Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Ultimate SysWow64\Drivers\atapi.sys


  • This topic is locked This topic is locked
20 replies to this topic

#1 m61a1cannon

m61a1cannon

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 19 November 2012 - 03:24 PM

Vista Ultimate 64bit with an issue.


Combofix
c:\windows\SysWow64\Drivers\atapi.sys . . . is infected!!


Thank you in advance.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 PM

Posted 19 November 2012 - 07:55 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 m61a1cannon

m61a1cannon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 20 November 2012 - 12:59 PM

Things took a bit of a tail spin this morning a Toolbar has locked up IE. (WiseConvert Community)



As requested
Ran Defogger



Security Check

Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 2 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.65.1.1000
HijackThis 2.0.2
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (3.6.18) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````





# DDS.txt


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by J at 12:47:30 on 2012-11-20
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4094.2177 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS2\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://duckduckgo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll
mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll
BHO: IE7Pro BHO: {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\IEPro\IEPro.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: WiseConvert Toolbar: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll
TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
dRun: [DevconDefaultDB] C:\Windows\System32\READREG /SILENT /FAIL=1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - C:\Program Files (x86)\IEPro\IEPro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - C:\Program Files (x86)\IEPro\IEPro.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/archive/vmp_full_installer_.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://acs-inc.webex.com/client/WBXclient-T27L10NSP25EP3-11662/webex/ieatgpc1.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3E1EE158-2B19-41EF-BF16-388FD37E104C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3EC1ABE0-F91C-4CC0-AA14-F25C88638C9F} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7051F5C3-054E-47B9-9E6D-FEA814BC5F04} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{70D72AD0-3BCC-4A78-B03D-BF95258BE8AA} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9FB548A5-E2A7-416A-BCB9-3414DB079C2E} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{CCCB8395-EB59-42AE-BCCF-195FBF0EE1B7} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
x64-Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
x64-Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/x64/ractrl.cab?lmi=972
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_Prot
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=150&systemid=406&sr=0&q=
FF - component: C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
FF - component: C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll
FF - component: C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll
FF - component: C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\The Folder\Desktop\New Folder\New Folder (2)\sinigang sa menudo recipe\bayabas recipe\BATTERY\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Users\J\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\J\AppData\Roaming\Mozilla\Plugins\npgoogletalk.dll
FF - plugin: C:\Users\J\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\J\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\J\AppData\Roaming\Mozilla\Plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\J\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\J\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\J\AppData\Roaming\Mozilla\Plugins\npoff64.dll
FF - plugin: C:\Users\J\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Users\J\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\Users\J\AppData\Roaming\Mozilla\Plugins\npwbe64.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Do Not Track: {F53C93F1-07D5-430c-86D4-C9531B27DFAF} - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: SearchquToolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - %profile%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF - Ext: FriendsChecker: info@friendschecker.com - C:\Program Files (x86)\FriendsChecker\DynConFf
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 18bef29e0000000000000023544c973e
FF - user.js: extensions.BabylonToolbar_i.hardId - 18bef29e0000000000000023544c973e
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15406
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:23:47
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2009-2-17 172584]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-19 55856]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2010-10-22 25312]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-12-3 49752]
R1 VBoxDrv;VirtualBox Service;C:\Windows\System32\drivers\VBoxDrv.sys [2009-7-7 182992]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\System32\drivers\VBoxUSBMon.sys [2009-7-7 53008]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-3-1 375728]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-6-14 72216]
R2 MSSQL$SQLEXPRESS2;SQL Server (SQLEXPRESS2);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS2\MSSQL\Binn\sqlservr.exe [2011-9-22 58345832]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-2-20 90112]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D VISION\nvSCPAPISvr.exe [2012-10-2 382824]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 dfmirage;dfmirage;C:\Windows\System32\drivers\dfmirage.sys [2009-3-28 36432]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2008-10-29 52736]
R3 VBoxNetFlt;VBoxNetFlt Service;C:\Windows\System32\drivers\VBoxNetFlt.sys [2009-6-30 145488]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-2-17 392192]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-5-6 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-10-22 278528]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2010-9-29 1244736]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2008-7-26 30232]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-10-12 50072]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SaiH2541;SaiH2541;C:\Windows\System32\drivers\SaiH2541.sys [2007-5-1 171144]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\System32\drivers\VBoxNetAdp.sys [2009-6-30 130704]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-5-28 89920]
S4 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2008-7-26 187928]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 SQLAgent$SQLEXPRESS2;SQL Server Agent (SQLEXPRESS2);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS2\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 Viewpoint Service;Viewpoint Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2012-3-29 30152]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-11-16 10:55:50 66395536 ----a-w- C:\Windows\System32\mrt.exe
2012-11-06 10:31:35 88008 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-11-06 10:31:34 83880 ----a-w- C:\Windows\System32\LMIinit.dll
2012-11-06 10:31:34 35240 ----a-w- C:\Windows\System32\LMIport.dll
2012-10-30 14:34:48 82358272 ----a-w- C:\VIPRERescue8213.exe
2012-10-12 14:53:34 2769920 ----a-w- C:\Windows\System32\win32k.sys
2012-10-11 06:37:13 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-11 06:37:12 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-11 01:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-11 01:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-11 01:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-10-11 01:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-11 01:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-11 01:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-11 01:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-11 01:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-10-04 03:03:05 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-10-04 02:24:36 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-10-04 02:18:45 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-04 02:12:16 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-10-04 02:11:22 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-04 02:10:43 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-04 02:10:19 237056 ----a-w- C:\Windows\System32\url.dll
2012-10-04 02:08:50 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-10-04 02:07:11 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-04 02:07:01 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-10-04 02:06:55 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-04 02:05:40 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-10-04 02:04:55 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-10-04 02:03:48 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-10-04 02:03:26 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-04 01:59:12 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-10-03 23:00:04 12320768 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-10-03 22:35:48 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-10-03 22:30:48 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-03 22:22:51 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-10-03 22:21:58 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-03 22:21:57 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-03 22:20:53 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-10-03 22:19:28 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-10-03 22:18:27 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-03 22:18:10 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-10-03 22:18:01 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-03 22:16:41 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-10-03 22:16:03 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-10-03 22:15:16 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-10-03 22:14:47 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 22:11:09 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 17:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 16:31:19 91648 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 16:19:41 75776 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-12 20:20:50 8592 ----a-w- C:\Windows\System32\ractrlkeyhook.dll
2012-08-29 11:40:01 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-24 19:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-08-24 16:07:02 218624 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 15:53:29 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
1996-06-05 12:56:44 21504 ------w- C:\Program Files (x86)\uninstl.exe
.
============= FINISH: 12:47:50.51 ===============




Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2/17/2009 01:19:23
System Uptime: 11/20/2012 12:25:10 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M3A79-T DELUXE
Processor: AMD Athlon™ 7750 Dual-Core Processor | CPU 1 | 2709/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 153 GiB total, 71.424 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0010
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #6
PNP Device ID: ROOT\*ISATAP\0010
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0013
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #5
PNP Device ID: ROOT\*ISATAP\0013
Service: tunnel
.
Class GUID:
Description: PCI Input Device
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&2966AB86&0&31A4
Manufacturer:
Name: PCI Input Device
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&2966AB86&0&31A4
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: Sun Microsystems, Inc.
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: VBoxNetAdp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0002
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0002
Service: CVirtA
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acer eDisplay Management
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Any Audio Converter 3.5.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
ATI Catalyst Install Manager
AVG 2012
BlackBerry Desktop Software 6.1
Bonjour
BSPlayer
CCleaner
CCNA_Simulator_ITT_Edition
Cisco Systems VPN Client 5.0.07.0290
CNC WorkShop
Crystal Reports Basic for Visual Studio 2008
Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
D3DX10
DeskSpace 1.5.5.5
DivX Setup
Dropbox
ExtractNow
Falcon 4.0: Allied Force
Falcon BMS 4.32
ffdshow v1.1.3572 [2010-09-13]
GearDrvs
Gmail Backup
Google Talk Plugin
HijackThis 2.0.2
Host OpenAL (ADI)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HP Officejet Pro 8600 Basic Device Software
HP Update
HyperLobby client
I.R.I.S. OCR
IE7Pro
iLivid
iTunes
Japanese Fonts Support For Adobe Reader 9
join.me
Lock On: Modern Air Combat
Logitech QuickCam
LogMeIn
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.65.1.1000
Marvell Miniport Driver
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Device Emulator (64 bit) version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Viewer 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 Policies
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Remote Debugger - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Mozilla Firefox (3.6.18)
MS VRML2 Control
MSDN Library for Microsoft Visual Studio 2008 Express Editions
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Server 5.1
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
PFPortChecker 1.0.28
Pivot Software
PVSonyDll
QuickTime
Revo Uninstaller 1.94
Saitek SD6 Programming Software 6.0.10.7
Scrabble (remove only)
SCRABBLE Journey (remove only)
Screencaster Plug-in for IE
SDK
Searchqu Toolbar
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Segoe UI
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Sql Server Customer Experience Improvement Program
Sun xVM VirtualBox
SUPERAntiSpyware Free Edition
swMSM
TeamSpeak 2 RC2
TeamSpeak 3 Client
TurboCAD Professional 19 64-bit
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
Visual Studio .NET Prerequisites - English
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2008 x64 Redistributables
Visual Studio Tools for the Office system 3.0 Runtime
WebEx
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR archiver
WinZip
WiseConvert Toolbar
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================

