Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran ComboFix + Need Help Reviewing Log


  • This topic is locked This topic is locked
12 replies to this topic

#1 cxxr

cxxr

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 19 March 2013 - 12:48 PM

Recently I Run ComboFix unsupervised, ignoring the warning disclaimers, few days ago after searching google about having multiple rundll32.exe running 2 from \System32\ and 1 from \SystemWOW64\ had been warned that it was rootkit/malware.

Installed Unhackme, GMER, TDSS Killer, Bitdefender rescue disk. few scans didnt pick up anything other scans that did found files that couldnt be deleted or regenerate.

 

If a Malware expert could kindly spend some time reviewing my log would be much appreciated.

 

Since running ComboFix all rundll32.exe have stopped running.

 

Many thanks in advance.

 

ComboFix 13-03-17.01 - cypher 19/03/2013  15:39:34.1.4 - x64

Microsoft Windows 7 Enterprise   6.1.7600.0.1252.44.1033.18.4095.2574 [GMT 0:00]
Running from: c:\users\cypher\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\cypher\AppData\Roaming\inst.exe
c:\users\cypher\AppData\Roaming\vso_ts_preview.xml
c:\users\cypher\AppData\Roaming\Xbins
c:\users\cypher\AppData\Roaming\Xbins\dict
c:\users\cypher\AppData\Roaming\Xbins\FileZilla.xml
c:\users\cypher\AppData\Roaming\Xbins\icon.ico
c:\users\cypher\AppData\Roaming\Xbins\xbinsftp.exe
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
c:\windows\SysWow64\muzapp.exe
K:\install.exe
K:\setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-19 to 2013-03-19  )))))))))))))))))))))))))))))))
.
.
2013-03-19 15:52 . 2013-03-19 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-18 19:10 . 2013-03-18 19:10 -------- d-----w- c:\program files\CCleaner
2013-03-17 16:11 . 2013-03-17 16:11 40208 ----a-w- c:\windows\system32\Partizan.exe
2013-03-17 16:10 . 2013-03-19 15:56 -------- d-----w- c:\programdata\RegRun
2013-03-17 16:10 . 2013-03-17 16:10 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys
2013-03-17 16:10 . 2013-03-17 16:10 2 --shatr- c:\windows\winstart.bat
2013-03-17 16:10 . 2013-03-05 16:34 12800 ----a-w- c:\windows\SysWow64\drivers\UnHackMeDrv.sys
2013-03-17 16:10 . 2013-03-17 16:10 -------- d-----w- c:\program files (x86)\UnHackMe
2013-03-17 02:51 . 2013-03-17 02:51 29808 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-03-05 16:15 . 2013-03-05 16:15 -------- d-----w- c:\programdata\Steam
2013-02-21 18:09 . 2013-02-21 18:09 -------- d-----w- c:\program files (x86)\Winamp Detect
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-06 07:42 . 2013-02-06 07:42 203544 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-02-06 07:42 . 2013-02-06 07:42 102936 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-01-05 19:57 . 2013-01-05 19:57 338432 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2013-01-05 19:57 . 2013-01-05 19:57 406528 ----a-w- c:\windows\SysWow64\ReWire.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Freecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-02-25 1602984]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-04 3077528]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE" [2012-02-29 283232]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE" [2012-02-29 283232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\users\cypher\AppData\Local\Temp\HBCD\SuperAntiSpyware\SASDIFSV.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 cpuz134;cpuz134;c:\users\cypher\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-03-31 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 94808]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 102936]
R3 flashusb;flashusb;c:\windows\system32\DRIVERS\flashusb.sys [2011-12-08 19968]
R3 gwiopm;gwiopm;c:\users\cypher\AppData\Local\Temp\HBCD\gwiopm.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-05-28 197264]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-03-17 29808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 23152]
R3 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2012-11-02 97208]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-06-18 19952]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 203544]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2012-07-15 30720]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-01 1255736]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 ACT2_Service;Ashampoo Core Tuner 2 Service;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [x]
R4 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 XoftSpyService;XoftSpyService;c:\program files (x86)\Common Files\XoftSpySE\6\xoftspyservice.exe [2010-09-29 582424]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-10-19 74120]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-02 254528]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 27152]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-13 66040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-25 204288]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2012-10-06 1007288]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]
S2 SlickVPNSrvc;SlickVPN Service;c:\program files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\slickvpnsrvc.exe [2012-06-19 793359]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 94808]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2012-11-02 328976]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-03-31 82816]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:55]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-779625230-1885566165-912462535-1000Core.job
- c:\users\cypher\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-31 16:40]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-779625230-1885566165-912462535-1000UA.job
- c:\users\cypher\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-31 16:40]
.
2013-03-18 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-02-17 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-09-29 18:43]
.
2013-03-17 c:\windows\Tasks\XoftSpySE.job
- c:\program files (x86)\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\cypher\AppData\Roaming\Mozilla\Firefox\Profiles\v3p3g27s.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-69228221.sys
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
AddRemove-Darksiders II_is1 - h:\darksiders ii\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-779625230-1885566165-912462535-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s*0*2*#ç:3\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\UnHackMe\hackmon.exe
.
**************************************************************************
.
Completion time: 2013-03-19  16:09:56 - machine was rebooted
ComboFix-quarantined-files.txt  2013-03-19 16:09
.
Pre-Run: 6,926,589,952 bytes free
Post-Run: 7,065,460,736 bytes free
.
- - End Of File - - C2D071C4CC9B4333723EE93F686060C2

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 AM

Posted 21 March 2013 - 08:40 AM

Greetings cxxr and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

Please allow me some time to review your situation. Please do not run any programs or tools unless instructed to do so. Also, simp;y copy and paste the information in your reply rather than place it in quotes.

While I am doing that consider and perform the following, if you would please.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and let me know.
  • When you post your reply, do not use the StartNewTopic.gif button but use the AddReply.gif button instead.
  • In the upper right hand corner of the topic you will see the WatchTopic.gif button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Helping me Help You

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

===================================================

Additional Information
  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
  • If you are unsure about any of these characteristics just post what you can and I will guide you.
  • Explain as best you can what happens with your computer, i.e. it beeps three times, the the black screen starts then goes blank, etc
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
===================================================

Create DDS.txt and Attach.txt

I would like to see some information about what is happening in your machine. Please perform the following scan (again):
  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

DDS.com
DDS.pif

  • Double click on the icon and allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Please copy and paste the contents of both results in your post.
  • Close the program window, and delete the program from your desktop.
You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • DDS.txt
  • Attach.txt

Edited by Oh My, 21 March 2013 - 08:52 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 cxxr

cxxr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 21 March 2013 - 11:29 AM

Hi Gary,

 

Many thanks for spending the time helping me,

 

  • Windows OS 7 64bit

 

