Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Fails to Boot Up (BSOD)


  • This topic is locked This topic is locked
18 replies to this topic

#1 Zskillit

Zskillit

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 28 December 2012 - 08:15 PM

Mod Edit: Moved to Virus, Trojan, Spyware, and Malware Removal Logs ~~ boopme



Hello! I am making this account and posting here because I woke up to a very strange problem with my computer. When I woke up it was stuck on a windows recovery screen because Windows 7 had failed to load. The recovery did not work at all. I would restart the computer and every time it would go to the Starting Windows black screen with the glowing color balls and it would freeze, than a BSOD would appear. The error code is as follows (the BSOD usually disappeared instantly, but I stopped the computer from restarting by hitting F8 and changing the "Restart on crash" option, or whatever it is, lol)

------------
A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is your first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check you hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive curruption, and then restart your computer.

Technical information:
***STOP: 0X0000007B (0xFFFFF880009A9928,0xFFFFFFFFC000000D,0x0000000000000000,0X00000000000000000)
-----------------

I have tried to do a restore point, which fails when it goes to the "Finalizing" stage. I have tried a recovery which fails, and since my laptop does not come with a recovery disk, I cannot use that. None of the 3 Safe Mode options work either. The drivers load, and then it fails. I also ran the ckdsk /r things and it did nothing, usually failed after an hour of checking stuff. I have seen a lot of people with a problem very similar to mine. I have recently installed new drivers, and my subscription to McAfee has just ran out. I also installed and fixed my Catalyst Control Centre recently because it was not responding recently. Anyway, someone fixed their problem by downloading the Farbar Recovery Scan Tool, so I downloaded it, put it on a flash drive and just popped it into the "infected" computer, since I am beginning to suspect malware. I ran the scan and I am attaching the log, because I am guessing I need a "fixlist.txt" to fix whatever errors there are, if this is even the problem. This scan was just completed 10 minutes ago and the computer hasn't been touched since. Here is the log from the FRST.txt file....

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2012
Ran by SYSTEM at 28-12-2012 19:45:17
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [] [x]
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 1999-12-31] ()
HKLM\...\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave [1652280 2012-06-26] (GlavSoft LLC.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [1020512 2012-08-23] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-09-03] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [20992 2012-03-19] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-07-04] (Advanced Micro Devices, Inc.)
HKU\Admin\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-08-10] (SUPERAntiSpyware.com)
HKU\Admin\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)
HKU\Admin\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [399736 2011-04-16] (BitTorrent, Inc.)
HKU\Admin\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3673728 2012-11-06] (DT Soft Ltd)
HKLM\...\RunOnce: [*Restore] C:\windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-12-26] (SUPERAntiSpyware.com)
2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)
2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [821080 2011-06-01] (IObit)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [383608 2012-11-16] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [241016 2012-11-09] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-11-09] (McAfee, Inc.)
2 mfevtp; "C:\windows\system32\mfevtps.exe" [177680 2012-11-09] (McAfee, Inc.)
2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [231224 2010-04-13] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe /s [123320 2011-06-04] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll" /prefetch:1 [132984 2009-08-29] (Symantec Corporation)
2 tvnserver; "C:\Program Files\TightVNC\tvnserver.exe" -service [1652280 2012-06-26] (GlavSoft LLC.)
2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()

==================== Drivers (Whitelisted) =====================

1 avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-12-26] (DT Soft Ltd)
3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21072 2010-08-29] (Mobile Stream)
3 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [20336 2011-04-27] ()
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-11-09] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.)
1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33184 2011-03-22] (IObit.com)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-26] (Duplex Secure Ltd.)
3 ssmirrdr; C:\Windows\System32\Drivers\ssmirrdr.sys [10112 2011-01-23] (support.com, Inc)
3 SWDUMon; C:\Windows\System32\Drivers\SWDUMon.sys [15712 2012-12-26] ()
3 UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21328 2011-03-22] (IObit.com)
3 mfeavfk01; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-28 19:45 - 2012-12-28 19:45 - 00000000 ____D C:\FRST
2012-12-26 23:22 - 2012-12-26 23:22 - 00000000 ____D C:\Program Files (x86)\THQ
2012-12-26 20:02 - 2012-12-26 20:02 - 00000000 ____D C:\Users\All Users\ATI
2012-12-26 19:57 - 2012-12-26 19:57 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-12-26 19:56 - 1999-12-31 16:00 - 00056448 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\usbfilter.sys
2012-12-26 19:49 - 1999-12-31 16:00 - 00082560 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amd_sata.sys
2012-12-26 19:49 - 1999-12-31 16:00 - 00042624 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amd_xata.sys
2012-12-26 19:49 - 1999-12-31 16:00 - 00016552 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\Drivers\AtiPcie64.sys
2012-12-26 19:31 - 2012-12-26 19:31 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2012-12-26 19:30 - 2012-12-26 19:30 - 00632704 ____A (SlimWare Utilities, Inc.) C:\Users\Admin\Downloads\slimdrivers-setup(1).exe
2012-12-26 18:59 - 2012-12-26 18:59 - 00632704 ____A (SlimWare Utilities, Inc.) C:\Users\Admin\Downloads\slimdrivers-setup.exe
2012-12-26 18:52 - 2012-12-26 18:52 - 00275056 ____A C:\Windows\Minidump\122612-22994-01.dmp
2012-12-26 18:33 - 2012-12-26 18:33 - 00001138 ____A C:\Windows\Omega Drivers v4.8.442.log
2012-12-26 18:27 - 2012-12-26 18:28 - 18849057 ____A () C:\Users\Admin\Downloads\ati_omega_xp2k_48442.exe
2012-12-26 18:01 - 2012-12-26 18:01 - 00000000 ____D C:\Users\Admin\AppData\Local\AMD
2012-12-26 17:57 - 2012-12-26 17:57 - 00792704 ____A (AMD) C:\Users\Admin\Downloads\amddriverdownloader(1).exe
2012-12-26 16:11 - 2012-12-26 23:25 - 00000000 ____D C:\Users\Admin\Documents\My Games
2012-12-26 16:11 - 2012-12-26 16:11 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft Games
2012-12-26 16:04 - 2012-12-26 16:04 - 00002139 ____A C:\Users\Public\Desktop\Rise Of Nations.lnk
2012-12-26 15:59 - 2012-12-26 15:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2012-12-26 15:50 - 2012-12-26 15:50 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-12-26 15:48 - 2012-12-26 15:48 - 00275056 ____A C:\Windows\Minidump\122612-14336-01.dmp
2012-12-26 15:45 - 2012-12-28 13:30 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-12-25 01:21 - 2012-12-25 01:21 - 00275056 ____A C:\Windows\Minidump\122512-14695-01.dmp
2012-12-24 22:37 - 2012-12-24 22:37 - 00275056 ____A C:\Windows\Minidump\122512-14133-01.dmp
2012-12-24 20:05 - 2012-12-24 20:05 - 00275056 ____A C:\Windows\Minidump\122412-15132-01.dmp
2012-12-24 06:29 - 2012-12-24 06:29 - 00275056 ____A C:\Windows\Minidump\122412-15787-01.dmp
2012-12-24 04:12 - 2012-12-24 04:12 - 00275056 ____A C:\Windows\Minidump\122412-15553-01.dmp
2012-12-23 20:08 - 2012-12-28 13:31 - 00000000 ____D C:\Users\Admin\Downloads\HippoVNC
2012-12-23 20:08 - 2012-12-23 20:08 - 01345722 ____A (Igor Pavlov) C:\Users\Admin\Downloads\HippoVNC.exe
2012-12-21 21:50 - 2012-12-21 21:50 - 00275056 ____A C:\Windows\Minidump\122212-15163-01.dmp
2012-12-21 04:50 - 2012-12-21 04:50 - 00275056 ____A C:\Windows\Minidump\122112-19983-01.dmp
2012-12-20 15:48 - 2012-12-20 15:48 - 00002025 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-12-20 13:05 - 2012-12-20 13:05 - 00275056 ____A C:\Windows\Minidump\122012-15990-01.dmp
2012-12-20 06:11 - 2012-12-20 06:11 - 00275056 ____A C:\Windows\Minidump\122012-18688-01.dmp
2012-12-19 21:34 - 2012-12-19 21:42 - 40437664 ____A (Apple Inc.) C:\Users\Admin\Downloads\QuickTimeInstaller(1).exe
2012-12-19 21:04 - 2012-12-19 21:04 - 00275056 ____A C:\Windows\Minidump\122012-18174-01.dmp
2012-12-18 20:34 - 2012-12-18 20:34 - 00275056 ____A C:\Windows\Minidump\121812-17284-01.dmp
2012-12-18 08:25 - 2012-12-18 08:25 - 00275056 ____A C:\Windows\Minidump\121812-16848-01.dmp
2012-12-17 11:23 - 2012-12-17 11:23 - 00000202 ____A C:\Users\Admin\Documents\VAbenefitsINFO.txt
2012-12-15 21:24 - 2012-12-15 21:24 - 00275056 ____A C:\Windows\Minidump\121612-15553-01.dmp
2012-12-15 15:59 - 2012-12-15 15:59 - 00275056 ____A C:\Windows\Minidump\121512-19515-01.dmp
2012-12-14 21:53 - 2012-12-14 21:53 - 00275056 ____A C:\Windows\Minidump\121512-16395-01.dmp
2012-12-14 18:36 - 2012-12-14 18:36 - 00262144 ____A C:\Windows\System32\config\ELAM
2012-12-14 16:21 - 2012-12-14 16:21 - 00275056 ____A C:\Windows\Minidump\121412-16395-01.dmp
2012-12-14 09:27 - 2012-12-14 09:27 - 00275056 ____A C:\Windows\Minidump\121412-15740-01.dmp
2012-12-13 21:03 - 2012-12-13 21:03 - 00275056 ____A C:\Windows\Minidump\121412-16036-01.dmp
2012-12-13 07:07 - 2012-12-13 07:07 - 00275056 ____A C:\Windows\Minidump\121312-17050-01.dmp
2012-12-13 04:52 - 2012-12-13 04:52 - 00318080 ____A C:\Windows\Minidump\121312-16894-01.dmp
2012-12-12 15:53 - 2012-12-12 15:53 - 00275056 ____A C:\Windows\Minidump\121212-18314-01.dmp
2012-12-12 09:37 - 2012-12-12 09:37 - 00275056 ____A C:\Windows\Minidump\121212-15693-01.dmp
2012-12-09 07:43 - 2012-12-09 07:43 - 00275056 ____A C:\Windows\Minidump\120912-15116-01.dmp
2012-12-07 18:23 - 2012-12-07 18:23 - 00275056 ____A C:\Windows\Minidump\120712-14523-01.dmp
2012-12-06 12:46 - 2012-12-18 15:52 - 00001768 ____A C:\Users\Admin\Documents\whyiloveyouRAP.txt
2012-12-05 17:57 - 2012-12-05 17:57 - 00275056 ____A C:\Windows\Minidump\120512-15490-01.dmp
2012-12-05 17:12 - 2012-12-05 17:13 - 00000166 ____A C:\Users\Admin\Documents\beneaththesetreesRAP.txt
2012-12-05 16:23 - 2012-12-05 16:23 - 00275056 ____A C:\Windows\Minidump\120512-15225-01.dmp
2012-12-05 09:02 - 2012-12-05 09:02 - 00275056 ____A C:\Windows\Minidump\120512-16317-01.dmp
2012-12-04 19:20 - 2012-12-04 19:20 - 00275056 ____A C:\Windows\Minidump\120412-16894-01.dmp
2012-12-04 08:52 - 2012-12-04 08:52 - 00275056 ____A C:\Windows\Minidump\120412-14632-01.dmp
2012-12-04 05:00 - 2012-12-04 05:00 - 00275056 ____A C:\Windows\Minidump\120412-15896-01.dmp
2012-12-04 00:09 - 2012-12-04 00:09 - 00275056 ____A C:\Windows\Minidump\120412-15506-01.dmp
2012-12-03 17:36 - 2012-12-03 17:36 - 00000000 ____A C:\Windows\Minidump\120312-17456-01.dmp
2012-12-03 10:10 - 2012-12-03 10:10 - 00275056 ____A C:\Windows\Minidump\120312-17035-01.dmp
2012-12-02 10:05 - 2012-12-02 10:05 - 00275056 ____A C:\Windows\Minidump\120212-15568-01.dmp
2012-12-02 02:17 - 2012-12-02 02:17 - 00275056 ____A C:\Windows\Minidump\120212-18142-01.dmp
2012-12-01 21:40 - 2012-12-01 21:41 - 00275056 ____A C:\Windows\Minidump\120212-14398-01.dmp
2012-12-01 13:04 - 2012-12-01 13:07 - 56259068 ____A C:\Users\Admin\Downloads\Event.zip
2012-12-01 09:54 - 2012-12-01 09:54 - 00275056 ____A C:\Windows\Minidump\120112-15288-01.dmp
2012-11-30 21:17 - 2012-11-30 21:17 - 00275056 ____A C:\Windows\Minidump\120112-15693-01.dmp
2012-11-30 12:38 - 2012-11-30 12:38 - 00275056 ____A C:\Windows\Minidump\113012-16208-01.dmp
2012-11-29 11:13 - 2012-11-29 11:13 - 00275056 ____A C:\Windows\Minidump\112912-14352-01.dmp
2012-11-29 04:46 - 2012-11-29 04:46 - 00275056 ____A C:\Windows\Minidump\112912-16005-01.dmp
2012-11-28 20:47 - 2012-12-03 11:10 - 00000428 ____A C:\Users\Admin\Documents\itabouttimeRAP.txt
2012-11-28 07:16 - 2012-11-28 07:16 - 00275056 ____A C:\Windows\Minidump\112812-20077-01.dmp

