Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Virus that takes up all your free memory on HDD?


  • This topic is locked This topic is locked
20 replies to this topic

#1 Jon1234

Jon1234

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 22 November 2012 - 07:50 PM

For about 3 weeks now, i've been losing tons of memory on my Hard Drive daily. i think about 70-80GB in total. IDK if its because my hard drives broken or if I have a virus. I've tried fixing it myself but the problem still Occurs. I've tried deleting 20GB of memory, but by the next couple days It's back to barely any memory left around 900MB. I did not download anything, i barely even used the computer at the time. I would appreciate it if someone can help me rid of this really annoying problem.

Programs i've tried

Malware Bytes, SUPERAntiSpyWare, E-set Online Scanner, and ComboFix. (I've tried MalWare bytes and SUPERAntiSpyware in safe mode without net)

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:33 PM

Posted 26 November 2012 - 05:14 AM

Hello, Jon1234
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.


Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.


Please do not run Combofix on your own. This could damage your system.
PLease navigate to C:\Qoobox and post back with the content of:

Combofix2.txt
Combofix3.txt
Quarantined-files.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 Jon1234

Jon1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 27 November 2012 - 11:39 AM

Thank you for your reply, I appreciate it very much.

Note: Combofix 1 and ComboFix 2 is from 7 months ago when i used it.


2012-11-22 15:57:22 . 2012-11-22 15:57:22 261,104 ----a-w- C:\Qoobox\Quarantine\D\av3.zip
2012-04-06 01:04:39 . 2012-04-06 01:04:39 1,380 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Shockwave Player.reg.dat
2012-04-06 01:04:30 . 2012-11-22 15:59:12 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2012-04-06 01:04:26 . 2012-04-06 01:04:26 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-12476145.sys.reg.dat
2012-04-06 01:04:20 . 2012-04-06 01:04:20 153 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-WMPNSCFG.reg.dat
2012-04-06 01:00:43 . 2007-11-07 13:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\D\install.exe.vir
2012-04-06 00:52:25 . 2012-11-22 15:51:58 4,101 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-04-06 00:31:44 . 2012-11-22 15:34:32 357 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-11-18 22:03:42 . 2010-11-18 22:24:28 606 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\server.log.vir
2010-09-04 15:35:09 . 2010-09-04 15:35:18 346 ----a-w- C:\Qoobox\Quarantine\C\CFLog\CrashLog_20100904.txt.vir
2010-09-03 19:16:06 . 2010-09-03 19:16:06 46 ----a-w- C:\Qoobox\Quarantine\C\CFLog\CrashLog_20100903.txt.vir
2010-07-25 02:03:18 . 2010-07-25 02:03:19 208 ----a-w- C:\Qoobox\Quarantine\C\CFLog\CrashLog_20100724.txt.vir
2010-03-17 23:16:56 . 2008-05-01 02:28:08 1,654,869 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\DynuEncrypt.dll.vir
2009-01-29 07:08:48 . 2009-01-29 07:08:48 97,424 ----a-w- C:\Qoobox\Quarantine\C\Users\Valued Customer\AppData\Local\TempDIR\raptr_installer.exe.vir
2003-02-21 10:16:08 . 2003-02-21 10:16:08 49,152 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\URTTEMP\regtlib.exe.vir



ComboFix 12-04-05.09 - Valued Customer 04/08/2012 21:54:04.2.2 - x64 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.2739 [GMT -5:00]
Running from: c:\users\Valued Customer\Desktop\crauggat.com.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2020-12-01 22:57 . 2020-12-01 22:57 -------- d-----w- c:\program files\Common Files\OFX
2020-12-01 22:57 . 2020-12-01 22:57 -------- d-----w- c:\program files (x86)\Common Files\OFX
2020-12-01 22:56 . 2020-12-01 22:56 -------- d-----w- c:\program files\NewBlue
2012-04-09 03:06 . 2012-04-09 03:06 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-04-09 03:06 . 2012-04-09 03:06 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-04-09 03:06 . 2012-04-09 03:06 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-04-09 03:06 . 2012-04-09 03:06 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-04-09 03:06 . 2012-04-09 03:06 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-04-09 03:06 . 2012-04-09 03:06 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-04-09 03:06 . 2012-04-09 03:06 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-04-09 03:06 . 2012-04-09 03:06 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-04-09 03:06 . 2012-04-09 03:06 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-04-09 03:05 . 2012-04-09 03:05 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-04-09 03:05 . 2012-04-09 03:05 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-04-09 03:05 . 2012-04-09 03:05 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-04-09 03:05 . 2012-04-09 03:05 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-04-09 03:05 . 2012-04-09 03:05 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-04-09 03:05 . 2012-04-09 03:05 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-04-09 03:05 . 2012-04-09 03:05 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-04-09 03:05 . 2012-04-09 03:05 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-04-09 03:04 . 2012-04-09 03:07 -------- d-----w- c:\users\Valued Customer\AppData\Local\temp
2012-04-09 03:04 . 2012-04-09 03:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-09 03:04 . 2012-04-09 03:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-09 03:04 . 2012-04-09 03:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 00:31 . 2012-04-06 00:38 -------- d-----w- C:\ComboFix
2012-04-06 00:11 . 2012-04-06 00:11 -------- d-----w- c:\program files (x86)\ESET
2012-04-05 08:24 . 2012-04-06 00:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 10:32 . 2012-04-04 10:32 -------- d-----w- c:\users\Guest\AppData\Roaming\SUPERAntiSpyware.com
2012-04-04 10:27 . 2012-04-04 10:27 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
2012-03-25 16:55 . 2012-03-25 16:55 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Unity
2012-03-25 16:13 . 2012-03-25 16:13 -------- d-----w- c:\users\Valued Customer\AppData\Local\Unity
2012-03-21 08:52 . 2012-03-21 08:52 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Pokemon Online
2012-03-21 08:48 . 2012-03-21 08:48 -------- d-----w- c:\users\Valued Customer\Pokemon Online
2012-03-18 04:52 . 2012-03-18 04:52 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 04:52 . 2012-03-18 04:52 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 12:29 . 2012-03-15 12:29 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(18)\TEXTBOX.JS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 21:39 . 2012-02-18 20:48 743262 ----a-w- c:\windows\unins004.exe
2012-01-16 11:15 . 2010-12-20 20:23 22737920 ----a-w- c:\windows\system32\BCC7_AE_8Bit.dll
2012-01-16 11:12 . 2010-12-20 20:14 22771200 ----a-w- c:\windows\system32\BCC7_AE_16Bit.dll
2012-01-16 11:10 . 2010-12-21 21:07 10463744 ----a-w- c:\windows\system32\BCC7_3DObjects_AE.dll
2011-08-17 02:30 . 2011-08-17 02:30 36868 ----a-w- c:\program files (x86)\uninst-Echospace.exe
2010-08-07 02:31 . 2010-08-04 23:50 36868 ----a-w- c:\program files (x86)\uninst-Particular.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-06_01.00.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-04-08 19:01 89428 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-09 15:34 . 2012-04-08 19:01 18866 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2851905324-736901039-834224370-1000_UserData.bin
+ 2009-01-10 02:24 . 2012-04-07 12:05 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-10 02:24 . 2012-04-05 18:26 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-10 02:24 . 2012-04-07 12:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-10 02:24 . 2012-04-05 18:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-10 02:24 . 2012-04-05 18:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-10 02:24 . 2012-04-07 12:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-26 01:17 . 2012-04-08 14:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 01:17 . 2012-04-05 13:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 01:17 . 2012-04-05 13:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-26 01:17 . 2012-04-08 14:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-26 01:17 . 2012-04-05 13:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-26 01:17 . 2012-04-08 14:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-26 01:17 . 2012-04-08 18:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 01:17 . 2012-04-05 13:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 01:17 . 2012-04-05 13:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-26 01:17 . 2012-04-08 18:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-09 03:05 . 2012-04-09 03:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-06 00:59 . 2012-04-06 00:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-09 03:05 . 2012-04-09 03:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-06 00:59 . 2012-04-06 00:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 15:45 . 2012-04-08 19:01 105576 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 12:46 . 2012-04-09 00:02 606642 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-04-09 00:02 104652 c:\windows\system32\perfc009.dat
+ 2010-06-19 05:04 . 2012-04-08 23:53 537280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-06-19 05:04 . 2012-04-06 00:57 537280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-06-19 05:04 . 2012-04-08 23:53 8510440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2851905324-736901039-834224370-1000-12288.dat
- 2010-06-19 05:04 . 2012-04-06 00:57 8510440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2851905324-736901039-834224370-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-08-10 478040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-19 6453760]
"Skytel"="Skytel.exe" [2008-07-19 1826816]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" [2012-01-13 981680]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = file:\\c:\program files (x86)\Internet Explorer\MyGoogle.html
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0109&m=dx4720-03
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: &Translate with ATLAS - c:\program files (x86)\ATLAS V14\Atlscript.html
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: ATLAS Translation &Editor - c:\program files (x86)\ATLAS V14\AtlscriptEdit.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\vd395i27.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.swagbucks.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va001]
"ImagePath"="\??\c:\users\VALUED~1\AppData\Local\Temp\001E531.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va002]
"ImagePath"="\??\c:\users\VALUED~1\AppData\Local\Temp\0029268.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va003]
"ImagePath"="\??\c:\users\VALUED~1\AppData\Local\Temp\00329DA.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\users\VALUED~1\AppData\Local\Temp\005D635.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va006]
"ImagePath"="\??\c:\users\VALUED~1\AppData\Local\Temp\006C93B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@Denied: (A 2) (Everyone)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
c:\windows\MHotKey.exe
c:\program files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\ChiFuncExt.exe
c:\windows\CNYHKey.exe
c:\windows\ModLedKey.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-04-08 22:12:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 03:12
ComboFix2.txt 2012-04-06 01:07
.
Pre-Run: 22,139,547,648 bytes free
Post-Run: 21,681,917,952 bytes free
.
- - End Of File - - 2091D5001E14B54FC6FBA4D431535AD8