Here are the scan logs from DDS:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457
Run by cypher at 16:07:55 on 2013-03-21
Microsoft Windows 7 Enterprise   6.1.7600.0.1252.44.1033.18.4095.2551 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\slickvpnsrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE
C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Steam\steam.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
TB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX235"
uRun: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus SX235"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoDriveTypeAutoRun = dword:95
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{9951E3D5-6476-4D55-ABE0-DF1C6F2C69D7} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C9EE3E24-0A6F-4FBA-8675-15752B6D9F3B} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C9EE3E24-0A6F-4FBA-8675-15752B6D9F3B}\37869647379737 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{E7E85A9B-062A-4534-80E1-FA911A92673E} : DHCPNameServer = 10.1.3.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = about:blank
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\cypher\AppData\Roaming\Mozilla\Firefox\Profiles\v3p3g27s.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\cypher\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\cypher\AppData\Roaming\Mozilla\Firefox\Profiles\v3p3g27s.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll
FF - plugin: C:\Users\cypher\AppData\Roaming\Mozilla\Firefox\Profiles\v3p3g27s.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2012-10-19 74120]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-9 771096]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-11-9 339776]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-29 56208]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-4-2 254528]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 27152]
R1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2011-7-1 66040]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-5-25 204288]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-12-14 220856]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2012-12-14 1007288]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-12-14 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-12-14 177680]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 SlickVPNSrvc;SlickVPN Service;C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\slickvpnsrvc.exe [2013-1-18 793359]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-9 69672]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
R3 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-12-14 220856]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-9 309400]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-9 515528]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2012-11-2 328976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-3-30 114704]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-3-31 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 flashusb;flashusb;C:\Windows\System32\drivers\flashusb.sys [2012-1-7 19968]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-12-14 197264]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-3-17 29808]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-12 23152]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2012-11-2 97208]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-1-7 157672]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-2 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S4 ACT2_Service;Ashampoo Core Tuner 2 Service;C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe --> C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [?]
S4 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-12-14 220856]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-12 652872]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-19 201304]
S4 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-12-14 220856]
S4 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-12-14 220856]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S4 XoftSpyService;XoftSpyService;C:\Program Files (x86)\Common Files\XoftSpySE\6\xoftspyservice.exe [2010-9-29 582424]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-03-19 15:54:42 -------- d-----w- C:\$RECYCLE.BIN
2013-03-19 15:37:56 98816 ----a-w- C:\Windows\sed.exe
2013-03-19 15:37:56 256000 ----a-w- C:\Windows\PEV.exe
2013-03-19 15:37:56 208896 ----a-w- C:\Windows\MBR.exe
2013-03-19 15:30:18 -------- d-----w- C:\Users\cypher\AppData\Local\{E0376B62-6DBE-4787-96D4-36182750FE8C}
2013-03-18 20:11:09 -------- d-----w- C:\Users\cypher\AppData\Local\{00C626DD-21AD-4708-A7DC-DB1644F4866E}
2013-03-18 19:55:30 -------- d-----w- C:\Users\cypher\AppData\Local\{1AD9E3C7-2CF6-4352-82FF-B5CD0CF19311}
2013-03-18 19:24:16 -------- d-----w- C:\Users\cypher\AppData\Local\{584AB9E1-767B-49D4-A139-C0F736AB8C70}
2013-03-18 19:10:46 -------- d-----w- C:\Program Files\CCleaner
2013-03-18 18:59:48 -------- d-----w- C:\Users\cypher\AppData\Local\{DBCADC58-B532-4FA8-BCD1-18E066131F72}
2013-03-18 16:47:36 -------- d-----w- C:\Users\cypher\AppData\Local\{482B8647-DCAF-4889-BA05-4F61DD10F276}
2013-03-18 14:43:42 -------- d-----w- C:\Users\cypher\AppData\Local\{EA3F3ED5-7584-4380-BE35-057F423BFAB1}
2013-03-17 17:24:03 -------- d-----w- C:\Users\cypher\AppData\Local\{B1768411-7FA4-4AAD-8DF7-12645BC5384F}
2013-03-17 16:18:18 -------- d-----w- C:\Users\cypher\AppData\Local\{508FF412-7036-4A1B-AF9B-C35C999377A3}
2013-03-17 16:11:48 40208 ----a-w- C:\Windows\System32\Partizan.exe
2013-03-17 16:10:45 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2013-03-17 16:10:45 -------- d-----w- C:\ProgramData\RegRun
2013-03-17 16:10:41 2 --shatr- C:\Windows\winstart.bat
2013-03-17 16:10:36 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2013-03-17 16:10:31 -------- d-----w- C:\Program Files (x86)\UnHackMe
2013-03-17 15:57:55 -------- d-----w- C:\Users\cypher\AppData\Local\{EF68D5A4-32A7-4960-829C-A0F8DAAB131A}
2013-03-17 02:51:41 29808 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-03-16 18:08:21 -------- d-----w- C:\Users\cypher\AppData\Local\{CC196516-B143-47A9-A126-1F5755AC5943}
2013-03-15 11:23:57 -------- d-----w- C:\Users\cypher\AppData\Local\{7824ED6B-9ED3-4032-BC55-06BA128D8C68}
2013-03-14 15:48:09 -------- d-----w- C:\Users\cypher\AppData\Local\{DA4A63ED-97C9-4BAB-A88C-4A1C0A4767D7}
2013-03-13 17:21:28 -------- d-----w- C:\Users\cypher\AppData\Local\{5009C1A0-BD31-4EFF-9288-31BD5391CD99}
2013-03-12 14:13:06 -------- d-----w- C:\Users\cypher\AppData\Local\{09BC467F-DC5F-425F-A18F-0747F71177D1}
2013-03-11 15:58:44 -------- d-----w- C:\Users\cypher\AppData\Local\{4E61942C-92E6-429A-A614-739CC026A558}
2013-03-10 14:08:47 -------- d-----w- C:\Users\cypher\AppData\Local\{DAF75B56-3E30-43E8-995D-F552C9793BB7}
2013-03-09 11:29:14 -------- d-----w- C:\Users\cypher\AppData\Local\{B41AEE1F-BD93-4C22-9118-5601940DE19A}
2013-03-08 16:30:49 -------- d-----w- C:\Users\cypher\AppData\Local\{517E6353-C6F4-49B5-98DA-5401A18C40E4}
2013-03-07 17:07:39 -------- d-----w- C:\Users\cypher\AppData\Local\{6D840DF4-E5E6-400A-930C-812B1C76C82E}
2013-03-06 14:39:07 -------- d-----w- C:\Users\cypher\AppData\Local\{FE490DCE-0166-4C0F-BD34-5B1BCEC51C04}
2013-03-05 16:15:55 -------- d-----w- C:\ProgramData\Steam
2013-03-04 13:21:03 -------- d-----w- C:\Users\cypher\AppData\Local\{862E4907-5902-4096-8AEA-60C93056308F}
2013-03-03 12:35:02 -------- d-----w- C:\Users\cypher\AppData\Local\{AD0E89C5-C48F-4E01-9570-E004445DA1BE}
2013-03-02 12:01:45 -------- d-----w- C:\Users\cypher\AppData\Local\{59C0E1A5-253F-4296-BDC5-CE3A1FD366B5}
2013-03-01 13:09:09 -------- d-----w- C:\Users\cypher\AppData\Local\{FF62137C-CC4E-462E-A980-298B45774E8E}
2013-02-28 12:25:47 -------- d-----w- C:\Users\cypher\AppData\Local\{9BD96C02-A9B9-4E5A-8FB2-146C64507A78}
2013-02-27 12:17:19 -------- d-----w- C:\Users\cypher\AppData\Local\{4EF92FDC-037E-476A-9639-B2362FA26B8A}
2013-02-26 16:49:08 -------- d-----w- C:\Users\cypher\AppData\Local\{33102E53-4FFE-4593-9279-A5C408FE698F}
2013-02-25 16:33:33 -------- d-----w- C:\Users\cypher\AppData\Local\{F7BCD579-07EE-4718-AB3C-54FB88774D40}
2013-02-24 13:03:37 -------- d-----w- C:\Users\cypher\AppData\Local\{6B102465-BAE4-4317-9AD0-306B99ECFE94}
2013-02-23 17:53:41 -------- d-----w- C:\Users\cypher\AppData\Local\{72E971E7-811B-4511-9E4E-F44BDE38BF29}
2013-02-22 13:56:03 -------- d-----w- C:\Users\cypher\AppData\Local\{D438E38B-4BC3-484F-96C8-2035773250F1}
2013-02-21 18:09:36 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2013-02-21 16:24:15 -------- d-----w- C:\Users\cypher\AppData\Local\{FCF98855-DAB8-4006-BEB1-D9BC28CBD348}
2013-02-20 14:57:20 -------- d-----w- C:\Users\cypher\AppData\Local\{46B5D349-755A-4F3E-9F0E-61B2F394A534}
.
==================== Find3M  ====================
.
2013-02-06 07:42:10 203544 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-02-06 07:42:08 102936 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-01-05 19:57:41 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2013-01-05 19:57:19 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
.
============= FINISH: 16:09:04.11 ===============
 