==================== One Month Modified Files and Folders =======

2012-12-28 19:45 - 2012-12-28 19:45 - 00000000 ____D C:\FRST
2012-12-28 13:32 - 2011-03-02 10:25 - 00000000 ____D C:\users\Admin
2012-12-28 13:32 - 2010-04-04 12:37 - 00000000 ____D C:\Program Files\PlayReady
2012-12-28 13:32 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-12-28 13:32 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2012-12-28 13:32 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-12-28 13:32 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2012-12-28 13:32 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2012-12-28 13:32 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-12-28 13:32 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-12-28 13:32 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-12-28 13:32 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2012-12-28 13:32 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Public\Libraries
2012-12-28 13:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2012-12-28 13:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2012-12-28 13:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2012-12-28 13:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Cursors
2012-12-28 13:32 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-12-28 13:31 - 2012-12-23 20:08 - 00000000 ____D C:\Users\Admin\Downloads\HippoVNC
2012-12-28 13:31 - 2012-10-28 00:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-28 13:31 - 2012-10-01 16:51 - 00000000 ____D C:\Users\Admin\Downloads\Half-Life 2
2012-12-28 13:31 - 2012-09-30 20:47 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-12-28 13:31 - 2012-09-26 21:23 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-12-28 13:31 - 2012-09-25 15:48 - 00000000 ____D C:\Program Files\TightVNC
2012-12-28 13:31 - 2012-09-21 08:34 - 00000000 ____D C:\Users\Admin\Desktop\SilentHunterIII
2012-12-28 13:31 - 2012-09-11 14:28 - 00000000 ____D C:\Program Files (x86)\WinRAR
2012-12-28 13:31 - 2012-08-24 11:04 - 00000000 ____D C:\Program Files\Bonjour
2012-12-28 13:31 - 2012-08-23 18:35 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-12-28 13:31 - 2012-08-22 20:05 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2012-12-28 13:31 - 2012-08-16 12:31 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2012-12-28 13:31 - 2012-08-13 08:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-28 13:31 - 2011-10-09 22:50 - 00000000 ____D C:\Program Files (x86)\Opera
2012-12-28 13:31 - 2011-09-23 14:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-12-28 13:31 - 2011-07-11 14:47 - 00000000 ____D C:\Windows\Minidump
2012-12-28 13:31 - 2011-07-11 14:29 - 00000000 ____D C:\Program Files (x86)\Winamp Detect
2012-12-28 13:31 - 2011-07-11 14:27 - 00000000 ____D C:\Program Files (x86)\Winamp
2012-12-28 13:31 - 2011-06-06 17:34 - 00000000 ____D C:\Program Files (x86)\Steam
2012-12-28 13:31 - 2011-06-02 15:53 - 00000000 ____D C:\Program Files (x86)\Notepad++
2012-12-28 13:31 - 2011-05-24 23:17 - 00000000 ____D C:\Program Files (x86)\PokerStars.NET
2012-12-28 13:31 - 2011-05-02 00:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-12-28 13:31 - 2011-03-26 23:09 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2012-12-28 13:31 - 2011-03-26 22:50 - 00000000 ____D C:\Program Files (x86)\Ventrilo
2012-12-28 13:31 - 2011-03-03 14:10 - 00000000 ____D C:\Program Files (x86)\McAfeeMOBK
2012-12-28 13:31 - 2011-03-03 14:10 - 00000000 ____D C:\Program Files (x86)\McAfee Online Backup
2012-12-28 13:31 - 2011-03-03 14:09 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2012-12-28 13:31 - 2011-02-28 15:36 - 00000000 ____D C:\Program Files (x86)\Toshiba Online Backup
2012-12-28 13:31 - 2011-02-28 15:36 - 00000000 ____D C:\Program Files (x86)\Norton PC Checkup
2012-12-28 13:31 - 2011-02-28 15:18 - 00000000 ____D C:\Program Files\CONEXANT
2012-12-28 13:31 - 2011-02-28 15:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2012-12-28 13:31 - 2011-02-28 15:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-12-28 13:31 - 2010-04-04 13:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-12-28 13:31 - 2010-04-04 13:00 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2012-12-28 13:31 - 2010-04-04 12:59 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-12-28 13:31 - 2010-04-04 12:48 - 00000000 ____D C:\Program Files\TOSHIBA
2012-12-28 13:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-12-28 13:31 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-12-28 13:30 - 2012-12-26 15:45 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-12-28 13:30 - 2012-09-24 18:03 - 00000000 ____D C:\Program Files (x86)\CnCGenerals
2012-12-28 13:30 - 2012-08-24 11:04 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-12-28 13:30 - 2012-08-23 18:56 - 00000000 ____D C:\Program Files (x86)\Device Doctor
2012-12-28 13:30 - 2012-08-23 18:41 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-12-28 13:30 - 2012-08-21 18:44 - 00000000 ____D C:\Program Files (x86)\ffdshow
2012-12-28 13:30 - 2012-08-16 10:33 - 00000000 ____D C:\Program Files (x86)\Audacity
2012-12-28 13:30 - 2012-08-15 23:01 - 00000000 ____D C:\9a49032a26668d88ac319a
2012-12-28 13:30 - 2011-04-19 22:17 - 00000000 ____D C:\Fraps
2012-12-28 13:30 - 2011-04-17 00:32 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-12-28 13:30 - 2011-04-02 16:54 - 00000000 ____D C:\Program Files (x86)\7-Zip
2012-12-28 13:30 - 2011-02-28 15:22 - 00000000 ____D C:\Program Files (x86)\Atheros
2012-12-28 13:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-12-26 23:25 - 2012-12-26 16:11 - 00000000 ____D C:\Users\Admin\Documents\My Games
2012-12-26 23:22 - 2012-12-26 23:22 - 00000000 ____D C:\Program Files (x86)\THQ
2012-12-26 22:53 - 2011-03-02 11:10 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-26 22:29 - 2012-08-25 07:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-26 20:02 - 2012-12-26 20:02 - 00000000 ____D C:\Users\All Users\ATI
2012-12-26 19:57 - 2012-12-26 19:57 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-12-26 19:56 - 2012-10-08 19:22 - 00000000 ____D C:\Users\Admin\Desktop\New Folder
2012-12-26 19:55 - 2012-11-18 16:32 - 00000000 ____D C:\Program Files\ATI Technologies
2012-12-26 19:54 - 2011-07-12 22:31 - 00000000 ____D C:\Users\All Users\AMD
2012-12-26 19:31 - 2012-12-26 19:31 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk
2012-12-26 19:31 - 2012-08-23 18:40 - 00015712 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2012-12-26 19:31 - 2012-08-23 18:40 - 00000410 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2012-12-26 19:30 - 2012-12-26 19:30 - 00632704 ____A (SlimWare Utilities, Inc.) C:\Users\Admin\Downloads\slimdrivers-setup(1).exe
2012-12-26 19:29 - 2011-03-02 11:10 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-26 19:29 - 2011-02-28 15:00 - 01089240 ____A C:\Windows\WindowsUpdate.log
2012-12-26 19:04 - 2012-09-16 19:56 - 00000000 ____D C:\Users\Admin\KAG
2012-12-26 19:03 - 2012-08-23 18:40 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2012-12-26 19:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-26 19:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-26 18:59 - 2012-12-26 18:59 - 00632704 ____A (SlimWare Utilities, Inc.) C:\Users\Admin\Downloads\slimdrivers-setup.exe
2012-12-26 18:52 - 2012-12-26 18:52 - 00275056 ____A C:\Windows\Minidump\122612-22994-01.dmp
2012-12-26 18:52 - 2012-09-21 20:01 - 370164460 ____A C:\Windows\MEMORY.DMP
2012-12-26 18:52 - 2012-09-21 20:01 - 00013352 ____A C:\Windows\setupact.log
2012-12-26 18:52 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-26 18:33 - 2012-12-26 18:33 - 00001138 ____A C:\Windows\Omega Drivers v4.8.442.log
2012-12-26 18:28 - 2012-12-26 18:27 - 18849057 ____A () C:\Users\Admin\Downloads\ati_omega_xp2k_48442.exe
2012-12-26 18:01 - 2012-12-26 18:01 - 00000000 ____D C:\Users\Admin\AppData\Local\AMD
2012-12-26 18:01 - 2011-03-02 10:27 - 00109856 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-26 17:57 - 2012-12-26 17:57 - 00792704 ____A (AMD) C:\Users\Admin\Downloads\amddriverdownloader(1).exe
2012-12-26 17:43 - 2011-03-17 12:17 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2012-12-26 17:16 - 2012-09-27 19:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\.minecraft
2012-12-26 16:11 - 2012-12-26 16:11 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft Games
2012-12-26 16:04 - 2012-12-26 16:04 - 00002139 ____A C:\Users\Public\Desktop\Rise Of Nations.lnk
2012-12-26 15:59 - 2012-12-26 15:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2012-12-26 15:54 - 2009-07-13 21:13 - 00779018 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-26 15:50 - 2012-12-26 15:50 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-12-26 15:48 - 2012-12-26 15:48 - 00275056 ____A C:\Windows\Minidump\122612-14336-01.dmp
2012-12-26 15:48 - 2012-09-21 20:01 - 00033912 ____A C:\Windows\PFRO.log
2012-12-26 15:45 - 2012-10-01 11:03 - 00564824 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
2012-12-26 06:57 - 2011-03-03 14:08 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-12-25 04:20 - 2011-03-03 14:08 - 00000000 ____D C:\Program Files\McAfee
2012-12-25 01:21 - 2012-12-25 01:21 - 00275056 ____A C:\Windows\Minidump\122512-14695-01.dmp
2012-12-24 22:37 - 2012-12-24 22:37 - 00275056 ____A C:\Windows\Minidump\122512-14133-01.dmp
2012-12-24 20:05 - 2012-12-24 20:05 - 00275056 ____A C:\Windows\Minidump\122412-15132-01.dmp
2012-12-24 06:29 - 2012-12-24 06:29 - 00275056 ____A C:\Windows\Minidump\122412-15787-01.dmp
2012-12-24 04:12 - 2012-12-24 04:12 - 00275056 ____A C:\Windows\Minidump\122412-15553-01.dmp
2012-12-23 20:08 - 2012-12-23 20:08 - 01345722 ____A (Igor Pavlov) C:\Users\Admin\Downloads\HippoVNC.exe
2012-12-21 21:50 - 2012-12-21 21:50 - 00275056 ____A C:\Windows\Minidump\122212-15163-01.dmp
2012-12-21 04:50 - 2012-12-21 04:50 - 00275056 ____A C:\Windows\Minidump\122112-19983-01.dmp
2012-12-20 15:48 - 2012-12-20 15:48 - 00002025 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-12-20 15:48 - 2010-04-04 12:55 - 00000000 ____D C:\Users\All Users\Adobe
2012-12-20 15:48 - 2010-04-04 12:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-12-20 15:47 - 2011-03-10 23:28 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2012-12-20 13:05 - 2012-12-20 13:05 - 00275056 ____A C:\Windows\Minidump\122012-15990-01.dmp
2012-12-20 06:11 - 2012-12-20 06:11 - 00275056 ____A C:\Windows\Minidump\122012-18688-01.dmp
2012-12-19 21:42 - 2012-12-19 21:34 - 40437664 ____A (Apple Inc.) C:\Users\Admin\Downloads\QuickTimeInstaller(1).exe
2012-12-19 21:04 - 2012-12-19 21:04 - 00275056 ____A C:\Windows\Minidump\122012-18174-01.dmp
2012-12-18 20:46 - 2011-04-17 00:38 - 00000000 ____D C:\Users\All Users\FLEXnet
2012-12-18 20:34 - 2012-12-18 20:34 - 00275056 ____A C:\Windows\Minidump\121812-17284-01.dmp
2012-12-18 16:12 - 2012-11-07 21:15 - 00002055 ____A C:\Users\Admin\Documents\MayhemRap.txt
2012-12-18 16:04 - 2012-11-13 14:59 - 00001883 ____A C:\Users\Admin\Documents\RapSideEffect.txt
2012-12-18 15:52 - 2012-12-06 12:46 - 00001768 ____A C:\Users\Admin\Documents\whyiloveyouRAP.txt
2012-12-18 08:25 - 2012-12-18 08:25 - 00275056 ____A C:\Windows\Minidump\121812-16848-01.dmp
2012-12-17 11:23 - 2012-12-17 11:23 - 00000202 ____A C:\Users\Admin\Documents\VAbenefitsINFO.txt
2012-12-15 21:24 - 2012-12-15 21:24 - 00275056 ____A C:\Windows\Minidump\121612-15553-01.dmp
2012-12-15 15:59 - 2012-12-15 15:59 - 00275056 ____A C:\Windows\Minidump\121512-19515-01.dmp
2012-12-14 21:53 - 2012-12-14 21:53 - 00275056 ____A C:\Windows\Minidump\121512-16395-01.dmp
2012-12-14 21:53 - 2011-03-03 14:08 - 00000000 ____D C:\Program Files\Common Files\McAfee
2012-12-14 18:36 - 2012-12-14 18:36 - 00262144 ____A C:\Windows\System32\config\ELAM
2012-12-14 16:21 - 2012-12-14 16:21 - 00275056 ____A C:\Windows\Minidump\121412-16395-01.dmp
2012-12-14 09:27 - 2012-12-14 09:27 - 00275056 ____A C:\Windows\Minidump\121412-15740-01.dmp
2012-12-13 21:03 - 2012-12-13 21:03 - 00275056 ____A C:\Windows\Minidump\121412-16036-01.dmp
2012-12-13 07:07 - 2012-12-13 07:07 - 00275056 ____A C:\Windows\Minidump\121312-17050-01.dmp
2012-12-13 04:52 - 2012-12-13 04:52 - 00318080 ____A C:\Windows\Minidump\121312-16894-01.dmp
2012-12-12 15:53 - 2012-12-12 15:53 - 00275056 ____A C:\Windows\Minidump\121212-18314-01.dmp
2012-12-12 09:37 - 2012-12-12 09:37 - 00275056 ____A C:\Windows\Minidump\121212-15693-01.dmp
2012-12-12 01:30 - 2012-08-25 07:28 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-12 01:30 - 2011-05-22 19:32 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-12 01:29 - 2012-10-08 18:29 - 16363960 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-12-09 07:43 - 2012-12-09 07:43 - 00275056 ____A C:\Windows\Minidump\120912-15116-01.dmp
2012-12-07 18:23 - 2012-12-07 18:23 - 00275056 ____A C:\Windows\Minidump\120712-14523-01.dmp
2012-12-05 17:57 - 2012-12-05 17:57 - 00275056 ____A C:\Windows\Minidump\120512-15490-01.dmp
2012-12-05 17:13 - 2012-12-05 17:12 - 00000166 ____A C:\Users\Admin\Documents\beneaththesetreesRAP.txt
2012-12-05 16:23 - 2012-12-05 16:23 - 00275056 ____A C:\Windows\Minidump\120512-15225-01.dmp
2012-12-05 09:07 - 2011-07-12 21:54 - 00000000 ____D C:\Users\All Users\IObit
2012-12-05 09:02 - 2012-12-05 09:02 - 00275056 ____A C:\Windows\Minidump\120512-16317-01.dmp
2012-12-04 19:20 - 2012-12-04 19:20 - 00275056 ____A C:\Windows\Minidump\120412-16894-01.dmp
2012-12-04 08:52 - 2012-12-04 08:52 - 00275056 ____A C:\Windows\Minidump\120412-14632-01.dmp
2012-12-04 05:00 - 2012-12-04 05:00 - 00275056 ____A C:\Windows\Minidump\120412-15896-01.dmp
2012-12-04 00:09 - 2012-12-04 00:09 - 00275056 ____A C:\Windows\Minidump\120412-15506-01.dmp
2012-12-03 18:35 - 2011-07-27 15:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TS3Client
2012-12-03 17:36 - 2012-12-03 17:36 - 00000000 ____A C:\Windows\Minidump\120312-17456-01.dmp
2012-12-03 11:16 - 2012-11-27 14:33 - 00001602 ____A C:\Users\Admin\Documents\RapFamilyvalues.txt
2012-12-03 11:10 - 2012-11-28 20:47 - 00000428 ____A C:\Users\Admin\Documents\itabouttimeRAP.txt
2012-12-03 11:07 - 2012-11-07 21:46 - 00002200 ____A C:\Users\Admin\Documents\SinkOrSwimRAp.txt
2012-12-03 10:10 - 2012-12-03 10:10 - 00275056 ____A C:\Windows\Minidump\120312-17035-01.dmp
2012-12-02 10:05 - 2012-12-02 10:05 - 00275056 ____A C:\Windows\Minidump\120212-15568-01.dmp
2012-12-02 02:17 - 2012-12-02 02:17 - 00275056 ____A C:\Windows\Minidump\120212-18142-01.dmp
2012-12-01 21:41 - 2012-12-01 21:40 - 00275056 ____A C:\Windows\Minidump\120212-14398-01.dmp
2012-12-01 13:07 - 2012-12-01 13:04 - 56259068 ____A C:\Users\Admin\Downloads\Event.zip
2012-12-01 11:12 - 2012-11-13 14:57 - 00000110 ____A C:\Users\Admin\Documents\rapTrials.txt
2012-12-01 09:54 - 2012-12-01 09:54 - 00275056 ____A C:\Windows\Minidump\120112-15288-01.dmp
2012-11-30 21:17 - 2012-11-30 21:17 - 00275056 ____A C:\Windows\Minidump\120112-15693-01.dmp
2012-11-30 12:38 - 2012-11-30 12:38 - 00275056 ____A C:\Windows\Minidump\113012-16208-01.dmp
2012-11-29 11:13 - 2012-11-29 11:13 - 00275056 ____A C:\Windows\Minidump\112912-14352-01.dmp
2012-11-29 04:46 - 2012-11-29 04:46 - 00275056 ____A C:\Windows\Minidump\112912-16005-01.dmp
2012-11-28 07:16 - 2012-11-28 07:16 - 00275056 ____A C:\Windows\Minidump\112812-20077-01.dmp