ComboFix 12-04-05.09 - Valued Customer 04/05/2012 19:41:32.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.1638 [GMT -5:00]
Running from: c:\users\Valued Customer\Desktop\sdfgs.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20100724.txt
c:\cflog\CrashLog_20100903.txt
c:\cflog\CrashLog_20100904.txt
c:\users\Valued Customer\AppData\Local\assembly\tmp
c:\users\Valued Customer\AppData\Local\TempDIR
c:\users\Valued Customer\AppData\Local\TempDIR\raptr_installer.exe
c:\users\Valued Customer\AppData\Roaming\Adobe\plugs
c:\users\Valued Customer\AppData\Roaming\Adobe\shed
c:\users\Valued Customer\AppData\Roaming\Desktopicon
c:\windows\SysWow64\NewBlue Paint Blends - Keygen.exe
c:\windows\SysWow64\server.log
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2020-12-01 22:57 . 2020-12-01 22:57 -------- d-----w- c:\program files\Common Files\OFX
2020-12-01 22:57 . 2020-12-01 22:57 -------- d-----w- c:\program files (x86)\Common Files\OFX
2020-12-01 22:56 . 2020-12-01 22:56 -------- d-----w- c:\program files\NewBlue
2012-04-06 00:56 . 2012-04-06 01:00 -------- d-----w- c:\users\Valued Customer\AppData\Local\temp
2012-04-06 00:56 . 2012-04-06 00:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-06 00:11 . 2012-04-06 00:11 -------- d-----w- c:\program files (x86)\ESET
2012-04-05 08:24 . 2012-04-06 00:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 10:32 . 2012-04-04 10:32 -------- d-----w- c:\users\Guest\AppData\Roaming\SUPERAntiSpyware.com
2012-04-04 10:27 . 2012-04-04 10:27 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
2012-03-25 16:55 . 2012-03-25 16:55 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Unity
2012-03-25 16:13 . 2012-03-25 16:13 -------- d-----w- c:\users\Valued Customer\AppData\Local\Unity
2012-03-21 08:52 . 2012-03-21 08:52 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Pokemon Online
2012-03-21 08:48 . 2012-03-21 08:48 -------- d-----w- c:\users\Valued Customer\Pokemon Online
2012-03-18 04:52 . 2012-03-18 04:52 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 04:52 . 2012-03-18 04:52 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 12:29 . 2012-03-15 12:29 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(18)\TEXTBOX.JS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 21:39 . 2012-02-18 20:48 743262 ----a-w- c:\windows\unins004.exe
2012-01-16 11:15 . 2010-12-20 20:23 22737920 ----a-w- c:\windows\system32\BCC7_AE_8Bit.dll
2012-01-16 11:12 . 2010-12-20 20:14 22771200 ----a-w- c:\windows\system32\BCC7_AE_16Bit.dll
2012-01-16 11:10 . 2010-12-21 21:07 10463744 ----a-w- c:\windows\system32\BCC7_3DObjects_AE.dll
2011-08-17 02:30 . 2011-08-17 02:30 36868 ----a-w- c:\program files (x86)\uninst-Echospace.exe
2010-08-07 02:31 . 2010-08-04 23:50 36868 ----a-w- c:\program files (x86)\uninst-Particular.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-08-10 478040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 12476145
*Deregistered* - 12476145
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-19 6453760]
"Skytel"="Skytel.exe" [2008-07-19 1826816]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" [2012-01-13 981680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = file:\\c:\program files (x86)\Internet Explorer\MyGoogle.html
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0109&m=dx4720-03
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: &Translate with ATLAS - c:\program files (x86)\ATLAS V14\Atlscript.html
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: ATLAS Translation &Editor - c:\program files (x86)\ATLAS V14\AtlscriptEdit.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\vd395i27.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.swagbucks.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
SafeBoot-12476145.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va001]
"ImagePath"="\??\c:\users\VALUED~1\AppData\Local\Temp\001E531.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va002]
"ImagePath"="\??\c:\users\VALUED~1\AppData\Local\Temp\0029268.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va003]
"ImagePath"="\??\c:\users\VALUED~1\AppData\Local\Temp\00329DA.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\users\VALUED~1\AppData\Local\Temp\005D635.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va006]
"ImagePath"="\??\c:\users\VALUED~1\AppData\Local\Temp\006C93B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@Denied: (A 2) (Everyone)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Application Updater\ApplicationUpdater.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\MHotKey.exe
c:\program files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-04-05 20:07:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 01:07
.
Pre-Run: 25,791,406,080 bytes free
Post-Run: 25,067,597,824 bytes free
.
- - End Of File - - 849A5CD6A13ABA13B2B2D0ABA8631579

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:33 PM

Posted 27 November 2012 - 01:02 PM

Hi,

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:33 PM

Posted 30 November 2012 - 07:48 AM

Still with me?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 Jon1234

Jon1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 30 November 2012 - 03:28 PM

Yes, it just looks complicated and haven't had the time to do it. I'll do it tonight tho when i'm back from work. Thnx alot for the help.

#7 Jon1234

Jon1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 01 December 2012 - 05:08 AM

The steps given seems to not be working for me. I restarted my computer, than tapped f8 after bios. A window pops up and i select "Repair my computer". After that none of the steps listed below occurs. It goes to the Account log in. but i am not able to log in. My normal log in isn't there. The only log in there is one called "Other User" I tried to log in to it. It will not let me, I tried typing in my User ID and PW. It did not work. Keeps saying it does not exist. I've tried doing the steps over 3 times, same thing happens. Am i doing anything wrong?


Edit: I am using Windows Vista 64 bit home premium, if that matters at all.

Edited by Jon1234, 01 December 2012 - 05:11 AM.


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:33 PM

Posted 01 December 2012 - 01:37 PM

There is no other login like yours or an account called Administrator?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 Jon1234

Jon1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 01 December 2012 - 06:19 PM

There is not. There is only 1 log in, and its called "Other User" But it does not work.

I've tried looking up a fix for this on Google but i cant seem to find one for this exact problem. It seems lots of Vista users have the same problem tho.

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:33 PM

Posted 02 December 2012 - 08:48 AM

Hi,

lets try something else.


Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 Jon1234

Jon1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 02 December 2012 - 02:07 PM

Thanks for the reply Tom
I decided to do a little test on my computer. It seems I only lose memory when the Internet is on. If its off, I don't lose any memory.
Also I used Advance Task Manager and notice i have an SVChost.exe Located in C:\Windows\SysWOW64. But all the other ones are located in C:\Windows\System32
Is the one in C:\Windows\SysWOW64 possibly a virus?