Attach.txt :
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise 
Boot Device: \Device\HarddiskVolume2
Install Date: 30/03/2011 23:22:46
System Uptime: 21/03/2013 15:46:43 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5N-D
Processor: Intel® Core™2 Extreme CPU Q6850  @ 3.00GHz | Socket 775 | 3000/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 127 GiB total, 6.221 GiB free.
D: is FIXED (NTFS) - 1397 GiB total, 121.637 GiB free.
E: is FIXED (NTFS) - 20 GiB total, 14.372 GiB free.
F: is FIXED (NTFS) - 266 GiB total, 265.518 GiB free.
G: is FIXED (NTFS) - 1 GiB total, 1.323 GiB free.
H: is FIXED (NTFS) - 285 GiB total, 9.208 GiB free.
I: is CDROM ()
J: is CDROM ()
K: is FIXED (FAT32) - 466 GiB total, 54.592 GiB free.
L: is CDROM ()
N: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce Networking Controller
Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_82211043&REV_A3\3&2411E6FE&1&A0
Manufacturer: NVIDIA
Name: NVIDIA nForce 10/100/1000 Mbps Ethernet 
PNP Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_82211043&REV_A3\3&2411E6FE&1&A0
Service: NVNET
.
==== System Restore Points ===================
.
RP331: 19/03/2013 16:18:26 - RegRun Virus Scan
.
==== Installed Programs ======================
.
010 Editor 3.2.2
abgx360 v1.0.6
Ableton Live 8 Beta
Adobe AIR
Adobe Audition CS5.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin 64-bit
Adobe Help Manager
Adobe Media Player
Adobe Reader X (10.0.1)
Adobe Widget Browser
Aliens: Colonial Marines
AllDup 3.4.13
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
BitComet 1.34 64-bit
bl
Bonjour
Call of Duty: Black Ops II
Call of Duty: Black Ops II - Multiplayer
Call of Duty: Black Ops II - Zombies
Call of Duty: Modern Warfare 3 - Multiplayer
CCleaner
ConvertXtoDVD 4.0.10.324
Cool Edit Pro 2.1
Counter-Strike
Counter-Strike: Global Offensive
Counter-Strike: Global Offensive - SDK
Counter-Strike: Source
Counter-Strike: Source Beta
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Crystal Reports Basic for Visual Studio 2008
Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
D3DX10
DAEMON Tools Lite
Darksiders II
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Doom 3 BFG Edition
EasyBCD 2.0
EPSON SX235 Series Printer Uninstall
ffdshow x64 v1.1.3507 [2010-07-07]
FL Studio 10
FlashGet 1.9.6.1073
Freecorder 5
Freecorder Toolbar
GEAR driver installer for AMD64 and Intel EM64T
GOM Player
GOMTV Streamer
Google Chrome
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HyperSonic4
IL Download Manager
ImgBurn
iTunes
Java Auto Updater
Java™ 6 Update 24
Java™ SE Development Kit 6 Update 20
Magicka
Malwarebytes Anti-Malware version 1.60.0.1800
McAfee Online Backup
McAfee Total Protection
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Device Emulator (64 bit) version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft IntelliPoint 8.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Remote Debugger - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
mIRC
MixMeister Fusion 7.4.2
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Firefox 8.0 (x86 ja)
Mozilla Maintenance Service
MSVCRT
Mumble 1.2.3
My Game Long Name
NewsLeecher v4.0 Final
nLite 1.4.9.1
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
OpenAL
Pando Media Booster
ph
PHANTASY STAR ONLINE 2
PHANTASY STAR ONLINE 2 ??????????????
PunkBuster Services
QuickPar 0.9
QuickTime
Realtek High Definition Audio Driver
Reason 5.0
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
SAMSUNG USB Driver for Mobile Phones
SCHTHACK PSOBB
SCHTHACK PSOBB Compatibility Database
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office system 2007 (KB974234)
Shared C Run-time for x64
Skype Click to Call
Skype™ 5.10
SlickVPN v0.1.146 (g82b0e17)
StarCraft II
Steam
Streamripper (Remove only)
SUPER STREET FIGHTER IV: ARCADE EDITION
TeamSpeak 3 Client
The Cave © SEGA version 1
UnHackMe 5.99 release
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
VC Runtimes MSI
Ventrilo Client for Windows x64
VirtualDJ PRO Full
Visual Studio .NET Prerequisites - English
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 0.9.9
Vyzex MPD26
Winamp
Winamp Detector Plug-in
Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth  (03/16/2012 6.5.1.2600)
Windows Driver Package - Broadcom Corporation Bluetooth  (03/16/2012 6.5.1.2600)
Windows Driver Package - Broadcom HIDClass  (09/11/2009 6.3.0.1500)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR 4.00 (64-bit)
XoftSpySE
.
==== Event Viewer Messages From Past Week ========
.
21/03/2013 16:01:59, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
21/03/2013 15:49:12, Error: Service Control Manager [7034]  - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly.  It has done this 1 time(s).
21/03/2013 15:49:08, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SASDIFSV
21/03/2013 15:48:23, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
20/03/2013 23:13:01, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
20/03/2013 23:13:00, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
20/03/2013 23:13:00, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
20/03/2013 23:13:00, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
20/03/2013 23:13:00, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
20/03/2013 23:12:59, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
20/03/2013 23:12:53, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
20/03/2013 23:12:47, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache KLIM6 mfehidk MOBKFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
20/03/2013 23:12:47, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
20/03/2013 23:12:47, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
20/03/2013 23:12:47, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
20/03/2013 23:12:47, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
20/03/2013 23:12:47, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
20/03/2013 23:12:47, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
20/03/2013 23:12:47, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
20/03/2013 23:12:47, Error: Service Control Manager [7001]  - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:  A device attached to the system is not functioning.
20/03/2013 23:12:47, Error: Service Control Manager [7001]  - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error:  The dependency service or group failed to start.
20/03/2013 23:12:47, Error: Service Control Manager [7001]  - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
20/03/2013 23:12:47, Error: Service Control Manager [7001]  - The McAfee Anti-Malware Core service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
20/03/2013 23:12:47, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
20/03/2013 23:12:47, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
20/03/2013 23:12:47, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
20/03/2013 23:12:47, Error: Service Control Manager [7001]  - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error:  The dependency service or group failed to start.
20/03/2013 16:16:29, Error: Service Control Manager [7034]  - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly.  It has done this 2 time(s).
20/03/2013 01:42:50, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfecore service.
19/03/2013 21:45:17, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk3\DR4.
19/03/2013 16:24:37, Error: Service Control Manager [7034]  - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly.  It has done this 3 time(s).
19/03/2013 15:52:46, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
19/03/2013 15:47:43, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
19/03/2013 15:37:42, Error: Service Control Manager [7034]  - The SlickVPN Service service terminated unexpectedly.  It has done this 1 time(s).
19/03/2013 15:25:16, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
19/03/2013 15:25:16, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {C90134D2-4AE9-407A-919A-4A2EF09C6C51}
19/03/2013 15:25:14, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
19/03/2013 15:23:14, Error: Service Control Manager [7001]  - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
19/03/2013 15:23:14, Error: Service Control Manager [7001]  - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
18/03/2013 21:14:09, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
18/03/2013 19:48:33, Error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
18/03/2013 19:21:48, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
17/03/2013 17:27:36, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: 490@01010004
.
==== End Of File ===========================
 

