-418B-80A0-C6210AA13FDE}\offreg.dll
2012-09-20 01:08:12 -------- d-sh--w- C:\found.000
2012-09-19 20:25:12 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2012-09-17 22:32:40 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-09-17 20:01:53 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2012-09-17 20:01:07 303616 ----a-w- C:\SetACL.exe
2012-09-16 23:10:43 290304 ----a-w- C:\subinacl.exe
2012-09-16 23:05:14 -------- d-----w- C:\RegBackup
2012-09-16 23:04:04 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-16 10:50:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-16 08:02:32 -------- d--h--w- C:\Program Files (x86)\Temp
2012-09-16 07:54:25 85504 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-09-16 07:46:51 -------- d-----w- C:\Users\Quackas\AppData\Roaming\RotMG.Production
2012-09-16 02:57:32 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2012-09-16 02:57:32 -------- d-----w- C:\Users\Quackas\AppData\Local\eSupport.com
2012-09-16 02:48:31 -------- d-----w- C:\Program Files (x86)\Steam
2012-09-16 02:40:02 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-13 10:53:16 6656 ----a-w- C:\Windows\SysWow64\custom2.dll
2012-09-13 10:53:15 6656 ----a-w- C:\Windows\System32\custom2.dll
2012-09-11 22:29:11 -------- d-----w- C:\Users\Quackas\AppData\Roaming\ts3overlay
2012-09-11 22:28:07 -------- d-----w- C:\Users\Quackas\AppData\Roaming\TS3Client
2012-09-11 22:27:44 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2012-09-04 18:08:53 -------- d-----w- C:\Users\Quackas\AppData\Roaming\EoN
2012-09-04 18:06:25 -------- d-----w- C:\Users\Quackas\AppData\Roaming\RIFT
2012-09-04 17:44:39 -------- d-----w- C:\Program Files (x86)\RIFT
2012-08-27 23:38:17 -------- d-----w- C:\Program Files\Common Files\Intel
2012-08-27 23:38:16 -------- d-----w- C:\Program Files (x86)\Cisco
2012-08-27 23:35:17 -------- d-----w- C:\Users\Quackas\SystemRequirementsLab
2012-08-27 23:28:46 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-27 23:25:58 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2012-08-27 22:48:32 -------- d-----w- C:\Crash
2012-08-24 07:41:25 6656 ----a-w- C:\Windows\SysWow64\US.dll
2012-08-24 07:41:25 6656 ----a-w- C:\Windows\System32\US.dll
.
==================== Find3M ====================
.
2012-09-20 21:48:43 704378 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2012-09-16 10:57:22 384512 ----a-w- C:\Windows\System32\services.exe
2012-09-16 02:39:29 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-08 00:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-23 01:03:04 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 01:03:04 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-21 20:15:49 332 ----a-w- C:\Start_.cmd
.
============= FINISH: 9:15:15.63 ===============





.
==== Installed Programs ======================
.
.
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe Flash Player 11 Plugin
Adobe Story
Adobe Widget Browser
Aegisub 2.1.8
Age of Empires III - The WarChiefs
Apple Application Support
Apple Software Update
ArcSoft Magic-i Visual Effects
ArcSoft WebCam Companion 2
µTorrent
Bandicam
Bandisoft MPEG-1 Decoder
Belltech Greeting Card Designer 5.4.0
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 7.1
BlackBerry Device Software Updater
BlackBerry Device Software v5.0.0 for the BlackBerry 9300 smartphone
BlackBerry USB and Modem Drivers 6.0
Camfrog Video Chat 6.1
Click to Disc
Click to Disc Editor
Combined Community Codec Pack 2011-11-11
Compatibility Pack for the 2007 Office system
DEVIL MAY CRY 4
Diablo
Diablo II
DivX Setup
Dropbox
Dungeon Fighter Online
eReg
ESET Online Scanner v3
Fable III
ffdshow [rev 3154] [2009-12-09]
Game Booster 3
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICE Book Reader Professional v9.0.6
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 31
Java™ SE Development Kit 7
Java™ SE Runtime Environment 6
JDownloader
JScreenFix
Junk Mail filter update
KooBits 4.0
League of Legends
LibUSB-Win32-0.1.10.1
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Keyboard Layout Creator 1.4
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Visual Basic PowerPacks 10.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MKV Demux All RC1
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX v8.10.17
OpenMG Secure Module 5.1.00
Opera 12.00
PDF Settings CS5
PowerISO
Primo
Project64 1.6
Project64 1.7
PS3 Media Server
PxMergeModule
QuickTime
Ragnarok Online
Rags Suite
Raiden III
Real Alternative 1.9.0 Lite
Realm of the Mad God
Realtek High Definition Audio Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Setting Utility Series
Skype™ 4.2
Smart Defrag 2
Sony Download Taxi 1.5.0.0
Sony Picture Utility
Sony Video Shared Library
Steam
System Requirements Lab
System Requirements Lab CYRI
System Requirements Lab for Intel
Team Fortress 2
TextPad 5
Tweaking.com - Windows Repair (All in One)
UDPixel.exe
Uniblue ProcessScanner
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb972691)
VAIO Care Update
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Launcher
VAIO Media plus
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO My Memory Center
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO Power Management
VAIO Survey
VAIO Update 4
VC80CRTRedist - 8.0.50727.6195
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
Windows Resource Kit Tools - SubInAcl.exe
WinDVD for VAIO
WinRAR archiver
World of Warcraft
Xvid Video Codec
.
==== End Of File ===========================

Thanks!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 24 September 2012 - 12:44 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Quackas

Quackas
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 24 September 2012 - 04:59 PM

Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 1 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 31
Java 7 Update 7
Java™ SE Runtime Environment 6
Java™ SE Development Kit 7
Adobe Flash Player 11.4.402.265
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````






# AdwCleaner v2.003 - Logfile created 09/24/2012 at 14:31:28
# Updated 23/09/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 1 (64 bits)
# User : Quackas - QUACKAS-PC
# Boot Mode : Normal
# Running from : C:\Users\Quackas\Desktop\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18000

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Quackas\AppData\Roaming\Mozilla\Firefox\Profiles\wclvtdyh.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Quackas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.0.1467.0

File : C:\Users\Quackas\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2841 octets] - [16/09/2012 15:57:58]
AdwCleaner[S2].txt - [1036 octets] - [24/09/2012 14:31:28]

########## EOF - C:\AdwCleaner[S2].txt - [1096 octets] ##########





















Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 1 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 31
Java 7 Update 7
Java™ SE Runtime Environment 6
Java™ SE Development Kit 7
Adobe Flash Player 11.4.402.265
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


# AdwCleaner v2.003 - Logfile created 09/24/2012 at 14:31:28
# Updated 23/09/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 1 (64 bits)
# User : Quackas - QUACKAS-PC
# Boot Mode : Normal
# Running from : C:\Users\Quackas\Desktop\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18000

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Quackas\AppData\Roaming\Mozilla\Firefox\Profiles\wclvtdyh.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Quackas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.0.1467.0

File : C:\Users\Quackas\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2841 octets] - [16/09/2012 15:57:58]
AdwCleaner[S2].txt - [1036 octets] - [24/09/2012 14:31:28]

########## EOF - C:\AdwCleaner[S2].txt - [1096 octets] ##########



RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User : Quackas [Admin rights]
Mode : Remove -- Date : 09/24/2012 14:54:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Quackas\AppData\Local\{f3e27f17-987c-cb35-021a-453beba5c464}\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{f3e27f17-987c-cb35-021a-453beba5c464}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{f3e27f17-987c-cb35-021a-453beba5c464}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Quackas\AppData\Local\{f3e27f17-987c-cb35-021a-453beba5c464}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Quackas\AppData\Local\{f3e27f17-987c-cb35-021a-453beba5c464}\L --> REMOVED
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe)

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM251JI +++++
--- User ---
[MBR] 2f9fb655f98ed61c82bfde008941b76a
[BSP] 540d939987dfc9b07dd6a624e52eeda9 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9676 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 19818496 | Size: 228797 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

My computer was running normally throughout the scanning process, by the log of the last it looks like I have zeroaccess root kit on my system :'(

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 24 September 2012 - 05:06 PM

Greetings Quackas

yes that is what you do have

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Quackas

Quackas
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 24 September 2012 - 06:15 PM