I Also have 2 netsession_win.exe*32 running at once in the Task manager, is that normal? they both are located in C:\Users\Valued Costumer\AppData\Local\Akamai


12:49:48.0198 3776 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:49:48.0714 3776 ============================================================
12:49:48.0714 3776 Current date / time: 2012/12/02 12:49:48.0714
12:49:48.0714 3776 SystemInfo:
12:49:48.0714 3776
12:49:48.0715 3776 OS Version: 6.0.6002 ServicePack: 2.0
12:49:48.0715 3776 Product type: Workstation
12:49:48.0715 3776 ComputerName: VALUEDCUSTOM-PC
12:49:48.0715 3776 UserName: Valued Customer
12:49:48.0715 3776 Windows directory: C:\Windows
12:49:48.0715 3776 System windows directory: C:\Windows
12:49:48.0715 3776 Running under WOW64
12:49:48.0715 3776 Processor architecture: Intel x64
12:49:48.0715 3776 Number of processors: 2
12:49:48.0715 3776 Page size: 0x1000
12:49:48.0715 3776 Boot type: Normal boot
12:49:48.0715 3776 ============================================================
12:49:49.0449 3776 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:49:49.0601 3776 Drive \Device\Harddisk5\DR5 - Size: 0x15D27100000 (1396.61 Gb), SectorSize: 0x200, Cylinders: 0x2C82B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:49:50.0009 3776 ============================================================
12:49:50.0009 3776 \Device\Harddisk0\DR0:
12:49:50.0019 3776 MBR partitions:
12:49:50.0019 3776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x24A2A800
12:49:50.0019 3776 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25E2B000, BlocksNum 0x24A2CAB0
12:49:50.0019 3776 \Device\Harddisk5\DR5:
12:49:50.0020 3776 MBR partitions:
12:49:50.0020 3776 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAE938000
12:49:50.0020 3776 ============================================================
12:49:50.0025 3776 C: <-> \Device\Harddisk0\DR0\Partition1
12:49:50.0057 3776 D: <-> \Device\Harddisk0\DR0\Partition2
12:49:50.0097 3776 K: <-> \Device\Harddisk5\DR5\Partition1
12:49:50.0097 3776 ============================================================
12:49:50.0097 3776 Initialize success
12:49:50.0097 3776 ============================================================
12:49:52.0928 4384 ============================================================
12:49:52.0928 4384 Scan started
12:49:52.0928 4384 Mode: Manual;
12:49:52.0928 4384 ============================================================
12:49:53.0180 4384 ================ Scan system memory ========================
12:49:53.0180 4384 System memory - ok
12:49:53.0180 4384 ================ Scan services =============================
12:49:53.0265 4384 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:49:53.0266 4384 !SASCORE - ok
12:49:53.0399 4384 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:49:53.0403 4384 ACPI - ok
12:49:53.0432 4384 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
12:49:53.0433 4384 adfs - ok
12:49:53.0463 4384 [ 303C174A7303A7702A68653152FC65A0 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
12:49:53.0464 4384 Adobe LM Service - ok
12:49:53.0506 4384 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:49:53.0523 4384 adp94xx - ok
12:49:53.0576 4384 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:49:53.0580 4384 adpahci - ok
12:49:53.0604 4384 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:49:53.0607 4384 adpu160m - ok
12:49:53.0628 4384 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:49:53.0631 4384 adpu320 - ok
12:49:53.0697 4384 [ 18BA414C06B667FA2CB48DC3E27C8F97 ] AdvancedSystemCareService C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
12:49:53.0699 4384 AdvancedSystemCareService - ok
12:49:53.0733 4384 [ 05E3E0E7C5434F8E78E47A800E8DF9CC ] AdvancedSystemCareService5 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
12:49:53.0736 4384 AdvancedSystemCareService5 - ok
12:49:53.0760 4384 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:49:53.0761 4384 AeLookupSvc - ok
12:49:53.0793 4384 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
12:49:53.0799 4384 AFD - ok
12:49:53.0822 4384 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:49:53.0823 4384 agp440 - ok
12:49:53.0846 4384 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:49:53.0848 4384 aic78xx - ok
12:49:53.0952 4384 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
12:49:53.0953 4384 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
12:49:53.0962 4384 Akamai ( HiddenFile.Multi.Generic ) - warning
12:49:53.0963 4384 Akamai - detected HiddenFile.Multi.Generic (1)
12:49:53.0981 4384 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
12:49:53.0984 4384 ALG - ok
12:49:53.0999 4384 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
12:49:54.0000 4384 aliide - ok
12:49:54.0068 4384 [ 514089CB4A7DF38DC4DD936ADE4114D3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:49:54.0071 4384 AMD External Events Utility - ok
12:49:54.0087 4384 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
12:49:54.0088 4384 amdide - ok
12:49:54.0103 4384 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:49:54.0105 4384 AmdK8 - ok
12:49:54.0284 4384 [ 9A4B92150A5E259A7159D914CC3A60D7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:49:54.0448 4384 amdkmdag - ok
12:49:54.0482 4384 [ 9DEB889D152F9C9DBA98BE8986084535 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:49:54.0487 4384 amdkmdap - ok
12:49:54.0507 4384 [ 71AFF825B960731E2AE366467BC0D1F3 ] Amfilter C:\Windows\system32\DRIVERS\Amfltx64.sys
12:49:54.0508 4384 Amfilter - ok
12:49:54.0527 4384 [ 8F1DB3D133197AFFA3A721953EB0988C ] Amusbprt C:\Windows\system32\DRIVERS\Amusbx64.sys
12:49:54.0528 4384 Amusbprt - ok
12:49:54.0553 4384 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
12:49:54.0555 4384 Appinfo - ok
12:49:54.0634 4384 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
12:49:54.0636 4384 arc - ok
12:49:54.0649 4384 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:49:54.0650 4384 arcsas - ok
12:49:54.0732 4384 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:49:54.0749 4384 aspnet_state - ok
12:49:54.0761 4384 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:49:54.0762 4384 AsyncMac - ok
12:49:54.0781 4384 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
12:49:54.0783 4384 atapi - ok
12:49:54.0814 4384 [ C3941EAC6A5CD621F002B12C9EE4857B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
12:49:54.0816 4384 AtiHDAudioService - ok
12:49:54.0846 4384 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:49:54.0852 4384 AudioEndpointBuilder - ok
12:49:54.0871 4384 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:49:54.0874 4384 AudioSrv - ok
12:49:54.0943 4384 [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
12:49:54.0947 4384 BBSvc - ok
12:49:54.0965 4384 Beep - ok
12:49:54.0996 4384 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
12:49:55.0002 4384 BFE - ok
12:49:55.0051 4384 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
12:49:55.0084 4384 BITS - ok
12:49:55.0106 4384 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:49:55.0107 4384 blbdrive - ok
12:49:55.0125 4384 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:49:55.0128 4384 bowser - ok
12:49:55.0161 4384 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:49:55.0162 4384 BrFiltLo - ok
12:49:55.0179 4384 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:49:55.0180 4384 BrFiltUp - ok
12:49:55.0202 4384 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
12:49:55.0204 4384 Browser - ok
12:49:55.0220 4384 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
12:49:55.0225 4384 Brserid - ok
12:49:55.0251 4384 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:49:55.0252 4384 BrSerWdm - ok
12:49:55.0276 4384 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:49:55.0277 4384 BrUsbMdm - ok
12:49:55.0287 4384 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:49:55.0288 4384 BrUsbSer - ok
12:49:55.0315 4384 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:49:55.0317 4384 BTHMODEM - ok
12:49:55.0342 4384 catchme - ok
12:49:55.0365 4384 [ 797C36E597F9FC4EFD88E6E0E98ABE37 ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys
12:49:55.0371 4384 CAXHWBS2 - ok
12:49:55.0379 4384 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:49:55.0381 4384 cdfs - ok
12:49:55.0408 4384 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:49:55.0410 4384 cdrom - ok
12:49:55.0434 4384 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
12:49:55.0435 4384 CertPropSvc - ok
12:49:55.0460 4384 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:49:55.0462 4384 circlass - ok
12:49:55.0489 4384 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
12:49:55.0494 4384 CLFS - ok
12:49:55.0533 4384 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:49:55.0537 4384 clr_optimization_v2.0.50727_32 - ok
12:49:55.0565 4384 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:49:55.0570 4384 clr_optimization_v2.0.50727_64 - ok
12:49:55.0634 4384 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:49:55.0682 4384 clr_optimization_v4.0.30319_32 - ok
12:49:55.0697 4384 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:49:55.0705 4384 clr_optimization_v4.0.30319_64 - ok
12:49:55.0725 4384 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:49:55.0726 4384 cmdide - ok
12:49:55.0743 4384 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:49:55.0744 4384 Compbatt - ok
12:49:55.0752 4384 COMSysApp - ok
12:49:55.0818 4384 cpuz132 - ok
12:49:55.0834 4384 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:49:55.0835 4384 crcdisk - ok
12:49:55.0879 4384 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:49:55.0881 4384 CryptSvc - ok
12:49:55.0939 4384 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
12:49:55.0940 4384 DAUpdaterSvc - ok
12:49:55.0986 4384 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:49:56.0003 4384 DcomLaunch - ok
12:49:56.0022 4384 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:49:56.0025 4384 DfsC - ok