Regards Richard.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 AM

Posted 21 March 2013 - 02:19 PM

Hi Richard,

It is my pleasure to help you. It appears you have taken a few proactive steps to attempt to deal with your issues. There are some things we need to address so we can get our efforts in sync. I will need you to provide some information and I will be providing you with some things to do/consider.

found files that couldnt be deleted or regenerate.

Does this mean you are aware of files that are still on your computer which other programs have identified but couldn't remove? If so, could you identify the files please.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running.

===================================================

Posting Previous TDSSKiller log

--------------------
  • Using Windows Explorer navigate to the root directory (normally c:\)
  • Locate the TDSSKiller log which will be named similar to:

TDSSKiller_version_date_time_log.txt

  • Copy and paste the contents of that document in your reply
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • TDSSKiller log
  • AdwCleaner log
  • Junkware log
  • Files that can't be deleted?
  • Please describe any issues/symptoms you are currently experiencing

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 cxxr

cxxr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 22 March 2013 - 11:56 AM

Hello Gary,

 

I do only have one antivirus program installed .. MacAfee Anti Virus / Firewall with Malware Bytes.

 

Following TDSS Scan before use of ComboFix :

 

 

19:29:11.0209 1036  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:29:11.0236 1036  ============================================================
19:29:11.0236 1036  Current date / time: 2013/03/18 19:29:11.0236
19:29:11.0236 1036  SystemInfo:
19:29:11.0236 1036  
19:29:11.0236 1036  OS Version: 6.1.7600 ServicePack: 0.0
19:29:11.0236 1036  Product type: Workstation
19:29:11.0236 1036  ComputerName: CYPHER-PC
19:29:11.0236 1036  UserName: cypher
19:29:11.0236 1036  Windows directory: C:\Windows
19:29:11.0236 1036  System windows directory: C:\Windows
19:29:11.0236 1036  Running under WOW64
19:29:11.0236 1036  Processor architecture: Intel x64
19:29:11.0236 1036  Number of processors: 4
19:29:11.0236 1036  Page size: 0x1000
19:29:11.0236 1036  Boot type: Normal boot
19:29:11.0236 1036  ============================================================
19:29:12.0167 1036  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:29:12.0172 1036  Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x17A85, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:29:12.0176 1036  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:29:12.0178 1036  Drive \Device\Harddisk3\DR3 - Size: 0x3A9440000 (14.64 Gb), SectorSize: 0x200, Cylinders: 0x777, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:29:12.0180 1036  ============================================================
19:29:12.0180 1036  \Device\Harddisk0\DR0:
19:29:12.0181 1036  MBR partitions:
19:29:12.0181 1036  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
19:29:12.0181 1036  \Device\Harddisk1\DR1:
19:29:12.0181 1036  MBR partitions:
19:29:12.0181 1036  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFD0B800
19:29:12.0181 1036  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xFD0C000, BlocksNum 0x2EE000
19:29:12.0181 1036  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0xFFFA000, BlocksNum 0x23AC7800
19:29:12.0193 1036  \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x33AC203F, BlocksNum 0x272A501
19:29:12.0205 1036  \Device\Harddisk1\DR1\Partition5: MBR, Type 0x7, StartLBA 0x361F0000, BlocksNum 0x21355000
19:29:12.0205 1036  \Device\Harddisk2\DR2:
19:29:12.0205 1036  MBR partitions:
19:29:12.0205 1036  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A380D41
19:29:12.0205 1036  \Device\Harddisk3\DR3:
19:29:12.0206 1036  MBR partitions:
19:29:12.0206 1036  \Device\Harddisk3\DR3\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1D48280
19:29:12.0206 1036  ============================================================
19:29:12.0244 1036  C: <-> \Device\Harddisk1\DR1\Partition1
19:29:12.0253 1036  D: <-> \Device\Harddisk0\DR0\Partition1
19:29:12.0284 1036  E: <-> \Device\Harddisk1\DR1\Partition4
19:29:12.0398 1036  F: <-> \Device\Harddisk1\DR1\Partition5
19:29:12.0417 1036  G: <-> \Device\Harddisk1\DR1\Partition2
19:29:12.0467 1036  H: <-> \Device\Harddisk1\DR1\Partition3
19:29:12.0468 1036  K: <-> \Device\Harddisk2\DR2\Partition1
19:29:12.0468 1036  ============================================================
19:29:12.0468 1036  Initialize success
19:29:12.0468 1036  ============================================================
19:29:15.0963 9212  ============================================================
19:29:15.0963 9212  Scan started
19:29:15.0963 9212  Mode: Manual; 
19:29:15.0963 9212  ============================================================
19:29:18.0350 9212  ================ Scan system memory ========================
19:29:18.0350 9212  System memory - ok
19:29:18.0350 9212  ================ Scan services =============================
19:29:18.0483 9212  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:29:18.0485 9212  1394ohci - ok
19:29:18.0528 9212  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
19:29:18.0531 9212  ACPI - ok
19:29:18.0544 9212  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
19:29:18.0545 9212  AcpiPmi - ok
19:29:18.0585 9212  ACT2_Service - ok
19:29:18.0789 9212  [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:29:18.0790 9212  AdobeFlashPlayerUpdateSvc - ok
19:29:18.0817 9212  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:29:18.0823 9212  adp94xx - ok
19:29:18.0861 9212  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:29:18.0865 9212  adpahci - ok
19:29:18.0880 9212  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:29:18.0883 9212  adpu320 - ok
19:29:18.0924 9212  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:29:18.0928 9212  AeLookupSvc - ok
19:29:19.0041 9212  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
19:29:19.0043 9212  AFD - ok
19:29:19.0076 9212  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
19:29:19.0077 9212  agp440 - ok
19:29:19.0088 9212  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:29:19.0090 9212  ALG - ok
19:29:19.0113 9212  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
19:29:19.0114 9212  aliide - ok
19:29:19.0166 9212  [ 514089CB4A7DF38DC4DD936ADE4114D3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:29:19.0168 9212  AMD External Events Utility - ok
19:29:19.0177 9212  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
19:29:19.0178 9212  amdide - ok
19:29:19.0190 9212  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:29:19.0192 9212  AmdK8 - ok
19:29:19.0927 9212  [ 9A4B92150A5E259A7159D914CC3A60D7 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:29:20.0098 9212  amdkmdag - ok
19:29:20.0116 9212  [ 9DEB889D152F9C9DBA98BE8986084535 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:29:20.0119 9212  amdkmdap - ok
19:29:20.0142 9212  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:29:20.0143 9212  AmdPPM - ok
19:29:20.0166 9212  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
19:29:20.0168 9212  amdsata - ok
19:29:20.0182 9212  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:29:20.0184 9212  amdsbs - ok
19:29:20.0195 9212  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
19:29:20.0195 9212  amdxata - ok
19:29:20.0225 9212  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
19:29:20.0227 9212  AppID - ok
19:29:20.0247 9212  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:29:20.0248 9212  AppIDSvc - ok
19:29:20.0262 9212  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
19:29:20.0263 9212  Appinfo - ok
19:29:20.0343 9212  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:29:20.0344 9212  Apple Mobile Device - ok
19:29:20.0363 9212  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:29:20.0365 9212  AppMgmt - ok