15:10:39.0309 3684 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:10:39.0730 3684 ============================================================
15:10:39.0730 3684 Current date / time: 2012/09/24 15:10:39.0730
15:10:39.0730 3684 SystemInfo:
15:10:39.0730 3684
15:10:39.0730 3684 OS Version: 6.0.6001 ServicePack: 1.0
15:10:39.0730 3684 Product type: Workstation
15:10:39.0730 3684 ComputerName: QUACKAS-PC
15:10:39.0730 3684 UserName: Quackas
15:10:39.0730 3684 Windows directory: C:\Windows
15:10:39.0730 3684 System windows directory: C:\Windows
15:10:39.0730 3684 Running under WOW64
15:10:39.0730 3684 Processor architecture: Intel x64
15:10:39.0730 3684 Number of processors: 2
15:10:39.0730 3684 Page size: 0x1000
15:10:39.0730 3684 Boot type: Normal boot
15:10:39.0730 3684 ============================================================
15:10:40.0229 3684 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:10:40.0229 3684 ============================================================
15:10:40.0229 3684 \Device\Harddisk0\DR0:
15:10:40.0229 3684 MBR partitions:
15:10:40.0229 3684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12E6800, BlocksNum 0x1BEDE970
15:10:40.0229 3684 ============================================================
15:10:40.0276 3684 C: <-> \Device\Harddisk0\DR0\Partition1
15:10:40.0276 3684 ============================================================
15:10:40.0276 3684 Initialize success
15:10:40.0276 3684 ============================================================
15:10:46.0048 3884 ============================================================
15:10:46.0048 3884 Scan started
15:10:46.0048 3884 Mode: Manual;
15:10:46.0048 3884 ============================================================
15:10:46.0344 3884 ================ Scan system memory ========================
15:10:46.0344 3884 System memory - ok
15:10:46.0344 3884 ================ Scan services =============================
15:10:46.0578 3884 [ 8C99ED256A889D647935A97C543B7B85 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:10:46.0578 3884 ACPI - ok
15:10:46.0750 3884 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:10:46.0750 3884 AdobeFlashPlayerUpdateSvc - ok
15:10:46.0797 3884 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:10:46.0797 3884 adp94xx - ok
15:10:46.0859 3884 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:10:46.0859 3884 adpahci - ok
15:10:46.0906 3884 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:10:46.0906 3884 adpu160m - ok
15:10:46.0953 3884 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:10:46.0953 3884 adpu320 - ok
15:10:47.0015 3884 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:10:47.0015 3884 AeLookupSvc - ok
15:10:47.0077 3884 [ 9BB97042FA331A0FB4BDD98B9280A50A ] AFD C:\Windows\system32\drivers\afd.sys
15:10:47.0093 3884 AFD - ok
15:10:47.0155 3884 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:10:47.0155 3884 agp440 - ok
15:10:47.0202 3884 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:10:47.0202 3884 aic78xx - ok
15:10:47.0249 3884 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
15:10:47.0249 3884 ALG - ok
15:10:47.0280 3884 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
15:10:47.0280 3884 aliide - ok
15:10:47.0327 3884 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
15:10:47.0327 3884 amdide - ok
15:10:47.0374 3884 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:10:47.0374 3884 AmdK8 - ok
15:10:47.0436 3884 [ 22FECB5B3DE1EB8B1B2761338922F681 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
15:10:47.0436 3884 ApfiltrService - ok
15:10:47.0483 3884 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
15:10:47.0483 3884 Appinfo - ok
15:10:47.0623 3884 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:10:47.0623 3884 Apple Mobile Device - ok
15:10:47.0655 3884 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
15:10:47.0655 3884 arc - ok
15:10:47.0701 3884 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:10:47.0701 3884 arcsas - ok
15:10:47.0733 3884 [ 59D2BA1B18F14D0B49B830DC452261B0 ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
15:10:47.0733 3884 ArcSoftKsUFilter - ok
15:10:47.0889 3884 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:10:47.0889 3884 aspnet_state - ok
15:10:47.0935 3884 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:10:47.0935 3884 AsyncMac - ok
15:10:47.0951 3884 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
15:10:47.0951 3884 atapi - ok
15:10:48.0091 3884 [ F3631CA5F0309EE4F941EA1E37E5CA60 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:10:48.0170 3884 atikmdag - ok
15:10:48.0217 3884 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:10:48.0217 3884 AudioEndpointBuilder - ok
15:10:48.0233 3884 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:10:48.0233 3884 AudioSrv - ok
15:10:48.0295 3884 [ BC4737AAFFA5964E4F8827C9B8C0EB8E ] BFE C:\Windows\System32\bfe.dll
15:10:48.0295 3884 BFE - ok
15:10:48.0358 3884 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:10:48.0358 3884 blbdrive - ok
15:10:48.0420 3884 [ F0F035FCEC3554CC1B70C5611BD87951 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:10:48.0420 3884 bowser - ok
15:10:48.0451 3884 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:10:48.0451 3884 BrFiltLo - ok
15:10:48.0482 3884 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:10:48.0482 3884 BrFiltUp - ok
15:10:48.0498 3884 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
15:10:48.0498 3884 Browser - ok
15:10:48.0529 3884 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
15:10:48.0529 3884 Brserid - ok
15:10:48.0576 3884 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:10:48.0576 3884 BrSerWdm - ok
15:10:48.0607 3884 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:10:48.0607 3884 BrUsbMdm - ok
15:10:48.0623 3884 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:10:48.0623 3884 BrUsbSer - ok
15:10:48.0670 3884 [ 471FF09330A53177BBE9FD6DDF8A8259 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
15:10:48.0670 3884 BthEnum - ok
15:10:48.0701 3884 [ 752FC84A394CA712D51DD9BD53F58E73 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:10:48.0701 3884 BTHMODEM - ok
15:10:48.0716 3884 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:10:48.0716 3884 BthPan - ok
15:10:48.0763 3884 [ 7D104F22C04A76F0D2F96F789AC07FCB ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
15:10:48.0779 3884 BTHPORT - ok
15:10:48.0826 3884 [ 90E967B4BB5556EDC9C2EA0EB653D1B2 ] BthServ C:\Windows\System32\bthserv.dll
15:10:48.0826 3884 BthServ - ok
15:10:48.0841 3884 [ D9324F0C142267961CE900BFC3798BB1 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
15:10:48.0857 3884 BTHUSB - ok
15:10:48.0888 3884 [ AF1D3519B4914100B07CC396020836F5 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
15:10:48.0888 3884 btwaudio - ok
15:10:48.0919 3884 [ 9B87DD0C292C857A3461739FC99BD9CA ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
15:10:48.0919 3884 btwavdt - ok
15:10:49.0013 3884 [ E090E9F1A10AB395B138357F2C600082 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
15:10:49.0028 3884 btwdins - ok
15:10:49.0060 3884 [ D33875CA5940F2E0ED06FB74D556E2DB ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
15:10:49.0060 3884 btwl2cap - ok
15:10:49.0075 3884 [ 09B9B17ED78E0307798CEB9904F1A4C5 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
15:10:49.0075 3884 btwrchid - ok
15:10:49.0075 3884 CAXHWAZL - ok
15:10:49.0106 3884 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:10:49.0106 3884 cdfs - ok
15:10:49.0122 3884 [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:10:49.0138 3884 cdrom - ok
15:10:49.0169 3884 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc C:\Windows\System32\certprop.dll
15:10:49.0169 3884 CertPropSvc - ok
15:10:49.0216 3884 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
15:10:49.0216 3884 circlass - ok
15:10:49.0278 3884 [ CAEDA2572B7042B11062F327F099251D ] CLFS C:\Windows\system32\CLFS.sys
15:10:49.0294 3884 CLFS - ok
15:10:49.0403 3884 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:10:49.0403 3884 clr_optimization_v2.0.50727_32 - ok
15:10:49.0465 3884 [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:10:49.0481 3884 clr_optimization_v2.0.50727_64 - ok
15:10:49.0574 3884 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:10:49.0574 3884 clr_optimization_v4.0.30319_32 - ok
15:10:49.0621 3884 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:10:49.0621 3884 clr_optimization_v4.0.30319_64 - ok
15:10:49.0684 3884 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:10:49.0684 3884 CmBatt - ok
15:10:49.0715 3884 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:10:49.0715 3884 cmdide - ok
15:10:49.0746 3884 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:10:49.0746 3884 Compbatt - ok
15:10:49.0746 3884 COMSysApp - ok
15:10:49.0840 3884 [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
15:10:49.0840 3884 cpudrv64 - ok
15:10:49.0980 3884 cpuz130 - ok
15:10:49.0996 3884 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:10:49.0996 3884 crcdisk - ok
15:10:50.0058 3884 [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:10:50.0058 3884 CryptSvc - ok
15:10:50.0105 3884 [ 52CDADE8289FF21F1F2215FF51A5F36C ] DcomLaunch C:\Windows\system32\rpcss.dll
15:10:50.0120 3884 DcomLaunch - ok
15:10:50.0167 3884 [ 3725C43C9E90731ECA651D506CC599A3 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:10:50.0183 3884 DfsC - ok
15:10:50.0292 3884 [ 1781F99840979EE7B126C9073C377FD0 ] DFSR C:\Windows\system32\DFSR.exe
15:10:50.0354 3884 DFSR - ok
15:10:50.0401 3884 [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:10:50.0417 3884 Dhcp - ok
15:10:50.0448 3884 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
15:10:50.0448 3884 disk - ok
15:10:50.0448 3884 DMICall - ok
15:10:50.0510 3884 [ DAF05293C1264E251D3A25E7E24B2DDF ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:10:50.0526 3884 Dnscache - ok
15:10:50.0542 3884 [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc C:\Windows\System32\dot3svc.dll
15:10:50.0557 3884 dot3svc - ok
15:10:50.0573 3884 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
15:10:50.0573 3884 DPS - ok
15:10:50.0604 3884 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:10:50.0604 3884 drmkaud - ok
15:10:50.0666 3884 [ 412964040CE920FF83AFF6B5B551BF99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:10:50.0682 3884 DXGKrnl - ok
15:10:50.0698 3884 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
15:10:50.0698 3884 E1G60 - ok
15:10:50.0729 3884 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
15:10:50.0729 3884 EapHost - ok
15:10:50.0760 3884 [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache C:\Windows\system32\drivers\ecache.sys
15:10:50.0760 3884 Ecache - ok
15:10:50.0838 3884 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:10:50.0838 3884 ehRecvr - ok
15:10:50.0885 3884 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
15:10:50.0885 3884 ehSched - ok
15:10:50.0900 3884 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
15:10:50.0900 3884 ehstart - ok
15:10:50.0947 3884 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:10:50.0963 3884 elxstor - ok
15:10:51.0025 3884 [ E4EB76D0A8FC43DB7F36302E1F33791F ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:10:51.0041 3884 EMDMgmt - ok
15:10:51.0072 3884 [ 12C061D9F9621BE916D58191872EC281 ] ENTECH64 C:\Windows\system32\DRIVERS\ENTECH64.sys
15:10:51.0088 3884 ENTECH64 - ok
15:10:51.0088 3884 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:10:51.0088 3884 ErrDev - ok
15:10:51.0228 3884 [ 6B1A97BF9FEFBDC83F3C7C7D0F826C66 ] EventSystem C:\Windows\system32\es.dll
15:10:51.0244 3884 EventSystem - ok
15:10:51.0431 3884 [ 87C42A7743B6B2CCE5EC29A2EAD26662 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:10:51.0446 3884 EvtEng - ok
15:10:51.0602 3884 [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat C:\Windows\system32\drivers\exfat.sys
15:10:51.0618 3884 exfat - ok
15:10:51.0665 3884 [ FE731D345ED9EEABBC72A59B35941834 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:10:51.0665 3884 fastfat - ok
15:10:51.0743 3884 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:10:51.0743 3884 fdc - ok
15:10:51.0821 3884 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
15:10:51.0821 3884 fdPHost - ok
15:10:51.0899 3884 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
15:10:51.0899 3884 FDResPub - ok
15:10:51.0977 3884 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:10:51.0992 3884 FileInfo - ok
15:10:52.0055 3884 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:10:52.0070 3884 Filetrace - ok
15:10:52.0148 3884 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:10:52.0164 3884 flpydisk - ok
15:10:52.0273 3884 [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:10:52.0289 3884 FltMgr - ok
15:10:52.0367 3884 [ 73D0F1D32EDAE3DCC4E84468BF910ADD ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:10:52.0367 3884 FontCache3.0.0.0 - ok
15:10:52.0429 3884 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:10:52.0429 3884 Fs_Rec - ok
15:10:52.0507 3884 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:10:52.0554 3884 gagp30kx - ok
15:10:52.0601 3884 [ D279181E1CF2D85D31CDCFFD56B16795 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:10:52.0601 3884 GEARAspiWDM - ok
15:10:52.0679 3884 [ 3EE179E233EE2B87047570B233D3284F ] getPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
15:10:52.0679 3884 getPlusHelper - ok
15:10:52.0741 3884 [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc C:\Windows\System32\gpsvc.dll
15:10:52.0757 3884 gpsvc - ok
15:10:52.0757 3884 gupdate - ok
15:10:52.0788 3884 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:10:52.0804 3884 HdAudAddService - ok
15:10:52.0819 3884 [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:10:52.0819 3884 HDAudBus - ok
15:10:52.0850 3884 [ 99D256CB6C8F7174B6ADC3EB19E4EB29 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:10:52.0866 3884 HidBth - ok
15:10:52.0866 3884 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:10:52.0866 3884 HidIr - ok
15:10:52.0913 3884 [ 0AA154538544E988429DA2D5AA803A6C ] hidserv C:\Windows\System32\hidserv.dll
15:10:52.0913 3884 hidserv - ok
15:10:52.0960 3884 [ 59A7B5E13356C20D67983868242167C5 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:10:52.0960 3884 HidUsb - ok
15:10:52.0991 3884 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
15:10:52.0991 3884 hkmsvc - ok
15:10:53.0006 3884 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:10:53.0006 3884 HpCISSs - ok
15:10:53.0053 3884 [ 57BA73B5B321291E5114CB21350E1EA0 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:10:53.0053 3884 HSFHWAZL - ok
15:10:53.0116 3884 [ E6CD7F641916484B0141D191A390D866 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:10:53.0147 3884 HSF_DPV - ok
15:10:53.0225 3884 [ E690736DA6C543F5D99C8FA27BEA31DB ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:10:53.0225 3884 HTTP - ok
15:10:53.0256 3884 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:10:53.0256 3884 i2omp - ok
15:10:53.0287 3884 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:10:53.0287 3884 i8042prt - ok
15:10:53.0334 3884 [ 8D58627FEF3F8767665D9F4DC91CBD97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:10:53.0350 3884 iaStor - ok
15:10:53.0381 3884 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:10:53.0381 3884 iaStorV - ok
15:10:53.0474 3884 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:10:53.0490 3884 IDriverT - ok
15:10:53.0568 3884 [ 76EA63CDB2D88DAE7209691D089BEF1D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:10:53.0584 3884 idsvc - ok
15:10:53.0849 3884 [ 51D1FC6B0D4C3855A75D167DA9D87BBA ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:10:54.0067 3884 igfx - ok
15:10:54.0098 3884 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:10:54.0098 3884 iirsp - ok
15:10:54.0161 3884 [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT C:\Windows\System32\ikeext.dll
15:10:54.0176 3884 IKEEXT - ok
15:10:54.0254 3884 [ B3FB479A7C0626499EB5989BC087CF8D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:10:54.0270 3884 IntcAzAudAddService - ok
15:10:54.0317 3884 [ BD37227C07179B1040A8896B9C0C146B ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
15:10:54.0317 3884 IntcHdmiAddService - ok
15:10:54.0348 3884 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
15:10:54.0348 3884 intelide - ok
15:10:54.0395 3884 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:10:54.0395 3884 intelppm - ok
15:10:54.0410 3884 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:10:54.0410 3884 IPBusEnum - ok
15:10:54.0426 3884 [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:10:54.0442 3884 IpFilterDriver - ok
15:10:54.0504 3884 [ 3A0427F35E7F8C16BBC5B1BE32B8DE76 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:10:54.0504 3884 iphlpsvc - ok
15:10:54.0520 3884 IpInIp - ok
15:10:54.0535 3884 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:10:54.0535 3884 IPMIDRV - ok
15:10:54.0566 3884 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:10:54.0566 3884 IPNAT - ok
15:10:54.0582 3884 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:10:54.0582 3884 IRENUM - ok
15:10:54.0613 3884 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:10:54.0613 3884 isapnp - ok
15:10:54.0660 3884 [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:10:54.0660 3884 iScsiPrt - ok
15:10:54.0691 3884 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:10:54.0691 3884 iteatapi - ok
15:10:54.0722 3884 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:10:54.0722 3884 iteraid - ok
15:10:54.0769 3884 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:10:54.0769 3884 IviRegMgr - ok