12:49:56.0099 4384 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
12:49:56.0160 4384 DFSR - ok
12:49:56.0202 4384 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:49:56.0207 4384 Dhcp - ok
12:49:56.0234 4384 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
12:49:56.0235 4384 disk - ok
12:49:56.0242 4384 dlbu_device - ok
12:49:56.0263 4384 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:49:56.0265 4384 Dnscache - ok
12:49:56.0294 4384 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
12:49:56.0307 4384 dot3svc - ok
12:49:56.0331 4384 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
12:49:56.0334 4384 DPS - ok
12:49:56.0357 4384 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:49:56.0358 4384 drmkaud - ok
12:49:56.0389 4384 dump_wmimmc - ok
12:49:56.0428 4384 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:49:56.0452 4384 DXGKrnl - ok
12:49:56.0470 4384 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
12:49:56.0472 4384 E1G60 - ok
12:49:56.0514 4384 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
12:49:56.0517 4384 EapHost - ok
12:49:56.0539 4384 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
12:49:56.0542 4384 Ecache - ok
12:49:56.0581 4384 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:49:56.0586 4384 ehRecvr - ok
12:49:56.0614 4384 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
12:49:56.0617 4384 ehSched - ok
12:49:56.0644 4384 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
12:49:56.0644 4384 ehstart - ok
12:49:56.0681 4384 [ 343ADA10D948DB29251F2D9C809AF204 ] EIO64 C:\Windows\system32\DRIVERS\EIO64.sys
12:49:56.0682 4384 EIO64 - ok
12:49:56.0701 4384 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:49:56.0710 4384 elxstor - ok
12:49:56.0742 4384 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:49:56.0750 4384 EMDMgmt - ok
12:49:56.0779 4384 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:49:56.0781 4384 ErrDev - ok
12:49:56.0836 4384 [ 4D06D9A26227AC485305133916888DF1 ] ETService C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
12:49:56.0837 4384 ETService - ok
12:49:56.0871 4384 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
12:49:56.0878 4384 EventSystem - ok
12:49:56.0901 4384 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
12:49:56.0905 4384 exfat - ok
12:49:56.0926 4384 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:49:56.0929 4384 fastfat - ok
12:49:56.0949 4384 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:49:56.0950 4384 fdc - ok
12:49:56.0976 4384 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
12:49:56.0978 4384 fdPHost - ok
12:49:57.0000 4384 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
12:49:57.0002 4384 FDResPub - ok
12:49:57.0010 4384 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:49:57.0012 4384 FileInfo - ok
12:49:57.0071 4384 [ EE231D4D8F6D5107A97EBFE50FD097CB ] FileMonitor C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys
12:49:57.0073 4384 FileMonitor - ok
12:49:57.0093 4384 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:49:57.0095 4384 Filetrace - ok
12:49:57.0148 4384 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:49:57.0165 4384 FLEXnet Licensing Service - ok
12:49:57.0210 4384 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
12:49:57.0233 4384 FLEXnet Licensing Service 64 - ok
12:49:57.0255 4384 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:49:57.0256 4384 flpydisk - ok
12:49:57.0269 4384 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:49:57.0274 4384 FltMgr - ok
12:49:57.0317 4384 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
12:49:57.0342 4384 FontCache - ok
12:49:57.0378 4384 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:49:57.0380 4384 FontCache3.0.0.0 - ok
12:49:57.0418 4384 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
12:49:57.0421 4384 fssfltr - ok
12:49:57.0531 4384 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:49:57.0557 4384 fsssvc - ok
12:49:57.0583 4384 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:49:57.0584 4384 Fs_Rec - ok
12:49:57.0604 4384 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:49:57.0606 4384 gagp30kx - ok
12:49:57.0678 4384 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
12:49:57.0681 4384 GameConsoleService - ok
12:49:57.0703 4384 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
12:49:57.0704 4384 GEARAspiWDM - ok
12:49:57.0749 4384 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
12:49:57.0763 4384 gpsvc - ok
12:49:57.0786 4384 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
12:49:57.0788 4384 hamachi - ok
12:49:57.0819 4384 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:49:57.0824 4384 HdAudAddService - ok
12:49:57.0866 4384 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:49:57.0890 4384 HDAudBus - ok
12:49:57.0908 4384 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:49:57.0910 4384 HidBth - ok
12:49:57.0921 4384 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:49:57.0922 4384 HidIr - ok
12:49:57.0975 4384 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
12:49:57.0976 4384 hidserv - ok
12:49:58.0003 4384 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:49:58.0004 4384 HidUsb - ok
12:49:58.0077 4384 [ 82B2A78BCA8CA0B63BF09005783C6548 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
12:49:58.0078 4384 HiPatchService - ok
12:49:58.0102 4384 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
12:49:58.0104 4384 hkmsvc - ok
12:49:58.0114 4384 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:49:58.0115 4384 HpCISSs - ok
12:49:58.0153 4384 [ 1E260B33F6555146A0B826F047238C00 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
12:49:58.0187 4384 HSF_DPV - ok
12:49:58.0242 4384 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:49:58.0260 4384 HTTP - ok
12:49:58.0287 4384 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:49:58.0288 4384 i2omp - ok
12:49:58.0305 4384 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:49:58.0307 4384 i8042prt - ok
12:49:58.0328 4384 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:49:58.0333 4384 iaStorV - ok
12:49:58.0404 4384 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:49:58.0406 4384 IDriverT - ok
12:49:58.0477 4384 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:49:58.0494 4384 idsvc - ok
12:49:58.0508 4384 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:49:58.0510 4384 iirsp - ok
12:49:58.0553 4384 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
12:49:58.0562 4384 IKEEXT - ok
12:49:58.0589 4384 [ 491FB9E6C0BD1383884D64EA5B886AD8 ] IMFservice C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
12:49:58.0596 4384 IMFservice - ok
12:49:58.0670 4384 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys
12:49:58.0671 4384 int15 - ok
12:49:59.0103 4384 [ B3FB479A7C0626499EB5989BC087CF8D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:49:59.0228 4384 IntcAzAudAddService - ok
12:49:59.0272 4384 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
12:49:59.0273 4384 intelide - ok
12:49:59.0338 4384 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:49:59.0340 4384 intelppm - ok
12:49:59.0372 4384 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:49:59.0374 4384 IPBusEnum - ok
12:49:59.0386 4384 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:49:59.0388 4384 IpFilterDriver - ok
12:49:59.0413 4384 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:49:59.0416 4384 iphlpsvc - ok
12:49:59.0423 4384 IpInIp - ok
12:49:59.0468 4384 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:49:59.0470 4384 IPMIDRV - ok
12:49:59.0487 4384 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:49:59.0489 4384 IPNAT - ok
12:49:59.0506 4384 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:49:59.0507 4384 IRENUM - ok
12:49:59.0526 4384 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:49:59.0527 4384 isapnp - ok
12:49:59.0552 4384 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:49:59.0554 4384 iScsiPrt - ok
12:49:59.0569 4384 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:49:59.0570 4384 iteatapi - ok
12:49:59.0582 4384 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:49:59.0583 4384 iteraid - ok
12:49:59.0597 4384 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:49:59.0598 4384 kbdclass - ok
12:49:59.0612 4384 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:49:59.0613 4384 kbdhid - ok
12:49:59.0633 4384 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
12:49:59.0634 4384 KeyIso - ok
12:49:59.0653 4384 [ 4E76398AEF64CB6D782CFEB99B4EAE55 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
12:49:59.0654 4384 KMWDFILTER - ok
12:49:59.0704 4384 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:49:59.0722 4384 KSecDD - ok
12:49:59.0766 4384 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:49:59.0769 4384 ksthunk - ok
12:49:59.0797 4384 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
12:49:59.0804 4384 KtmRm - ok
12:49:59.0832 4384 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:49:59.0835 4384 LanmanServer - ok
12:49:59.0869 4384 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:49:59.0873 4384 LanmanWorkstation - ok
12:49:59.0880 4384 libusb0 - ok
12:49:59.0887 4384 libusbd - ok
12:49:59.0907 4384 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:49:59.0908 4384 lltdio - ok
12:49:59.0924 4384 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:49:59.0929 4384 lltdsvc - ok
12:49:59.0963 4384 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:49:59.0965 4384 lmhosts - ok
12:49:59.0990 4384 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:49:59.0992 4384 LSI_FC - ok
12:50:00.0019 4384 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:50:00.0021 4384 LSI_SAS - ok
12:50:00.0040 4384 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:50:00.0042 4384 LSI_SCSI - ok
12:50:00.0056 4384 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
12:50:00.0059 4384 luafv - ok
12:50:00.0701 4384 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
12:50:00.0781 4384 LVUVC64 - ok