Edited by m61a1cannon, 20 November 2012 - 01:09 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 PM

Posted 20 November 2012 - 05:16 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 m61a1cannon

m61a1cannon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 20 November 2012 - 07:44 PM

Adware

# AdwCleaner v2.008 - Logfile created 11/20/2012 at 18:47:28
# Updated 17/11/2012 by Xplode
# Operating system : Windows ™ Vista Ultimate Service Pack 2 (64 bits)
# User : J - BL
# Boot Mode : Normal
# Running from : C:\Users\J\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\DAEMON Tools Toolbar
Deleted on reboot : C:\Program Files (x86)\Ilivid
Deleted on reboot : C:\Program Files (x86)\Searchqu Toolbar
Deleted on reboot : C:\Program Files (x86)\Viewpoint
Deleted on reboot : C:\Program Files (x86)\WiseConvert
Deleted on reboot : C:\ProgramData\Babylon
Deleted on reboot : C:\ProgramData\boost_interprocess
Deleted on reboot : C:\ProgramData\ICQ\ICQToolbar
Deleted on reboot : C:\ProgramData\Trymedia
Deleted on reboot : C:\ProgramData\Viewpoint
Deleted on reboot : C:\Users\J\AppData\Local\Babylon
Deleted on reboot : C:\Users\J\AppData\Local\Conduit
Deleted on reboot : C:\Users\J\AppData\Local\Ilivid Player
Deleted on reboot : C:\Users\J\AppData\LocalLow\FunWebProducts
Deleted on reboot : C:\Users\J\AppData\LocalLow\MyWebSearch
Deleted on reboot : C:\Users\J\AppData\LocalLow\PriceGong
Deleted on reboot : C:\Users\J\AppData\LocalLow\searchquband
Deleted on reboot : C:\Users\J\AppData\LocalLow\Searchqutoolbar
Deleted on reboot : C:\Users\J\AppData\LocalLow\Viewpoint
Deleted on reboot : C:\Users\J\AppData\LocalLow\WiseConvert
Deleted on reboot : C:\Users\J\AppData\Roaming\Babylon
Deleted on reboot : C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Deleted on reboot : C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Deleted on reboot : C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\extensions\ffxtlbr@babylon.com
Deleted on reboot : C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\Searchqutoolbar
File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\user.js
File Deleted : C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\searchplugins\mywebsearch.xml
File Deleted : C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\Public\Desktop\iLivid.lnk

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\WiseConvert
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WiseConvert Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\WiseConvert
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{101D93F1-44D7-4816-B01D-FBC7167D4280}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0E6649A-44EE-4A6D-A25B-37D794FB3B89}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6.18 (en-US)

Profile name : default
File : C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\prefs.js

C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search Results");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?babsrc=HP_Prot");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110788");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 20);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id", "18bef29e0000000000000023544c973e");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15406");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=110788&babsrc=adbar[...]
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 20);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1720:23:47");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 92015223);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "czb");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1720:23:47");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110788");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "18bef29e0000000000000023544c973e");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "18bef29e0000000000000023544c973e");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15406");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:23:47");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.dynconff.cache.search.babylon.com.content", "<package expire=\"600\" es=\"914\[...]
Deleted : user_pref("extensions.dynconff.cache.search.babylon.com.expires", "1353455022987");
Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=150&systemid=406&sr=0&q=");

*************************

AdwCleaner[S1].txt - [15005 octets] - [20/11/2012 18:47:28]

########## EOF - C:\AdwCleaner[S1].txt - [15066 octets] ##########





ROGUEKILLER


RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : J [Admin rights]
Mode : Scan -- Date : 11/20/2012 19:20:44

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][NOTFOUND] HKUS\S-1-5-21-2350566267-1743532531-1518067020-1017[...]\Run : WindowsWelcomeCenter (rundll32.exe oobefldr.dll,ShowWelcomeCenter) -> FOUND
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2350566267-1743532531-1518067020-1000UA.job : C:\Users\J\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2350566267-1743532531-1518067020-1000Core.job : C:\Users\J\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2350566267-1743532531-1518067020-1000Core : C:\Users\J\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2350566267-1743532531-1518067020-1000UA : C:\Users\J\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6Y160M0 ATA Device +++++
--- User ---
[MBR] 0e8f6dc5077bbf60bb1992c4d9bbd67e
[BSP] e3252c38376d4bae93cceb01aeade627 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 156332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: HP Officejet Pro 86 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_11202012_02d1920.txt >>
RKreport[1]_S_11202012_02d1920.txt

Edited by m61a1cannon, 20 November 2012 - 07:50 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 PM

Posted 20 November 2012 - 08:18 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 m61a1cannon

m61a1cannon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 21 November 2012 - 09:34 AM

Hello Sir,


Status report IE does not open in a timely manner. Unless I use IE without add-ons. That one works fine (IE w/out add-ons).
With the IE that does not open well its Tools, Internet Options are not available. Tools will open, but there is nothing to select (as in grayed out).
There is a program Workspace that when installed and opened it is redirected to a Microsoft Word Doc. So I uninstalled Workspace again (installed it for the testing).




Combofix

ComboFix 12-11-21.01 - J 11/21/2012 8:39.3.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4094.2485 [GMT -5:00]
Running from: c:\users\J\Desktop\Virus\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-21 to 2012-11-21 )))))))))))))))))))))))))))))))
.
.
2012-11-21 13:48 . 2012-11-21 13:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-21 13:48 . 2012-11-21 13:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-21 13:48 . 2012-11-21 13:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-20 16:51 . 2012-11-20 16:51 -------- d-----w- c:\users\J\AppData\Local\offsync
2012-11-20 13:45 . 2012-11-20 13:45 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-11-17 00:34 . 2012-11-21 12:43 -------- d-----w- c:\users\J\AppData\Local\LogMeIn Hamachi
2012-11-16 10:49 . 2012-10-12 14:53 2769920 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 10:49 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 10:49 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
2012-10-30 14:35 . 2012-11-16 21:45 -------- d-----w- C:\VIPRERESCUE
2012-10-30 14:29 . 2012-10-30 14:34 82358272 ----a-w- C:\VIPRERescue8213.exe
2012-10-30 14:11 . 2012-10-31 00:04 -------- d-----w- c:\program files (x86)\SUPERAntiSpyware
2012-10-30 14:11 . 2012-10-30 14:11 -------- d-----w- c:\users\J\AppData\Roaming\SUPERAntiSpyware.com
2012-10-30 14:11 . 2012-10-30 14:11 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 10:55 . 2006-11-02 12:35 66395536 ----a-w- c:\windows\system32\mrt.exe
2012-11-06 10:31 . 2011-06-14 09:02 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-06 10:31 . 2011-06-14 09:02 35240 ----a-w- c:\windows\system32\LMIport.dll
2012-11-06 10:31 . 2011-06-14 09:02 83880 ----a-w- c:\windows\system32\LMIinit.dll
2012-10-11 06:37 . 2012-03-29 11:37 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-11 06:37 . 2011-09-22 17:39 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-11 01:23 . 2012-10-11 01:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 01:23 . 2008-09-18 04:55 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 01:23 . 2012-10-11 01:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 01:23 . 2012-10-11 01:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 01:23 . 2012-10-11 01:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 01:23 . 2012-10-11 01:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 01:23 . 2012-10-11 01:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 01:23 . 2008-09-18 04:55 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 01:23 . 2012-10-11 01:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 01:23 . 2012-10-11 01:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 01:23 . 2012-10-11 01:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 01:23 . 2012-10-11 01:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 01:23 . 2012-02-10 02:43 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 01:22 . 2012-10-11 01:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 01:22 . 2012-10-11 01:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 01:22 . 2012-02-10 02:43 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 01:22 . 2012-02-10 02:43 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 01:22 . 2012-10-11 01:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 01:22 . 2012-10-11 01:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 01:22 . 2012-10-11 01:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 01:22 . 2012-10-11 01:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 19:51 . 2010-10-16 18:13 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2010-10-16 18:13 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2010-10-16 18:13 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2010-10-16 18:13 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2009-07-07 21:24 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2008-09-18 04:55 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 17:15 . 2012-10-02 17:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-29 23:54 . 2009-11-17 07:16 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 13:45 . 2012-10-12 04:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-13 13:28 . 2012-10-12 04:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-12 20:20 . 2012-09-12 20:20 8592 ----a-w- c:\windows\system32\ractrlkeyhook.dll
2012-08-29 11:40 . 2012-10-12 03:58 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-24 16:07 . 2012-10-12 03:59 218624 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 15:53 . 2012-10-12 03:59 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
1996-06-05 12:56 . 2010-10-02 02:56 21504 ------w- c:\program files (x86)\uninstl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2007-04-09 80896]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 06:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://duckduckgo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: mtb.com\www
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: !HIDDEN! 2009-06-23 23:13; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-AsioReg - CTASIO.DLL
AddRemove-Any Audio Converter_is1 - c:\boys achievement\Any Audio Converter\unins000.exe
AddRemove-Falcon BMS 4.32 - c:\users\J\Desktop\The Folder\Desktop\New Folder\Flight\BMS\Falcon BMS 4.32 Setup\Setup.exe
AddRemove-HijackThis - g:\removal\HijackThis.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2350566267-1743532531-1518067020-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0CEFE34-E310-6494-F296-699CB124B029}*]
"paalifgifmadhfchbmihgfabdjlffbfe"=hex:6a,61,6b,69,6d,62,69,63,62,64,63,69,6f,
6e,70,64,63,68,6a,69,00,00
"abgmcaokflnpilgcnoghkjikpdlfcepibf"=hex:69,61,69,6a,64,64,67,6c,6b,63,68,65,
6d,6c,69,6a,62,63,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-21 08:57:16
ComboFix-quarantined-files.txt 2012-11-21 13:57
ComboFix2.txt 2012-11-19 19:50
.
Pre-Run: 76,520,693,760 bytes free
Post-Run: 76,450,926,592 bytes free
.
- - End Of File - - 18D90A04BCCF22FDBD075B1E438AB8EB




Again Thank you in advance

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 PM

Posted 21 November 2012 - 03:32 PM

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 m61a1cannon

m61a1cannon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 24 November 2012 - 09:31 AM

Ran the IE volley.