19:29:20.0387 9212  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:29:20.0388 9212  arc - ok
19:29:20.0407 9212  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:29:20.0409 9212  arcsas - ok
19:29:20.0522 9212  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:29:20.0533 9212  aspnet_state - ok
19:29:20.0559 9212  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:29:20.0560 9212  AsyncMac - ok
19:29:20.0581 9212  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
19:29:20.0582 9212  atapi - ok
19:29:20.0664 9212  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:29:20.0694 9212  athr - ok
19:29:20.0760 9212  [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:29:20.0762 9212  AtiHDAudioService - ok
19:29:20.0796 9212  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:29:20.0803 9212  AudioEndpointBuilder - ok
19:29:20.0813 9212  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:29:20.0816 9212  AudioSrv - ok
19:29:20.0847 9212  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:29:20.0849 9212  AxInstSV - ok
19:29:20.0889 9212  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:29:20.0894 9212  b06bdrv - ok
19:29:20.0930 9212  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:29:20.0933 9212  b57nd60a - ok
19:29:20.0946 9212  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:29:20.0948 9212  BDESVC - ok
19:29:20.0966 9212  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:29:20.0966 9212  Beep - ok
19:29:21.0001 9212  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
19:29:21.0019 9212  BFE - ok
19:29:21.0096 9212  BITCOMET_HELPER_SERVICE - ok
19:29:21.0189 9212  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
19:29:21.0215 9212  BITS - ok
19:29:21.0239 9212  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:29:21.0239 9212  blbdrive - ok
19:29:21.0287 9212  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:29:21.0289 9212  Bonjour Service - ok
19:29:21.0315 9212  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:29:21.0316 9212  bowser - ok
19:29:21.0333 9212  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:29:21.0334 9212  BrFiltLo - ok
19:29:21.0347 9212  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:29:21.0348 9212  BrFiltUp - ok
19:29:21.0370 9212  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
19:29:21.0373 9212  Browser - ok
19:29:21.0389 9212  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:29:21.0393 9212  Brserid - ok
19:29:21.0408 9212  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:29:21.0410 9212  BrSerWdm - ok
19:29:21.0419 9212  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:29:21.0420 9212  BrUsbMdm - ok
19:29:21.0428 9212  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:29:21.0429 9212  BrUsbSer - ok
19:29:21.0466 9212  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
19:29:21.0467 9212  BthEnum - ok
19:29:21.0482 9212  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:29:21.0483 9212  BTHMODEM - ok
19:29:21.0508 9212  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:29:21.0510 9212  BthPan - ok
19:29:21.0559 9212  [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
19:29:21.0565 9212  BTHPORT - ok
19:29:21.0595 9212  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:29:21.0597 9212  bthserv - ok
19:29:21.0613 9212  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
19:29:21.0614 9212  BTHUSB - ok
19:29:21.0635 9212  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:29:21.0635 9212  cdfs - ok
19:29:21.0687 9212  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:29:21.0688 9212  cdrom - ok
19:29:21.0730 9212  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:29:21.0732 9212  CertPropSvc - ok
19:29:21.0773 9212  [ DF8D07059E7237E0BE9C1421EF5F9482 ] cfwids          C:\Windows\system32\drivers\cfwids.sys
19:29:21.0774 9212  cfwids - ok
19:29:21.0788 9212  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:29:21.0789 9212  circlass - ok
19:29:21.0816 9212  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:29:21.0820 9212  CLFS - ok
19:29:21.0914 9212  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:29:21.0930 9212  clr_optimization_v2.0.50727_32 - ok
19:29:21.0962 9212  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:29:21.0964 9212  clr_optimization_v2.0.50727_64 - ok
19:29:22.0026 9212  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:29:22.0081 9212  clr_optimization_v4.0.30319_32 - ok
19:29:22.0103 9212  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:29:22.0124 9212  clr_optimization_v4.0.30319_64 - ok
19:29:22.0164 9212  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:29:22.0165 9212  CmBatt - ok
19:29:22.0174 9212  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
19:29:22.0175 9212  cmdide - ok
19:29:22.0198 9212  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:29:22.0202 9212  CNG - ok
19:29:22.0223 9212  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:29:22.0224 9212  Compbatt - ok
19:29:22.0237 9212  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:29:22.0237 9212  CompositeBus - ok
19:29:22.0251 9212  COMSysApp - ok
19:29:22.0351 9212  cpuz134 - ok
19:29:22.0365 9212  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:29:22.0366 9212  crcdisk - ok
19:29:22.0414 9212  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
19:29:22.0415 9212  Creative Audio Engine Licensing Service - ok
19:29:22.0455 9212  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:29:22.0458 9212  CryptSvc - ok
19:29:22.0479 9212  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\Windows\system32\drivers\csc.sys
19:29:22.0482 9212  CSC - ok
19:29:22.0568 9212  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
19:29:22.0585 9212  CscService - ok
19:29:22.0607 9212  [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT         C:\Windows\system32\drivers\CT20XUT.SYS
19:29:22.0608 9212  CT20XUT - ok
19:29:22.0626 9212  [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT.SYS     C:\Windows\System32\drivers\CT20XUT.SYS
19:29:22.0628 9212  CT20XUT.SYS - ok
19:29:22.0658 9212  [ EB3843A91A10150C9E05607CBCB44090 ] ctac32k         C:\Windows\system32\drivers\ctac32k.sys
19:29:22.0661 9212  ctac32k - ok
19:29:22.0681 9212  [ BC06EFB59A2316537765462DFE40F764 ] ctaud2k         C:\Windows\system32\drivers\ctaud2k.sys
19:29:22.0684 9212  ctaud2k - ok
19:29:22.0742 9212  [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
19:29:22.0746 9212  CTAudSvcService - ok
19:29:22.0780 9212  [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX        C:\Windows\system32\drivers\CTEXFIFX.SYS
19:29:22.0787 9212  CTEXFIFX - ok
19:29:22.0848 9212  [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX.SYS    C:\Windows\System32\drivers\CTEXFIFX.SYS
19:29:22.0855 9212  CTEXFIFX.SYS - ok
19:29:22.0884 9212  [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT         C:\Windows\system32\drivers\CTHWIUT.SYS
19:29:22.0885 9212  CTHWIUT - ok
19:29:22.0891 9212  [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT.SYS     C:\Windows\System32\drivers\CTHWIUT.SYS
19:29:22.0892 9212  CTHWIUT.SYS - ok
19:29:22.0911 9212  [ EBC9548EF5838CB5AA8F18B3AC28AF12 ] ctprxy2k        C:\Windows\system32\drivers\ctprxy2k.sys
19:29:22.0912 9212  ctprxy2k - ok
19:29:22.0920 9212  [ 459BEE1682121842285C162E2D98D81A ] ctsfm2k         C:\Windows\system32\drivers\ctsfm2k.sys
19:29:22.0922 9212  ctsfm2k - ok
19:29:22.0963 9212  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:29:22.0988 9212  DcomLaunch - ok
19:29:23.0021 9212  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:29:23.0025 9212  defragsvc - ok
19:29:23.0046 9212  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:29:23.0047 9212  DfsC - ok
19:29:23.0079 9212  [ 41AC348DBD378F618CB4FDEE54270692 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
19:29:23.0081 9212  dg_ssudbus - ok
19:29:23.0104 9212  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:29:23.0108 9212  Dhcp - ok
19:29:23.0130 9212  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:29:23.0131 9212  discache - ok