12:50:00.0886 4384 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:50:00.0890 4384 MBAMProtector - ok
12:50:00.0948 4384 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:50:00.0951 4384 MBAMScheduler - ok
12:50:01.0055 4384 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:50:01.0059 4384 MBAMService - ok
12:50:01.0090 4384 [ B4726DEEC4C27D47F9141D45504DCE29 ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
12:50:01.0091 4384 McAfee SiteAdvisor Service - ok
12:50:01.0122 4384 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:50:01.0124 4384 Mcx2Svc - ok
12:50:01.0143 4384 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:50:01.0144 4384 mdmxsdk - ok
12:50:01.0171 4384 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
12:50:01.0173 4384 megasas - ok
12:50:01.0197 4384 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
12:50:01.0204 4384 MegaSR - ok
12:50:01.0226 4384 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:50:01.0227 4384 Microsoft Office Groove Audit Service - ok
12:50:01.0241 4384 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
12:50:01.0243 4384 MMCSS - ok
12:50:01.0267 4384 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
12:50:01.0268 4384 Modem - ok
12:50:01.0277 4384 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:50:01.0278 4384 monitor - ok
12:50:01.0296 4384 [ 16F9F464DA6E02A020BCE626C56A1797 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
12:50:01.0298 4384 MotioninJoyXFilter - ok
12:50:01.0320 4384 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:50:01.0322 4384 mouclass - ok
12:50:01.0343 4384 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:50:01.0344 4384 mouhid - ok
12:50:01.0364 4384 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:50:01.0367 4384 MountMgr - ok
12:50:01.0410 4384 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:50:01.0413 4384 MozillaMaintenance - ok
12:50:01.0444 4384 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
12:50:01.0447 4384 mpio - ok
12:50:01.0494 4384 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:50:01.0504 4384 mpsdrv - ok
12:50:01.0538 4384 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
12:50:01.0555 4384 MpsSvc - ok
12:50:01.0586 4384 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:50:01.0587 4384 Mraid35x - ok
12:50:01.0609 4384 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:50:01.0612 4384 MRxDAV - ok
12:50:01.0644 4384 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:50:01.0647 4384 mrxsmb - ok
12:50:01.0675 4384 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:50:01.0679 4384 mrxsmb10 - ok
12:50:01.0690 4384 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:50:01.0692 4384 mrxsmb20 - ok
12:50:01.0734 4384 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
12:50:01.0736 4384 msahci - ok
12:50:01.0750 4384 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:50:01.0753 4384 msdsm - ok
12:50:01.0792 4384 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
12:50:01.0796 4384 MSDTC - ok
12:50:01.0841 4384 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:50:01.0842 4384 Msfs - ok
12:50:01.0850 4384 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:50:01.0852 4384 msisadrv - ok
12:50:01.0880 4384 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:50:01.0882 4384 MSiSCSI - ok
12:50:01.0888 4384 msiserver - ok
12:50:01.0917 4384 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:50:01.0918 4384 MSKSSRV - ok
12:50:01.0930 4384 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:50:01.0932 4384 MSPCLOCK - ok
12:50:01.0973 4384 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:50:01.0974 4384 MSPQM - ok
12:50:02.0006 4384 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:50:02.0017 4384 MsRPC - ok
12:50:02.0045 4384 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:50:02.0046 4384 mssmbios - ok
12:50:02.0063 4384 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:50:02.0064 4384 MSTEE - ok
12:50:02.0094 4384 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
12:50:02.0095 4384 Mup - ok
12:50:02.0111 4384 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
12:50:02.0119 4384 napagent - ok
12:50:02.0210 4384 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:50:02.0213 4384 NativeWifiP - ok
12:50:02.0256 4384 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:50:02.0268 4384 NDIS - ok
12:50:02.0295 4384 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:50:02.0296 4384 NdisTapi - ok
12:50:02.0318 4384 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:50:02.0319 4384 Ndisuio - ok
12:50:02.0338 4384 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:50:02.0343 4384 NdisWan - ok
12:50:02.0379 4384 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:50:02.0381 4384 NDProxy - ok
12:50:02.0401 4384 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:50:02.0402 4384 NetBIOS - ok
12:50:02.0422 4384 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:50:02.0426 4384 netbt - ok
12:50:02.0450 4384 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
12:50:02.0451 4384 Netlogon - ok
12:50:02.0467 4384 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
12:50:02.0475 4384 Netman - ok
12:50:02.0558 4384 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:50:02.0583 4384 NetMsmqActivator - ok
12:50:02.0589 4384 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:50:02.0591 4384 NetPipeActivator - ok
12:50:02.0645 4384 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
12:50:02.0652 4384 netprofm - ok
12:50:02.0660 4384 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:50:02.0661 4384 NetTcpActivator - ok
12:50:02.0673 4384 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:50:02.0676 4384 NetTcpPortSharing - ok
12:50:02.0696 4384 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:50:02.0697 4384 nfrd960 - ok
12:50:02.0736 4384 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
12:50:02.0740 4384 NlaSvc - ok
12:50:02.0757 4384 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:50:02.0759 4384 Npfs - ok
12:50:02.0768 4384 npggsvc - ok
12:50:02.0777 4384 NPPTNT2 - ok
12:50:02.0809 4384 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
12:50:02.0811 4384 nsi - ok
12:50:02.0830 4384 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:50:02.0831 4384 nsiproxy - ok
12:50:02.0871 4384 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:50:02.0896 4384 Ntfs - ok
12:50:02.0905 4384 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
12:50:02.0906 4384 Null - ok
12:50:02.0952 4384 [ 98350606682594521D56ECCB5D01ECF7 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
12:50:02.0970 4384 NVENETFD - ok
12:50:02.0997 4384 [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
12:50:03.0003 4384 NVHDA - ok
12:50:03.0270 4384 [ CC1EFEA1F0AB17E59BD4B5BAFF3E5CB0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:50:03.0503 4384 nvlddmkm - ok
12:50:03.0524 4384 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:50:03.0528 4384 nvraid - ok
12:50:03.0546 4384 [ A4B9AF8D1793F67CE894BF051342110F ] nvrd64 C:\Windows\system32\drivers\nvrd64.sys
12:50:03.0548 4384 nvrd64 - ok
12:50:03.0557 4384 [ 99F119FA421774AE8595B7BED932E1A4 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
12:50:03.0558 4384 nvsmu - ok
12:50:03.0568 4384 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:50:03.0569 4384 nvstor - ok
12:50:03.0579 4384 [ 7919EE9458B6D84517BC5A598D795931 ] nvstor64 C:\Windows\system32\drivers\nvstor64.sys
12:50:03.0581 4384 nvstor64 - ok
12:50:03.0614 4384 [ 39F933CA2798156B0B7A19D104B73B9A ] nvsvc C:\Windows\system32\nvvsvc.exe
12:50:03.0639 4384 nvsvc - ok
12:50:03.0725 4384 [ 4E5C5D88EB0A8D21824D5A3EB7327E69 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:50:03.0745 4384 nvUpdatusService - ok
12:50:03.0776 4384 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:50:03.0778 4384 nv_agp - ok
12:50:03.0787 4384 NwlnkFlt - ok
12:50:03.0797 4384 NwlnkFwd - ok
12:50:03.0860 4384 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:50:03.0877 4384 odserv - ok
12:50:03.0903 4384 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
12:50:03.0904 4384 ohci1394 - ok
12:50:03.0929 4384 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:50:03.0932 4384 ose - ok
12:50:03.0971 4384 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:50:03.0993 4384 p2pimsvc - ok
12:50:04.0024 4384 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
12:50:04.0030 4384 p2psvc - ok
12:50:04.0052 4384 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
12:50:04.0055 4384 Parport - ok
12:50:04.0087 4384 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:50:04.0090 4384 partmgr - ok
12:50:04.0116 4384 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
12:50:04.0118 4384 PcaSvc - ok
12:50:04.0131 4384 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
12:50:04.0133 4384 pci - ok
12:50:04.0139 4384 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
12:50:04.0141 4384 pciide - ok
12:50:04.0164 4384 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:50:04.0168 4384 pcmcia - ok
12:50:04.0190 4384 [ FD2A66E8B1A3D1483A8F6CFA3C950B9B ] PCPitstop Scheduling C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
12:50:04.0192 4384 PCPitstop Scheduling - ok
12:50:04.0238 4384 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:50:04.0256 4384 PEAUTH - ok
12:50:04.0322 4384 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:50:04.0324 4384 PerfHost - ok
12:50:04.0375 4384 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
12:50:04.0404 4384 pla - ok
12:50:04.0486 4384 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:50:04.0493 4384 PlugPlay - ok
12:50:04.0519 4384 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:50:04.0526 4384 PNRPAutoReg - ok
12:50:04.0578 4384 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:50:04.0585 4384 PNRPsvc - ok
12:50:04.0625 4384 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:50:04.0639 4384 PolicyAgent - ok
12:50:04.0665 4384 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:50:04.0667 4384 PptpMiniport - ok