When completed I then went back to the point (not reversing order but in a forward order) where Microsoft offers the option to send in a survey and grade them.
Instead of IE opening with a web page, Microsoft Word opened with what looks like the contents of a copied web page pasted inside the doc.


Other than that all things executed well and the pc functions as expected.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 PM

Posted 24 November 2012 - 12:37 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 m61a1cannon

m61a1cannon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 25 November 2012 - 09:45 PM

TDSSKiller_Report

18:03:39.0599 5244 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:03:40.0130 5244 ============================================================
18:03:40.0130 5244 Current date / time: 2012/11/25 18:03:40.0130
18:03:40.0130 5244 SystemInfo:
18:03:40.0130 5244
18:03:40.0130 5244 OS Version: 6.0.6002 ServicePack: 2.0
18:03:40.0130 5244 Product type: Workstation
18:03:40.0130 5244 ComputerName: BL
18:03:40.0130 5244 UserName: J
18:03:40.0130 5244 Windows directory: C:\Windows
18:03:40.0130 5244 System windows directory: C:\Windows
18:03:40.0130 5244 Running under WOW64
18:03:40.0130 5244 Processor architecture: Intel x64
18:03:40.0130 5244 Number of processors: 2
18:03:40.0130 5244 Page size: 0x1000
18:03:40.0130 5244 Boot type: Normal boot
18:03:40.0130 5244 ============================================================
18:03:41.0502 5244 Drive \Device\Harddisk0\DR0 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:03:41.0502 5244 ============================================================
18:03:41.0502 5244 \Device\Harddisk0\DR0:
18:03:41.0502 5244 MBR partitions:
18:03:41.0502 5244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x13156000
18:03:41.0502 5244 ============================================================
18:03:41.0534 5244 C: <-> \Device\Harddisk0\DR0\Partition1
18:03:41.0534 5244 ============================================================
18:03:41.0534 5244 Initialize success
18:03:41.0534 5244 ============================================================
18:03:51.0408 4212 ============================================================
18:03:51.0408 4212 Scan started
18:03:51.0408 4212 Mode: Manual;
18:03:51.0408 4212 ============================================================
18:03:52.0142 4212 ================ Scan system memory ========================
18:03:52.0142 4212 System memory - ok
18:03:52.0142 4212 ================ Scan services =============================
18:03:52.0298 4212 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:03:52.0298 4212 ACDaemon - ok
18:03:52.0422 4212 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:03:52.0422 4212 ACPI - ok
18:03:52.0485 4212 [ 4A30FA79F8253134D398251DB614E3C9 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
18:03:52.0516 4212 ADIHdAudAddService - ok
18:03:52.0610 4212 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:03:52.0610 4212 AdobeARMservice - ok
18:03:52.0703 4212 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:03:52.0703 4212 AdobeFlashPlayerUpdateSvc - ok
18:03:52.0781 4212 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:03:52.0812 4212 adp94xx - ok
18:03:52.0859 4212 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:03:52.0859 4212 adpahci - ok
18:03:52.0875 4212 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:03:52.0875 4212 adpu160m - ok
18:03:52.0922 4212 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:03:52.0922 4212 adpu320 - ok
18:03:52.0968 4212 [ 28C0B0A6CB61BDD1FEF877D4D0F69FBF ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
18:03:52.0984 4212 AEADIFilters - ok
18:03:53.0015 4212 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:03:53.0015 4212 AeLookupSvc - ok
18:03:53.0046 4212 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
18:03:53.0046 4212 Afc - ok
18:03:53.0109 4212 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
18:03:53.0109 4212 AFD - ok
18:03:53.0156 4212 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:03:53.0156 4212 agp440 - ok
18:03:53.0187 4212 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:03:53.0187 4212 aic78xx - ok
18:03:53.0218 4212 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
18:03:53.0218 4212 ALG - ok
18:03:53.0234 4212 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
18:03:53.0234 4212 aliide - ok
18:03:53.0234 4212 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
18:03:53.0249 4212 amdide - ok
18:03:53.0280 4212 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:03:53.0280 4212 AmdK8 - ok
18:03:53.0327 4212 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
18:03:53.0343 4212 Appinfo - ok
18:03:53.0421 4212 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:03:53.0421 4212 Apple Mobile Device - ok
18:03:53.0468 4212 [ 3DA98C07B18A676180FE7EED924D1673 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:03:53.0468 4212 AppMgmt - ok
18:03:53.0499 4212 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
18:03:53.0499 4212 arc - ok
18:03:53.0530 4212 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:03:53.0546 4212 arcsas - ok
18:03:53.0655 4212 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:03:53.0655 4212 aspnet_state - ok
18:03:53.0686 4212 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:03:53.0686 4212 AsyncMac - ok
18:03:53.0748 4212 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
18:03:53.0748 4212 atapi - ok
18:03:53.0842 4212 [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
18:03:53.0842 4212 AtiPcie - ok
18:03:53.0842 4212 ATMFBUS - ok
18:03:53.0858 4212 ATMFCVsp - ok
18:03:53.0873 4212 ATMFFLT - ok
18:03:53.0889 4212 ATMFMdm - ok
18:03:53.0889 4212 ATMFNET - ok
18:03:53.0889 4212 ATMFNVsp - ok
18:03:53.0904 4212 ATMFVsp - ok
18:03:53.0951 4212 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:03:53.0967 4212 AudioEndpointBuilder - ok
18:03:53.0967 4212 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:03:53.0982 4212 AudioSrv - ok
18:03:54.0185 4212 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
18:03:54.0294 4212 AVGIDSAgent - ok
18:03:54.0357 4212 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
18:03:54.0357 4212 AVGIDSDriver - ok
18:03:54.0372 4212 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
18:03:54.0388 4212 AVGIDSFilter - ok
18:03:54.0435 4212 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
18:03:54.0435 4212 AVGIDSHA - ok
18:03:54.0466 4212 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
18:03:54.0466 4212 Avgldx64 - ok
18:03:54.0497 4212 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
18:03:54.0513 4212 Avgmfx64 - ok
18:03:54.0560 4212 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
18:03:54.0560 4212 Avgrkx64 - ok
18:03:54.0575 4212 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
18:03:54.0591 4212 Avgtdia - ok
18:03:54.0606 4212 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
18:03:54.0606 4212 avgwd - ok
18:03:54.0684 4212 [ 1CAB59554A5B10C96DA694300BD961F7 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
18:03:54.0716 4212 BCMH43XX - ok
18:03:54.0731 4212 Beep - ok
18:03:54.0794 4212 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
18:03:54.0809 4212 BFE - ok
18:03:54.0918 4212 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
18:03:54.0950 4212 BITS - ok
18:03:55.0012 4212 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:03:55.0028 4212 blbdrive - ok
18:03:55.0184 4212 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:03:55.0184 4212 Bonjour Service - ok
18:03:55.0230 4212 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:03:55.0230 4212 bowser - ok
18:03:55.0277 4212 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:03:55.0277 4212 BrFiltLo - ok
18:03:55.0308 4212 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:03:55.0308 4212 BrFiltUp - ok
18:03:55.0355 4212 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
18:03:55.0355 4212 Browser - ok
18:03:55.0402 4212 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
18:03:55.0402 4212 Brserid - ok
18:03:55.0433 4212 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:03:55.0433 4212 BrSerWdm - ok
18:03:55.0464 4212 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:03:55.0464 4212 BrUsbMdm - ok
18:03:55.0480 4212 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:03:55.0480 4212 BrUsbSer - ok
18:03:55.0496 4212 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:03:55.0496 4212 BTHMODEM - ok
18:03:55.0511 4212 catchme - ok
18:03:55.0558 4212 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:03:55.0558 4212 cdfs - ok
18:03:55.0589 4212 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:03:55.0589 4212 cdrom - ok
18:03:55.0683 4212 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
18:03:55.0683 4212 CertPropSvc - ok
18:03:55.0714 4212 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
18:03:55.0714 4212 circlass - ok
18:03:55.0792 4212 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
18:03:55.0808 4212 CLFS - ok
18:03:55.0917 4212 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:03:55.0917 4212 clr_optimization_v2.0.50727_32 - ok
18:03:56.0338 4212 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:03:56.0338 4212 clr_optimization_v2.0.50727_64 - ok
18:03:57.0305 4212 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:03:57.0305 4212 clr_optimization_v4.0.30319_32 - ok
18:03:57.0321 4212 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:03:57.0321 4212 clr_optimization_v4.0.30319_64 - ok
18:03:57.0352 4212 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:03:57.0352 4212 cmdide - ok
18:03:57.0399 4212 [ 66AC4FDAD5A2D4FF4E3DB41810B39DE2 ] COMMONFX.DLL C:\Windows\system32\COMMONFX.DLL
18:03:57.0414 4212 COMMONFX.DLL - ok
18:03:57.0430 4212 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:03:57.0430 4212 Compbatt - ok
18:03:57.0430 4212 COMSysApp - ok
18:03:57.0446 4212 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:03:57.0446 4212 crcdisk - ok
18:03:57.0508 4212 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:03:57.0508 4212 CryptSvc - ok
18:03:57.0555 4212 [ F60F50C8ED3FCBE358430B95FE27D09C ] CSC C:\Windows\system32\drivers\csc.sys
18:03:57.0570 4212 CSC - ok
18:03:57.0633 4212 [ 1B5F256D31836ED2BA60B3A6C800200C ] CscService C:\Windows\System32\cscsvc.dll
18:03:57.0633 4212 CscService - ok
18:03:57.0695 4212 [ 01BBD5CB85423B12E445209D243A49A9 ] CT20XUT.DLL C:\Windows\system32\CT20XUT.DLL