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-07 14:02:16
Restore point made on: 2012-12-14 16:58:33
Restore point made on: 2012-12-22 03:04:26
Restore point made on: 2012-12-26 15:45:50
Restore point made on: 2012-12-26 15:51:52
Restore point made on: 2012-12-26 18:16:54
Restore point made on: 2012-12-26 19:03:23
Restore point made on: 2012-12-26 23:21:43
Restore point made on: 2012-12-28 00:01:05

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 2810.9 MB
Available physical RAM: 2313.38 MB
Total Pagefile: 2809.05 MB
Available Pagefile: 2300.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (TI105846W0F) (Fixed) (Total:281.25 GB) (Free:169.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive c: detected. Check for MBR/Partition infection.
2 Drive d: (TOSHIBA System Volume) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive d: detected. Check for MBR/Partition infection.
5 Drive g: () (Removable) (Total:0.96 GB) (Free:0.94 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 979 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 281 GB 1501 MB
Partition 3 Primary 15 GB 282 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D TOSHIBA Sys NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105846W0F NTFS Partition 281 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 978 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 978 MB Healthy

=========================================================

Last Boot: 2012-12-24 21:21

==================== End Of Log =============================


It is probably important to explain that my computer had been randomly crashing with BSOD before this because of a PROCESS_HAS_LOCKED_PAGES type error. However the laptop always restarted. I have Windows 7 64-Bit... And I used SlimDrivers to install the drivers, and I believe maybe the AMD Driver is the one that caused this, however I have absolutely no proof of that considering the laptop worked fine for the night before this happened, after the instal.

Edited by boopme, 28 December 2012 - 08:38 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:17 PM

Posted 28 December 2012 - 09:43 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\Run: [] [x]
HKLM\...\RunOnce: [*Restore] C:\windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
TDL4: custom:26000022 <===== ATTENTION!
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Zskillit

Zskillit
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 28 December 2012 - 10:24 PM

The scan is currently running. The fix did allow the system to boot properly, that is amazing. Thank you. I have attached the fixlog.txt

===============
Result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2012
Ran by SYSTEM at 2012-12-28 22:09:51 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.

The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

The TDS scan has just finished, here is the log.