15:10:54.0816 3884 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:10:54.0816 3884 kbdclass - ok
15:10:54.0832 3884 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:10:54.0832 3884 kbdhid - ok
15:10:54.0878 3884 [ 80F4593E92FF960E4763380D3168E498 ] KeyIso C:\Windows\system32\lsass.exe
15:10:54.0878 3884 KeyIso - ok
15:10:54.0925 3884 [ CCDCCE6224E1E207E953AF826B98A9D9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:10:54.0925 3884 KSecDD - ok
15:10:54.0956 3884 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:10:54.0956 3884 ksthunk - ok
15:10:55.0003 3884 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
15:10:55.0003 3884 KtmRm - ok
15:10:55.0050 3884 [ 3F27C9CDAE606D74431E3AB39571A7F3 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:10:55.0066 3884 LanmanServer - ok
15:10:55.0081 3884 [ 6E25FFC6FEAD6544C6E9F1D23329570C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:10:55.0081 3884 LanmanWorkstation - ok
15:10:55.0206 3884 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:10:55.0222 3884 LBTServ - ok
15:10:55.0284 3884 [ ED7EC050CD6C20E1A93A4DAFB7EFD14D ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
15:10:55.0284 3884 LEqdUsb - ok
15:10:55.0300 3884 [ 3267BC698E29474A8381E68904EB0390 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
15:10:55.0300 3884 LHidEqd - ok
15:10:55.0362 3884 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:10:55.0362 3884 LHidFilt - ok
15:10:55.0362 3884 libusb0 - ok
15:10:55.0378 3884 libusbd - ok
15:10:55.0409 3884 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:10:55.0409 3884 lltdio - ok
15:10:55.0456 3884 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:10:55.0471 3884 lltdsvc - ok
15:10:55.0487 3884 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:10:55.0487 3884 lmhosts - ok
15:10:55.0502 3884 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:10:55.0518 3884 LMouFilt - ok
15:10:55.0534 3884 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:10:55.0534 3884 LSI_FC - ok
15:10:55.0565 3884 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:10:55.0565 3884 LSI_SAS - ok
15:10:55.0612 3884 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:10:55.0612 3884 LSI_SCSI - ok
15:10:55.0627 3884 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
15:10:55.0627 3884 luafv - ok
15:10:55.0721 3884 [ EC470D91EF06A59397EDC18D48899CC5 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
15:10:55.0736 3884 MatSvc - ok
15:10:55.0814 3884 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:10:55.0814 3884 MBAMScheduler - ok
15:10:55.0830 3884 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:10:55.0830 3884 Mcx2Svc - ok
15:10:55.0830 3884 mdmxsdk - ok
15:10:55.0861 3884 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
15:10:55.0861 3884 megasas - ok
15:10:55.0892 3884 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:10:55.0908 3884 MegaSR - ok
15:10:56.0017 3884 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:10:56.0017 3884 Microsoft Office Groove Audit Service - ok
15:10:56.0064 3884 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
15:10:56.0064 3884 MMCSS - ok
15:10:56.0095 3884 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
15:10:56.0095 3884 Modem - ok
15:10:56.0111 3884 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:10:56.0111 3884 monitor - ok
15:10:56.0111 3884 MotioninJoyUSBFilter - ok
15:10:56.0173 3884 [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
15:10:56.0173 3884 MotioninJoyXFilter - ok
15:10:56.0189 3884 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:10:56.0204 3884 mouclass - ok
15:10:56.0220 3884 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:10:56.0220 3884 mouhid - ok
15:10:56.0267 3884 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:10:56.0267 3884 MountMgr - ok
15:10:56.0376 3884 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:10:56.0376 3884 MozillaMaintenance - ok
15:10:56.0407 3884 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
15:10:56.0407 3884 mpio - ok
15:10:56.0454 3884 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:10:56.0454 3884 mpsdrv - ok
15:10:56.0516 3884 [ 8A670648C755867A3AA38DA50BA569AA ] MpsSvc C:\Windows\system32\mpssvc.dll
15:10:56.0532 3884 MpsSvc - ok
15:10:56.0579 3884 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:10:56.0579 3884 Mraid35x - ok
15:10:56.0594 3884 [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:10:56.0594 3884 MRxDAV - ok
15:10:56.0657 3884 [ B698EB9ACC7ECD4927D99D268918F912 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:10:56.0657 3884 mrxsmb - ok
15:10:56.0672 3884 [ 9A797E27FD28500EE13D43000C931435 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:10:56.0688 3884 mrxsmb10 - ok
15:10:56.0704 3884 [ F9425D610712533107A264E2D5B2154B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:10:56.0704 3884 mrxsmb20 - ok
15:10:56.0719 3884 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
15:10:56.0719 3884 msahci - ok
15:10:56.0828 3884 [ A99D2C7E30AD63EF920A894131CAF5F7 ] MSCSPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
15:10:56.0828 3884 MSCSPTISRV - ok
15:10:56.0860 3884 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:10:56.0860 3884 msdsm - ok
15:10:56.0906 3884 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
15:10:56.0906 3884 MSDTC - ok
15:10:56.0938 3884 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:10:56.0938 3884 Msfs - ok
15:10:56.0953 3884 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:10:56.0953 3884 msisadrv - ok
15:10:57.0016 3884 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:10:57.0016 3884 MSiSCSI - ok
15:10:57.0031 3884 msiserver - ok
15:10:57.0062 3884 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:10:57.0062 3884 MSKSSRV - ok
15:10:57.0078 3884 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:10:57.0078 3884 MSPCLOCK - ok
15:10:57.0109 3884 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:10:57.0109 3884 MSPQM - ok
15:10:57.0140 3884 [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:10:57.0140 3884 MsRPC - ok
15:10:57.0172 3884 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:10:57.0172 3884 mssmbios - ok
15:10:57.0203 3884 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:10:57.0203 3884 MSTEE - ok
15:10:57.0218 3884 [ DDF133501F68D6988A0F55DFA88637B4 ] Mup C:\Windows\system32\Drivers\mup.sys
15:10:57.0218 3884 Mup - ok
15:10:57.0265 3884 [ C25022CDD18980846973B598900915F8 ] napagent C:\Windows\system32\qagentRT.dll
15:10:57.0265 3884 napagent - ok
15:10:57.0343 3884 [ 73B99C98FA3A2ED1566E02D6FE1913A5 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:10:57.0343 3884 NativeWifiP - ok
15:10:57.0390 3884 [ 2A2EE457AF36C5C9A6808C768BD3A12B ] NDIS C:\Windows\system32\drivers\ndis.sys
15:10:57.0406 3884 NDIS - ok
15:10:57.0421 3884 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:10:57.0421 3884 NdisTapi - ok
15:10:57.0437 3884 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:10:57.0437 3884 Ndisuio - ok
15:10:57.0468 3884 [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:10:57.0468 3884 NdisWan - ok
15:10:57.0499 3884 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:10:57.0499 3884 NDProxy - ok
15:10:57.0515 3884 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:10:57.0515 3884 NetBIOS - ok
15:10:57.0530 3884 [ 7A29CA243A629230799754162D80120F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:10:57.0530 3884 netbt - ok
15:10:57.0577 3884 [ 80F4593E92FF960E4763380D3168E498 ] Netlogon C:\Windows\system32\lsass.exe
15:10:57.0577 3884 Netlogon - ok
15:10:57.0624 3884 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
15:10:57.0624 3884 Netman - ok
15:10:57.0733 3884 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:10:57.0749 3884 NetMsmqActivator - ok
15:10:57.0749 3884 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:10:57.0749 3884 NetPipeActivator - ok
15:10:57.0780 3884 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
15:10:57.0780 3884 netprofm - ok
15:10:57.0796 3884 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:10:57.0796 3884 NetTcpActivator - ok
15:10:57.0796 3884 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:10:57.0796 3884 NetTcpPortSharing - ok
15:10:57.0796 3884 NETw5v64 - ok
15:10:58.0030 3884 [ B72C97693A13E7C5806F05ADFDB2388D ] NETwNv64 C:\Windows\system32\DRIVERS\NETwNv64.sys
15:10:58.0217 3884 NETwNv64 - ok
15:10:58.0279 3884 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:10:58.0279 3884 nfrd960 - ok
15:10:58.0326 3884 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
15:10:58.0326 3884 NlaSvc - ok
15:10:58.0357 3884 [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:10:58.0373 3884 Npfs - ok
15:10:58.0420 3884 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
15:10:58.0420 3884 nsi - ok
15:10:58.0451 3884 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:10:58.0451 3884 nsiproxy - ok
15:10:58.0513 3884 [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:10:58.0544 3884 Ntfs - ok
15:10:58.0560 3884 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
15:10:58.0560 3884 Null - ok
15:10:58.0591 3884 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:10:58.0591 3884 nvraid - ok
15:10:58.0654 3884 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:10:58.0654 3884 nvstor - ok
15:10:58.0685 3884 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:10:58.0700 3884 nv_agp - ok
15:10:58.0700 3884 NwlnkFlt - ok
15:10:58.0700 3884 NwlnkFwd - ok
15:10:58.0794 3884 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:10:58.0810 3884 odserv - ok
15:10:58.0825 3884 [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:10:58.0825 3884 ohci1394 - ok
15:10:58.0872 3884 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:10:58.0872 3884 ose - ok
15:10:58.0919 3884 [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:10:58.0950 3884 p2pimsvc - ok
15:10:58.0966 3884 [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc C:\Windows\system32\p2psvc.dll
15:10:58.0966 3884 p2psvc - ok
15:10:59.0012 3884 [ 41C33FB4FD929FED732A00D2DAEF5BE0 ] PACSPTISVR C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
15:10:59.0012 3884 PACSPTISVR - ok
15:10:59.0028 3884 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
15:10:59.0044 3884 Parport - ok
15:10:59.0059 3884 [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:10:59.0059 3884 partmgr - ok
15:10:59.0075 3884 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
15:10:59.0075 3884 PcaSvc - ok
15:10:59.0090 3884 [ 2A5B2A51559066EA84742909B5B2CD69 ] pci C:\Windows\system32\drivers\pci.sys
15:10:59.0106 3884 pci - ok
15:10:59.0106 3884 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
15:10:59.0106 3884 pciide - ok
15:10:59.0153 3884 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:10:59.0153 3884 pcmcia - ok
15:10:59.0200 3884 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:10:59.0215 3884 PEAUTH - ok
15:10:59.0309 3884 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:10:59.0324 3884 PerfHost - ok
15:10:59.0434 3884 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
15:10:59.0465 3884 pla - ok
15:10:59.0512 3884 [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:10:59.0512 3884 PlugPlay - ok
15:10:59.0543 3884 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:10:59.0543 3884 PNRPAutoReg - ok
15:10:59.0558 3884 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:10:59.0574 3884 PNRPsvc - ok
15:10:59.0636 3884 [ EEF3688D5E9592CBBBED00DE71DDA1EF ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:10:59.0636 3884 PolicyAgent - ok
15:10:59.0683 3884 [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:10:59.0683 3884 PptpMiniport - ok
15:10:59.0699 3884 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
15:10:59.0699 3884 Processor - ok
15:10:59.0777 3884 [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc C:\Windows\system32\profsvc.dll
15:10:59.0777 3884 ProfSvc - ok
15:10:59.0808 3884 [ 80F4593E92FF960E4763380D3168E498 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:10:59.0808 3884 ProtectedStorage - ok
15:10:59.0855 3884 [ 0E0E205A296095FE4C631E6A4775AD6C ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:10:59.0855 3884 PSched - ok
15:10:59.0886 3884 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
15:10:59.0886 3884 PxHlpa64 - ok
15:10:59.0933 3884 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:10:59.0964 3884 ql2300 - ok
15:10:59.0980 3884 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:10:59.0980 3884 ql40xx - ok
15:10:59.0995 3884 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
15:11:00.0011 3884 QWAVE - ok
15:11:00.0026 3884 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:11:00.0026 3884 QWAVEdrv - ok
15:11:00.0058 3884 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:11:00.0058 3884 RasAcd - ok
15:11:00.0104 3884 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
15:11:00.0104 3884 RasAuto - ok
15:11:00.0136 3884 [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:11:00.0136 3884 Rasl2tp - ok
15:11:00.0167 3884 [ 2A63D46B01685FD4BE9778CA3C231C2D ] RasMan C:\Windows\System32\rasmans.dll
15:11:00.0167 3884 RasMan - ok
15:11:00.0182 3884 [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:11:00.0182 3884 RasPppoe - ok
15:11:00.0214 3884 [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:11:00.0214 3884 RasSstp - ok
15:11:00.0229 3884 [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:11:00.0245 3884 rdbss - ok
15:11:00.0260 3884 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:11:00.0260 3884 RDPCDD - ok
15:11:00.0276 3884 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:11:00.0292 3884 rdpdr - ok
15:11:00.0307 3884 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:11:00.0307 3884 RDPENCDD - ok
15:11:00.0354 3884 [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:11:00.0354 3884 RDPWD - ok
15:11:00.0479 3884 [ 23120A62DFA0109FDED9218BE5F7D460 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:11:00.0479 3884 RegSrvc - ok
15:11:00.0557 3884 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:11:00.0557 3884 RemoteAccess - ok
15:11:00.0604 3884 [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:11:00.0604 3884 RemoteRegistry - ok
15:11:00.0619 3884 [ 72C35598BA591ABDDC37FCE7D26FE1C4 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:11:00.0619 3884 RFCOMM - ok
15:11:00.0666 3884 [ D345AE15FA0AD4BD8D647C5509714858 ] rimsptsk C:\Windows\system32\DRIVERS\rimssn64.sys
15:11:00.0682 3884 rimsptsk - ok
15:11:00.0728 3884 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
15:11:00.0728 3884 RimUsb - ok
15:11:00.0775 3884 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
15:11:00.0775 3884 RimVSerPort - ok
15:11:00.0806 3884 [ C45CD294458FED92E9CC1C68768E9356 ] risdptsk C:\Windows\system32\DRIVERS\risdsn64.sys
15:11:00.0806 3884 risdptsk - ok
15:11:00.0822 3884 [ 6A0CF73B019CBC9255E23C9192EC3702 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
15:11:00.0822 3884 ROOTMODEM - ok
15:11:00.0838 3884 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
15:11:00.0838 3884 RpcLocator - ok
15:11:00.0916 3884 [ 52CDADE8289FF21F1F2215FF51A5F36C ] RpcSs C:\Windows\system32\rpcss.dll
15:11:00.0916 3884 RpcSs - ok
15:11:00.0947 3884 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:11:00.0947 3884 rspndr - ok
15:11:00.0978 3884 [ BFF15B0D6B0567C88306B66DAC264C41 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
15:11:00.0978 3884 RTHDMIAzAudService - ok
15:11:00.0994 3884 [ 3437AD70E6D813C2A350B216DE7FFCEE ] RtkAudioService C:\Windows\RtkAudioService.exe
15:11:00.0994 3884 RtkAudioService - ok
15:11:01.0009 3884 [ 80F4593E92FF960E4763380D3168E498 ] SamSs C:\Windows\system32\lsass.exe
15:11:01.0009 3884 SamSs - ok
15:11:01.0040 3884 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:11:01.0040 3884 sbp2port - ok
15:11:01.0072 3884 [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:11:01.0087 3884 SCardSvr - ok
15:11:01.0118 3884 [ 7FB7A7448D6D3609724C3E5BD7A90F8E ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
15:11:01.0118 3884 SCDEmu - ok
15:11:01.0196 3884 [ CE75D26E0A1106129F4D156851E298ED ] Schedule C:\Windows\system32\schedsvc.dll
15:11:01.0212 3884 Schedule - ok
15:11:01.0259 3884 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:11:01.0259 3884 SCPolicySvc - ok
15:11:01.0290 3884 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:11:01.0290 3884 sdbus - ok
15:11:01.0306 3884 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:11:01.0321 3884 SDRSVC - ok
15:11:01.0337 3884 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:11:01.0337 3884 secdrv - ok
15:11:01.0352 3884 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
15:11:01.0352 3884 seclogon - ok
15:11:01.0384 3884 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
15:11:01.0384 3884 SENS - ok
15:11:01.0399 3884 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:11:01.0399 3884 Serenum - ok
15:11:01.0430 3884 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
15:11:01.0430 3884 Serial - ok
15:11:01.0446 3884 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:11:01.0446 3884 sermouse - ok
15:11:01.0508 3884 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
15:11:01.0508 3884 SessionEnv - ok
15:11:01.0555 3884 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
15:11:01.0555 3884 SFEP - ok
15:11:01.0571 3884 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:11:01.0571 3884 sffdisk - ok
15:11:01.0618 3884 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:11:01.0618 3884 sffp_mmc - ok
15:11:01.0633 3884 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:11:01.0633 3884 sffp_sd - ok