18:03:57.0711 4212 CT20XUT.DLL - ok
18:03:57.0773 4212 [ B81C989C6D3B770F44316A3DC5F607B3 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
18:03:57.0804 4212 ctac32k - ok
18:03:57.0851 4212 [ 7321BD704CC3B34B78F8574E64258F39 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
18:03:57.0882 4212 ctaud2k - ok
18:03:57.0914 4212 [ E873319F281115EBEA75E519C5B4D0C4 ] CTAUDFX.DLL C:\Windows\system32\CTAUDFX.DLL
18:03:57.0945 4212 CTAUDFX.DLL - ok
18:03:57.0960 4212 [ 06300545BEDF49B6A51FDFE1861F9CAF ] CTEAPSFX.DLL C:\Windows\system32\CTEAPSFX.DLL
18:03:57.0976 4212 CTEAPSFX.DLL - ok
18:03:57.0992 4212 [ 2D902F8EC247F0ED0D458CDCAF786544 ] CTEDSPFX.DLL C:\Windows\system32\CTEDSPFX.DLL
18:03:57.0992 4212 CTEDSPFX.DLL - ok
18:03:58.0054 4212 [ 0D3F99CDA2BEA14E4911A698441F1A29 ] CTEDSPIO.DLL C:\Windows\system32\CTEDSPIO.DLL
18:03:58.0054 4212 CTEDSPIO.DLL - ok
18:03:58.0101 4212 [ 9D26AA450AC1CAADDE25F1621BA89842 ] CTEDSPSY.DLL C:\Windows\system32\CTEDSPSY.DLL
18:03:58.0116 4212 CTEDSPSY.DLL - ok
18:03:58.0132 4212 [ E5F88DAD5EC69665DFA3E5E87791F800 ] CTERFXFX.DLL C:\Windows\system32\CTERFXFX.DLL
18:03:58.0132 4212 CTERFXFX.DLL - ok
18:03:58.0194 4212 [ FA6DCA331835997D2F7C83B9AAABC4BB ] CTEXFIFX.DLL C:\Windows\system32\CTEXFIFX.DLL
18:03:58.0241 4212 CTEXFIFX.DLL - ok
18:03:58.0288 4212 [ 9E6A0A3CA3825BB568D42F5F3CB09453 ] CTHWIUT.DLL C:\Windows\system32\CTHWIUT.DLL
18:03:58.0288 4212 CTHWIUT.DLL - ok
18:03:58.0304 4212 [ 6A05134810301FA6FDD6E95583A91F35 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
18:03:58.0304 4212 ctprxy2k - ok
18:03:58.0335 4212 [ 99047FCEBAB495410CD58AB17284720A ] CTSBLFX.DLL C:\Windows\system32\CTSBLFX.DLL
18:03:58.0350 4212 CTSBLFX.DLL - ok
18:03:58.0382 4212 [ F792246CF9D8EE17F2B32E9069415CDD ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
18:03:58.0382 4212 ctsfm2k - ok
18:03:58.0444 4212 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
18:03:58.0460 4212 CVirtA - ok
18:03:58.0569 4212 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
18:03:58.0584 4212 CVPND - ok
18:03:58.0647 4212 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
18:03:58.0662 4212 CVPNDRVA - ok
18:03:58.0725 4212 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:03:58.0740 4212 DcomLaunch - ok
18:03:58.0756 4212 [ 178A6E9A0DCE42959FC5AD129F60CBA9 ] dfmirage C:\Windows\system32\DRIVERS\dfmirage.sys
18:03:58.0756 4212 dfmirage - ok
18:03:58.0834 4212 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:03:58.0834 4212 DfsC - ok
18:03:58.0943 4212 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
18:03:59.0021 4212 DFSR - ok
18:03:59.0099 4212 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:03:59.0099 4212 Dhcp - ok
18:03:59.0115 4212 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
18:03:59.0130 4212 disk - ok
18:03:59.0177 4212 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
18:03:59.0193 4212 DNE - ok
18:03:59.0240 4212 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:03:59.0255 4212 Dnscache - ok
18:03:59.0286 4212 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
18:03:59.0286 4212 dot3svc - ok
18:03:59.0318 4212 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
18:03:59.0318 4212 DPS - ok
18:03:59.0364 4212 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:03:59.0364 4212 drmkaud - ok
18:03:59.0442 4212 [ 3430A3D6A97C0E827DB0930FEE017499 ] DTSRVC C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
18:03:59.0442 4212 DTSRVC - ok
18:03:59.0489 4212 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:03:59.0520 4212 DXGKrnl - ok
18:03:59.0552 4212 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
18:03:59.0552 4212 E1G60 - ok
18:03:59.0583 4212 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
18:03:59.0583 4212 EapHost - ok
18:03:59.0645 4212 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
18:03:59.0645 4212 Ecache - ok
18:03:59.0692 4212 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:03:59.0692 4212 ehRecvr - ok
18:03:59.0708 4212 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
18:03:59.0708 4212 ehSched - ok
18:03:59.0723 4212 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
18:03:59.0723 4212 ehstart - ok
18:03:59.0754 4212 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:03:59.0754 4212 elxstor - ok
18:03:59.0786 4212 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:03:59.0786 4212 EMDMgmt - ok
18:03:59.0848 4212 [ 1E2F860D9521FB73566C85CD17D58291 ] emupia C:\Windows\system32\drivers\emupia2k.sys
18:03:59.0848 4212 emupia - ok
18:03:59.0864 4212 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:03:59.0864 4212 ErrDev - ok
18:03:59.0942 4212 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
18:03:59.0942 4212 EventSystem - ok
18:03:59.0973 4212 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
18:03:59.0973 4212 exfat - ok
18:04:00.0020 4212 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:04:00.0020 4212 fastfat - ok
18:04:00.0113 4212 [ 989A776A2FF32A148FCF15C44058B129 ] Fax C:\Windows\system32\fxssvc.exe
18:04:00.0363 4212 Fax - ok
18:04:00.0612 4212 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:04:00.0706 4212 fdc - ok
18:04:00.0722 4212 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
18:04:00.0722 4212 fdPHost - ok
18:04:00.0737 4212 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
18:04:00.0737 4212 FDResPub - ok
18:04:00.0753 4212 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:04:00.0753 4212 FileInfo - ok
18:04:00.0768 4212 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:04:00.0768 4212 Filetrace - ok
18:04:00.0784 4212 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:04:00.0784 4212 flpydisk - ok
18:04:00.0846 4212 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:04:00.0862 4212 FltMgr - ok
18:04:00.0987 4212 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
18:04:01.0002 4212 FontCache - ok
18:04:01.0034 4212 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:04:01.0034 4212 FontCache3.0.0.0 - ok
18:04:01.0065 4212 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:04:01.0065 4212 Fs_Rec - ok
18:04:01.0080 4212 [ 849E38DB7D829962D0233A0A252B60C3 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:04:01.0080 4212 fvevol - ok
18:04:01.0096 4212 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:04:01.0112 4212 gagp30kx - ok
18:04:01.0158 4212 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:04:01.0158 4212 GEARAspiWDM - ok
18:04:01.0205 4212 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
18:04:01.0205 4212 gpsvc - ok
18:04:01.0252 4212 [ B3F220AD6EEDDC2546780B84A8919B7A ] ha10kx2k C:\Windows\system32\drivers\ha10kx2k.sys
18:04:01.0299 4212 ha10kx2k - ok
18:04:01.0346 4212 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
18:04:01.0346 4212 hamachi - ok
18:04:01.0470 4212 [ A5963114373834D78782013BC803043E ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
18:04:01.0486 4212 Hamachi2Svc - ok
18:04:01.0502 4212 [ 5D6AEC608B871CC2C724114F34CAD3C8 ] hap16v2k C:\Windows\system32\drivers\hap16v2k.sys
18:04:01.0517 4212 hap16v2k - ok
18:04:01.0533 4212 [ B95BA8D7EA73A47FAC3A59CF4A3B3043 ] hap17v2k C:\Windows\system32\drivers\hap17v2k.sys
18:04:01.0533 4212 hap17v2k - ok
18:04:01.0595 4212 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:04:01.0595 4212 HdAudAddService - ok
18:04:01.0642 4212 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:04:01.0673 4212 HDAudBus - ok
18:04:01.0704 4212 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:04:01.0704 4212 HidBth - ok
18:04:01.0720 4212 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:04:01.0720 4212 HidIr - ok
18:04:01.0736 4212 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
18:04:01.0736 4212 hidserv - ok
18:04:01.0767 4212 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:04:01.0767 4212 HidUsb - ok
18:04:01.0782 4212 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
18:04:01.0782 4212 hkmsvc - ok
18:04:01.0829 4212 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:04:01.0829 4212 HpCISSs - ok
18:04:01.0907 4212 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:04:01.0923 4212 HTTP - ok
18:04:01.0938 4212 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:04:01.0938 4212 i2omp - ok
18:04:01.0985 4212 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:04:01.0985 4212 i8042prt - ok
18:04:02.0032 4212 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:04:02.0032 4212 iaStorV - ok
18:04:02.0126 4212 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:04:02.0126 4212 IDriverT - ok
18:04:02.0172 4212 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:04:02.0188 4212 idsvc - ok
18:04:02.0219 4212 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:04:02.0219 4212 iirsp - ok
18:04:02.0250 4212 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
18:04:02.0250 4212 IKEEXT - ok
18:04:02.0313 4212 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
18:04:02.0313 4212 intelide - ok
18:04:02.0328 4212 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:04:02.0328 4212 intelppm - ok
18:04:02.0360 4212 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:04:02.0360 4212 IPBusEnum - ok
18:04:02.0391 4212 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:04:02.0391 4212 IpFilterDriver - ok
18:04:02.0422 4212 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:04:02.0422 4212 iphlpsvc - ok
18:04:02.0422 4212 IpInIp - ok
18:04:02.0453 4212 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:04:02.0453 4212 IPMIDRV - ok
18:04:02.0484 4212 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:04:02.0484 4212 IPNAT - ok
18:04:02.0547 4212 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:04:02.0562 4212 iPod Service - ok
18:04:02.0578 4212 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:04:02.0578 4212 IRENUM - ok
18:04:02.0625 4212 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:04:02.0625 4212 isapnp - ok
18:04:02.0656 4212 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:04:02.0656 4212 iScsiPrt - ok
18:04:02.0672 4212 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:04:02.0672 4212 iteatapi - ok
18:04:02.0687 4212 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:04:02.0687 4212 iteraid - ok
18:04:02.0703 4212 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:04:02.0703 4212 kbdclass - ok
18:04:02.0703 4212 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:04:02.0703 4212 kbdhid - ok
18:04:02.0734 4212 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