12:50:04.0682 4384 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
12:50:04.0684 4384 Processor - ok
12:50:04.0711 4384 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
12:50:04.0715 4384 ProfSvc - ok
12:50:04.0725 4384 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
12:50:04.0726 4384 ProtectedStorage - ok
12:50:04.0748 4384 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:50:04.0750 4384 PSched - ok
12:50:04.0773 4384 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
12:50:04.0774 4384 PxHlpa64 - ok
12:50:04.0815 4384 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:50:04.0842 4384 ql2300 - ok
12:50:04.0858 4384 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:50:04.0860 4384 ql40xx - ok
12:50:04.0884 4384 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
12:50:04.0889 4384 QWAVE - ok
12:50:04.0900 4384 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:50:04.0902 4384 QWAVEdrv - ok
12:50:05.0048 4384 [ 883082A146E548364AF4A8EAE830C653 ] rak C:\Program Files (x86)\Softnyx\RakionIS\Bin\avital\rakion64.sys
12:50:05.0050 4384 rak - ok
12:50:05.0069 4384 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:50:05.0070 4384 RasAcd - ok
12:50:05.0085 4384 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
12:50:05.0089 4384 RasAuto - ok
12:50:05.0123 4384 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:50:05.0127 4384 Rasl2tp - ok
12:50:05.0158 4384 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
12:50:05.0164 4384 RasMan - ok
12:50:05.0178 4384 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:50:05.0179 4384 RasPppoe - ok
12:50:05.0213 4384 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:50:05.0215 4384 RasSstp - ok
12:50:05.0245 4384 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:50:05.0261 4384 rdbss - ok
12:50:05.0273 4384 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:50:05.0274 4384 RDPCDD - ok
12:50:05.0297 4384 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:50:05.0302 4384 rdpdr - ok
12:50:05.0308 4384 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:50:05.0310 4384 RDPENCDD - ok
12:50:05.0342 4384 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:50:05.0345 4384 RDPWD - ok
12:50:05.0423 4384 [ BEDD5D3CCABE43926BDD01C10516321D ] RegFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\wlh_amd64\regfilter.sys
12:50:05.0425 4384 RegFilter - ok
12:50:05.0444 4384 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:50:05.0446 4384 RemoteAccess - ok
12:50:05.0467 4384 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:50:05.0471 4384 RemoteRegistry - ok
12:50:05.0496 4384 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
12:50:05.0497 4384 RpcLocator - ok
12:50:05.0519 4384 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll
12:50:05.0525 4384 RpcSs - ok
12:50:05.0541 4384 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:50:05.0543 4384 rspndr - ok
12:50:05.0569 4384 [ B6B74A05F4DA0231D5D275568A104F89 ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS
12:50:05.0571 4384 RTSTOR - ok
12:50:05.0583 4384 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
12:50:05.0584 4384 SamSs - ok
12:50:05.0628 4384 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:50:05.0629 4384 SASDIFSV - ok
12:50:05.0641 4384 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:50:05.0644 4384 SASKUTIL - ok
12:50:05.0659 4384 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:50:05.0664 4384 sbp2port - ok
12:50:05.0684 4384 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:50:05.0688 4384 SCardSvr - ok
12:50:05.0715 4384 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
12:50:05.0732 4384 Schedule - ok
12:50:05.0750 4384 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:50:05.0751 4384 SCPolicySvc - ok
12:50:05.0784 4384 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:50:05.0788 4384 SDRSVC - ok
12:50:05.0873 4384 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
12:50:05.0874 4384 SeaPort - ok
12:50:05.0909 4384 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:50:05.0910 4384 secdrv - ok
12:50:05.0925 4384 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
12:50:05.0927 4384 seclogon - ok
12:50:05.0941 4384 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
12:50:05.0943 4384 SENS - ok
12:50:05.0966 4384 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:50:05.0967 4384 Serenum - ok
12:50:05.0982 4384 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:50:05.0984 4384 Serial - ok
12:50:05.0996 4384 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:50:05.0998 4384 sermouse - ok
12:50:06.0025 4384 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
12:50:06.0030 4384 SessionEnv - ok
12:50:06.0048 4384 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:50:06.0050 4384 sffdisk - ok
12:50:06.0062 4384 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:50:06.0064 4384 sffp_mmc - ok
12:50:06.0089 4384 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:50:06.0090 4384 sffp_sd - ok
12:50:06.0099 4384 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:50:06.0100 4384 sfloppy - ok
12:50:06.0151 4384 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:50:06.0156 4384 SharedAccess - ok
12:50:06.0177 4384 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:50:06.0194 4384 ShellHWDetection - ok
12:50:06.0220 4384 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:50:06.0222 4384 SiSRaid2 - ok
12:50:06.0233 4384 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:50:06.0235 4384 SiSRaid4 - ok
12:50:06.0293 4384 [ D0C0B700152B1F610F10B356483B3401 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:50:06.0295 4384 SkypeUpdate - ok
12:50:06.0364 4384 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
12:50:06.0413 4384 slsvc - ok
12:50:06.0440 4384 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:50:06.0443 4384 SLUINotify - ok
12:50:06.0473 4384 [ 327383124D31AC398B98F4AE300421E8 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
12:50:06.0474 4384 SmartDefragDriver - ok
12:50:06.0498 4384 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:50:06.0500 4384 Smb - ok
12:50:06.0549 4384 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:50:06.0551 4384 SNMPTRAP - ok
12:50:06.0564 4384 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
12:50:06.0565 4384 spldr - ok
12:50:06.0593 4384 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
12:50:06.0601 4384 Spooler - ok
12:50:06.0633 4384 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
12:50:06.0650 4384 sptd - ok
12:50:06.0679 4384 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
12:50:06.0686 4384 srv - ok
12:50:06.0700 4384 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:50:06.0703 4384 srv2 - ok
12:50:06.0723 4384 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:50:06.0726 4384 srvnet - ok
12:50:06.0752 4384 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:50:06.0756 4384 SSDPSRV - ok
12:50:06.0769 4384 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:50:06.0773 4384 SstpSvc - ok
12:50:06.0832 4384 [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
12:50:06.0835 4384 StarWindServiceAE - ok
12:50:06.0853 4384 Steam Client Service - ok
12:50:06.0884 4384 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
12:50:06.0901 4384 stisvc - ok
12:50:06.0921 4384 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:50:06.0923 4384 swenum - ok
12:50:06.0966 4384 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:50:06.0974 4384 SwitchBoard - ok
12:50:07.0007 4384 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
12:50:07.0027 4384 swprv - ok
12:50:07.0049 4384 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:50:07.0050 4384 Symc8xx - ok
12:50:07.0067 4384 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:50:07.0068 4384 Sym_hi - ok
12:50:07.0083 4384 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:50:07.0084 4384 Sym_u3 - ok
12:50:07.0123 4384 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
12:50:07.0149 4384 SysMain - ok
12:50:07.0179 4384 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:50:07.0182 4384 TabletInputService - ok
12:50:07.0212 4384 [ 8502BFC9C990567E4049358EC063D621 ] tap0801 C:\Windows\system32\DRIVERS\tap0801.sys
12:50:07.0214 4384 tap0801 - ok
12:50:07.0246 4384 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:50:07.0253 4384 TapiSrv - ok
12:50:07.0288 4384 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys
12:50:07.0289 4384 tapoas - ok
12:50:07.0304 4384 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
12:50:07.0306 4384 TBS - ok
12:50:07.0347 4384 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:50:07.0372 4384 Tcpip - ok
12:50:07.0428 4384 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:50:07.0437 4384 Tcpip6 - ok
12:50:07.0477 4384 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:50:07.0479 4384 tcpipreg - ok
12:50:07.0501 4384 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:50:07.0502 4384 TDPIPE - ok
12:50:07.0520 4384 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:50:07.0522 4384 TDTCP - ok
12:50:07.0548 4384 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:50:07.0550 4384 tdx - ok
12:50:07.0577 4384 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:50:07.0579 4384 TermDD - ok
12:50:07.0623 4384 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
12:50:07.0631 4384 TermService - ok
12:50:07.0638 4384 TfFsMon - ok
12:50:07.0652 4384 TfNetMon - ok
12:50:07.0667 4384 TfSysMon - ok
12:50:07.0694 4384 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
12:50:07.0698 4384 Themes - ok
12:50:07.0724 4384 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
12:50:07.0725 4384 THREADORDER - ok
12:50:07.0747 4384 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
12:50:07.0751 4384 TrkWks - ok
12:50:07.0778 4384 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:50:07.0779 4384 TrustedInstaller - ok
12:50:07.0802 4384 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:50:07.0803 4384 tssecsrv - ok