15:11:01.0680 3884 [ 40567781F0785C4A69411D1B40DA8987 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:11:01.0680 3884 sfloppy - ok
15:11:01.0742 3884 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:11:01.0742 3884 SharedAccess - ok
15:11:01.0805 3884 [ 9235EC680D3DB17464B39C7C7DECB4DD ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:11:01.0820 3884 ShellHWDetection - ok
15:11:01.0836 3884 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:11:01.0836 3884 SiSRaid2 - ok
15:11:01.0883 3884 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:11:01.0883 3884 SiSRaid4 - ok
15:11:01.0961 3884 [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc C:\Windows\system32\SLsvc.exe
15:11:02.0008 3884 slsvc - ok
15:11:02.0039 3884 [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:11:02.0054 3884 SLUINotify - ok
15:11:02.0117 3884 [ 327383124D31AC398B98F4AE300421E8 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
15:11:02.0117 3884 SmartDefragDriver - ok
15:11:02.0164 3884 [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:11:02.0164 3884 Smb - ok
15:11:02.0210 3884 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:11:02.0226 3884 SNMPTRAP - ok
15:11:02.0335 3884 [ DC826AFFA608F50C385BCA4C71EF1BDD ] SOHCImp C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
15:11:02.0335 3884 SOHCImp - ok
15:11:02.0366 3884 [ 1EC739F65C51FA1C7AC4502464A3C3A8 ] SOHDms C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
15:11:02.0366 3884 SOHDms - ok
15:11:02.0413 3884 [ EC8FAB4AC684445D6032AA5C6E77CA2E ] SOHDs C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
15:11:02.0413 3884 SOHDs - ok
15:11:02.0460 3884 [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr C:\Windows\system32\drivers\spldr.sys
15:11:02.0460 3884 spldr - ok
15:11:02.0522 3884 [ 92E6738D25C2123BE9515C0EAC0776CD ] Spooler C:\Windows\System32\spoolsv.exe
15:11:02.0522 3884 Spooler - ok
15:11:02.0585 3884 [ F63102F289AE2039940B22E9B2A8E0BD ] SPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
15:11:02.0585 3884 SPTISRV - ok
15:11:02.0663 3884 [ A8ABD7D0D907B45CF3831F4DD8644349 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:11:02.0678 3884 srv - ok
15:11:02.0756 3884 [ 6C72EEA39E1C37B436A6D1532999F9EC ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:11:02.0756 3884 srv2 - ok
15:11:02.0788 3884 [ 7F69BCF9E6FA3D93C82EE6B87812666D ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:11:02.0788 3884 srvnet - ok
15:11:02.0881 3884 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:11:02.0881 3884 SSDPSRV - ok
15:11:02.0975 3884 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:11:02.0975 3884 SstpSvc - ok
15:11:03.0084 3884 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
15:11:03.0084 3884 StarWindServiceAE - ok
15:11:03.0115 3884 Steam Client Service - ok
15:11:03.0193 3884 [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc C:\Windows\System32\wiaservc.dll
15:11:03.0193 3884 stisvc - ok
15:11:03.0240 3884 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:11:03.0240 3884 swenum - ok
15:11:03.0318 3884 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:11:03.0334 3884 SwitchBoard - ok
15:11:03.0396 3884 [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv C:\Windows\System32\swprv.dll
15:11:03.0412 3884 swprv - ok
15:11:03.0427 3884 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:11:03.0427 3884 Symc8xx - ok
15:11:03.0443 3884 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:11:03.0443 3884 Sym_hi - ok
15:11:03.0505 3884 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:11:03.0505 3884 Sym_u3 - ok
15:11:03.0552 3884 [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain C:\Windows\system32\sysmain.dll
15:11:03.0568 3884 SysMain - ok
15:11:03.0599 3884 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:11:03.0599 3884 TabletInputService - ok
15:11:03.0630 3884 [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv C:\Windows\System32\tapisrv.dll
15:11:03.0630 3884 TapiSrv - ok
15:11:03.0677 3884 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
15:11:03.0677 3884 TBS - ok
15:11:03.0770 3884 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:11:03.0802 3884 Tcpip - ok
15:11:03.0833 3884 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:11:03.0848 3884 Tcpip6 - ok
15:11:03.0911 3884 [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:11:03.0911 3884 tcpipreg - ok
15:11:03.0942 3884 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:11:03.0942 3884 TDPIPE - ok
15:11:03.0958 3884 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:11:03.0958 3884 TDTCP - ok
15:11:03.0989 3884 [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:11:03.0989 3884 tdx - ok
15:11:04.0004 3884 [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:11:04.0004 3884 TermDD - ok
15:11:04.0036 3884 [ F870A5589D6A94B426EFB13689023946 ] TermService C:\Windows\System32\termsrv.dll
15:11:04.0051 3884 TermService - ok
15:11:04.0082 3884 [ 9235EC680D3DB17464B39C7C7DECB4DD ] Themes C:\Windows\system32\shsvcs.dll
15:11:04.0082 3884 Themes - ok
15:11:04.0129 3884 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
15:11:04.0129 3884 THREADORDER - ok
15:11:04.0160 3884 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
15:11:04.0160 3884 TrkWks - ok
15:11:04.0223 3884 [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:11:04.0223 3884 TrustedInstaller - ok
15:11:04.0254 3884 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:11:04.0254 3884 tssecsrv - ok
15:11:04.0270 3884 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:11:04.0270 3884 tunmp - ok
15:11:04.0332 3884 [ 2DC2C423572946E9A3131425BDA73CB6 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:11:04.0332 3884 tunnel - ok
15:11:04.0348 3884 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:11:04.0348 3884 uagp35 - ok
15:11:04.0410 3884 [ A1CDF0E7CB409B05EE22F9035CB33C8B ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
15:11:04.0410 3884 uCamMonitor - ok
15:11:04.0441 3884 [ ECA6629E33F122AFFF18A2AB7C3EB033 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:11:04.0441 3884 udfs - ok
15:11:04.0472 3884 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:11:04.0472 3884 UI0Detect - ok
15:11:04.0488 3884 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:11:04.0488 3884 uliagpkx - ok
15:11:04.0519 3884 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:11:04.0519 3884 uliahci - ok
15:11:04.0535 3884 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:11:04.0535 3884 UlSata - ok
15:11:04.0550 3884 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:11:04.0550 3884 ulsata2 - ok
15:11:04.0582 3884 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:11:04.0582 3884 umbus - ok
15:11:04.0597 3884 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
15:11:04.0613 3884 upnphost - ok
15:11:04.0675 3884 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:11:04.0675 3884 USBAAPL64 - ok
15:11:04.0722 3884 [ C899FB269BE4740DBE2801B204CD71D4 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:11:04.0722 3884 usbaudio - ok
15:11:04.0738 3884 [ A0059D8567E8D35C6C309C2BDEE7C038 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:11:04.0738 3884 usbccgp - ok
15:11:04.0784 3884 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:11:04.0784 3884 usbcir - ok
15:11:04.0816 3884 [ C58475C202872EEA514B1BD84467F016 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:11:04.0816 3884 usbehci - ok
15:11:04.0847 3884 [ 3EB01DE26C19576B04D39257ADC57D06 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:11:04.0847 3884 usbhub - ok
15:11:04.0862 3884 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:11:04.0862 3884 usbohci - ok
15:11:04.0909 3884 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:11:04.0909 3884 usbprint - ok
15:11:04.0956 3884 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:11:04.0956 3884 usbscan - ok
15:11:05.0018 3884 [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:11:05.0018 3884 USBSTOR - ok
15:11:05.0034 3884 [ 9C51A73704BF805A413F13F216BEFEE2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:11:05.0050 3884 usbuhci - ok
15:11:05.0065 3884 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:11:05.0081 3884 usbvideo - ok
15:11:05.0112 3884 [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms C:\Windows\System32\uxsms.dll
15:11:05.0112 3884 UxSms - ok
15:11:05.0174 3884 [ 2A640DC735CB0112AC1DCD1E1549B27E ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
15:11:05.0174 3884 VAIO Entertainment TV Device Arbitration Service - ok
15:11:05.0237 3884 [ 693A3FDD279C345105FFF9DDE277849B ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
15:11:05.0237 3884 VAIO Event Service - ok
15:11:05.0299 3884 [ 564558B7CF97BE373A3A800B4C4C5221 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
15:11:05.0315 3884 VAIO Power Management - ok
15:11:05.0377 3884 [ CBCBE2233D21E9B278F95F5CB28BC8AE ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
15:11:05.0393 3884 VCFw - ok
15:11:05.0455 3884 [ 27888F132D2EE0B72B28093A5F5F20EB ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
15:11:05.0455 3884 VcmIAlzMgr - ok
15:11:05.0549 3884 [ 5D45AB08C70F789CECF45543C3233767 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
15:11:05.0549 3884 VcmXmlIfHelper - ok
15:11:05.0549 3884 Vcsw - ok
15:11:05.0611 3884 [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds C:\Windows\System32\vds.exe
15:11:05.0611 3884 vds - ok
15:11:05.0642 3884 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:11:05.0642 3884 vga - ok
15:11:05.0658 3884 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:11:05.0658 3884 VgaSave - ok
15:11:05.0705 3884 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
15:11:05.0705 3884 viaide - ok
15:11:05.0767 3884 [ C6F8FBDE19960E0B172CD76D2677F5E2 ] vmm C:\Windows\system32\Drivers\vmm.sys
15:11:05.0767 3884 vmm - ok
15:11:05.0783 3884 [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:11:05.0783 3884 volmgr - ok
15:11:05.0830 3884 [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:11:05.0830 3884 volmgrx - ok
15:11:05.0876 3884 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:11:05.0876 3884 volsnap - ok
15:11:05.0908 3884 [ 6BDCA00FC57CC40DA3C8E88B2CEA21AB ] VPCNetS2 C:\Windows\system32\DRIVERS\VMNetSrv.sys
15:11:05.0908 3884 VPCNetS2 - ok
15:11:05.0939 3884 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:11:05.0939 3884 vsmraid - ok
15:11:06.0017 3884 [ 186BD53F8A408AD20F5A056C05678629 ] VSS C:\Windows\system32\vssvc.exe
15:11:06.0048 3884 VSS - ok
15:11:06.0095 3884 [ 071634532066C2E29350D450C3412837 ] VzCdbSvc C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
15:11:06.0095 3884 VzCdbSvc - ok
15:11:06.0126 3884 [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time C:\Windows\system32\w32time.dll
15:11:06.0126 3884 W32Time - ok
15:11:06.0157 3884 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:11:06.0173 3884 WacomPen - ok
15:11:06.0188 3884 [ AEA75207E443C8623C36B8D03596F84F ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:11:06.0188 3884 Wanarp - ok
15:11:06.0188 3884 [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:11:06.0188 3884 Wanarpv6 - ok
15:11:06.0220 3884 [ 055449247C490E24B968B44FE8A969EB ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:11:06.0235 3884 wcncsvc - ok
15:11:06.0266 3884 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:11:06.0266 3884 WcsPlugInService - ok
15:11:06.0266 3884 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
15:11:06.0282 3884 Wd - ok
15:11:06.0329 3884 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:11:06.0344 3884 Wdf01000 - ok
15:11:06.0360 3884 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:11:06.0360 3884 WdiServiceHost - ok
15:11:06.0376 3884 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:11:06.0376 3884 WdiSystemHost - ok
15:11:06.0422 3884 [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient C:\Windows\System32\webclnt.dll
15:11:06.0422 3884 WebClient - ok
15:11:06.0485 3884 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:11:06.0485 3884 Wecsvc - ok
15:11:06.0516 3884 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:11:06.0516 3884 wercplsupport - ok
15:11:06.0563 3884 [ FC25242B3BCAF7E84D9184082274AE08 ] WerSvc C:\Windows\System32\WerSvc.dll
15:11:06.0578 3884 WerSvc - ok
15:11:06.0610 3884 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
15:11:06.0610 3884 WimFltr - ok
15:11:06.0656 3884 [ B5C348B265178FB9EE55ADDB3929485D ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:11:06.0672 3884 winachsf - ok
15:11:06.0719 3884 WinDefend - ok
15:11:06.0719 3884 WinHttpAutoProxySvc - ok
15:11:06.0797 3884 [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:11:06.0797 3884 Winmgmt - ok
15:11:06.0890 3884 WinRing0_1_2_0 - ok
15:11:06.0984 3884 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
15:11:07.0015 3884 WinRM - ok
15:11:07.0109 3884 [ 0A69955261C1B54206ADC9BEB89517DE ] Wlansvc C:\Windows\System32\wlansvc.dll
15:11:07.0109 3884 Wlansvc - ok
15:11:07.0234 3884 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:11:07.0265 3884 wlidsvc - ok
15:11:07.0312 3884 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:11:07.0312 3884 WmiAcpi - ok
15:11:07.0358 3884 [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:11:07.0374 3884 wmiApSrv - ok
15:11:07.0436 3884 WMPNetworkSvc - ok
15:11:07.0468 3884 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:11:07.0468 3884 WPCSvc - ok
15:11:07.0499 3884 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:11:07.0499 3884 WPDBusEnum - ok
15:11:07.0546 3884 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:11:07.0546 3884 WpdUsb - ok
15:11:07.0764 3884 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:11:07.0795 3884 WPFFontCache_v0400 - ok
15:11:07.0826 3884 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:11:07.0826 3884 ws2ifsl - ok
15:11:07.0889 3884 [ CB8EA6D95949384925CCFCA21CC6DFD8 ] wscsvc C:\Windows\System32\wscsvc.dll
15:11:07.0920 3884 wscsvc - ok
15:11:07.0920 3884 WSearch - ok
15:11:08.0060 3884 [ FB3796754FE00F0BDC87A36F164A5F4D ] wuauserv C:\Windows\system32\wuaueng.dll
15:11:08.0107 3884 wuauserv - ok
15:11:08.0123 3884 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:11:08.0123 3884 WUDFRd - ok
15:11:08.0201 3884 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:11:08.0201 3884 wudfsvc - ok
15:11:08.0248 3884 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
15:11:08.0248 3884 xusb21 - ok
15:11:08.0279 3884 [ 3C5B0410FABA5B1014EEFEEE77E1296A ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
15:11:08.0294 3884 yukonx64 - ok
15:11:08.0310 3884 ================ Scan global ===============================
15:11:08.0388 3884 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
15:11:08.0435 3884 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
15:11:08.0466 3884 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
15:11:08.0513 3884 [ 733A57CC03E13666C263E737BAB83FF2 ] C:\Windows\system32\services.exe
15:11:08.0513 3884 [Global] - ok
15:11:08.0513 3884 ================ Scan MBR ==================================
15:11:08.0544 3884 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:11:08.0825 3884 \Device\Harddisk0\DR0 - ok
15:11:08.0825 3884 ================ Scan VBR ==================================
15:11:08.0825 3884 [ 8F44241BBDFE5A54D5561D13B014A594 ] \Device\Harddisk0\DR0\Partition1
15:11:08.0825 3884 \Device\Harddisk0\DR0\Partition1 - ok
15:11:08.0825 3884 ============================================================
15:11:08.0825 3884 Scan finished
15:11:08.0840 3884 ============================================================
15:11:08.0840 3276 Detected object count: 0
15:11:08.0840 3276 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-24 15:12:31
-----------------------------
15:12:31.458 OS Version: Windows x64 6.0.6001 Service Pack 1
15:12:31.458 Number of processors: 2 586 0xF0D
15:12:31.458 ComputerName: QUACKAS-PC UserName: Quackas
15:12:32.842 Initialize success
15:13:53.421 AVAST engine defs: 12092401
15:14:05.880 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:14:05.882 Disk 0 Vendor: SAMSUNG_ 2SS0 Size: 238475MB BusType: 3
15:14:05.884 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000071
15:14:05.886 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
15:14:05.888 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000072
15:14:05.890 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
15:14:05.909 Disk 0 MBR read successfully
15:14:05.912 Disk 0 MBR scan
15:14:05.915 Disk 0 Windows VISTA default MBR code
15:14:05.925 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9676 MB offset 2048
15:14:05.940 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228797 MB offset 19818496
15:14:05.957 Disk 0 scanning C:\Windows\system32\drivers
15:14:17.330 Service scanning
15:14:45.188 Modules scanning
15:14:45.199 Disk 0 trace - called modules:
15:14:45.221 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
15:14:45.224 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80068bd790]
15:14:45.228 3 CLASSPNP.SYS[fffffa600120bb3a] -> nt!IofCallDriver -> [0xfffffa8004babe40]
15:14:45.232 5 acpi.sys[fffffa60008c0ff6] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004be8050]
15:14:47.427 AVAST engine scan C:\Windows
15:14:52.390 AVAST engine scan C:\Windows\system32
15:18:52.958 AVAST engine scan C:\Windows\system32\drivers
15:19:08.836 AVAST engine scan C:\Users\Quackas
15:44:19.820 AVAST engine scan C:\ProgramData
15:59:04.207 Scan finished successfully
16:15:13.734 Disk 0 MBR has been saved successfully to "C:\Users\Quackas\Desktop\MBR.dat"
16:15:13.737 The log file has been saved successfully to "C:\Users\Quackas\Desktop\aswMBR.txt"