19:29:23.0156 9212  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:29:23.0157 9212  Disk - ok
19:29:23.0195 9212  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:29:23.0208 9212  Dnscache - ok
19:29:23.0232 9212  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
19:29:23.0236 9212  dot3svc - ok
19:29:23.0248 9212  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
19:29:23.0250 9212  DPS - ok
19:29:23.0273 9212  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:29:23.0274 9212  drmkaud - ok
19:29:23.0314 9212  [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:29:23.0315 9212  dtsoftbus01 - ok
19:29:23.0353 9212  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:29:23.0358 9212  DXGKrnl - ok
19:29:23.0379 9212  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
19:29:23.0381 9212  E1G60 - ok
19:29:23.0411 9212  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:29:23.0413 9212  EapHost - ok
19:29:23.0480 9212  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:29:23.0540 9212  ebdrv - ok
19:29:23.0557 9212  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
19:29:23.0559 9212  EFS - ok
19:29:23.0596 9212  [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:29:23.0604 9212  ehRecvr - ok
19:29:23.0622 9212  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:29:23.0624 9212  ehSched - ok
19:29:23.0664 9212  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:29:23.0670 9212  elxstor - ok
19:29:23.0716 9212  [ C26133B6165928FBD156C6FE570F9ED2 ] emupia          C:\Windows\system32\drivers\emupia2k.sys
19:29:23.0717 9212  emupia - ok
19:29:23.0739 9212  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
19:29:23.0749 9212  ErrDev - ok
19:29:23.0770 9212  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:29:23.0774 9212  EventSystem - ok
19:29:23.0804 9212  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:29:23.0813 9212  exfat - ok
19:29:23.0830 9212  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:29:23.0831 9212  fastfat - ok
19:29:23.0864 9212  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
19:29:23.0872 9212  Fax - ok
19:29:23.0931 9212  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:29:23.0932 9212  fdc - ok
19:29:23.0942 9212  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:29:23.0943 9212  fdPHost - ok
19:29:23.0954 9212  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:29:23.0955 9212  FDResPub - ok
19:29:23.0964 9212  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:29:23.0965 9212  FileInfo - ok
19:29:23.0981 9212  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:29:23.0982 9212  Filetrace - ok
19:29:24.0012 9212  [ CD46F1AD4B1E758A81AED784899648BC ] flashusb        C:\Windows\system32\DRIVERS\flashusb.sys
19:29:24.0013 9212  flashusb - ok
19:29:24.0026 9212  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:29:24.0027 9212  flpydisk - ok
19:29:24.0047 9212  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:29:24.0050 9212  FltMgr - ok
19:29:24.0087 9212  [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache       C:\Windows\system32\FntCache.dll
19:29:24.0113 9212  FontCache - ok
19:29:24.0181 9212  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:29:24.0182 9212  FontCache3.0.0.0 - ok
19:29:24.0268 9212  [ E190951C5D5670D33EE7A5B7CCB08D7E ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
19:29:24.0271 9212  ForceWare Intelligent Application Manager (IAM) - ok
19:29:24.0293 9212  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:29:24.0306 9212  FsDepends - ok
19:29:24.0328 9212  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:29:24.0328 9212  Fs_Rec - ok
19:29:24.0348 9212  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:29:24.0349 9212  fvevol - ok
19:29:24.0366 9212  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:29:24.0367 9212  gagp30kx - ok
19:29:24.0400 9212  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:29:24.0401 9212  GEARAspiWDM - ok
19:29:24.0440 9212  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
19:29:24.0467 9212  gpsvc - ok
19:29:24.0617 9212  gwiopm - ok
19:29:24.0667 9212  [ A3F010D5DBFB589A3B3288C05C2EA3F9 ] ha20x2k         C:\Windows\system32\drivers\ha20x2k.sys
19:29:24.0675 9212  ha20x2k - ok
19:29:24.0721 9212  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:29:24.0729 9212  hcw85cir - ok
19:29:24.0765 9212  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:29:24.0769 9212  HdAudAddService - ok
19:29:24.0788 9212  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:29:24.0789 9212  HDAudBus - ok
19:29:24.0808 9212  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:29:24.0819 9212  HidBatt - ok
19:29:24.0840 9212  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:29:24.0841 9212  HidBth - ok
19:29:24.0858 9212  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:29:24.0859 9212  HidIr - ok
19:29:24.0896 9212  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:29:24.0910 9212  hidserv - ok
19:29:24.0946 9212  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:29:24.0947 9212  HidUsb - ok
19:29:24.0997 9212  [ 852681A14AFEE00C0C3179429A08C868 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
19:29:25.0000 9212  HipShieldK - ok
19:29:25.0022 9212  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:29:25.0024 9212  hkmsvc - ok
19:29:25.0040 9212  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:29:25.0043 9212  HomeGroupListener - ok
19:29:25.0071 9212  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:29:25.0074 9212  HomeGroupProvider - ok
19:29:25.0173 9212  [ 389BC447DF363450A78845D35DBA0047 ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
19:29:25.0175 9212  HomeNetSvc - ok
19:29:25.0197 9212  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
19:29:25.0199 9212  HpSAMD - ok
19:29:25.0235 9212  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:29:25.0239 9212  HTTP - ok
19:29:25.0253 9212  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:29:25.0254 9212  hwpolicy - ok
19:29:25.0279 9212  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:29:25.0280 9212  i8042prt - ok
19:29:25.0315 9212  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
19:29:25.0320 9212  iaStorV - ok
19:29:25.0401 9212  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:29:25.0403 9212  IDriverT - ok
19:29:25.0574 9212  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:29:25.0600 9212  idsvc - ok
19:29:25.0623 9212  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:29:25.0624 9212  iirsp - ok
19:29:25.0663 9212  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
19:29:25.0672 9212  IKEEXT - ok
19:29:25.0908 9212  [ 9297BC7FB61F58670EE176DD18F4DD92 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:29:25.0921 9212  IntcAzAudAddService - ok
19:29:25.0946 9212  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
19:29:25.0952 9212  intelide - ok
19:29:25.0968 9212  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:29:25.0968 9212  intelppm - ok
19:29:25.0998 9212  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:29:26.0000 9212  IPBusEnum - ok
19:29:26.0010 9212  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:29:26.0012 9212  IpFilterDriver - ok
19:29:26.0039 9212  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:29:26.0045 9212  iphlpsvc - ok
19:29:26.0055 9212  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:29:26.0057 9212  IPMIDRV - ok
19:29:26.0067 9212  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:29:26.0069 9212  IPNAT - ok
19:29:26.0108 9212  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:29:26.0122 9212  iPod Service - ok
19:29:26.0136 9212  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:29:26.0137 9212  IRENUM - ok
19:29:26.0143 9212  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
19:29:26.0145 9212  isapnp - ok
19:29:26.0170 9212  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:29:26.0173 9212  iScsiPrt - ok
19:29:26.0189 9212  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:29:26.0189 9212  kbdclass - ok
19:29:26.0210 9212  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:29:26.0212 9212  kbdhid - ok