22:17:39.0528 5792 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:17:41.0150 5792 ============================================================
22:17:41.0150 5792 Current date / time: 2012/12/28 22:17:41.0150
22:17:41.0150 5792 SystemInfo:
22:17:41.0150 5792
22:17:41.0150 5792 OS Version: 6.1.7601 ServicePack: 1.0
22:17:41.0150 5792 Product type: Workstation
22:17:41.0150 5792 ComputerName: ADMIN-PC
22:17:41.0150 5792 UserName: Admin
22:17:41.0150 5792 Windows directory: C:\windows
22:17:41.0150 5792 System windows directory: C:\windows
22:17:41.0150 5792 Running under WOW64
22:17:41.0150 5792 Processor architecture: Intel x64
22:17:41.0150 5792 Number of processors: 2
22:17:41.0150 5792 Page size: 0x1000
22:17:41.0150 5792 Boot type: Normal boot
22:17:41.0150 5792 ============================================================
22:17:42.0975 5792 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:17:42.0991 5792 Drive \Device\Harddisk1\DR3 - Size: 0x3D300000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:17:42.0991 5792 ============================================================
22:17:42.0991 5792 \Device\Harddisk0\DR0:
22:17:43.0007 5792 MBR partitions:
22:17:43.0007 5792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23280000
22:17:43.0007 5792 \Device\Harddisk1\DR3:
22:17:43.0007 5792 MBR partitions:
22:17:43.0007 5792 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x1E97E0
22:17:43.0007 5792 ============================================================
22:17:43.0100 5792 C: <-> \Device\Harddisk0\DR0\Partition1
22:17:43.0100 5792 ============================================================
22:17:43.0100 5792 Initialize success
22:17:43.0100 5792 ============================================================
22:18:12.0918 5224 ============================================================
22:18:12.0918 5224 Scan started
22:18:12.0918 5224 Mode: Manual; TDLFS;
22:18:12.0918 5224 ============================================================
22:18:15.0383 5224 ================ Scan system memory ========================
22:18:15.0383 5224 System memory - ok
22:18:15.0383 5224 ================ Scan services =============================
22:18:15.0975 5224 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:18:15.0991 5224 !SASCORE - ok
22:18:17.0208 5224 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
22:18:17.0239 5224 1394ohci - ok
22:18:17.0270 5224 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
22:18:17.0270 5224 ACPI - ok
22:18:17.0301 5224 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
22:18:17.0317 5224 AcpiPmi - ok
22:18:17.0879 5224 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:18:17.0925 5224 AdobeFlashPlayerUpdateSvc - ok
22:18:17.0972 5224 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
22:18:17.0988 5224 adp94xx - ok
22:18:18.0019 5224 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
22:18:18.0050 5224 adpahci - ok
22:18:18.0081 5224 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
22:18:18.0097 5224 adpu320 - ok
22:18:18.0378 5224 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
22:18:18.0378 5224 AdvancedSystemCareService5 - ok
22:18:18.0456 5224 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
22:18:18.0456 5224 AeLookupSvc - ok
22:18:18.0534 5224 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
22:18:18.0534 5224 AFD - ok
22:18:18.0549 5224 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
22:18:18.0565 5224 agp440 - ok
22:18:18.0612 5224 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
22:18:18.0752 5224 ALG - ok
22:18:18.0768 5224 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
22:18:18.0783 5224 aliide - ok
22:18:18.0846 5224 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
22:18:18.0846 5224 AMD External Events Utility - ok
22:18:19.0080 5224 AMD FUEL Service - ok
22:18:19.0173 5224 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
22:18:19.0189 5224 amdide - ok
22:18:19.0236 5224 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\windows\system32\DRIVERS\amdiox64.sys
22:18:19.0267 5224 amdiox64 - ok
22:18:19.0283 5224 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
22:18:19.0298 5224 AmdK8 - ok
22:18:19.0860 5224 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
22:18:19.0953 5224 amdkmdag - ok
22:18:20.0000 5224 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
22:18:20.0016 5224 amdkmdap - ok
22:18:20.0031 5224 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
22:18:20.0031 5224 AmdPPM - ok
22:18:20.0047 5224 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
22:18:20.0063 5224 amdsata - ok
22:18:20.0063 5224 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
22:18:20.0078 5224 amdsbs - ok
22:18:20.0109 5224 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
22:18:20.0109 5224 amdxata - ok
22:18:20.0141 5224 [ EE4797DFEBBE8ACDB548DD8E80BE0A88 ] amd_sata C:\windows\system32\DRIVERS\amd_sata.sys
22:18:20.0141 5224 amd_sata - ok
22:18:20.0156 5224 [ D56EAD71A86FD2ACAE2DB47D0A6A3A41 ] amd_xata C:\windows\system32\DRIVERS\amd_xata.sys
22:18:20.0172 5224 amd_xata - ok
22:18:20.0281 5224 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
22:18:20.0297 5224 AODDriver4.01 - ok
22:18:20.0328 5224 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
22:18:20.0328 5224 AppID - ok
22:18:20.0359 5224 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
22:18:20.0375 5224 AppIDSvc - ok
22:18:20.0406 5224 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
22:18:20.0406 5224 Appinfo - ok
22:18:20.0624 5224 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:18:20.0702 5224 Apple Mobile Device - ok
22:18:20.0733 5224 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
22:18:20.0749 5224 arc - ok
22:18:20.0765 5224 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
22:18:20.0780 5224 arcsas - ok
22:18:21.0030 5224 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:18:21.0155 5224 aspnet_state - ok
22:18:21.0186 5224 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
22:18:21.0201 5224 AsyncMac - ok
22:18:21.0217 5224 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
22:18:21.0233 5224 atapi - ok
22:18:21.0326 5224 [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr C:\windows\system32\DRIVERS\athrx.sys
22:18:21.0342 5224 athr - ok
22:18:21.0420 5224 [ 66828FF07CE53217582005540E31F84A ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie64.sys
22:18:21.0435 5224 AtiPcie - ok
22:18:21.0482 5224 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:18:21.0482 5224 AudioEndpointBuilder - ok
22:18:21.0513 5224 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
22:18:21.0529 5224 AudioSrv - ok
22:18:21.0576 5224 [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp C:\windows\system32\drivers\avgtpx64.sys
22:18:21.0607 5224 avgtp - ok
22:18:21.0732 5224 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
22:18:21.0747 5224 AxInstSV - ok
22:18:21.0825 5224 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
22:18:21.0857 5224 b06bdrv - ok
22:18:21.0919 5224 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
22:18:21.0950 5224 b57nd60a - ok
22:18:22.0013 5224 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
22:18:22.0013 5224 BDESVC - ok
22:18:22.0044 5224 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
22:18:22.0044 5224 Beep - ok
22:18:22.0137 5224 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
22:18:22.0137 5224 BFE - ok
22:18:22.0215 5224 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
22:18:22.0325 5224 BITS - ok
22:18:22.0356 5224 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
22:18:22.0356 5224 blbdrive - ok
22:18:22.0465 5224 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:18:22.0465 5224 Bonjour Service - ok
22:18:22.0512 5224 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
22:18:22.0512 5224 bowser - ok
22:18:22.0559 5224 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
22:18:22.0574 5224 BrFiltLo - ok
22:18:22.0637 5224 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
22:18:22.0637 5224 BrFiltUp - ok
22:18:22.0668 5224 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
22:18:22.0668 5224 Browser - ok
22:18:22.0715 5224 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
22:18:22.0730 5224 Brserid - ok
22:18:22.0730 5224 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
22:18:22.0746 5224 BrSerWdm - ok
22:18:22.0777 5224 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
22:18:22.0793 5224 BrUsbMdm - ok
22:18:22.0808 5224 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
22:18:22.0808 5224 BrUsbSer - ok
22:18:22.0839 5224 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
22:18:22.0839 5224 BTHMODEM - ok
22:18:22.0871 5224 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
22:18:22.0886 5224 bthserv - ok
22:18:22.0902 5224 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
22:18:22.0917 5224 cdfs - ok
22:18:22.0949 5224 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
22:18:22.0949 5224 cdrom - ok
22:18:23.0011 5224 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
22:18:23.0011 5224 CertPropSvc - ok
22:18:23.0073 5224 [ DF8D07059E7237E0BE9C1421EF5F9482 ] cfwids C:\windows\system32\drivers\cfwids.sys
22:18:23.0073 5224 cfwids - ok
22:18:23.0105 5224 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
22:18:23.0120 5224 circlass - ok
22:18:23.0136 5224 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
22:18:23.0151 5224 CLFS - ok
22:18:23.0307 5224 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:18:23.0339 5224 clr_optimization_v2.0.50727_32 - ok
22:18:23.0432 5224 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:18:23.0448 5224 clr_optimization_v2.0.50727_64 - ok
22:18:23.0573 5224 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:18:23.0963 5224 clr_optimization_v4.0.30319_32 - ok
22:18:23.0994 5224 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:18:24.0228 5224 clr_optimization_v4.0.30319_64 - ok
22:18:24.0306 5224 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
22:18:24.0306 5224 CmBatt - ok
22:18:24.0337 5224 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
22:18:24.0353 5224 cmdide - ok
22:18:24.0368 5224 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
22:18:24.0384 5224 CNG - ok
22:18:24.0462 5224 [ 25C58EE97BE0416A373E3E4F855206B5 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
22:18:24.0493 5224 CnxtHdAudService - ok
22:18:24.0509 5224 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
22:18:24.0524 5224 Compbatt - ok
22:18:24.0540 5224 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
22:18:24.0555 5224 CompositeBus - ok
22:18:24.0555 5224 COMSysApp - ok
22:18:24.0618 5224 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
22:18:24.0727 5224 crcdisk - ok
22:18:24.0867 5224 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
22:18:24.0867 5224 CryptSvc - ok
22:18:24.0930 5224 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
22:18:24.0930 5224 DcomLaunch - ok
22:18:24.0977 5224 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
22:18:25.0008 5224 defragsvc - ok
22:18:25.0023 5224 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
22:18:25.0039 5224 DfsC - ok
22:18:25.0117 5224 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
22:18:25.0133 5224 Dhcp - ok
22:18:25.0148 5224 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
22:18:25.0148 5224 discache - ok
22:18:25.0164 5224 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
22:18:25.0179 5224 Disk - ok
22:18:25.0211 5224 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
22:18:25.0211 5224 Dnscache - ok
22:18:25.0242 5224 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
22:18:25.0257 5224 dot3svc - ok
22:18:25.0257 5224 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
22:18:25.0257 5224 DPS - ok
22:18:25.0289 5224 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
22:18:25.0304 5224 drmkaud - ok
22:18:25.0367 5224 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\windows\system32\DRIVERS\dtsoftbus01.sys
22:18:25.0367 5224 dtsoftbus01 - ok
22:18:25.0413 5224 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
22:18:25.0507 5224 DXGKrnl - ok
22:18:25.0554 5224 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
22:18:25.0554 5224 EapHost - ok
22:18:25.0601 5224 [ 1D69A83033930C20583D608C622CA56B ] easytether C:\windows\system32\DRIVERS\easytthr.sys
22:18:25.0710 5224 easytether - ok
22:18:25.0897 5224 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
22:18:26.0022 5224 ebdrv - ok
22:18:26.0131 5224 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
22:18:26.0131 5224 EFS - ok
22:18:26.0256 5224 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
22:18:26.0271 5224 ehRecvr - ok
22:18:26.0318 5224 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
22:18:26.0334 5224 ehSched - ok
22:18:26.0365 5224 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
22:18:26.0396 5224 elxstor - ok
22:18:26.0443 5224 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