Both programs ran fine.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 24 September 2012 - 06:32 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Quackas

Quackas
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 24 September 2012 - 07:19 PM

ComboFix 12-09-24.02 - Quackas 24/09/2012 16:40:09.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3934.2188 [GMT -7:00]
Running from: c:\users\Quackas\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-08-25 to 2012-09-25 )))))))))))))))))))))))))))))))
.
.
2012-09-25 00:13 . 2012-09-25 00:13 -------- d-----w- c:\users\Quackas\AppData\Local\temp
2012-09-25 00:13 . 2012-09-25 00:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 09:33 . 2012-09-22 09:33 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D1D37D4-0290-418B-80A0-C6210AA13FDE}\offreg.dll
2012-09-20 01:08 . 2012-09-20 01:08 -------- d-----w- C:\found.000
2012-09-19 20:25 . 2012-09-21 02:10 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-09-17 22:32 . 2012-09-17 22:32 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-09-17 20:01 . 2012-09-17 20:02 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-09-17 20:01 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-09-16 23:10 . 2012-09-17 21:50 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-09-16 23:10 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-09-16 23:05 . 2012-09-16 23:05 -------- d-----w- C:\RegBackup
2012-09-16 23:04 . 2012-09-17 20:02 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-16 10:50 . 2012-09-16 10:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-16 08:02 . 2012-09-16 08:03 -------- d--h--w- c:\program files (x86)\Temp
2012-09-16 07:54 . 2009-12-06 02:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-09-16 07:46 . 2012-09-16 07:46 -------- d-----w- c:\users\Quackas\AppData\Roaming\RotMG.Production
2012-09-16 02:57 . 2012-09-16 02:57 -------- d-----w- c:\users\Quackas\AppData\Local\eSupport.com
2012-09-16 02:57 . 2012-09-16 02:57 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2012-09-16 02:48 . 2012-09-24 21:38 -------- d-----w- c:\program files (x86)\Steam
2012-09-16 02:40 . 2012-09-16 02:39 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-13 10:53 . 2012-09-13 10:53 6656 ----a-w- c:\windows\SysWow64\custom2.dll
2012-09-13 10:53 . 2012-09-13 10:53 6656 ----a-w- c:\windows\system32\custom2.dll
2012-09-11 22:29 . 2012-09-11 22:29 -------- d-----w- c:\users\Quackas\AppData\Roaming\ts3overlay
2012-09-11 22:28 . 2012-09-11 22:57 -------- d-----w- c:\users\Quackas\AppData\Roaming\TS3Client
2012-09-11 22:27 . 2012-09-11 22:27 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-09-04 18:08 . 2012-09-09 06:29 -------- d-----w- c:\users\Quackas\AppData\Roaming\EoN
2012-09-04 18:06 . 2012-09-04 18:06 -------- d-----w- c:\users\Quackas\AppData\Roaming\RIFT
2012-09-04 17:44 . 2012-09-04 18:06 -------- d-----w- c:\program files (x86)\RIFT
2012-08-28 00:32 . 2012-08-28 00:32 -------- d-----w- c:\programdata\NVIDIA
2012-08-27 23:39 . 2012-08-27 23:39 -------- d-----w- c:\users\AppData\Roaming
2012-08-27 23:39 . 2012-08-27 23:39 -------- d-----w- c:\programdata\Intel
2012-08-27 23:38 . 2012-08-27 23:38 -------- d-----w- c:\program files\Common Files\Intel
2012-08-27 23:38 . 2012-08-27 23:38 -------- d-----w- c:\program files (x86)\Cisco
2012-08-27 23:35 . 2012-09-16 02:40 -------- d-----w- c:\users\Quackas\SystemRequirementsLab
2012-08-27 23:28 . 2012-08-27 23:28 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-27 23:25 . 2012-09-16 02:40 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-08-27 22:48 . 2012-08-27 22:48 -------- d-----w- C:\Crash
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 21:42 . 2009-09-01 11:09 704378 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-09-16 10:57 . 2008-01-21 02:49 384512 ----a-w- c:\windows\system32\services.exe
2012-09-16 02:39 . 2010-05-06 19:58 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-08 00:04 . 2012-07-21 20:23 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 07:41 . 2012-08-24 07:41 6656 ----a-w- c:\windows\SysWow64\US.dll
2012-08-24 07:41 . 2012-08-24 07:41 6656 ----a-w- c:\windows\system32\US.dll
2012-08-23 01:03 . 2012-04-01 01:44 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-23 01:03 . 2011-05-17 10:15 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 03:21 . 2012-08-22 03:21 53248 ----a-r- c:\users\Quackas\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[7] 2008-01-21 . DFAC660F0F139276CC9299812DE42719 . 384512 . . [6.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[-] 2012-09-16 . 733A57CC03E13666C263E737BAB83FF2 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Quackas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Quackas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Quackas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Quackas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-09-16 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Quackas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
KooBits 4.lnk - c:\program files (x86)\KooBits 4.0\KooBits 4.0.exe [2012-4-29 391168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 1062440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-29 00:45 98304 ---ha-w- c:\windows\System32\VESWinlogon.dll
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250568]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 33910188
*Deregistered* - 33910188
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 01:03]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2853469561-190351894-3746205351-1000Core.job
- c:\users\Quackas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 02:26]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2853469561-190351894-3746205351-1000UA.job
- c:\users\Quackas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 02:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Quackas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Quackas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Quackas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Quackas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-15 6453760]
"Skytel"="Skytel.exe" [2008-07-15 1826816]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-07-18 152576]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-09 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-09 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-09 181784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sonystyle.ca/vaio
mLocal Page = %SystemRoot%\system32\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Quackas\AppData\Roaming\Mozilla\Firefox\Profiles\wclvtdyh.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://duckduckgo.com/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-78733486.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-09-24 17:15:38
ComboFix-quarantined-files.txt 2012-09-25 00:15
.
Pre-Run: 15,663,988,736 bytes free
Post-Run: 15,825,596,416 bytes free
.
- - End Of File - - B0F219F7A223244329F56A2100C1E2EB

I had no problems running combofix but it said windows services was infected attempting to fix, my computer doesn't appear to have been changed.

Edited by Quackas, 24 September 2012 - 07:19 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 24 September 2012 - 11:41 PM

Hello Quackas

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Quackas

Quackas
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 25 September 2012 - 02:09 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2012
Ran by SYSTEM at 24-09-2012 23:50:15
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe [152576 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)
HKU\Quackas\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-09-15] (Valve Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ===================

3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [48368 2009-09-03] (NOS Microsystems Ltd.)
2 libusbd; C:\Windows\SysWow64\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net)
3 MatSvc; "C:\Program Files\Microsoft Fix it Center\Matsvc.exe" [343856 2011-06-13] (Microsoft Corporation)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
3 MSCSPTISRV; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" [53248 2008-05-20] (Sony Corporation)
3 PACSPTISVR; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" [53248 2008-05-20] (Sony Corporation)
2 RtkAudioService; C:\Windows\RtkAudioService.exe [139808 2008-07-15] (Realtek Semiconductor)
3 SOHCImp; "C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe" [103712 2008-05-20] (Sony Corporation)
3 SOHDms; "C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe" [353568 2008-05-20] (Sony Corporation)
3 SOHDs; "C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe" [62752 2008-05-20] (Sony Corporation)
3 SPTISRV; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe" [77824 2008-05-20] (Sony Corporation)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2008-03-25] (ArcSoft, Inc.)
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [73728 2008-05-22] (Sony Corporation)
2 VAIO Event Service; C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-28] (Sony Corporation)
3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [279848 2008-06-19] (Sony Corporation)
2 VzCdbSvc; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [192512 2008-05-22] (Sony Corporation)
2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]