18:04:02.0734 4212 KeyIso - ok
18:04:02.0781 4212 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:04:02.0796 4212 KSecDD - ok
18:04:02.0796 4212 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:04:02.0796 4212 ksthunk - ok
18:04:02.0828 4212 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
18:04:02.0843 4212 KtmRm - ok
18:04:02.0937 4212 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:04:02.0937 4212 LanmanServer - ok
18:04:02.0968 4212 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:04:02.0968 4212 LanmanWorkstation - ok
18:04:02.0984 4212 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:04:02.0984 4212 lltdio - ok
18:04:03.0015 4212 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:04:03.0030 4212 lltdsvc - ok
18:04:03.0030 4212 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:04:03.0030 4212 lmhosts - ok
18:04:03.0140 4212 [ 7109163D8027076D2680CFC4E80E2A28 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
18:04:03.0140 4212 LMIGuardianSvc - ok
18:04:03.0171 4212 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
18:04:03.0171 4212 LMIInfo - ok
18:04:03.0233 4212 [ 8054CE1FC8B417691960D00F931516A7 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
18:04:03.0233 4212 LMIMaint - ok
18:04:03.0296 4212 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
18:04:03.0296 4212 lmimirr - ok
18:04:03.0311 4212 LMIRfsClientNP - ok
18:04:03.0342 4212 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
18:04:03.0342 4212 LMIRfsDriver - ok
18:04:03.0420 4212 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
18:04:03.0420 4212 LogMeIn - ok
18:04:03.0436 4212 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:04:03.0436 4212 LSI_FC - ok
18:04:03.0467 4212 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:04:03.0467 4212 LSI_SAS - ok
18:04:03.0498 4212 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:04:03.0498 4212 LSI_SCSI - ok
18:04:03.0514 4212 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
18:04:03.0514 4212 luafv - ok
18:04:03.0576 4212 [ 9C6FEA1C7024FC81CF09CFDCA4CCE978 ] LVCOMSer C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
18:04:03.0592 4212 LVCOMSer - ok
18:04:03.0592 4212 [ 247E95B54752A792D45A360C9C31B55B ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
18:04:03.0592 4212 LVPr2M64 - ok
18:04:03.0608 4212 [ 247E95B54752A792D45A360C9C31B55B ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
18:04:03.0608 4212 LVPr2Mon - ok
18:04:03.0639 4212 [ D39FBB1D740AEE8A5F8D655A8DCC2002 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
18:04:03.0654 4212 LVPrcS64 - ok
18:04:03.0701 4212 [ 6562FCEE704F14C05F5338B147D67A16 ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
18:04:03.0701 4212 LVUSBS64 - ok
18:04:03.0732 4212 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:04:03.0732 4212 Mcx2Svc - ok
18:04:03.0764 4212 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
18:04:03.0764 4212 megasas - ok
18:04:03.0810 4212 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:04:03.0842 4212 MegaSR - ok
18:04:03.0857 4212 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
18:04:03.0857 4212 MMCSS - ok
18:04:03.0873 4212 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
18:04:03.0873 4212 Modem - ok
18:04:03.0920 4212 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:04:03.0920 4212 monitor - ok
18:04:03.0920 4212 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:04:03.0920 4212 mouclass - ok
18:04:03.0966 4212 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:04:03.0966 4212 mouhid - ok
18:04:03.0982 4212 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:04:03.0982 4212 MountMgr - ok
18:04:04.0029 4212 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
18:04:04.0029 4212 mpio - ok
18:04:04.0060 4212 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:04:04.0060 4212 mpsdrv - ok
18:04:04.0091 4212 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
18:04:04.0107 4212 MpsSvc - ok
18:04:04.0122 4212 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:04:04.0122 4212 Mraid35x - ok
18:04:04.0138 4212 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:04:04.0138 4212 MRxDAV - ok
18:04:04.0169 4212 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:04:04.0169 4212 mrxsmb - ok
18:04:04.0200 4212 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:04:04.0200 4212 mrxsmb10 - ok
18:04:04.0216 4212 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:04:04.0216 4212 mrxsmb20 - ok
18:04:04.0232 4212 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
18:04:04.0232 4212 msahci - ok
18:04:04.0247 4212 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:04:04.0263 4212 msdsm - ok
18:04:04.0294 4212 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
18:04:04.0294 4212 MSDTC - ok
18:04:04.0310 4212 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:04:04.0310 4212 Msfs - ok
18:04:04.0356 4212 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:04:04.0356 4212 msisadrv - ok
18:04:04.0388 4212 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:04:04.0388 4212 MSiSCSI - ok
18:04:04.0388 4212 msiserver - ok
18:04:04.0403 4212 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys18:04:04.0403 4212 MSKSSRV - ok
18:04:04.0450 4212 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:04:04.0450 4212 MSPCLOCK - ok
18:04:04.0466 4212 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:04:04.0466 4212 MSPQM - ok
18:04:04.0497 4212 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:04:04.0497 4212 MsRPC - ok
18:04:04.0528 4212 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:04:04.0528 4212 mssmbios - ok
18:04:04.0622 4212 MSSQL$SQLEXPRESS - ok
18:04:04.0653 4212 MSSQL$SQLEXPRESS2 - ok
18:04:04.0700 4212 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:04:04.0700 4212 MSSQLServerADHelper100 - ok
18:04:04.0731 4212 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:04:04.0731 4212 MSTEE - ok
18:04:04.0980 4212 [ 0F4DD44765A7D23E0CD9965EE900558F ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
18:04:05.0105 4212 msvsmon90 - ok
18:04:05.0168 4212 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
18:04:05.0168 4212 MTsensor - ok
18:04:05.0183 4212 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
18:04:05.0183 4212 Mup - ok
18:04:05.0246 4212 [ 9DDC6FF08623D52C1EBC9E8C7B13CB50 ] mv61xx C:\Windows\system32\DRIVERS\mv61xx.sys
18:04:05.0246 4212 mv61xx - ok
18:04:05.0308 4212 MySQL - ok
18:04:05.0339 4212 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
18:04:05.0355 4212 napagent - ok
18:04:05.0402 4212 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:04:05.0402 4212 NativeWifiP - ok
18:04:05.0480 4212 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:04:05.0495 4212 NDIS - ok
18:04:05.0511 4212 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:04:05.0511 4212 NdisTapi - ok
18:04:05.0526 4212 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:04:05.0526 4212 Ndisuio - ok
18:04:05.0558 4212 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:04:05.0558 4212 NdisWan - ok
18:04:05.0573 4212 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:04:05.0573 4212 NDProxy - ok
18:04:05.0589 4212 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:04:05.0589 4212 NetBIOS - ok
18:04:05.0620 4212 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:04:05.0620 4212 netbt - ok
18:04:05.0620 4212 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
18:04:05.0620 4212 Netlogon - ok
18:04:05.0651 4212 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
18:04:05.0667 4212 Netman - ok
18:04:05.0682 4212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:04:05.0698 4212 NetMsmqActivator - ok
18:04:05.0698 4212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:04:05.0698 4212 NetPipeActivator - ok
18:04:05.0714 4212 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
18:04:05.0714 4212 netprofm - ok
18:04:05.0729 4212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:04:05.0729 4212 NetTcpActivator - ok
18:04:05.0729 4212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:04:05.0729 4212 NetTcpPortSharing - ok
18:04:05.0760 4212 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:04:05.0760 4212 nfrd960 - ok
18:04:05.0792 4212 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
18:04:05.0792 4212 NlaSvc - ok
18:04:05.0807 4212 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:04:05.0807 4212 Npfs - ok
18:04:05.0838 4212 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
18:04:05.0838 4212 nsi - ok
18:04:05.0854 4212 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:04:05.0854 4212 nsiproxy - ok
18:04:05.0948 4212 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:04:05.0994 4212 Ntfs - ok
18:04:05.0994 4212 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
18:04:05.0994 4212 Null - ok
18:04:06.0322 4212 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:04:06.0618 4212 nvlddmkm - ok
18:04:06.0650 4212 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:04:06.0650 4212 nvraid - ok
18:04:06.0681 4212 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:04:06.0681 4212 nvstor - ok
18:04:06.0728 4212 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
18:04:06.0728 4212 nvsvc - ok
18:04:06.0837 4212 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:04:06.0852 4212 nvUpdatusService - ok
18:04:06.0868 4212 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:04:06.0868 4212 nv_agp - ok
18:04:06.0868 4212 NwlnkFlt - ok
18:04:06.0884 4212 NwlnkFwd - ok
18:04:06.0993 4212 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:04:06.0993 4212 odserv - ok
18:04:07.0055 4212 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:04:07.0055 4212 ohci1394 - ok
18:04:07.0102 4212 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:04:07.0118 4212 ose - ok
18:04:07.0133 4212 [ 678CC7DCF607BBD69A9F9333D39C2F1D ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
18:04:07.0133 4212 ossrv - ok
18:04:07.0180 4212 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:04:07.0180 4212 p2pimsvc - ok
18:04:07.0211 4212 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
18:04:07.0211 4212 p2psvc - ok
18:04:07.0242 4212 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
18:04:07.0242 4212 Parport - ok
18:04:07.0289 4212 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:04:07.0305 4212 partmgr - ok
18:04:07.0367 4212 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