22:18:26.0443 5224 ErrDev - ok
22:18:26.0552 5224 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
22:18:26.0568 5224 EventSystem - ok
22:18:26.0599 5224 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
22:18:26.0693 5224 exfat - ok
22:18:26.0786 5224 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
22:18:26.0833 5224 fastfat - ok
22:18:26.0895 5224 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
22:18:26.0927 5224 Fax - ok
22:18:26.0989 5224 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
22:18:27.0020 5224 fdc - ok
22:18:27.0083 5224 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
22:18:27.0083 5224 fdPHost - ok
22:18:27.0129 5224 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
22:18:27.0145 5224 FDResPub - ok
22:18:27.0176 5224 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
22:18:27.0192 5224 FileInfo - ok
22:18:27.0410 5224 [ 2B609F74FA2884C36471743322652A16 ] FileMonitor C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
22:18:27.0426 5224 FileMonitor - ok
22:18:27.0473 5224 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
22:18:27.0488 5224 Filetrace - ok
22:18:27.0644 5224 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:18:28.0362 5224 FLEXnet Licensing Service - ok
22:18:28.0377 5224 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
22:18:28.0393 5224 flpydisk - ok
22:18:28.0440 5224 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
22:18:28.0440 5224 FltMgr - ok
22:18:28.0533 5224 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
22:18:28.0580 5224 FontCache - ok
22:18:28.0689 5224 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:18:28.0721 5224 FontCache3.0.0.0 - ok
22:18:28.0736 5224 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
22:18:28.0752 5224 FsDepends - ok
22:18:28.0767 5224 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
22:18:28.0783 5224 Fs_Rec - ok
22:18:28.0799 5224 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
22:18:28.0799 5224 fvevol - ok
22:18:28.0830 5224 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
22:18:28.0830 5224 FwLnk - ok
22:18:28.0845 5224 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
22:18:28.0861 5224 gagp30kx - ok
22:18:28.0908 5224 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
22:18:28.0923 5224 gpsvc - ok
22:18:29.0111 5224 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:18:29.0157 5224 gupdate - ok
22:18:29.0157 5224 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:18:29.0157 5224 gupdatem - ok
22:18:29.0204 5224 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
22:18:29.0204 5224 hcw85cir - ok
22:18:29.0282 5224 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:18:29.0298 5224 HdAudAddService - ok
22:18:29.0329 5224 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
22:18:29.0329 5224 HDAudBus - ok
22:18:29.0360 5224 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
22:18:29.0376 5224 HidBatt - ok
22:18:29.0391 5224 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
22:18:29.0407 5224 HidBth - ok
22:18:29.0423 5224 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
22:18:29.0438 5224 HidIr - ok
22:18:29.0469 5224 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
22:18:29.0469 5224 hidserv - ok
22:18:29.0516 5224 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
22:18:29.0532 5224 HidUsb - ok
22:18:29.0610 5224 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\windows\system32\drivers\HipShieldK.sys
22:18:29.0625 5224 HipShieldK - ok
22:18:29.0657 5224 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
22:18:29.0672 5224 hkmsvc - ok
22:18:29.0688 5224 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:18:29.0688 5224 HomeGroupListener - ok
22:18:29.0735 5224 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:18:29.0735 5224 HomeGroupProvider - ok
22:18:29.0766 5224 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
22:18:29.0781 5224 HpSAMD - ok
22:18:29.0813 5224 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
22:18:29.0828 5224 HTTP - ok
22:18:29.0844 5224 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
22:18:29.0844 5224 hwpolicy - ok
22:18:29.0859 5224 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
22:18:29.0875 5224 i8042prt - ok
22:18:29.0922 5224 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
22:18:29.0937 5224 iaStorV - ok
22:18:30.0031 5224 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:18:30.0062 5224 idsvc - ok
22:18:30.0078 5224 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
22:18:30.0078 5224 iirsp - ok
22:18:30.0171 5224 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
22:18:30.0187 5224 IKEEXT - ok
22:18:30.0249 5224 [ 491FB9E6C0BD1383884D64EA5B886AD8 ] IMFservice C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
22:18:30.0265 5224 IMFservice - ok
22:18:30.0327 5224 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
22:18:30.0343 5224 intelide - ok
22:18:30.0359 5224 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
22:18:30.0374 5224 intelppm - ok
22:18:30.0437 5224 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
22:18:30.0452 5224 IPBusEnum - ok
22:18:30.0452 5224 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
22:18:30.0468 5224 IpFilterDriver - ok
22:18:30.0483 5224 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
22:18:30.0483 5224 iphlpsvc - ok
22:18:30.0515 5224 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
22:18:30.0515 5224 IPMIDRV - ok
22:18:30.0530 5224 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
22:18:30.0546 5224 IPNAT - ok
22:18:30.0561 5224 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
22:18:30.0577 5224 IRENUM - ok
22:18:30.0717 5224 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
22:18:30.0733 5224 isapnp - ok
22:18:30.0780 5224 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
22:18:30.0858 5224 iScsiPrt - ok
22:18:30.0889 5224 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
22:18:30.0889 5224 kbdclass - ok
22:18:30.0905 5224 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
22:18:30.0905 5224 kbdhid - ok
22:18:30.0936 5224 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
22:18:30.0936 5224 KeyIso - ok
22:18:30.0951 5224 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
22:18:30.0967 5224 KSecDD - ok
22:18:30.0983 5224 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
22:18:30.0983 5224 KSecPkg - ok
22:18:31.0014 5224 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
22:18:31.0014 5224 ksthunk - ok
22:18:31.0061 5224 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
22:18:31.0076 5224 KtmRm - ok
22:18:31.0107 5224 [ 655A5D8E80869781CCE23760ADA7E695 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
22:18:31.0107 5224 L1C - ok
22:18:31.0154 5224 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
22:18:31.0154 5224 LanmanServer - ok
22:18:31.0201 5224 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:18:31.0217 5224 LanmanWorkstation - ok
22:18:31.0248 5224 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
22:18:31.0248 5224 lltdio - ok
22:18:31.0326 5224 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
22:18:31.0341 5224 lltdsvc - ok
22:18:31.0388 5224 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
22:18:31.0404 5224 lmhosts - ok
22:18:31.0419 5224 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
22:18:31.0435 5224 LSI_FC - ok
22:18:31.0466 5224 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
22:18:31.0482 5224 LSI_SAS - ok
22:18:31.0591 5224 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
22:18:31.0591 5224 LSI_SAS2 - ok
22:18:31.0607 5224 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
22:18:31.0622 5224 LSI_SCSI - ok
22:18:31.0669 5224 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
22:18:31.0685 5224 luafv - ok
22:18:31.0841 5224 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:18:31.0856 5224 McAfee SiteAdvisor Service - ok
22:18:31.0919 5224 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\windows\system32\DRIVERS\mcdbus.sys
22:18:31.0934 5224 mcdbus - ok
22:18:31.0965 5224 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:18:31.0965 5224 McMPFSvc - ok
22:18:31.0981 5224 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:18:31.0981 5224 mcmscsvc - ok
22:18:31.0997 5224 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:18:31.0997 5224 McNaiAnn - ok
22:18:32.0012 5224 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:18:32.0012 5224 McNASvc - ok
22:18:32.0121 5224 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
22:18:32.0137 5224 McODS - ok
22:18:32.0153 5224 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:18:32.0153 5224 McProxy - ok
22:18:32.0262 5224 [ 9BBCECBE3FE5AF5958A770DC512D0473 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:18:32.0262 5224 McShield - ok
22:18:32.0324 5224 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
22:18:32.0340 5224 Mcx2Svc - ok
22:18:32.0371 5224 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
22:18:32.0387 5224 megasas - ok
22:18:32.0387 5224 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
22:18:32.0402 5224 MegaSR - ok
22:18:32.0433 5224 [ 2D53234C24B0103FDE0BE06782AA6F80 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
22:18:32.0449 5224 mfeapfk - ok
22:18:32.0511 5224 [ C0EAF4F2367C44157E1DE4817238FEC2 ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
22:18:32.0527 5224 mfeavfk - ok
22:18:32.0558 5224 mfeavfk01 - ok
22:18:32.0621 5224 [ 05248F2E6E1AFA6972D058C36199DEB7 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:18:32.0621 5224 mfefire - ok
22:18:32.0667 5224 [ 6856931F9F5B757E9D09369CC35096B9 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
22:18:32.0699 5224 mfefirek - ok
22:18:32.0745 5224 [ 62E4C929A4DB48616B1B90143B48C948 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
22:18:32.0777 5224 mfehidk - ok
22:18:32.0855 5224 [ B5B96149BE124092F577DE54EC7D4D65 ] mferkdet C:\windows\system32\drivers\mferkdet.sys
22:18:32.0886 5224 mferkdet - ok
22:18:32.0948 5224 [ DC5483CAD90D95D65B618E35C66E28DF ] mfevtp C:\windows\system32\mfevtps.exe
22:18:32.0964 5224 mfevtp - ok
22:18:32.0995 5224 [ E18162EA85F1531964F8222CC9E25E26 ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
22:18:33.0042 5224 mfewfpk - ok
22:18:33.0151 5224 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
22:18:33.0151 5224 MMCSS - ok
22:18:33.0229 5224 [ 8CC001C65C31633171991FA72A551D43 ] MOBKbackup C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
22:18:33.0245 5224 MOBKbackup - ok
22:18:33.0307 5224 [ 3800C23D0D90C59AAFCDEFDC82B5C4AF ] MOBKFilter C:\windows\system32\DRIVERS\MOBK.sys
22:18:33.0323 5224 MOBKFilter - ok
22:18:33.0323 5224 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
22:18:33.0338 5224 Modem - ok
22:18:33.0416 5224 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
22:18:33.0416 5224 monitor - ok
22:18:33.0463 5224 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys
22:18:33.0479 5224 mouclass - ok
22:18:33.0494 5224 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
22:18:33.0510 5224 mouhid - ok
22:18:33.0588 5224 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
22:18:33.0588 5224 mountmgr - ok
22:18:34.0103 5224 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:18:34.0118 5224 MozillaMaintenance - ok
22:18:34.0165 5224 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
22:18:34.0165 5224 mpio - ok
22:18:34.0181 5224 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
22:18:34.0196 5224 mpsdrv - ok
22:18:34.0290 5224 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
22:18:34.0305 5224 MpsSvc - ok
22:18:34.0368 5224 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
22:18:34.0383 5224 MRxDAV - ok
22:18:34.0399 5224 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
22:18:34.0399 5224 mrxsmb - ok
22:18:34.0477 5224 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
22:18:34.0508 5224 mrxsmb10 - ok
22:18:34.0555 5224 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
22:18:34.0571 5224 mrxsmb20 - ok
22:18:34.0586 5224 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
22:18:34.0602 5224 msahci - ok
22:18:34.0789 5224 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
22:18:34.0805 5224 msdsm - ok
22:18:34.0836 5224 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
22:18:34.0851 5224 MSDTC - ok
22:18:34.0883 5224 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
22:18:34.0898 5224 Msfs - ok
22:18:34.0945 5224 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
22:18:34.0961 5224 mshidkmdf - ok
22:18:34.0976 5224 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
22:18:35.0007 5224 msisadrv - ok
22:18:35.0070 5224 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
22:18:35.0070 5224 MSiSCSI - ok
22:18:35.0085 5224 msiserver - ok
22:18:35.0132 5224 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:18:35.0132 5224 MSK80Service - ok
22:18:35.0163 5224 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
22:18:35.0163 5224 MSKSSRV - ok
22:18:35.0210 5224 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