==================== Drivers (Whitelisted) =====================

3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19456 2008-01-30] (ArcSoft, Inc.)
3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
1 DMICall; C:\Windows\SysWow64\Drivers\DMICall.sys [10216 2008-07-11] (Sony Corporation)
3 ENTECH64; C:\Windows\System32\Drivers\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [33792 2005-03-09] ()
2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [64512 2008-07-17] (REDC)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18232 2011-02-23] ()
1 Beep; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 CAXHWAZL; C:\Windows\System32\DRIVERS\CAXHWAZL.sys [x]
3 cpuz130; \??\C:\Users\Quackas\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [x]
3 MotioninJoyUSBFilter; C:\Windows\System32\DRIVERS\MijUfilt.sys [x]
3 NETw5v64; C:\Windows\System32\DRIVERS\NETw5v64.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-24 23:50 - 2012-09-24 23:50 - 00000000 ____D C:\FRST
2012-09-24 22:40 - 2012-09-24 22:40 - 01454541 ____A (Farbar) C:\Users\Quackas\Downloads\FRST64.exe
2012-09-24 18:58 - 2012-09-24 19:50 - 312272473 ____A C:\Users\Quackas\Downloads\Bones.S08E02.HDTV.x264-LOL.mp4
2012-09-24 18:57 - 2012-09-24 19:19 - 340518767 ____A C:\Users\Quackas\Downloads\Warehouse.13.S04E09.HDTV.x264-ASAP.[VTV].mp4
2012-09-24 16:15 - 2012-09-24 16:15 - 00013132 ____A C:\ComboFix.txt
2012-09-24 15:37 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-24 15:37 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-24 15:37 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-24 15:37 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-24 15:37 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-24 15:37 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-24 15:37 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-24 15:37 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-24 15:15 - 2012-09-24 15:15 - 00002193 ____A C:\Users\Quackas\Desktop\aswMBR.txt
2012-09-24 14:10 - 2012-09-24 14:10 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Quackas\Downloads\tdsskiller(2).exe
2012-09-24 13:49 - 2012-09-24 13:51 - 00000000 ____D C:\Users\Quackas\Desktop\RK_Quarantine
2012-09-24 13:49 - 2012-09-24 13:49 - 01391616 ____A C:\Users\Quackas\Downloads\RogueKiller.exe
2012-09-24 13:31 - 2012-09-24 13:31 - 00001165 ____A C:\AdwCleaner[S2].txt
2012-09-24 13:28 - 2012-09-24 13:28 - 00881724 ____A C:\Users\Quackas\Downloads\SecurityCheck.exe
2012-09-22 18:39 - 2012-09-23 02:58 - 375287594 ____A C:\Users\Quackas\Downloads\Doctor.Who.2005.7x04.The.Power.Of.Three.HDTV.x264-FoV.mp4
2012-09-21 09:08 - 2012-09-21 09:08 - 00000248 ____A C:\Users\Quackas\Downloads\defogger_enable.log
2012-09-21 09:03 - 2012-09-21 09:03 - 00002525 ____A C:\Users\Quackas\Downloads\GMER LOG.log
2012-09-21 08:16 - 2012-09-21 08:16 - 00302592 ____A C:\Users\Quackas\Downloads\frgvo41w.exe
2012-09-21 08:14 - 2012-09-21 08:14 - 00607260 ____R (Swearware) C:\Users\Quackas\Downloads\dds.com
2012-09-21 08:13 - 2012-09-21 08:13 - 00000476 ____A C:\Users\Quackas\Downloads\defogger_disable.log
2012-09-21 08:12 - 2012-09-21 08:12 - 00050477 ____A C:\Users\Quackas\Downloads\Defogger.exe
2012-09-19 17:08 - 2012-09-19 17:08 - 00000000 ____D C:\found.000
2012-09-19 12:25 - 2012-09-20 18:10 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2012-09-19 12:25 - 2012-09-19 12:25 - 00001077 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-09-19 12:18 - 2012-09-19 12:19 - 123231216 ____A (Blizzard Entertainment) C:\Users\Quackas\Downloads\World-of-Warcraft-Setup-enUS.exe
2012-09-18 15:18 - 2012-09-18 17:27 - 00000000 ____D C:\Users\Quackas\Downloads\Game.of.Thrones.S02
2012-09-17 14:58 - 2012-09-17 14:58 - 00347424 ____A (Microsoft Corporation) C:\Users\Quackas\Downloads\MicrosoftFixit.wu.LB.31271353453419862.3.1.Run.exe
2012-09-17 14:57 - 2012-09-17 14:57 - 00347424 ____A (Microsoft Corporation) C:\Users\Quackas\Downloads\MicrosoftFixit.wu.LB.31271353453419862.2.1.Run.exe
2012-09-17 14:32 - 2012-09-17 14:32 - 05313275 ____A C:\Users\Quackas\Downloads\tweaking.com_windows_repair_aio_setup.exe
2012-09-17 14:32 - 2012-09-17 14:32 - 00002122 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-09-17 14:32 - 2012-09-17 14:32 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2012-09-17 14:15 - 2012-09-17 14:15 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-09-17 14:09 - 2012-09-17 14:09 - 02193185 ____A C:\Users\Quackas\Downloads\tdsskiller.zip
2012-09-17 14:06 - 2012-09-17 14:07 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Quackas\Downloads\tdsskiller(1).exe
2012-09-17 13:59 - 2012-09-17 13:59 - 00693235 ____A (Farbar) C:\Users\Quackas\Downloads\FSS(1).exe
2012-09-17 13:58 - 2012-09-17 13:58 - 01659808 ____A (Bleeping Computer, LLC) C:\Users\Quackas\Downloads\rkill.exe
2012-09-17 13:58 - 2012-09-17 13:58 - 00000000 ____D C:\Users\Quackas\Desktop\rkill
2012-09-17 12:01 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
2012-09-16 20:13 - 2012-09-16 23:20 - 00000000 ____D C:\Users\Quackas\Downloads\Misfits.S03.DVDRip.XviD-iNGOT
2012-09-16 15:10 - 2012-09-17 13:50 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-09-16 15:10 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-09-16 15:09 - 2012-09-16 15:09 - 03139566 ____A C:\Users\Quackas\Downloads\tweaking.com_windows_repair_aio(1).zip
2012-09-16 15:05 - 2012-09-16 15:05 - 00000000 ____D C:\RegBackup
2012-09-16 15:03 - 2012-09-16 15:03 - 03139566 ____A C:\Users\Quackas\Downloads\tweaking.com_windows_repair_aio.zip
2012-09-16 14:57 - 2012-09-16 14:58 - 00002841 ____A C:\AdwCleaner[S1].txt
2012-09-16 14:57 - 2012-09-16 14:57 - 00512737 ____A C:\Users\Quackas\Downloads\adwcleaner.exe
2012-09-16 14:56 - 2012-09-21 05:37 - 00002480 ____A C:\Users\Quackas\Downloads\FSS.txt
2012-09-16 14:55 - 2012-09-16 14:56 - 00693235 ____A (Farbar) C:\Users\Quackas\Downloads\FSS.exe
2012-09-16 14:53 - 2012-09-16 14:54 - 00026127 ____A C:\Users\Quackas\Downloads\Result.txt
2012-09-16 14:52 - 2012-09-16 14:52 - 00751391 ____A (Farbar) C:\Users\Quackas\Downloads\MiniToolBox.exe
2012-09-16 03:09 - 2012-09-16 03:09 - 00282720 ____A C:\Windows\Minidump\Mini091612-01.dmp
2012-09-16 03:07 - 2012-09-16 03:09 - 580469531 ____A C:\Windows\MEMORY.DMP
2012-09-16 03:02 - 2012-09-16 03:02 - 04731392 ____A (AVAST Software) C:\Users\Quackas\Downloads\aswMBR.exe
2012-09-16 02:50 - 2012-09-16 02:50 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-09-16 02:49 - 2012-09-16 02:50 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Quackas\Downloads\tdsskiller.exe
2012-09-16 00:18 - 2012-09-16 00:18 - 00000222 ____A C:\Users\Quackas\Desktop\Dungeon Fighter Online.url
2012-09-15 23:56 - 2012-09-16 00:01 - 102937140 ____A (Realtek Semiconductor Corp.) C:\Users\Quackas\Downloads\Vista_Win7_Win8_R270.exe
2012-09-15 23:54 - 2009-12-05 18:42 - 00085504 ____A C:\Windows\SysWOW64\ff_vfw.dll
2012-09-15 23:53 - 2012-09-15 23:53 - 11733072 ____A (IObit ) C:\Users\Quackas\Downloads\gb3.5-beta-setup.exe
2012-09-15 23:46 - 2012-09-15 23:46 - 00000000 ____D C:\Users\Quackas\AppData\Roaming\RotMG.Production
2012-09-15 19:39 - 2012-09-15 19:39 - 00000222 ____A C:\Users\Quackas\Desktop\Realm of the Mad God.url
2012-09-15 19:37 - 2012-09-15 19:37 - 00000219 ____A C:\Users\Quackas\Desktop\Team Fortress 2.url
2012-09-15 19:13 - 2012-09-15 19:13 - 00877360 ____A C:\Users\Quackas\Downloads\SOOOTH-01106200-US(1).EXE
2012-09-15 19:06 - 2012-09-15 19:06 - 01549176 ____A C:\Users\Quackas\Downloads\OPFOPD-00211615-1070(1).EXE
2012-09-15 19:04 - 2012-09-15 19:04 - 18438448 ____A C:\Users\Quackas\Downloads\INDVID-16176100-64.EXE
2012-09-15 18:57 - 2012-09-15 18:57 - 00624784 ____A (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\Quackas\Downloads\driveragent_987.exe
2012-09-15 18:57 - 2012-09-15 18:57 - 00021712 ____A (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2012-09-15 18:57 - 2012-09-15 18:57 - 00000000 ____D C:\Users\Quackas\AppData\Local\eSupport.com
2012-09-15 18:48 - 2012-09-24 13:38 - 00000000 ____D C:\Program Files (x86)\Steam
2012-09-15 18:48 - 2012-09-15 18:48 - 00000828 ____A C:\Users\Public\Desktop\Steam.lnk
2012-09-15 18:46 - 2012-09-15 18:46 - 01606656 ____A C:\Users\Quackas\Downloads\SteamInstall.msi
2012-09-15 18:40 - 2012-09-15 18:39 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-15 18:40 - 2012-09-15 18:39 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-15 18:40 - 2012-09-15 18:39 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-15 18:40 - 2012-09-15 18:39 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-15 18:37 - 2012-09-15 18:37 - 00894952 ____A (Oracle Corporation) C:\Users\Quackas\Downloads\jxpiinstall.exe
2012-09-13 23:34 - 2012-09-13 23:34 - 03927560 ____A (Piriform Ltd) C:\Users\Quackas\Downloads\ccsetup322.exe
2012-09-13 22:29 - 2012-09-13 22:29 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-13 02:53 - 2012-09-13 02:53 - 00006656 ____A (Company) C:\Windows\SysWOW64\custom2.dll
2012-09-13 02:53 - 2012-09-13 02:53 - 00006656 ____A (Company) C:\Windows\System32\custom2.dll
2012-09-13 02:49 - 2012-09-13 02:53 - 00000000 ____D C:\Users\Quackas\Documents\custom2
2012-09-13 02:47 - 2012-09-13 02:47 - 00009106 ____A C:\Users\Quackas\Documents\custom2.klc
2012-09-13 02:41 - 2012-09-13 02:41 - 00000000 ____D C:\Users\Quackas\Documents\fix
2012-09-13 02:37 - 2012-09-13 02:37 - 00009108 ____A C:\Users\Quackas\Documents\New.klc
2012-09-11 14:29 - 2012-09-11 14:29 - 00000000 ____D C:\Users\Quackas\AppData\Roaming\ts3overlay
2012-09-11 14:28 - 2012-09-11 14:57 - 00000000 ____D C:\Users\Quackas\AppData\Roaming\TS3Client
2012-09-11 14:27 - 2012-09-11 14:27 - 00000915 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2012-09-11 14:27 - 2012-09-11 14:27 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2012-09-11 14:23 - 2012-09-11 14:27 - 32179616 ____A (TeamSpeak Systems GmbH) C:\Users\Quackas\Downloads\TeamSpeak3-Client-win64-3.0.8.1.exe
2012-09-09 18:23 - 2012-09-09 18:23 - 00000901 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-09-09 12:22 - 2012-09-09 13:06 - 407049490 ____A C:\Users\Quackas\Downloads\[SubDESU] High School DxD - 13 (1280x720 x264 AAC) [3102928A].mkv
2012-09-09 12:21 - 2012-09-14 13:30 - 00000000 ____D C:\Users\Quackas\Downloads\[FFF] Highschool DxD - Vol.06 [BD][720p-AAC]
2012-09-08 22:29 - 2012-09-08 22:29 - 00000000 ____D C:\Users\Quackas\Documents\EON
2012-09-07 11:52 - 2012-09-07 13:33 - 295275635 ____A C:\Users\Quackas\Downloads\[Derp]_Seitokai_Yakuindomo_OVA_-_14_[480p][7C7FE8CF].mkv
2012-09-07 11:51 - 2012-09-07 12:01 - 227837326 ____A C:\Users\Quackas\Downloads\[Anonymous] Seitokai Yakuindomo OVA 04 [576p][10bit][0AB4338D].mkv
2012-09-06 15:39 - 2012-09-06 15:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-09-04 10:08 - 2012-09-08 22:29 - 00000000 ____D C:\Users\Quackas\AppData\Roaming\EoN
2012-09-04 10:08 - 2012-09-04 10:08 - 00327740 ____A C:\Users\Quackas\AppData\Local\dd_vcredistMSI0451.txt
2012-09-04 10:08 - 2012-09-04 10:08 - 00011166 ____A C:\Users\Quackas\AppData\Local\dd_vcredistUI0451.txt
2012-09-04 10:06 - 2012-09-04 10:06 - 00000000 ____D C:\Users\Quackas\AppData\Roaming\RIFT
2012-09-04 09:44 - 2012-09-04 10:06 - 00000000 ____D C:\Program Files (x86)\RIFT
2012-08-27 16:32 - 2012-08-27 16:32 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-08-27 15:54 - 2012-08-27 15:54 - 06793456 ____A C:\Users\Quackas\Downloads\Unconfirmed 550073.crdownload
2012-08-27 15:53 - 2012-08-27 15:53 - 10438008 ____A C:\Users\Quackas\Downloads\SOAVUD-00226187-1070.EXE
2012-08-27 15:53 - 2012-08-27 15:53 - 04173104 ____A C:\Users\Quackas\Downloads\INDWLL-76697669-64.EXE
2012-08-27 15:51 - 2012-08-27 15:52 - 49184376 ____A C:\Users\Quackas\Downloads\SOAVCA-00229335-1060.EXE
2012-08-27 15:51 - 2012-08-27 15:51 - 06503288 ____A C:\Users\Quackas\Downloads\SOAOTH-88888887-1060.EXE
2012-08-27 15:46 - 2012-08-27 15:46 - 00877360 ____A C:\Users\Quackas\Downloads\SOOOTH-01106200-US.EXE
2012-08-27 15:45 - 2012-08-27 15:45 - 01549176 ____A C:\Users\Quackas\Downloads\OPFOPD-00211615-1070 (1).EXE
2012-08-27 15:44 - 2012-08-27 15:44 - 01549176 ____A C:\Users\Quackas\Downloads\OPFOPD-00211615-1070.EXE
2012-08-27 15:42 - 2012-08-27 15:43 - 56188720 ____A C:\Users\Quackas\Downloads\BRDBLT-00166578-US.EXE
2012-08-27 15:39 - 2012-08-27 15:39 - 00000000 ____D C:\Users\All Users\Intel
2012-08-27 15:38 - 2012-08-27 15:38 - 00000000 ____D C:\Program Files\Common Files\Intel
2012-08-27 15:38 - 2012-08-27 15:38 - 00000000 ____D C:\Program Files (x86)\Cisco
2012-08-27 15:35 - 2012-09-15 18:40 - 00000000 ____D C:\Users\Quackas\SystemRequirementsLab
2012-08-27 15:35 - 2012-08-27 15:36 - 38460824 ____A (Intel® Corporation) C:\Users\Quackas\Downloads\Wireless_14.3.0_v64.exe
2012-08-27 15:33 - 2012-08-27 15:33 - 41827200 ____A (Intel Corporation) C:\Users\Quackas\Downloads\Win7Vista_64_151718.exe
2012-08-27 15:28 - 2012-08-27 15:28 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-08-27 15:25 - 2012-09-15 18:40 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-08-27 15:25 - 2012-08-27 15:25 - 00315392 ____A C:\Users\Quackas\Downloads\intel_srldetect_4.5.5.0.msi
2012-08-27 14:48 - 2012-08-27 14:48 - 00000000 ____D C:\Crash