18:04:07.0367 4212 PcaSvc - ok
18:04:07.0461 4212 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
18:04:07.0508 4212 pci - ok
18:04:07.0586 4212 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
18:04:07.0586 4212 pciide - ok
18:04:07.0601 4212 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:04:07.0617 4212 pcmcia - ok
18:04:07.0664 4212 [ FD1BB23371EE2E5E3076D7B0D8B33E91 ] PdiPorts C:\Windows\system32\DRIVERS\PdiPorts.sys
18:04:07.0664 4212 PdiPorts - ok
18:04:07.0695 4212 [ A1F1260AD7AEABA9D53724E66AA274BA ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
18:04:07.0695 4212 PdiService - ok
18:04:07.0726 4212 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:04:07.0742 4212 PEAUTH - ok
18:04:07.0804 4212 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:04:07.0804 4212 PerfHost - ok
18:04:07.0866 4212 [ DB5C32A4130E6B36CD6ED7A5A6C7751E ] PID_0928 C:\Windows\system32\DRIVERS\LV561V64.SYS
18:04:07.0882 4212 PID_0928 - ok
18:04:07.0944 4212 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
18:04:07.0976 4212 pla - ok
18:04:08.0007 4212 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:04:08.0007 4212 PlugPlay - ok
18:04:08.0054 4212 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:04:08.0069 4212 PNRPAutoReg - ok
18:04:08.0100 4212 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:04:08.0100 4212 PNRPsvc - ok
18:04:08.0132 4212 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:04:08.0147 4212 PolicyAgent - ok
18:04:08.0178 4212 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:04:08.0178 4212 PptpMiniport - ok
18:04:08.0210 4212 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:04:08.0210 4212 Processor - ok
18:04:08.0241 4212 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
18:04:08.0256 4212 ProfSvc - ok
18:04:08.0256 4212 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
18:04:08.0256 4212 ProtectedStorage - ok
18:04:08.0288 4212 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:04:08.0288 4212 PSched - ok
18:04:08.0319 4212 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:04:08.0319 4212 PxHlpa64 - ok
18:04:08.0366 4212 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:04:08.0397 4212 ql2300 - ok
18:04:08.0428 4212 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:04:08.0428 4212 ql40xx - ok
18:04:08.0459 4212 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
18:04:08.0459 4212 QWAVE - ok
18:04:08.0475 4212 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:04:08.0475 4212 QWAVEdrv - ok
18:04:08.0490 4212 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:04:08.0490 4212 RasAcd - ok
18:04:08.0506 4212 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
18:04:08.0506 4212 RasAuto - ok
18:04:08.0522 4212 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:04:08.0537 4212 Rasl2tp - ok
18:04:08.0553 4212 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
18:04:08.0553 4212 RasMan - ok
18:04:08.0568 4212 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:04:08.0568 4212 RasPppoe - ok
18:04:08.0631 4212 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:04:08.0631 4212 RasSstp - ok
18:04:08.0646 4212 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:04:08.0662 4212 rdbss - ok
18:04:08.0678 4212 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:04:08.0678 4212 RDPCDD - ok
18:04:08.0709 4212 [ AE23E79B13FEB62939E2CA1189E71735 ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
18:04:08.0724 4212 rdpdr - ok
18:04:08.0724 4212 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:04:08.0724 4212 RDPENCDD - ok
18:04:08.0756 4212 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:04:08.0756 4212 RDPWD - ok
18:04:08.0771 4212 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:04:08.0771 4212 RemoteAccess - ok
18:04:08.0802 4212 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:04:08.0802 4212 RemoteRegistry - ok
18:04:08.0834 4212 [ 71B48DDAF5E9C2B40E64DE5C405F5AAC ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:04:08.0834 4212 RimUsb - ok
18:04:08.0865 4212 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
18:04:08.0865 4212 RimVSerPort - ok
18:04:08.0880 4212 [ 6A0CF73B019CBC9255E23C9192EC3702 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
18:04:08.0880 4212 ROOTMODEM - ok
18:04:08.0958 4212 RoxLiveShare9 - ok
18:04:08.0990 4212 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
18:04:08.0990 4212 RpcLocator - ok
18:04:09.0052 4212 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
18:04:09.0068 4212 RpcSs - ok
18:04:09.0130 4212 [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105 C:\Windows\system32\DRIVERS\RsFx0105.sys
18:04:09.0130 4212 RsFx0105 - ok
18:04:09.0161 4212 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:04:09.0161 4212 rspndr - ok
18:04:09.0224 4212 [ C02FF907A2DE4F6C6F7E34FBAD08660E ] RTL8023x64 C:\Windows\system32\DRIVERS\Rtnic64.sys
18:04:09.0224 4212 RTL8023x64 - ok
18:04:09.0286 4212 [ 248ABD858FF7DCC966E5A54529DDD225 ] SaiH2541 C:\Windows\system32\DRIVERS\SaiH2541.sys
18:04:09.0286 4212 SaiH2541 - ok
18:04:09.0302 4212 [ 3DA2CCA7206DB8D4CE234177A97A1B62 ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys
18:04:09.0317 4212 SaiMini - ok
18:04:09.0333 4212 [ 7DF4B3E55FF2540111E7E7AD3656A7C5 ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys
18:04:09.0333 4212 SaiNtBus - ok
18:04:09.0364 4212 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
18:04:09.0364 4212 SamSs - ok
18:04:09.0426 4212 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
18:04:09.0426 4212 SASDIFSV - ok
18:04:09.0473 4212 [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS
18:04:09.0473 4212 SASKUTIL - ok
18:04:09.0504 4212 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:04:09.0504 4212 sbp2port - ok
18:04:09.0551 4212 [ 7E07D2A5B910C71D6474E9AA0EAA1825 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
18:04:09.0551 4212 SBRE - ok
18:04:09.0582 4212 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:04:09.0582 4212 SCardSvr - ok
18:04:09.0629 4212 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
18:04:09.0629 4212 Schedule - ok
18:04:09.0692 4212 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
18:04:09.0692 4212 SCMNdisP - ok
18:04:09.0707 4212 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:04:09.0707 4212 SCPolicySvc - ok
18:04:09.0738 4212 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:04:09.0738 4212 SDRSVC - ok
18:04:09.0754 4212 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:04:09.0754 4212 secdrv - ok
18:04:09.0770 4212 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
18:04:09.0770 4212 seclogon - ok
18:04:09.0770 4212 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
18:04:09.0785 4212 SENS - ok
18:04:09.0801 4212 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:04:09.0801 4212 Serenum - ok
18:04:09.0816 4212 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:04:09.0816 4212 Serial - ok
18:04:09.0832 4212 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:04:09.0832 4212 sermouse - ok
18:04:09.0863 4212 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
18:04:09.0879 4212 SessionEnv - ok
18:04:09.0879 4212 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:04:09.0879 4212 sffdisk - ok
18:04:09.0894 4212 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:04:09.0894 4212 sffp_mmc - ok
18:04:09.0910 4212 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:04:09.0910 4212 sffp_sd - ok
18:04:09.0926 4212 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:04:09.0926 4212 sfloppy - ok
18:04:09.0972 4212 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:04:09.0972 4212 SharedAccess - ok
18:04:10.0035 4212 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:04:10.0035 4212 ShellHWDetection - ok
18:04:10.0050 4212 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:04:10.0066 4212 SiSRaid2 - ok
18:04:10.0066 4212 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:04:10.0082 4212 SiSRaid4 - ok
18:04:10.0160 4212 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
18:04:10.0175 4212 slsvc - ok
18:04:10.0191 4212 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:04:10.0191 4212 SLUINotify - ok
18:04:10.0222 4212 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:04:10.0222 4212 Smb - ok
18:04:10.0269 4212 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:04:10.0284 4212 SNMPTRAP - ok
18:04:10.0300 4212 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
18:04:10.0300 4212 spldr - ok
18:04:10.0331 4212 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
18:04:10.0331 4212 Spooler - ok
18:04:10.0394 4212 [ 88E5162E58C8919CC873F5D8946197CF ] sptd C:\Windows\System32\Drivers\sptd.sys
18:04:10.0472 4212 sptd - ok
18:04:10.0534 4212 [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:04:10.0550 4212 SQLAgent$SQLEXPRESS - ok
18:04:10.0612 4212 [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS2 c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS2\MSSQL\Binn\SQLAGENT.EXE
18:04:10.0612 4212 SQLAgent$SQLEXPRESS2 - ok
18:04:10.0643 4212 [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:04:10.0643 4212 SQLBrowser - ok
18:04:10.0674 4212 [ F92E5F93BE572B512DA3C016B675EDE0 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:04:10.0674 4212 SQLWriter - ok
18:04:10.0706 4212 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
18:04:10.0721 4212 srv - ok
18:04:10.0752 4212 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:04:10.0752 4212 srv2 - ok
18:04:10.0768 4212 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:04:10.0768 4212 srvnet - ok
18:04:10.0799 4212 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:04:10.0799 4212 SSDPSRV - ok
18:04:10.0846 4212 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:04:10.0862 4212 SstpSvc - ok
18:04:10.0908 4212 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:04:10.0908 4212 Stereo Service - ok
18:04:10.0940 4212 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
18:04:11.0002 4212 stisvc - ok
18:04:11.0033 4212 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:04:11.0033 4212 swenum - ok
18:04:11.0064 4212 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
18:04:11.0080 4212 swprv - ok
18:04:11.0111 4212 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:04:11.0111 4212 Symc8xx - ok
18:04:11.0127 4212 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:04:11.0127 4212 Sym_hi - ok
18:04:11.0142 4212 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:04:11.0142 4212 Sym_u3 - ok