19:29:26.0231 9212  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
19:29:26.0232 9212  KeyIso - ok
19:29:26.0269 9212  [ 630F22545379437737CF4172F09FE449 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
19:29:26.0270 9212  KLIM6 - ok
19:29:26.0307 9212  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:29:26.0308 9212  KSecDD - ok
19:29:26.0319 9212  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:29:26.0321 9212  KSecPkg - ok
19:29:26.0331 9212  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:29:26.0332 9212  ksthunk - ok
19:29:26.0355 9212  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:29:26.0360 9212  KtmRm - ok
19:29:26.0384 9212  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:29:26.0388 9212  LanmanServer - ok
19:29:26.0411 9212  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:29:26.0413 9212  LanmanWorkstation - ok
19:29:26.0443 9212  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:29:26.0444 9212  lltdio - ok
19:29:26.0462 9212  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:29:26.0466 9212  lltdsvc - ok
19:29:26.0475 9212  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:29:26.0477 9212  lmhosts - ok
19:29:26.0495 9212  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:29:26.0496 9212  LSI_FC - ok
19:29:26.0509 9212  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:29:26.0511 9212  LSI_SAS - ok
19:29:26.0527 9212  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:29:26.0529 9212  LSI_SAS2 - ok
19:29:26.0542 9212  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:29:26.0544 9212  LSI_SCSI - ok
19:29:26.0562 9212  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:29:26.0563 9212  luafv - ok
19:29:26.0615 9212  [ 51914228D4B9610FBA24F249C0FDD871 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
19:29:26.0616 9212  mbamchameleon - ok
19:29:26.0671 9212  [ 79DA94B35371B9E7104460C7693DCB2C ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:29:26.0671 9212  MBAMProtector - ok
19:29:26.0780 9212  [ DE199F3AA9C541A349AF95A5C72A71AF ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:29:26.0783 9212  MBAMService - ok
19:29:26.0821 9212  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:29:26.0824 9212  McAfee SiteAdvisor Service - ok
19:29:26.0839 9212  [ 389BC447DF363450A78845D35DBA0047 ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
19:29:26.0840 9212  McMPFSvc - ok
19:29:26.0854 9212  [ 389BC447DF363450A78845D35DBA0047 ] McNaiAnn        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
19:29:26.0855 9212  McNaiAnn - ok
19:29:26.0950 9212  [ 93432FAEA699F7A2B4F4AC5949D0B6AB ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
19:29:26.0952 9212  McODS - ok
19:29:26.0962 9212  [ 389BC447DF363450A78845D35DBA0047 ] mcpltsvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
19:29:26.0963 9212  mcpltsvc - ok
19:29:26.0985 9212  [ 389BC447DF363450A78845D35DBA0047 ] McProxy         C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
19:29:26.0986 9212  McProxy - ok
19:29:27.0007 9212  [ D0885CA52ACD97E0C93A565BDD2270D9 ] McPvDrv         C:\Windows\system32\drivers\McPvDrv.sys
19:29:27.0008 9212  McPvDrv - ok
19:29:27.0028 9212  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:29:27.0030 9212  Mcx2Svc - ok
19:29:27.0048 9212  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:29:27.0050 9212  megasas - ok
19:29:27.0063 9212  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:29:27.0067 9212  MegaSR - ok
19:29:27.0104 9212  [ 2D53234C24B0103FDE0BE06782AA6F80 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
19:29:27.0105 9212  mfeapfk - ok
19:29:27.0122 9212  [ C0EAF4F2367C44157E1DE4817238FEC2 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
19:29:27.0123 9212  mfeavfk - ok
19:29:27.0154 9212  mfeavfk01 - ok
19:29:27.0248 9212  [ 38D1F23EE031B615A8CA51DD1E523579 ] mfecore         C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
19:29:27.0274 9212  mfecore - ok
19:29:27.0307 9212  [ 05248F2E6E1AFA6972D058C36199DEB7 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:29:27.0310 9212  mfefire - ok
19:29:27.0331 9212  [ 6856931F9F5B757E9D09369CC35096B9 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
19:29:27.0334 9212  mfefirek - ok
19:29:27.0369 9212  [ 62E4C929A4DB48616B1B90143B48C948 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
19:29:27.0377 9212  mfehidk - ok
19:29:27.0411 9212  [ 9C9FC3770BD600B2D761D666234C244D ] mfencbdc        C:\Windows\system32\DRIVERS\mfencbdc.sys
19:29:27.0413 9212  mfencbdc - ok
19:29:27.0422 9212  [ 93241CC8509B622B47EEA1B8505CF511 ] mfencrk         C:\Windows\system32\DRIVERS\mfencrk.sys
19:29:27.0424 9212  mfencrk - ok
19:29:27.0457 9212  [ DC5483CAD90D95D65B618E35C66E28DF ] mfevtp          C:\Windows\system32\mfevtps.exe
19:29:27.0459 9212  mfevtp - ok
19:29:27.0484 9212  [ E18162EA85F1531964F8222CC9E25E26 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
19:29:27.0486 9212  mfewfpk - ok
19:29:27.0519 9212  Microsoft SharePoint Workspace Audit Service - ok
19:29:27.0547 9212  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:29:27.0549 9212  MMCSS - ok
19:29:27.0589 9212  [ 8CC001C65C31633171991FA72A551D43 ] MOBKbackup      C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
19:29:27.0592 9212  MOBKbackup - ok
19:29:27.0605 9212  [ 3800C23D0D90C59AAFCDEFDC82B5C4AF ] MOBKFilter      C:\Windows\system32\DRIVERS\MOBK.sys
19:29:27.0606 9212  MOBKFilter - ok
19:29:27.0624 9212  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:29:27.0625 9212  Modem - ok
19:29:27.0648 9212  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:29:27.0648 9212  monitor - ok
19:29:27.0668 9212  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:29:27.0669 9212  mouclass - ok
19:29:27.0690 9212  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:29:27.0690 9212  mouhid - ok
19:29:27.0704 9212  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:29:27.0706 9212  mountmgr - ok
19:29:27.0748 9212  [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:29:27.0750 9212  MozillaMaintenance - ok
19:29:27.0765 9212  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
19:29:27.0767 9212  mpio - ok
19:29:27.0781 9212  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:29:27.0782 9212  mpsdrv - ok
19:29:27.0832 9212  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:29:27.0841 9212  MpsSvc - ok
19:29:27.0854 9212  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:29:27.0856 9212  MRxDAV - ok
19:29:27.0909 9212  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:29:27.0910 9212  mrxsmb - ok
19:29:27.0934 9212  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:29:27.0936 9212  mrxsmb10 - ok
19:29:27.0958 9212  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:29:27.0959 9212  mrxsmb20 - ok
19:29:27.0974 9212  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
19:29:27.0985 9212  msahci - ok
19:29:27.0996 9212  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
19:29:27.0998 9212  msdsm - ok
19:29:28.0007 9212  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:29:28.0010 9212  MSDTC - ok
19:29:28.0025 9212  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:29:28.0025 9212  Msfs - ok
19:29:28.0037 9212  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:29:28.0045 9212  mshidkmdf - ok
19:29:28.0067 9212  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
19:29:28.0067 9212  msisadrv - ok
19:29:28.0114 9212  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:29:28.0116 9212  MSiSCSI - ok
19:29:28.0120 9212  msiserver - ok
19:29:28.0171 9212  [ 389BC447DF363450A78845D35DBA0047 ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
19:29:28.0173 9212  MSK80Service - ok
19:29:28.0193 9212  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:29:28.0194 9212  MSKSSRV - ok
19:29:28.0204 9212  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:29:28.0205 9212  MSPCLOCK - ok
19:29:28.0217 9212  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:29:28.0218 9212  MSPQM - ok