22:18:35.0210 5224 MSPCLOCK - ok
22:18:35.0273 5224 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
22:18:35.0288 5224 MSPQM - ok
22:18:35.0335 5224 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
22:18:35.0351 5224 MsRPC - ok
22:18:35.0397 5224 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
22:18:35.0397 5224 mssmbios - ok
22:18:35.0460 5224 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
22:18:35.0475 5224 MSTEE - ok
22:18:35.0538 5224 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
22:18:35.0569 5224 MTConfig - ok
22:18:35.0600 5224 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
22:18:35.0616 5224 Mup - ok
22:18:35.0897 5224 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
22:18:35.0897 5224 napagent - ok
22:18:35.0959 5224 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
22:18:35.0975 5224 NativeWifiP - ok
22:18:36.0037 5224 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
22:18:36.0053 5224 NDIS - ok
22:18:36.0068 5224 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
22:18:36.0068 5224 NdisCap - ok
22:18:36.0099 5224 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
22:18:36.0115 5224 NdisTapi - ok
22:18:36.0146 5224 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
22:18:36.0162 5224 Ndisuio - ok
22:18:36.0193 5224 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
22:18:36.0209 5224 NdisWan - ok
22:18:36.0209 5224 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
22:18:36.0224 5224 NDProxy - ok
22:18:36.0255 5224 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
22:18:36.0287 5224 NetBIOS - ok
22:18:36.0302 5224 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
22:18:36.0302 5224 NetBT - ok
22:18:36.0333 5224 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
22:18:36.0333 5224 Netlogon - ok
22:18:36.0396 5224 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
22:18:36.0396 5224 Netman - ok
22:18:36.0505 5224 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:18:36.0614 5224 NetMsmqActivator - ok
22:18:36.0755 5224 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:18:36.0755 5224 NetPipeActivator - ok
22:18:36.0848 5224 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
22:18:36.0848 5224 netprofm - ok
22:18:36.0989 5224 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:18:37.0004 5224 NetTcpActivator - ok
22:18:37.0051 5224 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:18:37.0051 5224 NetTcpPortSharing - ok
22:18:37.0129 5224 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
22:18:37.0160 5224 nfrd960 - ok
22:18:37.0254 5224 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
22:18:37.0254 5224 NlaSvc - ok
22:18:37.0426 5224 Norton PC Checkup Application Launcher - ok
22:18:37.0504 5224 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
22:18:37.0520 5224 Npfs - ok
22:18:37.0645 5224 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
22:18:37.0645 5224 nsi - ok
22:18:38.0019 5224 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
22:18:38.0019 5224 nsiproxy - ok
22:18:38.0160 5224 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
22:18:38.0238 5224 Ntfs - ok
22:18:38.0284 5224 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
22:18:38.0284 5224 Null - ok
22:18:38.0348 5224 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
22:18:38.0379 5224 nvraid - ok
22:18:38.0426 5224 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
22:18:38.0457 5224 nvstor - ok
22:18:38.0519 5224 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
22:18:38.0519 5224 nv_agp - ok
22:18:38.0597 5224 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
22:18:38.0629 5224 ohci1394 - ok
22:18:38.0925 5224 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:18:38.0956 5224 ose - ok
22:18:39.0471 5224 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:18:40.0235 5224 osppsvc - ok
22:18:40.0516 5224 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
22:18:40.0516 5224 p2pimsvc - ok
22:18:40.0579 5224 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
22:18:40.0594 5224 p2psvc - ok
22:18:40.0719 5224 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
22:18:40.0719 5224 Parport - ok
22:18:40.0797 5224 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
22:18:40.0844 5224 partmgr - ok
22:18:40.0906 5224 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
22:18:40.0906 5224 PcaSvc - ok
22:18:41.0000 5224 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
22:18:41.0000 5224 PCCUJobMgr - ok
22:18:41.0047 5224 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
22:18:41.0062 5224 pci - ok
22:18:41.0125 5224 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
22:18:41.0125 5224 pciide - ok
22:18:41.0218 5224 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
22:18:41.0249 5224 pcmcia - ok
22:18:41.0296 5224 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
22:18:41.0312 5224 pcw - ok
22:18:41.0359 5224 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
22:18:41.0390 5224 PEAUTH - ok
22:18:44.0806 5224 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
22:18:44.0837 5224 PerfHost - ok
22:18:45.0025 5224 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
22:18:45.0274 5224 pla - ok
22:18:45.0384 5224 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
22:18:45.0399 5224 PlugPlay - ok
22:18:45.0508 5224 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
22:18:45.0524 5224 PNRPAutoReg - ok
22:18:45.0602 5224 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
22:18:45.0618 5224 PNRPsvc - ok
22:18:45.0961 5224 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
22:18:45.0992 5224 PolicyAgent - ok
22:18:46.0054 5224 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
22:18:46.0054 5224 Power - ok
22:18:46.0179 5224 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
22:18:46.0195 5224 PptpMiniport - ok
22:18:46.0351 5224 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
22:18:46.0366 5224 Processor - ok
22:18:46.0491 5224 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
22:18:46.0507 5224 ProfSvc - ok
22:18:46.0569 5224 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
22:18:46.0569 5224 ProtectedStorage - ok
22:18:46.0647 5224 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
22:18:46.0647 5224 Psched - ok
22:18:46.0897 5224 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
22:18:47.0209 5224 ql2300 - ok
22:18:47.0271 5224 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
22:18:47.0302 5224 ql40xx - ok
22:18:47.0396 5224 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
22:18:47.0427 5224 QWAVE - ok
22:18:47.0552 5224 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
22:18:47.0568 5224 QWAVEdrv - ok
22:18:47.0630 5224 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
22:18:47.0770 5224 RasAcd - ok
22:18:47.0911 5224 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
22:18:47.0926 5224 RasAgileVpn - ok
22:18:48.0004 5224 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
22:18:48.0020 5224 RasAuto - ok
22:18:48.0082 5224 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
22:18:48.0098 5224 Rasl2tp - ok
22:18:48.0223 5224 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
22:18:48.0254 5224 RasMan - ok
22:18:48.0316 5224 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
22:18:48.0332 5224 RasPppoe - ok
22:18:48.0410 5224 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
22:18:48.0426 5224 RasSstp - ok
22:18:48.0582 5224 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
22:18:48.0613 5224 rdbss - ok
22:18:48.0784 5224 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
22:18:48.0800 5224 rdpbus - ok
22:18:48.0878 5224 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
22:18:48.0878 5224 RDPCDD - ok
22:18:49.0003 5224 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
22:18:49.0003 5224 RDPENCDD - ok
22:18:49.0065 5224 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
22:18:49.0065 5224 RDPREFMP - ok
22:18:49.0143 5224 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
22:18:49.0159 5224 RDPWD - ok
22:18:49.0252 5224 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
22:18:49.0268 5224 rdyboost - ok
22:18:49.0627 5224 [ 8CCF1201A14D5AD7568E192B835ABB7E ] RegFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
22:18:49.0954 5224 RegFilter - ok
22:18:50.0079 5224 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
22:18:50.0095 5224 RemoteAccess - ok
22:18:50.0220 5224 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
22:18:50.0235 5224 RemoteRegistry - ok
22:18:50.0376 5224 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
22:18:50.0376 5224 RpcEptMapper - ok
22:18:50.0500 5224 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
22:18:50.0516 5224 RpcLocator - ok
22:18:50.0625 5224 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
22:18:50.0641 5224 RpcSs - ok
22:18:50.0875 5224 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
22:18:50.0906 5224 rspndr - ok
22:18:51.0046 5224 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
22:18:51.0062 5224 RSUSBSTOR - ok
22:18:51.0156 5224 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
22:18:51.0156 5224 SamSs - ok
22:18:51.0436 5224 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:18:51.0452 5224 SASDIFSV - ok
22:18:51.0546 5224 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:18:51.0561 5224 SASKUTIL - ok
22:18:51.0639 5224 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
22:18:51.0826 5224 sbp2port - ok
22:18:51.0967 5224 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
22:18:51.0982 5224 SCardSvr - ok
22:18:52.0045 5224 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
22:18:52.0045 5224 scfilter - ok
22:18:52.0248 5224 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
22:18:52.0263 5224 Schedule - ok
22:18:52.0404 5224 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
22:18:52.0404 5224 SCPolicySvc - ok
22:18:52.0544 5224 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
22:18:52.0560 5224 SDRSVC - ok
22:18:52.0653 5224 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
22:18:52.0684 5224 secdrv - ok
22:18:52.0778 5224 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
22:18:52.0794 5224 seclogon - ok
22:18:52.0950 5224 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
22:18:52.0950 5224 SENS - ok
22:18:53.0012 5224 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
22:18:53.0028 5224 SensrSvc - ok
22:18:53.0074 5224 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
22:18:53.0090 5224 Serenum - ok
22:18:53.0184 5224 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
22:18:53.0184 5224 Serial - ok
22:18:53.0386 5224 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
22:18:53.0402 5224 sermouse - ok
22:18:53.0870 5224 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
22:18:53.0886 5224 SessionEnv - ok
22:18:53.0948 5224 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
22:18:53.0979 5224 sffdisk - ok
22:18:54.0073 5224 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
22:18:54.0073 5224 sffp_mmc - ok
22:18:54.0135 5224 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
22:18:54.0151 5224 sffp_sd - ok
22:18:54.0229 5224 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
22:18:54.0244 5224 sfloppy - ok
22:18:54.0369 5224 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
22:18:54.0385 5224 SharedAccess - ok
22:18:54.0572 5224 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:18:54.0588 5224 ShellHWDetection - ok
22:18:55.0227 5224 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
22:18:55.0336 5224 SiSRaid2 - ok
22:18:55.0368 5224 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
22:18:55.0368 5224 SiSRaid4 - ok
22:18:55.0882 5224 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:18:59.0143 5224 SkypeUpdate - ok
22:18:59.0252 5224 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
22:18:59.0268 5224 Smb - ok
22:18:59.0377 5224 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
22:18:59.0392 5224 SNMPTRAP - ok
22:18:59.0564 5224 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
22:18:59.0595 5224 spldr - ok
22:18:59.0938 5224 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
22:18:59.0954 5224 Spooler - ok
22:19:00.0375 5224 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
22:19:00.0484 5224 sppsvc - ok
22:19:00.0562 5224 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
22:19:00.0578 5224 sppuinotify - ok
22:19:01.0015 5224 [ D6AB7C13FCDD2E4CAC35244D2C172D9A ] sptd C:\windows\System32\Drivers\sptd.sys
22:19:01.0046 5224 sptd - ok
22:19:01.0140 5224 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
22:19:01.0155 5224 srv - ok
22:19:01.0218 5224 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
22:19:01.0233 5224 srv2 - ok
22:19:01.0389 5224 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
22:19:01.0405 5224 srvnet - ok
22:19:01.0608 5224 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
22:19:01.0904 5224 SSDPSRV - ok