18:04:11.0189 4212 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
18:04:11.0205 4212 SysMain - ok
18:04:11.0236 4212 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:04:11.0236 4212 TabletInputService - ok
18:04:11.0267 4212 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:04:11.0267 4212 TapiSrv - ok
18:04:11.0298 4212 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
18:04:11.0298 4212 TBS - ok
18:04:11.0345 4212 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:04:11.0392 4212 Tcpip - ok
18:04:11.0439 4212 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:04:11.0439 4212 Tcpip6 - ok
18:04:11.0470 4212 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:04:11.0470 4212 tcpipreg - ok
18:04:11.0486 4212 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:04:11.0486 4212 TDPIPE - ok
18:04:11.0501 4212 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:04:11.0501 4212 TDTCP - ok
18:04:11.0532 4212 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:04:11.0532 4212 tdx - ok
18:04:11.0564 4212 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:04:11.0564 4212 TermDD - ok
18:04:11.0595 4212 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
18:04:11.0595 4212 TermService - ok
18:04:11.0610 4212 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
18:04:11.0610 4212 Themes - ok
18:04:11.0642 4212 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
18:04:11.0642 4212 THREADORDER - ok
18:04:11.0657 4212 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
18:04:11.0673 4212 TrkWks - ok
18:04:11.0688 4212 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:04:11.0704 4212 TrustedInstaller - ok
18:04:11.0704 4212 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:04:11.0704 4212 tssecsrv - ok
18:04:11.0751 4212 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:04:11.0751 4212 tunmp - ok
18:04:11.0782 4212 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:04:11.0782 4212 tunnel - ok
18:04:11.0798 4212 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:04:11.0798 4212 uagp35 - ok
18:04:11.0829 4212 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:04:11.0829 4212 udfs - ok
18:04:11.0844 4212 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:04:11.0844 4212 UI0Detect - ok
18:04:11.0876 4212 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:04:11.0876 4212 uliagpkx - ok
18:04:11.0907 4212 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:04:11.0907 4212 uliahci - ok
18:04:11.0922 4212 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:04:11.0938 4212 UlSata - ok
18:04:11.0954 4212 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:04:11.0954 4212 ulsata2 - ok
18:04:11.0985 4212 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:04:11.0985 4212 umbus - ok
18:04:12.0032 4212 [ DC5E34F189B827199B9CC8481C648269 ] UmRdpService C:\Windows\System32\umrdp.dll
18:04:12.0032 4212 UmRdpService - ok
18:04:12.0047 4212 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
18:04:12.0047 4212 upnphost - ok
18:04:12.0110 4212 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:04:12.0110 4212 usbccgp - ok
18:04:12.0125 4212 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:04:12.0125 4212 usbcir - ok
18:04:12.0172 4212 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:04:12.0172 4212 usbehci - ok
18:04:12.0188 4212 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:04:12.0188 4212 usbhub - ok
18:04:12.0188 4212 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:04:12.0188 4212 usbohci - ok
18:04:12.0219 4212 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:04:12.0219 4212 usbprint - ok
18:04:12.0281 4212 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:04:12.0281 4212 usbscan - ok
18:04:12.0312 4212 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:04:12.0312 4212 USBSTOR - ok
18:04:12.0375 4212 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:04:12.0375 4212 usbuhci - ok
18:04:12.0406 4212 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
18:04:12.0406 4212 UxSms - ok
18:04:12.0453 4212 [ 962A33A191DBE56915FD196E3A868CF0 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
18:04:12.0468 4212 VBoxDrv - ok
18:04:12.0531 4212 [ 055B8AD708D1BD14C2A3B5AB29BE2188 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
18:04:12.0531 4212 VBoxNetAdp - ok
18:04:12.0562 4212 [ AC1CA3521ACDA62F3A04C532D38D6B81 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
18:04:12.0578 4212 VBoxNetFlt - ok
18:04:12.0609 4212 [ 31550AF724FDC74362784050E5FA2DD4 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
18:04:12.0609 4212 VBoxUSBMon - ok
18:04:12.0640 4212 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
18:04:12.0656 4212 vds - ok
18:04:12.0671 4212 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:04:12.0687 4212 vga - ok
18:04:12.0702 4212 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:04:12.0702 4212 VgaSave - ok
18:04:12.0718 4212 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
18:04:12.0718 4212 viaide - ok
18:04:12.0718 4212 Viewpoint Service - ok
18:04:12.0749 4212 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:04:12.0749 4212 volmgr - ok
18:04:12.0780 4212 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:04:12.0780 4212 volmgrx - ok
18:04:12.0812 4212 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:04:12.0827 4212 volsnap - ok
18:04:12.0843 4212 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:04:12.0858 4212 vsmraid - ok
18:04:12.0921 4212 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
18:04:12.0952 4212 VSS - ok
18:04:13.0046 4212 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
18:04:13.0046 4212 W32Time - ok
18:04:13.0061 4212 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:04:13.0061 4212 WacomPen - ok
18:04:13.0092 4212 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:04:13.0092 4212 Wanarp - ok
18:04:13.0108 4212 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:04:13.0108 4212 Wanarpv6 - ok
18:04:13.0155 4212 [ 48EEE289DF9E4989128B2283F3EEACC6 ] wbengine C:\Windows\system32\wbengine.exe
18:04:13.0186 4212 wbengine - ok
18:04:13.0217 4212 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:04:13.0233 4212 wcncsvc - ok
18:04:13.0248 4212 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:04:13.0248 4212 WcsPlugInService - ok
18:04:13.0264 4212 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
18:04:13.0280 4212 Wd - ok
18:04:13.0326 4212 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
18:04:13.0326 4212 WDC_SAM - ok
18:04:13.0373 4212 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:04:13.0389 4212 Wdf01000 - ok
18:04:13.0404 4212 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:04:13.0404 4212 WdiServiceHost - ok
18:04:13.0404 4212 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:04:13.0404 4212 WdiSystemHost - ok
18:04:13.0436 4212 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
18:04:13.0436 4212 WebClient - ok
18:04:13.0467 4212 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:04:13.0467 4212 Wecsvc - ok
18:04:13.0482 4212 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:04:13.0482 4212 wercplsupport - ok
18:04:13.0498 4212 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
18:04:13.0498 4212 WerSvc - ok
18:04:13.0514 4212 WinDefend - ok
18:04:13.0529 4212 WinHttpAutoProxySvc - ok
18:04:13.0576 4212 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:04:13.0576 4212 Winmgmt - ok
18:04:13.0638 4212 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
18:04:13.0701 4212 WinRM - ok
18:04:13.0748 4212 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:04:13.0748 4212 Wlansvc - ok
18:04:13.0904 4212 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:04:13.0904 4212 wlidsvc - ok
18:04:13.0935 4212 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:04:13.0935 4212 WmiAcpi - ok
18:04:13.0966 4212 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:04:13.0966 4212 wmiApSrv - ok
18:04:13.0982 4212 WMPNetworkSvc - ok
18:04:14.0028 4212 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:04:14.0028 4212 WPCSvc - ok
18:04:14.0091 4212 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:04:14.0091 4212 WPDBusEnum - ok
18:04:14.0138 4212 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:04:14.0153 4212 WpdUsb - ok
18:04:14.0325 4212 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:04:14.0325 4212 WPFFontCache_v0400 - ok
18:04:14.0340 4212 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:04:14.0340 4212 ws2ifsl - ok
18:04:14.0372 4212 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
18:04:14.0372 4212 wscsvc - ok
18:04:14.0372 4212 WSearch - ok
18:04:14.0434 4212 [ 2A7DB6A6F2C2E7CB40311D5B9340060D ] WSWNDA3100 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
18:04:14.0434 4212 WSWNDA3100 - ok
18:04:14.0528 4212 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:04:14.0543 4212 wuauserv - ok
18:04:14.0590 4212 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:04:14.0590 4212 WUDFRd - ok
18:04:14.0621 4212 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:04:14.0621 4212 wudfsvc - ok
18:04:14.0684 4212 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:04:14.0730 4212 YahooAUService - ok
18:04:14.0824 4212 [ 29184BA4B42847A76BFAB387A2E52FE3 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
18:04:14.0840 4212 yukonx64 - ok
18:04:14.0902 4212 ================ Scan global ===============================
18:04:14.0933 4212 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
18:04:14.0980 4212 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
18:04:15.0011 4212 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
18:04:15.0058 4212 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
18:04:15.0058 4212 [Global] - ok
18:04:15.0058 4212 ================ Scan MBR ==================================
18:04:15.0058 4212 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:04:15.0230 4212 \Device\Harddisk0\DR0 - ok
18:04:15.0230 4212 ================ Scan VBR ==================================
18:04:15.0245 4212 [ 4C354C71F5112289A73C11F20CC9FD60 ] \Device\Harddisk0\DR0\Partition1
18:04:15.0261 4212 \Device\Harddisk0\DR0\Partition1 - ok
18:04:15.0261 4212 ============================================================
18:04:15.0261 4212 Scan finished
18:04:15.0261 4212 ============================================================
18:04:15.0261 4120 Detected object count: 0
18:04:15.0261 4120 Actual detected object count: 0