==================== 3 Months Modified Files ==================

2012-09-24 22:47 - 2009-01-05 13:24 - 02001060 ___AH C:\Windows\WindowsUpdate.log
2012-09-24 22:47 - 2008-08-12 12:22 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-09-24 22:47 - 2006-11-02 07:42 - 00032576 ___AH C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-24 22:47 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-24 22:47 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-24 22:47 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-24 22:46 - 2012-03-06 18:26 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2853469561-190351894-3746205351-1000UA.job
2012-09-24 22:40 - 2012-09-24 22:40 - 01454541 ____A (Farbar) C:\Users\Quackas\Downloads\FRST64.exe
2012-09-24 22:36 - 2012-07-23 17:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-24 22:19 - 2009-09-01 03:09 - 00704378 ____A C:\Windows\System32\PerfStringBackup.TMP
2012-09-24 19:50 - 2012-09-24 18:58 - 312272473 ____A C:\Users\Quackas\Downloads\Bones.S08E02.HDTV.x264-LOL.mp4
2012-09-24 19:19 - 2012-09-24 18:57 - 340518767 ____A C:\Users\Quackas\Downloads\Warehouse.13.S04E09.HDTV.x264-ASAP.[VTV].mp4
2012-09-24 16:15 - 2012-09-24 16:15 - 00013132 ____A C:\ComboFix.txt
2012-09-24 16:13 - 2006-11-02 04:34 - 00000215 ____A C:\Windows\system.ini
2012-09-24 15:37 - 2012-07-21 12:13 - 04759205 ____R (Swearware) C:\Users\Quackas\Downloads\ComboFix.exe
2012-09-24 15:15 - 2012-09-24 15:15 - 00002193 ____A C:\Users\Quackas\Desktop\aswMBR.txt
2012-09-24 14:10 - 2012-09-24 14:10 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Quackas\Downloads\tdsskiller(2).exe
2012-09-24 13:49 - 2012-09-24 13:49 - 01391616 ____A C:\Users\Quackas\Downloads\RogueKiller.exe
2012-09-24 13:31 - 2012-09-24 13:31 - 00001165 ____A C:\AdwCleaner[S2].txt
2012-09-24 13:28 - 2012-09-24 13:28 - 00881724 ____A C:\Users\Quackas\Downloads\SecurityCheck.exe
2012-09-24 12:54 - 2008-01-20 19:26 - 00236170 ___AH C:\Windows\PFRO.log
2012-09-24 08:46 - 2012-03-06 18:26 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2853469561-190351894-3746205351-1000Core.job
2012-09-23 02:58 - 2012-09-22 18:39 - 375287594 ____A C:\Users\Quackas\Downloads\Doctor.Who.2005.7x04.The.Power.Of.Three.HDTV.x264-FoV.mp4
2012-09-21 09:08 - 2012-09-21 09:08 - 00000248 ____A C:\Users\Quackas\Downloads\defogger_enable.log
2012-09-21 09:03 - 2012-09-21 09:03 - 00002525 ____A C:\Users\Quackas\Downloads\GMER LOG.log
2012-09-21 08:16 - 2012-09-21 08:16 - 00302592 ____A C:\Users\Quackas\Downloads\frgvo41w.exe
2012-09-21 08:14 - 2012-09-21 08:14 - 00607260 ____R (Swearware) C:\Users\Quackas\Downloads\dds.com
2012-09-21 08:13 - 2012-09-21 08:13 - 00000476 ____A C:\Users\Quackas\Downloads\defogger_disable.log
2012-09-21 08:12 - 2012-09-21 08:12 - 00050477 ____A C:\Users\Quackas\Downloads\Defogger.exe
2012-09-21 05:37 - 2012-09-16 14:56 - 00002480 ____A C:\Users\Quackas\Downloads\FSS.txt
2012-09-19 12:25 - 2012-09-19 12:25 - 00001077 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-09-19 12:19 - 2012-09-19 12:18 - 123231216 ____A (Blizzard Entertainment) C:\Users\Quackas\Downloads\World-of-Warcraft-Setup-enUS.exe
2012-09-18 21:22 - 2012-06-14 11:21 - 00001309 ____A C:\Users\Quackas\AppData\Roaming\Rim.Transcoder.Exception.log
2012-09-18 21:22 - 2011-06-15 13:40 - 00002079 ____A C:\Users\Quackas\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-09-18 21:22 - 2010-09-10 16:08 - 00002618 ____A C:\Users\Quackas\AppData\Roaming\Rim.Desktop.Exception.log
2012-09-17 14:58 - 2012-09-17 14:58 - 00347424 ____A (Microsoft Corporation) C:\Users\Quackas\Downloads\MicrosoftFixit.wu.LB.31271353453419862.3.1.Run.exe
2012-09-17 14:57 - 2012-09-17 14:57 - 00347424 ____A (Microsoft Corporation) C:\Users\Quackas\Downloads\MicrosoftFixit.wu.LB.31271353453419862.2.1.Run.exe
2012-09-17 14:32 - 2012-09-17 14:32 - 05313275 ____A C:\Users\Quackas\Downloads\tweaking.com_windows_repair_aio_setup.exe
2012-09-17 14:32 - 2012-09-17 14:32 - 00002122 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-09-17 14:15 - 2012-09-17 14:15 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-09-17 14:09 - 2012-09-17 14:09 - 02193185 ____A C:\Users\Quackas\Downloads\tdsskiller.zip
2012-09-17 14:07 - 2012-09-17 14:06 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Quackas\Downloads\tdsskiller(1).exe
2012-09-17 13:59 - 2012-09-17 13:59 - 00693235 ____A (Farbar) C:\Users\Quackas\Downloads\FSS(1).exe
2012-09-17 13:58 - 2012-09-17 13:58 - 01659808 ____A (Bleeping Computer, LLC) C:\Users\Quackas\Downloads\rkill.exe
2012-09-17 13:50 - 2012-09-16 15:10 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-09-17 13:48 - 2009-01-05 13:29 - 00110032 ____A C:\Users\Quackas\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-17 13:46 - 2006-11-02 07:21 - 04969976 ___AH C:\Windows\System32\FNTCACHE.DAT
2012-09-16 15:09 - 2012-09-16 15:09 - 03139566 ____A C:\Users\Quackas\Downloads\tweaking.com_windows_repair_aio(1).zip
2012-09-16 15:03 - 2012-09-16 15:03 - 03139566 ____A C:\Users\Quackas\Downloads\tweaking.com_windows_repair_aio.zip
2012-09-16 14:58 - 2012-09-16 14:57 - 00002841 ____A C:\AdwCleaner[S1].txt
2012-09-16 14:57 - 2012-09-16 14:57 - 00512737 ____A C:\Users\Quackas\Downloads\adwcleaner.exe
2012-09-16 14:56 - 2012-09-16 14:55 - 00693235 ____A (Farbar) C:\Users\Quackas\Downloads\FSS.exe
2012-09-16 14:54 - 2012-09-16 14:53 - 00026127 ____A C:\Users\Quackas\Downloads\Result.txt
2012-09-16 14:52 - 2012-09-16 14:52 - 00751391 ____A (Farbar) C:\Users\Quackas\Downloads\MiniToolBox.exe
2012-09-16 03:09 - 2012-09-16 03:09 - 00282720 ____A C:\Windows\Minidump\Mini091612-01.dmp
2012-09-16 03:09 - 2012-09-16 03:07 - 580469531 ____A C:\Windows\MEMORY.DMP
2012-09-16 03:02 - 2012-09-16 03:02 - 04731392 ____A (AVAST Software) C:\Users\Quackas\Downloads\aswMBR.exe
2012-09-16 02:57 - 2008-01-20 18:49 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-09-16 02:50 - 2012-09-16 02:49 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Quackas\Downloads\tdsskiller.exe
2012-09-16 00:18 - 2012-09-16 00:18 - 00000222 ____A C:\Users\Quackas\Desktop\Dungeon Fighter Online.url
2012-09-16 00:01 - 2012-09-15 23:56 - 102937140 ____A (Realtek Semiconductor Corp.) C:\Users\Quackas\Downloads\Vista_Win7_Win8_R270.exe
2012-09-15 23:53 - 2012-09-15 23:53 - 11733072 ____A (IObit ) C:\Users\Quackas\Downloads\gb3.5-beta-setup.exe
2012-09-15 19:39 - 2012-09-15 19:39 - 00000222 ____A C:\Users\Quackas\Desktop\Realm of the Mad God.url
2012-09-15 19:37 - 2012-09-15 19:37 - 00000219 ____A C:\Users\Quackas\Desktop\Team Fortress 2.url
2012-09-15 19:13 - 2012-09-15 19:13 - 00877360 ____A C:\Users\Quackas\Downloads\SOOOTH-01106200-US(1).EXE
2012-09-15 19:06 - 2012-09-15 19:06 - 01549176 ____A C:\Users\Quackas\Downloads\OPFOPD-00211615-1070(1).EXE
2012-09-15 19:04 - 2012-09-15 19:04 - 18438448 ____A C:\Users\Quackas\Downloads\INDVID-16176100-64.EXE
2012-09-15 18:57 - 2012-09-15 18:57 - 00624784 ____A (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\Quackas\Downloads\driveragent_987.exe
2012-09-15 18:57 - 2012-09-15 18:57 - 00021712 ____A (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2012-09-15 18:48 - 2012-09-15 18:48 - 00000828 ____A C:\Users\Public\Desktop\Steam.lnk
2012-09-15 18:46 - 2012-09-15 18:46 - 01606656 ____A C:\Users\Quackas\Downloads\SteamInstall.msi
2012-09-15 18:39 - 2012-09-15 18:40 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-15 18:39 - 2012-09-15 18:40 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-15 18:39 - 2012-09-15 18:40 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-15 18:39 - 2012-09-15 18:40 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-15 18:39 - 2010-05-06 11:58 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-09-15 18:37 - 2012-09-15 18:37 - 00894952 ____A (Oracle Corporation) C:\Users\Quackas\Downloads\jxpiinstall.exe
2012-09-13 23:34 - 2012-09-13 23:34 - 03927560 ____A (Piriform Ltd) C:\Users\Quackas\Downloads\ccsetup322.exe
2012-09-13 22:29 - 2012-09-13 22:29 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-13 02:53 - 2012-09-13 02:53 - 00006656 ____A (Company) C:\Windows\SysWOW64\custom2.dll
2012-09-13 02:53 - 2012-09-13 02:53 - 00006656 ____A (Company) C:\Windows\System32\custom2.dll
2012-09-13 02:52 - 2012-06-23 00:28 - 00000435 ____A C:\Users\Quackas\Documents\KeyboardVerify.log
2012-09-13 02:47 - 2012-09-13 02:47 - 00009106 ____A C:\Users\Quackas\Documents\custom2.klc
2012-09-13 02:37 - 2012-09-13 02:37 - 00009108 ____A C:\Users\Quackas\Documents\New.klc
2012-09-13 02:34 - 2012-08-23 23:34 - 00009108 ____A C:\Users\Quackas\Documents\US.klc
2012-09-11 14:27 - 2012-09-11 14:27 - 00000915 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2012-09-11 14:27 - 2012-09-11 14:23 - 32179616 ____A (TeamSpeak Systems GmbH) C:\Users\Quackas\Downloads\TeamSpeak3-Client-win64-3.0.8.1.exe
2012-09-10 16:35 - 2009-01-07 07:31 - 00206848 ____A C:\Users\Quackas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-09 18:23 - 2012-09-09 18:23 - 00000901 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-09-09 13:06 - 2012-09-09 12:22 - 407049490 ____A C:\Users\Quackas\Downloads\[SubDESU] High School DxD - 13 (1280x720 x264 AAC) [3102928A].mkv
2012-09-07 16:04 - 2012-07-21 12:23 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-07 13:33 - 2012-09-07 11:52 - 295275635 ____A C:\Users\Quackas\Downloads\[Derp]_Seitokai_Yakuindomo_OVA_-_14_[480p][7C7FE8CF].mkv
2012-09-07 12:01 - 2012-09-07 11:51 - 227837326 ____A C:\Users\Quackas\Downloads\[Anonymous] Seitokai Yakuindomo OVA 04 [576p][10bit][0AB4338D].mkv
2012-09-04 10:08 - 2012-09-04 10:08 - 00327740 ____A C:\Users\Quackas\AppData\Local\dd_vcredistMSI0451.txt
2012-09-04 10:08 - 2012-09-04 10:08 - 00011166 ____A C:\Users\Quackas\AppData\Local\dd_vcredistUI0451.txt
2012-09-04 09:43 - 2012-03-06 18:27 - 00002092 ____A C:\Users\Quackas\Desktop\Google Chrome.lnk
2012-08-27 16:31 - 2011-04-26 13:04 - 00001356 ____A C:\Users\Quackas\AppData\Local\d3d9caps.dat
2012-08-27 16:26 - 2011-10-31 13:04 - 00001460 ____A C:\Users\Quackas\AppData\Local\d3d9caps64.dat
2012-08-27 15:54 - 2012-08-27 15:54 - 06793456 ____A C:\Users\Quackas\Downloads\Unconfirmed 550073.crdownload
2012-08-27 15:53 - 2012-08-27 15:53 - 10438008 ____A C:\Users\Quackas\Downloads\SOAVUD-00226187-1070.EXE
2012-08-27 15:53 - 2012-08-27 15:53 - 04173104 ____A C:\Users\Quackas\Downloads\INDWLL-76697669-64.EXE
2012-08-27 15:53 - 2008-08-12 12:23 - 00130022 ___AH C:\Windows\DPINST.LOG
2012-08-27 15:52 - 2012-08-27 15:51 - 49184376 ____A C:\Users\Quackas\Downloads\SOAVCA-00229335-1060.EXE
2012-08-27 15:51 - 2012-08-27 15:51 - 06503288 ____A C:\Users\Quackas\Downloads\SOAOTH-88888887-1060.EXE
2012-08-27 15:46 - 2012-08-27 15:46 - 00877360 ____A C:\Users\Quackas\Downloads\SOOOTH-01106200-US.EXE
2012-08-27 15:45 - 2012-08-27 15:45 - 01549176 ____A C:\Users\Quackas\Downloads\OPFOPD-00211615-1070 (1).EXE
2012-08-27 15:44 - 2012-08-27 15:44 - 01549176 ____A C:\Users\Quackas\Downloads\OPFOPD-00211615-1070.EXE
2012-08-27 15:43 - 2012-08-27 15:42 - 56188720 ____A C:\Users\Quackas\Downloads\BRDBLT-00166578-US.EXE
2012-08-27 15:36 - 2012-08-27 15:35 - 38460824 ____A (Intel® Corporation) C:\Users\Quackas\Downloads\Wireless_14.3.0_v64.exe
2012-08-27 15:33 - 2012-08-27 15:33 - 41827200 ____A (Intel Corporation) C:\Users\Quackas\Downloads\Win7Vista_64_151718.exe
2012-08-27 15:28 - 2012-08-27 15:28 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-08-27 15:25 - 2012-08-27 15:25 - 00315392 ____A C:\Users\Quackas\Downloads\intel_srldetect_4.5.5.0.msi
2012-08-23 23:41 - 2012-08-23 23:41 - 00006656 ____A (Company) C:\Windows\SysWOW64\US.dll
2012-08-23 23:41 - 2012-08-23 23:41 - 00006656 ____A (Company) C:\Windows\System32\US.dll
2012-08-22 17:03 - 2012-03-31 17:44 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-22 17:03 - 2011-05-17 02:15 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-21 19:20 - 2012-08-21 19:20 - 02414672 ____A (Logitech Inc.) C:\Users\Quackas\Downloads\setpoint632_smart.exe
2012-08-18 14:05 - 2012-08-18 13:40 - 319814773 ____A C:\Users\Quackas\Downloads\[gg]_Binbougami_ga!_-_04_[A3B7F716].mkv
2012-08-18 14:02 - 2012-08-18 13:40 - 297091049 ____A C:\Users\Quackas\Downloads\[gg]_Binbougami_ga!_-_03_[043DB898].mkv
2012-08-17 20:09 - 2009-06-23 06:36 - 00068376 ___AH C:\Windows\setupact.log
2012-08-17 17:50 - 2012-08-15 22:09 - 405012480 ____A C:\Users\Quackas\Downloads\Super Smash Bros Brawl[DVD5][WII][Multi][PAL][www.zonatorrent.com].iso
2012-08-17 11:47 - 2012-08-17 11:31 - 211695232 ____A C:\Users\Quackas\Downloads\[SubDESU] To Love-Ru Trouble - Darkness OVA - 01v0 (1280x720 x264 AAC) [DC0333D6].mkv
2012-08-15 23:54 - 2012-08-15 22:06 - 1459978240 ____A C:\Users\Quackas\Downloads\Zelda-The wind waker.iso
2012-08-15 22:21 - 2012-08-15 22:10 - 1459978240 ____A C:\Users\Quackas\Downloads\mprime.iso
2012-08-15 22:10 - 2012-08-15 22:10 - 04353259 ____A (Igor Pavlov) C:\Users\Quackas\Downloads\dolphin-3.0-win64.exe
2012-08-15 00:11 - 2012-07-23 16:06 - 00013753 ____A C:\Users\Quackas\Downloads\CoC_1.sol
2012-08-10 22:10 - 2012-08-10 22:10 - 04028522 ____A C:\Users\Quackas\Downloads\google_transit.zip
2012-08-09 19:19 - 2012-08-09 19:19 - 00927744 ____A C:\Users\Quackas\Downloads\AppWorldInstaller-en.msi
2012-08-09 10:46 - 2006-11-02 04:33 - 82575360 ___AH C:\Windows\System32\config\software_previous
2012-08-09 10:46 - 2006-11-02 04:33 - 26476544 ___AH C:\Windows\System32\config\system_previous
2012-08-09 10:41 - 2006-11-02 04:33 - 46399488 ___AH C:\Windows\System32\config\components_previous
2012-08-09 10:41 - 2006-11-02 04:33 - 00262144 ___AH C:\Windows\System32\config\sam_previous
2012-08-09 01:32 - 2006-11-02 04:33 - 00524288 ___AH C:\Windows\System32\config\default_previous
2012-08-09 01:32 - 2006-11-02 04:33 - 00262144 ___AH C:\Windows\System32\config\security_previous
2012-08-05 22:18 - 2012-08-05 21:24 - 297098019 ____A C:\Users\Quackas\Downloads\[SubSmith] ToHeart2 Dungeon Travelers OVA 02 - Treasure [720p][805738D1].mkv
2012-08-05 22:10 - 2012-08-05 21:24 - 441858746 ____A C:\Users\Quackas\Downloads\[SubSmith] ToHeart2 Dungeon Travelers OVA 01 - Total Disaster [720p][73DBDA51].mkv
2012-08-04 08:23 - 2012-08-04 08:23 - 00027520 ____A C:\Users\Quackas\AppData\Local\dt.dat
2012-08-04 08:18 - 2012-08-04 08:18 - 00000867 ____A C:\Users\Public\Desktop\DS3 Tool.lnk
2012-08-04 08:18 - 2012-08-04 08:17 - 04117346 ____A C:\Users\Quackas\Downloads\MotioninJoy_071001_signed.zip
2012-08-01 02:06 - 2012-08-01 02:06 - 00008952 ____A C:\Users\Quackas\Downloads\zfont.txt
2012-08-01 02:06 - 2011-01-04 04:28 - 00003806 ____A C:\Users\Quackas\Downloads\zinput.cfg
2012-08-01 02:06 - 2011-01-04 04:28 - 00002480 ____A C:\Users\Quackas\Downloads\zmovie.cfg
2012-08-01 02:06 - 2009-12-15 02:58 - 00020597 ____A C:\Users\Quackas\Downloads\zsnesw.cfg
2012-07-31 03:25 - 2012-08-15 12:37 - 00012154 ____A C:\Users\Quackas\Downloads\CoC_2.sol
2012-07-30 14:09 - 2012-07-30 13:54 - 306801316 ____A C:\Users\Quackas\Downloads\[Notgg]_Code_Geass_Nunnally_in_Wonderland_[720p]_[83CF3062].mkv
2012-07-26 12:38 - 2012-07-26 12:38 - 00002138 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-07-26 12:38 - 2010-09-10 16:07 - 00007026 ____A C:\Users\Quackas\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-07-26 12:34 - 2012-07-26 12:34 - 00328500 ____A C:\Users\Quackas\AppData\Local\dd_vcredistMSI3ECE.txt
2012-07-26 12:34 - 2012-07-26 12:34 - 00011198 ____A C:\Users\Quackas\AppData\Local\dd_vcredistUI3ECE.txt
2012-07-23 17:59 - 2012-07-23 17:58 - 12351992 ____A (Opera Software ASA) C:\Users\Quackas\Downloads\Opera_1200_int_Setup.exe
2012-07-23 17:31 - 2012-07-23 17:31 - 38494576 ____A (Apple Inc.) C:\Users\Quackas\Downloads\SafariSetup.exe
2012-07-21 15:13 - 2012-07-21 15:13 - 00981504 ____A C:\Users\Quackas\Downloads\MicrosoftFixit50778.msi
2012-07-21 12:36 - 2012-07-21 12:36 - 02322184 ____A (ESET) C:\Users\Quackas\Downloads\esetsmartinstaller_enu.exe
2012-07-21 12:22 - 2012-07-21 12:22 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Quackas\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-19 03:55 - 2012-07-19 03:54 - 01102128 ____A C:\Users\Quackas\Downloads\ProcessMonitor.zip
2012-07-17 22:36 - 2012-07-17 22:35 - 89340632 ____A C:\Users\Quackas\Downloads\avast_free_antivirus_setup.exe
2012-07-17 04:14 - 2012-07-17 04:14 - 08351040 ____A (AVG ) C:\Users\Quackas\Downloads\avg_pct_stf_all_10_27_c4.exe
2012-07-17 03:18 - 2012-07-17 03:18 - 03879800 ____A (AVG Technologies) C:\Users\Quackas\Downloads\avg_isct_stb_all_2012_2197_cbs.exe
2012-07-08 14:17 - 2012-07-08 13:47 - 350119394 ____A C:\Users\Quackas\Downloads\[CR] Muv-Luv Alternative - Total Eclipse - 01 [1280x720].mkv
2012-07-02 19:50 - 2012-07-02 19:04 - 269280528 ____A C:\Users\Quackas\Downloads\[Hadena] Shining Hearts - Shiawase no Pan - 12 END [10bit][720p][75AF558F].mkv
2012-07-02 18:03 - 2012-07-02 18:03 - 31346094 ____A C:\Users\Quackas\Downloads\pms-setup-windows-1.54.0.exe
2012-07-02 01:20 - 2012-06-15 22:24 - 00000782 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-06-30 12:48 - 2012-06-30 12:32 - 336897848 ____A C:\Users\Quackas\Downloads\[HorribleSubs] Moretsu Pirates - 26 [720p].mkv