22:19:02.0029 5224 [ 1100066057FBF612B573EFD3B21383F1 ] ssmirrdr C:\windows\system32\DRIVERS\ssmirrdr.sys
22:19:02.0091 5224 ssmirrdr - ok
22:19:02.0294 5224 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
22:19:02.0294 5224 SstpSvc - ok
22:19:02.0419 5224 Steam Client Service - ok
22:19:02.0512 5224 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
22:19:02.0528 5224 stexstor - ok
22:19:02.0902 5224 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
22:19:02.0902 5224 stisvc - ok
22:19:03.0121 5224 [ 6F715D00024CB60C2B60278425AD6EC2 ] SWDUMon C:\windows\system32\DRIVERS\SWDUMon.sys
22:19:03.0136 5224 SWDUMon - ok
22:19:03.0246 5224 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
22:19:03.0292 5224 swenum - ok
22:19:03.0433 5224 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
22:19:03.0464 5224 swprv - ok
22:19:03.0558 5224 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
22:19:03.0573 5224 SynTP - ok
22:19:04.0244 5224 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
22:19:04.0275 5224 SysMain - ok
22:19:04.0384 5224 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
22:19:04.0400 5224 TabletInputService - ok
22:19:04.0603 5224 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
22:19:04.0618 5224 TapiSrv - ok
22:19:05.0008 5224 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
22:19:05.0008 5224 TBS - ok
22:19:05.0289 5224 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
22:19:05.0523 5224 Tcpip - ok
22:19:05.0679 5224 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
22:19:05.0695 5224 TCPIP6 - ok
22:19:05.0835 5224 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
22:19:05.0851 5224 tcpipreg - ok
22:19:05.0929 5224 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
22:19:05.0944 5224 tdcmdpst - ok
22:19:06.0194 5224 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
22:19:06.0210 5224 TDPIPE - ok
22:19:06.0381 5224 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
22:19:06.0397 5224 TDTCP - ok
22:19:06.0490 5224 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
22:19:06.0506 5224 tdx - ok
22:19:06.0568 5224 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
22:19:06.0584 5224 TermDD - ok
22:19:07.0099 5224 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
22:19:07.0114 5224 TermService - ok
22:19:07.0239 5224 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
22:19:07.0239 5224 Themes - ok
22:19:07.0442 5224 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
22:19:07.0442 5224 THREADORDER - ok
22:19:07.0832 5224 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
22:19:07.0832 5224 TODDSrv - ok
22:19:08.0284 5224 [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:19:08.0284 5224 TosCoSrv - ok
22:19:08.0596 5224 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:19:08.0768 5224 TOSHIBA HDD SSD Alert Service - ok
22:19:08.0893 5224 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
22:19:08.0924 5224 TrkWks - ok
22:19:09.0189 5224 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:19:09.0189 5224 TrustedInstaller - ok
22:19:09.0361 5224 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
22:19:09.0376 5224 tssecsrv - ok
22:19:09.0501 5224 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
22:19:09.0532 5224 TsUsbFlt - ok
22:19:09.0938 5224 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
22:19:09.0969 5224 tunnel - ok
22:19:10.0047 5224 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
22:19:10.0063 5224 TVALZ - ok
22:19:10.0562 5224 [ E6118E6FA528A62CB31B8BC4013A3DAF ] tvnserver C:\Program Files\TightVNC\tvnserver.exe
22:19:10.0702 5224 tvnserver - ok
22:19:10.0890 5224 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
22:19:10.0905 5224 uagp35 - ok
22:19:11.0108 5224 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
22:19:11.0124 5224 udfs - ok
22:19:11.0389 5224 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
22:19:11.0420 5224 UI0Detect - ok
22:19:11.0576 5224 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
22:19:11.0607 5224 uliagpkx - ok
22:19:11.0841 5224 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
22:19:11.0857 5224 umbus - ok
22:19:12.0044 5224 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
22:19:12.0278 5224 UmPass - ok
22:19:12.0434 5224 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
22:19:12.0465 5224 upnphost - ok
22:19:12.0668 5224 [ 1AA6CA6B150F85F07804CBA5F814D9B2 ] UrlFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
22:19:13.0027 5224 UrlFilter - ok
22:19:13.0230 5224 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
22:19:13.0245 5224 USBAAPL64 - ok
22:19:13.0401 5224 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
22:19:13.0432 5224 usbccgp - ok
22:19:13.0666 5224 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
22:19:13.0869 5224 usbcir - ok
22:19:14.0088 5224 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
22:19:14.0103 5224 usbehci - ok
22:19:14.0197 5224 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
22:19:14.0212 5224 usbhub - ok
22:19:14.0290 5224 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
22:19:14.0306 5224 usbohci - ok
22:19:14.0478 5224 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
22:19:14.0493 5224 usbprint - ok
22:19:14.0649 5224 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
22:19:14.0665 5224 USBSTOR - ok
22:19:14.0868 5224 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
22:19:14.0899 5224 usbuhci - ok
22:19:15.0008 5224 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
22:19:15.0024 5224 usbvideo - ok
22:19:15.0180 5224 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
22:19:15.0195 5224 UxSms - ok
22:19:15.0304 5224 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
22:19:15.0304 5224 VaultSvc - ok
22:19:15.0351 5224 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
22:19:15.0367 5224 vdrvroot - ok
22:19:15.0523 5224 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
22:19:15.0554 5224 vds - ok
22:19:15.0991 5224 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
22:19:16.0006 5224 vga - ok
22:19:16.0131 5224 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
22:19:16.0147 5224 VgaSave - ok
22:19:16.0334 5224 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
22:19:16.0365 5224 vhdmp - ok
22:19:16.0428 5224 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
22:19:16.0459 5224 viaide - ok
22:19:16.0552 5224 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
22:19:16.0568 5224 volmgr - ok
22:19:16.0630 5224 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
22:19:16.0630 5224 volmgrx - ok
22:19:16.0927 5224 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
22:19:16.0958 5224 volsnap - ok
22:19:17.0052 5224 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
22:19:17.0067 5224 vsmraid - ok
22:19:17.0270 5224 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
22:19:17.0317 5224 VSS - ok
22:19:18.0128 5224 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
22:19:18.0144 5224 vToolbarUpdater13.2.0 - ok
22:19:18.0268 5224 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
22:19:18.0284 5224 vwifibus - ok
22:19:18.0331 5224 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
22:19:18.0346 5224 vwififlt - ok
22:19:18.0456 5224 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
22:19:18.0471 5224 vwifimp - ok
22:19:18.0565 5224 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
22:19:18.0580 5224 W32Time - ok
22:19:18.0658 5224 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
22:19:18.0768 5224 WacomPen - ok
22:19:18.0861 5224 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
22:19:18.0877 5224 WANARP - ok
22:19:18.0939 5224 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
22:19:18.0939 5224 Wanarpv6 - ok
22:19:19.0142 5224 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
22:19:19.0282 5224 WatAdminSvc - ok
22:19:19.0532 5224 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
22:19:20.0062 5224 wbengine - ok
22:19:20.0156 5224 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
22:19:20.0172 5224 WbioSrvc - ok
22:19:20.0250 5224 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
22:19:20.0281 5224 wcncsvc - ok
22:19:20.0390 5224 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:19:20.0390 5224 WcsPlugInService - ok
22:19:20.0515 5224 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
22:19:20.0530 5224 Wd - ok
22:19:20.0624 5224 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
22:19:20.0780 5224 Wdf01000 - ok
22:19:20.0889 5224 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
22:19:20.0905 5224 WdiServiceHost - ok
22:19:20.0998 5224 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
22:19:20.0998 5224 WdiSystemHost - ok
22:19:21.0123 5224 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
22:19:21.0139 5224 WebClient - ok
22:19:21.0264 5224 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
22:19:21.0279 5224 Wecsvc - ok
22:19:21.0404 5224 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
22:19:21.0420 5224 wercplsupport - ok
22:19:21.0513 5224 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
22:19:21.0529 5224 WerSvc - ok
22:19:21.0591 5224 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
22:19:21.0607 5224 WfpLwf - ok
22:19:21.0919 5224 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
22:19:21.0934 5224 WIMMount - ok
22:19:22.0044 5224 WinDefend - ok
22:19:22.0106 5224 WinHttpAutoProxySvc - ok
22:19:23.0401 5224 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
22:19:23.0401 5224 Winmgmt - ok
22:19:24.0009 5224 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys
22:19:24.0603 5224 WinRing0_1_2_0 - ok
22:19:24.0962 5224 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
22:19:25.0040 5224 WinRM - ok
22:19:25.0133 5224 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
22:19:25.0149 5224 WinUsb - ok
22:19:25.0352 5224 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
22:19:25.0367 5224 Wlansvc - ok
22:19:25.0430 5224 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
22:19:25.0446 5224 WmiAcpi - ok
22:19:25.0649 5224 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
22:19:25.0930 5224 wmiApSrv - ok
22:19:26.0086 5224 WMPNetworkSvc - ok
22:19:26.0180 5224 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
22:19:26.0195 5224 WPCSvc - ok
22:19:26.0289 5224 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
22:19:26.0304 5224 WPDBusEnum - ok
22:19:26.0477 5224 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
22:19:26.0508 5224 ws2ifsl - ok
22:19:26.0867 5224 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
22:19:26.0883 5224 wscsvc - ok
22:19:26.0914 5224 WSearch - ok
22:19:27.0273 5224 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
22:19:27.0335 5224 wuauserv - ok
22:19:27.0397 5224 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
22:19:27.0429 5224 WudfPf - ok
22:19:27.0522 5224 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
22:19:27.0553 5224 WUDFRd - ok
22:19:27.0912 5224 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
22:19:28.0162 5224 wudfsvc - ok
22:19:28.0349 5224 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
22:19:28.0365 5224 WwanSvc - ok
22:19:28.0458 5224 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\windows\system32\DRIVERS\xusb21.sys
22:19:28.0474 5224 xusb21 - ok
22:19:28.0521 5224 ================ Scan global ===============================
22:19:28.0864 5224 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
22:19:29.0316 5224 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
22:19:29.0394 5224 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
22:19:29.0535 5224 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
22:19:29.0644 5224 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
22:19:29.0644 5224 [Global] - ok
22:19:29.0644 5224 ================ Scan MBR ==================================
22:19:29.0847 5224 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:20:10.0097 5224 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:20:10.0097 5224 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:20:10.0112 5224 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR3
22:20:17.0102 5224 \Device\Harddisk1\DR3 - ok
22:20:17.0102 5224 ================ Scan VBR ==================================
22:20:17.0149 5224 [ F9DC91CF32FD7C0E2C6CF67582F3F389 ] \Device\Harddisk0\DR0\Partition1
22:20:17.0227 5224 \Device\Harddisk0\DR0\Partition1 - ok
22:20:17.0227 5224 [ 832DB0A3CA0C3C5E881E7C5924BC6484 ] \Device\Harddisk1\DR3\Partition1
22:20:17.0242 5224 \Device\Harddisk1\DR3\Partition1 - ok
22:20:17.0242 5224 ============================================================
22:20:17.0242 5224 Scan finished
22:20:17.0242 5224 ============================================================
22:20:17.0258 5152 Detected object count: 1
22:20:17.0258 5152 Actual detected object count: 1
22:21:34.0064 5152 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:21:34.0064 5152 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:21:48.0151 5624 Deinitialize success