12:50:07.0850 4384 [ 871A82BD38A8DF86312150DA1AB3DBF8 ] TuneUp.Defrag C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
12:50:07.0866 4384 TuneUp.Defrag - ok
12:50:07.0904 4384 [ CCD2FCB572B243DCE256D2ABB9D8485C ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
12:50:07.0918 4384 TuneUp.UtilitiesSvc - ok
12:50:07.0938 4384 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
12:50:07.0939 4384 TuneUpUtilitiesDrv - ok
12:50:07.0966 4384 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:50:07.0967 4384 tunmp - ok
12:50:07.0979 4384 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:50:07.0979 4384 tunnel - ok
12:50:07.0993 4384 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:50:07.0995 4384 uagp35 - ok
12:50:08.0029 4384 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:50:08.0036 4384 udfs - ok
12:50:08.0070 4384 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:50:08.0074 4384 UI0Detect - ok
12:50:08.0113 4384 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:50:08.0115 4384 uliagpkx - ok
12:50:08.0137 4384 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:50:08.0141 4384 uliahci - ok
12:50:08.0169 4384 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:50:08.0172 4384 UlSata - ok
12:50:08.0189 4384 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:50:08.0192 4384 ulsata2 - ok
12:50:08.0220 4384 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:50:08.0222 4384 umbus - ok
12:50:08.0273 4384 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
12:50:08.0276 4384 UMVPFSrv - ok
12:50:08.0321 4384 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
12:50:08.0328 4384 upnphost - ok
12:50:08.0348 4384 [ 1161D118CFFA13F0B4D48631F1BABD35 ] UrlFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\wlh_amd64\UrlFilter.sys
12:50:08.0350 4384 UrlFilter - ok
12:50:08.0409 4384 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:50:08.0411 4384 usbaudio - ok
12:50:08.0435 4384 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:50:08.0438 4384 usbccgp - ok
12:50:08.0465 4384 [ 8C39D53E1A343F4C47EE8F3C052126D8 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
12:50:08.0467 4384 usbcir - ok
12:50:08.0493 4384 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:50:08.0495 4384 usbehci - ok
12:50:08.0519 4384 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:50:08.0523 4384 usbhub - ok
12:50:08.0559 4384 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:50:08.0561 4384 usbohci - ok
12:50:08.0581 4384 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:50:08.0582 4384 usbprint - ok
12:50:08.0608 4384 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:50:08.0609 4384 usbscan - ok
12:50:08.0623 4384 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:50:08.0625 4384 USBSTOR - ok
12:50:08.0648 4384 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:50:08.0649 4384 usbuhci - ok
12:50:08.0670 4384 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:50:08.0674 4384 usbvideo - ok
12:50:08.0703 4384 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
12:50:08.0705 4384 UxSms - ok
12:50:08.0730 4384 [ 9C818F8418DAAC53EB78D59801550607 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
12:50:08.0734 4384 UxTuneUp - ok
12:50:08.0818 4384 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
12:50:08.0825 4384 vds - ok
12:50:08.0842 4384 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:50:08.0843 4384 vga - ok
12:50:08.0872 4384 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:50:08.0874 4384 VgaSave - ok
12:50:08.0889 4384 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
12:50:08.0891 4384 viaide - ok
12:50:08.0903 4384 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:50:08.0905 4384 volmgr - ok
12:50:08.0921 4384 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:50:08.0927 4384 volmgrx - ok
12:50:08.0952 4384 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:50:08.0956 4384 volsnap - ok
12:50:08.0991 4384 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:50:08.0995 4384 vsmraid - ok
12:50:09.0034 4384 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
12:50:09.0067 4384 VSS - ok
12:50:09.0093 4384 vtany - ok
12:50:09.0142 4384 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
12:50:09.0158 4384 W32Time - ok
12:50:09.0188 4384 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:50:09.0196 4384 WacomPen - ok
12:50:09.0243 4384 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:50:09.0245 4384 Wanarp - ok
12:50:09.0250 4384 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:50:09.0251 4384 Wanarpv6 - ok
12:50:09.0292 4384 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:50:09.0325 4384 wcncsvc - ok
12:50:09.0359 4384 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:50:09.0361 4384 WcsPlugInService - ok
12:50:09.0370 4384 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
12:50:09.0372 4384 Wd - ok
12:50:09.0395 4384 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
12:50:09.0397 4384 WDC_SAM - ok
12:50:09.0426 4384 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:50:09.0442 4384 Wdf01000 - ok
12:50:09.0467 4384 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:50:09.0470 4384 WdiServiceHost - ok
12:50:09.0474 4384 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:50:09.0477 4384 WdiSystemHost - ok
12:50:09.0525 4384 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
12:50:09.0529 4384 WebClient - ok
12:50:09.0560 4384 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:50:09.0564 4384 Wecsvc - ok
12:50:09.0589 4384 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:50:09.0599 4384 wercplsupport - ok
12:50:09.0616 4384 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
12:50:09.0619 4384 WerSvc - ok
12:50:09.0648 4384 [ CBDEB4B3B5CF8C49ACC221D45F1C50C1 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
12:50:09.0665 4384 winachsf - ok
12:50:09.0676 4384 WinDefend - ok
12:50:09.0690 4384 WinHttpAutoProxySvc - ok
12:50:09.0726 4384 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:50:09.0729 4384 Winmgmt - ok
12:50:09.0773 4384 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
12:50:09.0809 4384 WinRM - ok
12:50:09.0859 4384 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:50:09.0876 4384 Wlansvc - ok
12:50:09.0932 4384 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:50:09.0935 4384 wlcrasvc - ok
12:50:10.0072 4384 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:50:10.0086 4384 wlidsvc - ok
12:50:10.0103 4384 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:50:10.0103 4384 WmiAcpi - ok
12:50:10.0136 4384 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:50:10.0141 4384 wmiApSrv - ok
12:50:10.0178 4384 WMPNetworkSvc - ok
12:50:10.0228 4384 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:50:10.0236 4384 WPCSvc - ok
12:50:10.0259 4384 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:50:10.0262 4384 WPDBusEnum - ok
12:50:10.0294 4384 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
12:50:10.0297 4384 WpdUsb - ok
12:50:10.0372 4384 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:50:10.0389 4384 WPFFontCache_v0400 - ok
12:50:10.0407 4384 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:50:10.0408 4384 ws2ifsl - ok
12:50:10.0429 4384 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
12:50:10.0432 4384 wscsvc - ok
12:50:10.0437 4384 WSearch - ok
12:50:10.0516 4384 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:50:10.0579 4384 wuauserv - ok
12:50:10.0605 4384 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:50:10.0607 4384 WUDFRd - ok
12:50:10.0641 4384 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:50:10.0643 4384 wudfsvc - ok
12:50:11.0033 4384 X6va001 - ok
12:50:11.0039 4384 X6va002 - ok
12:50:11.0045 4384 X6va003 - ok
12:50:11.0053 4384 X6va005 - ok
12:50:11.0087 4384 X6va006 - ok
12:50:11.0176 4384 X6va008 - ok
12:50:11.0207 4384 X6va010 - ok
12:50:11.0237 4384 [ 2F2CE5E47B014F52BC722AE28B19CBF3 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
12:50:11.0239 4384 XAudio - ok
12:50:11.0278 4384 [ A337887A4E3396A3EA5D6E54FA431C84 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
12:50:11.0285 4384 XAudioService - ok
12:50:11.0306 4384 xsherlock - ok
12:50:11.0326 4384 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
12:50:11.0328 4384 xusb21 - ok
12:50:11.0332 4384 ================ Scan global ===============================
12:50:11.0377 4384 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
12:50:11.0409 4384 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
12:50:11.0436 4384 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
12:50:11.0488 4384 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
12:50:11.0506 4384 [Global] - ok
12:50:11.0507 4384 ================ Scan MBR ==================================
12:50:11.0524 4384 [ 3F52334F255DF9DC66B0111A308BFA16 ] \Device\Harddisk0\DR0
12:50:13.0978 4384 \Device\Harddisk0\DR0 - ok
12:50:13.0986 4384 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
12:50:13.0992 4384 \Device\Harddisk5\DR5 - ok
12:50:13.0999 4384 ================ Scan VBR ==================================
12:50:14.0007 4384 [ 18870E8CA4E1AF4CF66E0B2AE21E15DC ] \Device\Harddisk0\DR0\Partition1
12:50:14.0008 4384 \Device\Harddisk0\DR0\Partition1 - ok
12:50:14.0031 4384 [ 7365622DBEBF38852DAA0C698B4112FE ] \Device\Harddisk0\DR0\Partition2
12:50:14.0033 4384 \Device\Harddisk0\DR0\Partition2 - ok
12:50:14.0039 4384 [ 9B5CE993EB309D3B72A0BFEDBF25D666 ] \Device\Harddisk5\DR5\Partition1
12:50:14.0041 4384 \Device\Harddisk5\DR5\Partition1 - ok
12:50:14.0041 4384 ============================================================
12:50:14.0041 4384 Scan finished
12:50:14.0041 4384 ============================================================
12:50:14.0059 0872 Detected object count: 1
12:50:14.0059 0872 Actual detected object count: 1
12:50:39.0176 0872 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
12:50:39.0176 0872 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:33 PM