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2008-01-20 18:49] - [2012-09-16 02:57] - 0384512 ____A (Microsoft Corporation) 733A57CC03E13666C263E737BAB83FF2

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-22 10:18:40
Restore point made on: 2012-09-24 08:59:14
Restore point made on: 2012-09-24 13:23:25

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3934.11 MB
Available physical RAM: 3325.43 MB
Total Pagefile: 3662.91 MB
Available Pagefile: 3302.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:223.43 GB) (Free:13.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (Recovery) (Fixed) (Total:9.45 GB) (Free:0.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (TravelDrive) (Removable) (Total:1.88 GB) (Free:1.87 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 1920 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 9 GB 1024 KB
Partition 2 Primary 223 GB 9 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E Recovery NTFS Partition 9 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 223 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1920 MB 8 KB

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F TravelDrive FAT Removable 1920 MB Healthy

=========================================================

Last Boot: 2012-09-24 13:43

==================== End Of Log =============================




Farbar Recovery Scan Tool (x64) Version: 24-09-2012
Ran by SYSTEM at 2012-09-25 00:01:37
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2012-04-19 22:33] - [2009-04-10 22:28] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2012-04-19 22:33] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SysWOW64\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\System32\services.exe
[2008-01-20 18:49] - [2012-09-16 02:57] - 0384512 ____A (Microsoft Corporation) 733A57CC03E13666C263E737BAB83FF2

====== End Of Search ======


Had no problem running scans.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 25 September 2012 - 04:10 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe C:\Windows\System32\services.exe



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Quackas

Quackas
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 25 September 2012 - 03:49 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2012
Ran by SYSTEM at 2012-09-25 13:42:17 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

No problems running Fix.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 25 September 2012 - 04:06 PM

rerun combofix for me please



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Quackas

Quackas
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 25 September 2012 - 04:24 PM

and post the logs?

ComboFix 12-09-24.03 - Quackas 25/09/2012 14:10:27.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3934.2690 [GMT -7:00]
Running from: c:\users\Quackas\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-25 to 2012-09-25 )))))))))))))))))))))))))))))))
.
.
2012-09-25 21:22 . 2012-09-25 21:22 -------- d-----w- c:\users\Quackas\AppData\Local\temp
2012-09-25 21:22 . 2012-09-25 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-25 07:50 . 2012-09-25 07:50 -------- d-----w- C:\FRST
2012-09-22 09:33 . 2012-09-22 09:33 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D1D37D4-0290-418B-80A0-C6210AA13FDE}\offreg.dll
2012-09-20 01:08 . 2012-09-20 01:08 -------- d-----w- C:\found.000
2012-09-19 20:25 . 2012-09-21 02:10 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-09-17 22:32 . 2012-09-17 22:32 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-09-17 20:01 . 2012-09-17 20:02 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-09-17 20:01 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-09-16 23:10 . 2012-09-17 21:50 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-09-16 23:10 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-09-16 23:05 . 2012-09-16 23:05 -------- d-----w- C:\RegBackup
2012-09-16 23:04 . 2012-09-17 20:02 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-16 10:50 . 2012-09-16 10:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-16 08:02 . 2012-09-16 08:03 -------- d--h--w- c:\program files (x86)\Temp
2012-09-16 07:54 . 2009-12-06 02:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-09-16 07:46 . 2012-09-16 07:46 -------- d-----w- c:\users\Quackas\AppData\Roaming\RotMG.Production
2012-09-16 02:57 . 2012-09-16 02:57 -------- d-----w- c:\users\Quackas\AppData\Local\eSupport.com
2012-09-16 02:57 . 2012-09-16 02:57 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2012-09-16 02:48 . 2012-09-25 20:48 -------- d-----w- c:\program files (x86)\Steam
2012-09-16 02:40 . 2012-09-16 02:39 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-13 10:53 . 2012-09-13 10:53 6656 ----a-w- c:\windows\SysWow64\custom2.dll
2012-09-13 10:53 . 2012-09-13 10:53 6656 ----a-w- c:\windows\system32\custom2.dll
2012-09-11 22:29 . 2012-09-11 22:29 -------- d-----w- c:\users\Quackas\AppData\Roaming\ts3overlay
2012-09-11 22:28 . 2012-09-11 22:57 -------- d-----w- c:\users\Quackas\AppData\Roaming\TS3Client
2012-09-11 22:27 . 2012-09-11 22:27 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-09-04 18:08 . 2012-09-09 06:29 -------- d-----w- c:\users\Quackas\AppData\Roaming\EoN
2012-09-04 18:06 . 2012-09-04 18:06 -------- d-----w- c:\users\Quackas\AppData\Roaming\RIFT
2012-09-04 17:44 . 2012-09-04 18:06 -------- d-----w- c:\program files (x86)\RIFT
2012-08-28 00:32 . 2012-08-28 00:32 -------- d-----w- c:\programdata\NVIDIA
2012-08-27 23:39 . 2012-08-27 23:39 -------- d-----w- c:\users\AppData\Roaming
2012-08-27 23:39 . 2012-08-27 23:39 -------- d-----w- c:\programdata\Intel
2012-08-27 23:38 . 2012-08-27 23:38 -------- d-----w- c:\program files\Common Files\Intel
2012-08-27 23:38 . 2012-08-27 23:38 -------- d-----w- c:\program files (x86)\Cisco
2012-08-27 23:35 . 2012-09-16 02:40 -------- d-----w- c:\users\Quackas\SystemRequirementsLab
2012-08-27 23:28 . 2012-08-27 23:28 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-27 23:25 . 2012-09-16 02:40 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-08-27 22:48 . 2012-08-27 22:48 -------- d-----w- C:\Crash
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-25 20:50 . 2009-09-01 11:09 704378 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-09-16 02:39 . 2010-05-06 19:58 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-08 00:04 . 2012-07-21 20:23 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 07:41 . 2012-08-24 07:41 6656 ----a-w- c:\windows\SysWow64\US.dll
2012-08-24 07:41 . 2012-08-24 07:41 6656 ----a-w- c:\windows\system32\US.dll
2012-08-23 01:03 . 2012-04-01 01:44 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-23 01:03 . 2011-05-17 10:15 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 03:21 . 2012-08-22 03:21 53248 ----a-r- c:\users\Quackas\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Quackas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Quackas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Quackas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Quackas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-09-16 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Quackas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
KooBits 4.lnk - c:\program files (x86)\KooBits 4.0\KooBits 4.0.exe [2012-4-29 391168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 1062440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-29 00:45 98304 ---ha-w- c:\windows\System32\VESWinlogon.dll
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250568]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 01:03]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2853469561-190351894-3746205351-1000Core.job
- c:\users\Quackas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 02:26]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2853469561-190351894-3746205351-1000UA.job
- c:\users\Quackas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 02:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Quackas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Quackas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Quackas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Quackas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-15 6453760]
"Skytel"="Skytel.exe" [2008-07-15 1826816]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-07-18 152576]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-09 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-09 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-09 181784]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sonystyle.ca/vaio
mLocal Page = %SystemRoot%\system32\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Quackas\AppData\Roaming\Mozilla\Firefox\Profiles\wclvtdyh.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://duckduckgo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-09-25 14:24:18
ComboFix-quarantined-files.txt 2012-09-25 21:24
ComboFix2.txt 2012-09-25 00:15
.
Pre-Run: 15,650,570,240 bytes free
Post-Run: 15,482,785,792 bytes free
.
- - End Of File - - 764BA79FA785C8E9D7D97A9C557361C0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 25 September 2012 - 04:35 PM

that looks better how are things doing now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Quackas

Quackas
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 25 September 2012 - 04:39 PM

I will try running windows update and get SP2 for vista will update on progress.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users