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:17 PM

Posted 28 December 2012 - 10:29 PM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Zskillit

Zskillit
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 28 December 2012 - 11:08 PM

The scan has just finished. Here is the report.

ComboFix 12-12-28.02 - Admin 12/28/2012 22:39:48.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1222 [GMT -5:00]
Running from: C:\Users\Admin\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Admin\AppData\Local\{F8E9E8E4-2A8A-46F5-B699-320E959780FB}
C:\Users\Admin\AppData\Local\{F8E9E8E4-2A8A-46F5-B699-320E959780FB}\chrome\content\overlay.xul
C:\Users\Admin\AppData\Local\{F8E9E8E4-2A8A-46F5-B699-320E959780FB}\install.rdf
C:\Users\Admin\AppData\Roaming\Adobe\plugs
C:\Users\Admin\AppData\Roaming\Adobe\shed
C:\Users\Admin\Documents\~WRL0005.tmp
C:\Users\Admin\Documents\~WRL0006.tmp
C:\Users\Admin\Documents\~WRL0007.tmp


((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-29 )))))))))))))))))))))))))))))))


2012-12-27 07:22:09 . 2012-12-27 07:22:09 -------- d-----w- C:\Program Files (x86)\THQ
2012-12-27 04:02:13 . 2012-12-27 04:02:13 -------- d-----w- C:\ProgramData\ATI
2012-12-27 03:57:04 . 2012-12-27 03:57:04 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-12-27 03:56:47 . 2000-01-01 00:00:00 56448 ----a-w- C:\windows\system32\drivers\usbfilter.sys
2012-12-27 03:49:22 . 2000-01-01 00:00:00 82560 ----a-w- C:\windows\system32\drivers\amd_sata.sys
2012-12-27 03:49:22 . 2000-01-01 00:00:00 42624 ----a-w- C:\windows\system32\drivers\amd_xata.sys
2012-12-27 03:49:22 . 2000-01-01 00:00:00 16552 ----a-w- C:\windows\system32\drivers\AtiPcie64.sys
2012-12-27 02:01:16 . 2012-12-27 02:01:16 -------- d-----w- C:\Users\Admin\AppData\Local\AMD
2012-12-27 00:11:14 . 2012-12-27 00:11:14 -------- d-----w- C:\Users\Admin\AppData\Roaming\Microsoft Games
2012-12-26 23:59:14 . 2012-12-26 23:59:14 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2012-12-26 23:50:29 . 2012-12-26 23:50:29 283200 ----a-w- C:\windows\system32\drivers\dtsoftbus01.sys
2012-12-26 23:45:04 . 2012-12-28 21:30:59 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-12-29 03:55:25 . 2012-08-24 02:40:41 15712 ----a-w- C:\windows\system32\drivers\SWDUMon.sys
2012-12-26 23:45:57 . 2012-10-01 19:03:10 564824 ----a-w- C:\windows\system32\drivers\sptd.sys
2012-12-12 09:30:03 . 2012-08-25 15:28:04 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 09:30:03 . 2011-05-23 03:32:15 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 09:29:54 . 2012-10-09 02:29:36 16363960 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-11-15 08:02:54 . 2011-03-27 07:23:47 66395536 ----a-w- C:\windows\system32\MRT.exe
2012-11-13 21:44:06 . 2012-11-13 21:44:36 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-13 21:44:05 . 2011-06-01 07:04:07 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-11-09 11:40:24 . 2011-03-03 22:08:30 69672 ----a-w- C:\windows\system32\drivers\cfwids.sys
2012-11-09 11:37:42 . 2011-03-03 22:08:30 339776 ----a-w- C:\windows\system32\drivers\mfewfpk.sys
2012-11-09 11:37:30 . 2011-03-03 21:50:43 177680 ----a-w- C:\windows\system32\mfevtps.exe
2012-11-09 11:36:40 . 2011-03-03 22:09:32 10288 ----a-w- C:\windows\system32\drivers\mfeclnk.sys
2012-11-09 11:36:30 . 2011-03-03 22:08:30 106112 ----a-w- C:\windows\system32\drivers\mferkdet.sys
2012-11-09 11:35:50 . 2010-10-14 03:28:54 771096 ----a-w- C:\windows\system32\drivers\mfehidk.sys
2012-11-09 11:34:58 . 2011-03-03 22:08:30 515528 ----a-w- C:\windows\system32\drivers\mfefirek.sys
2012-11-09 11:34:18 . 2011-03-03 22:08:30 309400 ----a-w- C:\windows\system32\drivers\mfeavfk.sys
2012-11-09 11:33:58 . 2010-10-14 03:28:54 178840 ----a-w- C:\windows\system32\drivers\mfeapfk.sys
2012-11-08 17:54:27 . 2012-08-24 02:41:44 30568 ----a-w- C:\windows\system32\drivers\avgtpx64.sys
2012-10-18 18:25:58 . 2012-11-15 06:15:58 3149824 ----a-w- C:\windows\system32\win32k.sys
2012-10-09 18:17:13 . 2012-11-15 06:15:14 226816 ----a-w- C:\windows\system32\dhcpcore6.dll
2012-10-09 18:17:13 . 2012-11-15 06:15:13 55296 ----a-w- C:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40:31 . 2012-11-15 06:15:14 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll
2012-10-09 17:40:31 . 2012-11-15 06:15:13 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll
2012-10-03 17:56:54 . 2012-11-15 06:14:44 1914248 ----a-w- C:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44:21 . 2012-11-15 06:14:42 303104 ----a-w- C:\windows\system32\nlasvc.dll
2012-10-03 17:44:21 . 2012-11-15 06:14:39 70656 ----a-w- C:\windows\system32\nlaapi.dll
2012-10-03 17:44:17 . 2012-11-15 06:14:42 246272 ----a-w- C:\windows\system32\netcorehc.dll
2012-10-03 17:44:17 . 2012-11-15 06:14:38 18944 ----a-w- C:\windows\system32\netevent.dll
2012-10-03 17:44:16 . 2012-11-15 06:14:43 216576 ----a-w- C:\windows\system32\ncsi.dll
2012-10-03 17:42:16 . 2012-11-15 06:14:42 569344 ----a-w- C:\windows\system32\iphlpsvc.dll
2012-10-03 16:42:24 . 2012-11-15 06:14:41 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42:24 . 2012-11-15 06:14:38 18944 ----a-w- C:\windows\SysWow64\netevent.dll
2012-10-03 16:42:23 . 2012-11-15 06:14:43 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 . 2012-11-15 06:14:39 45568 ----a-w- C:\windows\system32\drivers\tcpipreg.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-08 17:54:27 1796552 ----a-w- C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 17:54:27 1796552]

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-08-10 16:33:31 5629312]
"Advanced SystemCare 5"="C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 19:56:36 288128]
"uTorrent"="C:\Program Files (x86)\uTorrent\uTorrent.exe" [2011-04-17 02:57:32 399736]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 10:46:46 3673728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2012-09-12 16:22:04 1535112]
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2012-11-08 17:54:27 997320]
"ROC_roc_ssl_v12"="C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-24 02:42:26 1020512]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 00:06:18 59280]
"ROC_ROC_JULY_P1"="C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 16:17:50 1022048]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-04-19 00:56:22 421888]
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 18:54:26 91520]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 11:20:01 38872]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 19:00:46 919008]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-05 04:24:22 642728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 21:04:30 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 18:27:14 138576]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 17:28:36 160944]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-04-27 23:17:28 20336]
R3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\system32\drivers\HipShieldK.sys [2012-04-20 20:40:58 196440]
R3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys [2012-11-09 11:36:30 106112]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-23 04:58:06 33184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 18:29:48 232992]
R3 ssmirrdr;ssmirrdr;C:\windows\system32\DRIVERS\ssmirrdr.sys [2011-01-24 06:20:14 10112]
R3 SWDUMon;SWDUMon;C:\windows\system32\DRIVERS\SWDUMon.sys [2012-12-29 03:55:25 15712]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 00:44:48 137560]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-03-23 04:58:10 21328]
R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 16:11:36 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe [2011-03-27 07:16:21 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2010-11-01 10:08:46 14544]
S0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys [2000-01-01 00:00:00 82560]
S0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys [2000-01-01 00:00:00 42624]
S0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys [2012-11-09 11:37:42 339776]
S0 sptd;sptd;C:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avgtp;avgtp;C:\windows\system32\drivers\avgtpx64.sys [2012-11-08 17:54:27 30568]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-26 23:50:29 283200]
S1 MOBKFilter;MOBKFilter;C:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 01:10:24 66040]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 16:26:56 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 21:55:18 12368]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-12-27 02:55:04 140672]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 16:04:52 913792]
S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe [2012-07-04 06:20:54 238080]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-05 03:03:48 361984]
S2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 21:04:30 53888]
S2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-06-01 18:10:00 821080]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 17:20:06 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 17:20:06 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 17:20:06 201304]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 11:34:50 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\system32\mfevtps.exe [2012-11-09 11:37:30 177680]
S2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 01:11:18 231224]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-06-04 11:57:05 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 22:49:41 126392]
S2 tvnserver;TightVNC Server;C:\Program Files\TightVNC\tvnserver.exe [2012-06-26 23:35:24 1652280]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-08 17:54:27 711112]
S3 amdiox64;AMD IO Driver;C:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 13:18:24 46136]
S3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys [2012-11-09 11:40:24 69672]
S3 easytether;easytether;C:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 22:11:08 21072]
S3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 16:51:42 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 13:24:56 169584]
S3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys [2012-11-09 11:34:58 515528]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01

Contents of the 'Scheduled Tasks' folder

2012-12-29 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 15:28:04 . 2012-12-12 09:30:04]

2012-12-29 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02 19:10:07 . 2011-03-02 19:10:04]

2012-12-29 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02 19:10:07 . 2011-03-02 19:10:04]

2012-12-29 C:\windows\Tasks\SlimDrivers Startup.job
- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2012-12-16 17:04:54 . 2012-12-16 17:04:54]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11:20 3816248 ----a-w- C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11:20 3816248 ----a-w- C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11:20 3816248 ----a-w- C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22:31:34 24376]
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 00:45:06 709976]
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe" [2000-01-01 00:00:00 307768]
"tvncontrol"="C:\Program Files\TightVNC\tvnserver.exe" [2012-06-26 23:35:24 1652280]

------- Supplementary Scan -------

uLocal Page = C:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={13BBD07F-1A3C-4744-838E-4DD24EC5DAE4}&mid=446832df23af47d09353d16f2a87f1db-36f27899a327522bf1c271e842106c1f88a4d91b&lang=en&ds=ts024&pr=sa&d=2012-08-23 22:41:48&v=12.2.0.5&sap=hp
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wf0zqf31.default\
FF - prefs.js: browser.search.selectedEngine - Google

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:17 PM

Posted 28 December 2012 - 11:16 PM

was that all there was to the log as the bottom half appears to be cut off

you should be able to find it at C:\ComboFix.txt

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Zskillit

Zskillit
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 28 December 2012 - 11:24 PM

That log file was in the C:\ComboFix folder. The only text document inside the C:\ was the previous log from the TDSSKiller scan. The ComboFix scan did fully complete and said it created a log file inside the C:\ just like you said, but there is not one.

Edited by Zskillit, 28 December 2012 - 11:29 PM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:17 PM

Posted 28 December 2012 - 11:34 PM

ok thanks

please do the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


Please download Malwarebytes Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Zskillit

Zskillit
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 29 December 2012 - 01:27 AM

I have ran the first 3 scans, and the logs are posted below. The results from the virus scans (including the last ESET scan) which is 70% done are finding 0 viruses, which mskes me very happy. You are a true professional. Here are the logs for the first 3...

JRT Scan:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.2.9 (12.28.2012:1)
OS: Windows 7 Home Premium x64
Ran by Admin on Fri 12/28/2012 at 23:40:25.29
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3323034127-272822139-3152137221-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3323034127-272822139-3152137221-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\partner"



~~~ FireFox

Successfully deleted: [File] "C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\wf0zqf31.default\extensions\DivXWebPlayer@divx.com.xpi"
Successfully deleted: [File] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\wf0zqf31.default\extensions\browserprotect@browserprotect.com.xpi



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/28/2012 at 23:53:11.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------------

Adware Scan:
# AdwCleaner v2.103 - Logfile created 12/29/2012 at 00:34:00
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Admin - ADMIN-PC
# Boot Mode : Normal
# Running from : C:\Users\Admin\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Admin\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Admin\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_2ac78060bc5856b0c1cf873bb919b58
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wf0zqf31.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

-\\ Opera v11.52.1100.0

File : C:\Users\Admin\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4870 octets] - [29/12/2012 00:34:00]

########## EOF - C:\AdwCleaner[S1].txt - [4930 octets] ##########

MBAM Scan:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Admin :: ADMIN-PC [administrator]

12/29/2012 12:40:36 AM
mbam-log-2012-12-29 (00-40-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207682
Time elapsed: 9 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


The ESET Scan is at 72% with 0 threats detected. Hopefully it stays that way. I will post the log when it is finished.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:17 PM

Posted 29 December 2012 - 09:56 AM

ok, thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Zskillit

Zskillit
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 29 December 2012 - 03:59 PM

I know it has taken me a while with this last report. After I wrote my last reply, it found 5 threats. I was well into 3 hours of scanning, and I got sleepy waiting and when I woke up the computer had restarted so I had no logs, and the threats weren't removed. So I then restarted it, but realized an hour into it I had the "Remove Threats" option ticked, so I cancelled and now I am 99% into another 4+ Hour scan with all the correct parameters with 5 threats found so far. In case the computer randomly restarts again upon completion I want to have this information out there.

Threats:
Win32/OpenCandy Application
A variant of Win32/CNETInstaller.A application
A variant of Win32/InstallCore. AF appllication
A variant of Win32/InstallCore. AF appllication
A variant of Java/TrojanDownloader. OpenStream.NCM trojan

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:17 PM

Posted 29 December 2012 - 04:14 PM

ok, yes, the ESET scan can take a while

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Zskillit

Zskillit
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 29 December 2012 - 04:29 PM

ESET Scan Report:
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\3b578aa0-4127d64d a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Users\Admin\Downloads\Alcohol120_trial_2.0.2.3931.exe a variant of Win32/InstallCore.AF application cleaned by deleting - quarantined
C:\Users\Admin\Downloads\Alcohol52_FE_2.0.2.3931.exe a variant of Win32/InstallCore.AF application cleaned by deleting - quarantined
C:\Users\Admin\Downloads\cbsidlm-cbsi5_2_0_83-Resolution_Changer_SX2-SEO2-10468528.exe a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
C:\Users\Admin\Downloads\DTLite4454-0316.exe Win32/OpenCandy application cleaned by deleting - quarantined

Not sure why it is saying it was "cleaned by deleting" since I unchecked the box.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:17 PM

Posted 29 December 2012 - 04:33 PM

have a look in the downloads folder and make sure the files are deleted

how is the computer running now, are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Zskillit

Zskillit
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 29 December 2012 - 04:38 PM

It seems as though all of the files are gone, and my computer is running better than it has in a year! No more random BSOD crashes that I had daily, and no annoying errors when the computer stats, and obviously Windows 7 is booting up just fine. Amazing what can be done when someone like you can help, I am impressed and will definitely be telling anyone with computer problems that this is the go-to site for any computer related issues. I'm just amazed. Anything else required of me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users