Posted 03 December 2012 - 02:22 AM

Hi,

This file is normally legit. Please delete your copy of Combofix and download a fresh one and let it run, post back with the content of the logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 Jon1234

Jon1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 03 December 2012 - 08:17 AM

ComboFix 12-12-02.01 - Valued Customer 12/03/2012 6:39.5.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1596 [GMT -6:00]
Running from: c:\users\Valued Customer\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 13:01 . 2012-12-03 13:01 -------- d-----w- c:\users\Valued Customer\AppData\Local\temp
2012-12-03 13:01 . 2012-12-03 13:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-03 13:01 . 2012-12-03 13:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-03 13:01 . 2012-12-03 13:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-12-03 13:01 . 2012-12-03 13:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-03 13:01 . 2012-12-03 13:01 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-11-22 16:53 . 2012-11-22 16:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-11-22 15:34 . 2012-11-22 16:02 -------- d-----w- C:\crauggat.com
2012-11-21 23:05 . 2012-11-21 23:05 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-21 23:05 . 2012-11-21 23:05 -------- d-----r- c:\program files (x86)\Skype
2012-11-16 00:04 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 00:04 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-16 00:04 . 2012-10-12 14:53 2769920 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 09:01 . 2012-11-13 09:01 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2012-11-13 09:01 . 2012-11-13 09:01 -------- d-----w- c:\program files\Common Files\logishrd
2012-11-12 22:08 . 2012-11-12 22:08 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Need for Speed World
2012-11-12 21:56 . 2012-11-12 21:56 -------- d-----w- c:\users\Valued Customer\AppData\Local\Electronic_Arts_Inc
2012-11-12 21:55 . 2012-11-12 21:55 -------- d-----w- c:\programdata\Electronic Arts
2012-11-12 21:55 . 2012-11-12 21:55 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-11-09 00:11 . 2012-12-03 04:41 -------- d-----w- c:\program files (x86)\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 09:02 . 2006-11-02 12:35 66395536 ----a-w- c:\windows\system32\mrt.exe
2012-09-30 00:54 . 2009-10-21 02:05 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-21 23:32 . 2012-04-17 06:53 666720 ----a-w- c:\windows\SysWow64\xsherlock.xem
2012-09-13 13:45 . 2012-10-10 05:02 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-13 13:28 . 2012-10-10 05:02 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-11 21:30 . 2012-09-11 21:30 16384 ----a-w- c:\windows\system32\drivers\EIO64.sys
2011-08-17 02:30 . 2011-08-17 02:30 36868 ----a-w- c:\program files (x86)\uninst-Echospace.exe
2010-08-07 02:31 . 2010-08-04 23:50 36868 ----a-w- c:\program files (x86)\uninst-Particular.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Valued Customer\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Dxtory Update Checker 2.0"="c:\program files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-08-10 478040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 66806457
*Deregistered* - 66806457
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 89c4a7cb-77ca-4810-bad4-cbd3259c9a58.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-12-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c64b395b-10b1-4ec5-bc47-b1b43cf16e8b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-19 6453760]
"Skytel"="Skytel.exe" [2008-07-19 1826816]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" [2012-09-30 981656]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = file:\\c:\program files (x86)\Internet Explorer\MyGoogle.html
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0109&m=dx4720-03
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &Translate with ATLAS - c:\program files (x86)\ATLAS V14\Atlscript.html
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: ATLAS Translation &Editor - c:\program files (x86)\ATLAS V14\AtlscriptEdit.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\vd395i27.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.swagbucks.com/?q=Give%20Me%20an%20Apple&t=w
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va001]
"ImagePath"="\??\c:\users\VALUED~1\AppData\Local\Temp\001E531.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va002]
"ImagePath"="\??\c:\users\VALUED~1\AppData\Local\Temp\0029268.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va003]
"ImagePath"="\??\c:\users\VALUED~1\AppData\Local\Temp\00329DA.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\users\VALUED~1\AppData\Local\Temp\005D635.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va006]
"ImagePath"="\??\c:\users\VALUED~1\AppData\Local\Temp\006C93B.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@Denied: (A 2) (Everyone)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-12-03 07:07:55
ComboFix-quarantined-files.txt 2012-12-03 13:07
ComboFix2.txt 2012-04-09 03:12
ComboFix3.txt 2012-04-06 01:07
.
Pre-Run: 11,398,868,992 bytes free
Post-Run: 12,318,937,088 bytes free
.
- - End Of File - - 27D88A1BD83D9F4B601797CB6FA1934C

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:33 PM

Posted 03 December 2012 - 11:34 AM

Good.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 Jon1234

Jon1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 04 December 2012 - 03:18 PM

I did the scan twice to make sure, after the scan, there is no "list of found threats" so i cant make a text file for you to see but, There were no infections found.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users