aswMBR_Log

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-25 18:07:27
-----------------------------
18:07:27.000 OS Version: Windows x64 6.0.6002 Service Pack 2
18:07:27.000 Number of processors: 2 586 0x203
18:07:27.000 ComputerName: BL UserName: J
18:07:27.983 Initialize success
18:10:19.012 AVAST engine defs: 12112501
18:11:08.911 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:11:08.911 Disk 0 Vendor: Maxtor_6Y160M0 YAR51HW0 Size: 156334MB BusType: 3
18:11:08.911 Disk 0 MBR read successfully
18:11:08.911 Disk 0 MBR scan
18:11:08.911 Disk 0 Windows VISTA default MBR code
18:11:08.926 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 156332 MB offset 2048
18:11:08.958 Disk 0 scanning C:\Windows\system32\drivers
18:11:19.441 Service scanning
18:11:54.588 Modules scanning
18:11:54.588 Disk 0 trace - called modules:
18:11:54.603 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys
18:11:54.603 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ae4060]
18:11:54.603 3 CLASSPNP.SYS[fffffa6000b9fc33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004add060]
18:11:56.475 AVAST engine scan C:\Windows
18:12:12.450 AVAST engine scan C:\Windows\system32
18:16:49.491 AVAST engine scan C:\Windows\system32\drivers
18:17:03.359 AVAST engine scan C:\Users\J
18:26:40.341 AVAST engine scan C:\ProgramData
18:30:18.857 Scan finished successfully
18:50:11.165 Disk 0 MBR has been saved successfully to "C:\Users\J\Desktop\Virus\MBR.dat"
18:50:11.169 The log file has been saved successfully to "C:\Users\J\Desktop\Virus\aswMBR_Log.txt"



I will have to come back in a few hours and do some checking of the system.
BRB

Thanks

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 PM

Posted 26 November 2012 - 07:08 AM

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 m61a1cannon

m61a1cannon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 27 November 2012 - 01:36 PM

Ran as requested.



Clicked on a survey and whamo it opened as it was supposed to.
I do not see anything looking way ward on the pc.
You scored well.



Thank you very much

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 PM

Posted 27 November 2012 - 09:08 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 m61a1cannon

m61a1cannon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 28 November 2012 - 11:45 AM

Ran Combofix as requested.


ComboFix 12-11-28.02 - J 11/28/2012 11:22:47.4.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4094.2566 [GMT -5:00]
Running from: c:\users\J\Desktop\ComboFix.exe
Command switches used :: c:\users\J\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
.
.
2012-11-28 16:30 . 2012-11-28 16:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-28 16:30 . 2012-11-28 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 16:30 . 2012-11-28 16:30 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-20 13:45 . 2012-11-20 13:45 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-11-17 00:34 . 2012-11-28 16:31 -------- d-----w- c:\users\J\AppData\Local\LogMeIn Hamachi
2012-11-16 10:49 . 2012-10-12 14:53 2769920 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 10:49 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 10:49 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
2012-10-30 14:35 . 2012-11-16 21:45 -------- d-----w- C:\VIPRERESCUE
2012-10-30 14:29 . 2012-10-30 14:34 82358272 ----a-w- C:\VIPRERescue8213.exe
2012-10-30 14:11 . 2012-10-31 00:04 -------- d-----w- c:\program files (x86)\SUPERAntiSpyware
2012-10-30 14:11 . 2012-10-30 14:11 -------- d-----w- c:\users\J\AppData\Roaming\SUPERAntiSpyware.com
2012-10-30 14:11 . 2012-10-30 14:11 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 10:55 . 2006-11-02 12:35 66395536 ----a-w- c:\windows\system32\mrt.exe
2012-11-06 10:31 . 2011-06-14 09:02 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-06 10:31 . 2011-06-14 09:02 35240 ----a-w- c:\windows\system32\LMIport.dll
2012-11-06 10:31 . 2011-06-14 09:02 83880 ----a-w- c:\windows\system32\LMIinit.dll
2012-10-11 06:37 . 2012-03-29 11:37 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-11 06:37 . 2011-09-22 17:39 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-11 01:23 . 2012-10-11 01:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 01:23 . 2008-09-18 04:55 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 01:23 . 2012-10-11 01:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 01:23 . 2012-10-11 01:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 01:23 . 2012-10-11 01:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 01:23 . 2012-10-11 01:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 01:23 . 2012-10-11 01:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 01:23 . 2008-09-18 04:55 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 01:23 . 2012-10-11 01:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 01:23 . 2012-10-11 01:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 01:23 . 2012-10-11 01:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 01:23 . 2012-10-11 01:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 01:23 . 2012-02-10 02:43 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 01:22 . 2012-10-11 01:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 01:22 . 2012-10-11 01:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 01:22 . 2012-02-10 02:43 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 01:22 . 2012-02-10 02:43 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 01:22 . 2012-10-11 01:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 01:22 . 2012-10-11 01:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 01:22 . 2012-10-11 01:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 01:22 . 2012-10-11 01:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 19:51 . 2010-10-16 18:13 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2010-10-16 18:13 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2010-10-16 18:13 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2010-10-16 18:13 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2009-07-07 21:24 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2008-09-18 04:55 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 17:15 . 2012-10-02 17:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-29 23:54 . 2009-11-17 07:16 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 13:45 . 2012-10-12 04:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-13 13:28 . 2012-10-12 04:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-12 20:20 . 2012-09-12 20:20 8592 ----a-w- c:\windows\system32\ractrlkeyhook.dll
1996-06-05 12:56 . 2010-10-02 02:56 21504 ------w- c:\program files (x86)\uninstl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2007-04-09 80896]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 06:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"="CTASIO.DLL" [BU]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.duckduckgo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: mtb.com\www
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\J\AppData\Roaming\Mozilla\Firefox\Profiles\e611o8dz.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: !HIDDEN! 2009-06-23 23:13; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
AddRemove-Any Audio Converter_is1 - c:\boys achievement\Any Audio Converter\unins000.exe
AddRemove-Falcon BMS 4.32 - c:\users\J\Desktop\The Folder\Desktop\New Folder\Flight\BMS\Falcon BMS 4.32 Setup\Setup.exe
AddRemove-HijackThis - g:\removal\HijackThis.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2350566267-1743532531-1518067020-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0CEFE34-E310-6494-F296-699CB124B029}*]
"paalifgifmadhfchbmihgfabdjlffbfe"=hex:6a,61,6b,69,6d,62,69,63,62,64,63,69,6f,
6e,70,64,63,68,6a,69,00,00
"abgmcaokflnpilgcnoghkjikpdlfcepibf"=hex:69,61,69,6a,64,64,67,6c,6b,63,68,65,
6d,6c,69,6a,62,63,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-28 11:33:44
ComboFix-quarantined-files.txt 2012-11-28 16:33
ComboFix2.txt 2012-11-21 13:57
ComboFix3.txt 2012-11-19 19:50
.
Pre-Run: 72,214,921,216 bytes free
Post-Run: 72,460,963,840 bytes free
.
- - End Of File - - 6D3FC958453A5279721F29CE44A8E94E






I do not see anything looking way ward on the pc.



Thank you very much




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users