19:29:28.0236 9212  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:29:28.0240 9212  MsRPC - ok
19:29:28.0255 9212  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:29:28.0256 9212  mssmbios - ok
19:29:28.0317 9212  MSSQL$SQLEXPRESS - ok
19:29:28.0375 9212  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
19:29:28.0382 9212  MSSQLServerADHelper - ok
19:29:28.0425 9212  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:29:28.0432 9212  MSTEE - ok
19:29:28.0666 9212  [ 0F4DD44765A7D23E0CD9965EE900558F ] msvsmon90       C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
19:29:28.0760 9212  msvsmon90 - ok
19:29:28.0775 9212  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:29:28.0788 9212  MTConfig - ok
19:29:28.0833 9212  [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
19:29:28.0834 9212  MTsensor - ok
19:29:28.0862 9212  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:29:28.0863 9212  Mup - ok
19:29:28.0889 9212  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
19:29:28.0903 9212  napagent - ok
19:29:28.0955 9212  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:29:28.0956 9212  NativeWifiP - ok
19:29:28.0994 9212  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:29:29.0003 9212  NDIS - ok
19:29:29.0019 9212  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:29:29.0020 9212  NdisCap - ok
19:29:29.0042 9212  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:29:29.0043 9212  NdisTapi - ok
19:29:29.0065 9212  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:29:29.0066 9212  Ndisuio - ok
19:29:29.0079 9212  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:29:29.0080 9212  NdisWan - ok
19:29:29.0089 9212  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:29:29.0089 9212  NDProxy - ok
19:29:29.0104 9212  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:29:29.0105 9212  NetBIOS - ok
19:29:29.0125 9212  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:29:29.0127 9212  NetBT - ok
19:29:29.0138 9212  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
19:29:29.0139 9212  Netlogon - ok
19:29:29.0185 9212  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:29:29.0190 9212  Netman - ok
19:29:29.0249 9212  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:29:29.0267 9212  NetMsmqActivator - ok
19:29:29.0284 9212  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:29:29.0285 9212  NetPipeActivator - ok
19:29:29.0308 9212  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:29:29.0313 9212  netprofm - ok
19:29:29.0340 9212  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:29:29.0341 9212  NetTcpActivator - ok
19:29:29.0345 9212  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:29:29.0346 9212  NetTcpPortSharing - ok
19:29:29.0376 9212  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:29:29.0377 9212  nfrd960 - ok
19:29:29.0401 9212  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:29:29.0406 9212  NlaSvc - ok
19:29:29.0412 9212  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:29:29.0413 9212  Npfs - ok
19:29:29.0426 9212  npggsvc - ok
19:29:29.0443 9212  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:29:29.0445 9212  nsi - ok
19:29:29.0457 9212  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:29:29.0458 9212  nsiproxy - ok
19:29:29.0560 9212  [ C7252B28453297329755CD83208CAABB ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
19:29:29.0561 9212  nSvcIp - ok
19:29:29.0674 9212  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:29:29.0708 9212  Ntfs - ok
19:29:29.0718 9212  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:29:29.0719 9212  Null - ok
19:29:29.0756 9212  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
19:29:29.0761 9212  NVENETFD - ok
19:29:29.0773 9212  NVHDA - ok
19:29:30.0494 9212  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:29:30.0563 9212  nvlddmkm - ok
19:29:30.0595 9212  [ 0AA2A6AAE14BDF0BEA29056EE759B200 ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
19:29:30.0599 9212  NVNET - ok
19:29:30.0646 9212  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
19:29:30.0648 9212  nvraid - ok
19:29:30.0657 9212  [ 5266D03C0628FAE9C35F40EEC078FC88 ] nvrd64          C:\Windows\system32\DRIVERS\nvrd64.sys
19:29:30.0659 9212  nvrd64 - ok
19:29:30.0666 9212  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
19:29:30.0668 9212  nvstor - ok
19:29:30.0696 9212  [ 662A129CEBB4C0B01F95612A7F6DCC9A ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
19:29:30.0697 9212  nvstor64 - ok
19:29:30.0727 9212  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
19:29:30.0729 9212  nv_agp - ok
19:29:30.0744 9212  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:29:30.0746 9212  ohci1394 - ok
19:29:30.0782 9212  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:29:30.0784 9212  ose - ok
19:29:30.0840 9212  [ 4965B005492CBA7719E82B71E3245495 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:29:30.0843 9212  ose64 - ok
19:29:31.0052 9212  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:29:31.0137 9212  osppsvc - ok
19:29:31.0163 9212  [ 0E2DE427EBE106E7E5B52869D5C99F68 ] ossrv           C:\Windows\system32\drivers\ctoss2k.sys
19:29:31.0164 9212  ossrv - ok
19:29:31.0196 9212  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:29:31.0200 9212  p2pimsvc - ok
19:29:31.0217 9212  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:29:31.0223 9212  p2psvc - ok
19:29:31.0256 9212  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:29:31.0257 9212  Parport - ok
19:29:31.0280 9212  Partizan - ok
19:29:31.0302 9212  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:29:31.0304 9212  partmgr - ok
19:29:31.0315 9212  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:29:31.0318 9212  PcaSvc - ok
19:29:31.0327 9212  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
19:29:31.0329 9212  pci - ok
19:29:31.0338 9212  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
19:29:31.0339 9212  pciide - ok
19:29:31.0356 9212  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:29:31.0359 9212  pcmcia - ok
19:29:31.0385 9212  [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin        C:\Windows\system32\Drivers\pcouffin.sys
19:29:31.0386 9212  pcouffin - ok
19:29:31.0397 9212  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:29:31.0397 9212  pcw - ok
19:29:31.0513 9212  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:29:31.0516 9212  PEAUTH - ok
19:29:31.0583 9212  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:29:31.0609 9212  PeerDistSvc - ok
19:29:31.0695 9212  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:29:31.0696 9212  PerfHost - ok
19:29:31.0737 9212  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
19:29:31.0763 9212  pla - ok
19:29:31.0802 9212  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:29:31.0808 9212  PlugPlay - ok
19:29:31.0830 9212  PnkBstrA - ok
19:29:31.0840 9212  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:29:31.0842 9212  PNRPAutoReg - ok
19:29:31.0862 9212  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:29:31.0864 9212  PNRPsvc - ok
19:29:31.0915 9212  [ B23F79E41E30ED500586151A9EF27D8F ] Point64         C:\Windows\system32\DRIVERS\point64.sys
19:29:31.0916 9212  Point64 - ok
19:29:31.0948 9212  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:29:31.0953 9212  PolicyAgent - ok
19:29:31.0971 9212  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:29:31.0974 9212  Power - ok
19:29:31.0998 9212  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:29:31.0999 9212  PptpMiniport - ok
19:29:32.0012 9212  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:29:32.0013 9212  Processor - ok
19:29:32.0041 9212  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
19:29:32.0044 9212  ProfSvc - ok
19:29:32.0053 9212  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:29:32.0055 9212  ProtectedStorage - ok
19:29:32.0071 9212  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:29:32.0072 9212  Psched - ok
19:29:32.0117 9212  [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
19:29:32.0118 9212  PxHlpa64 - ok
19:29:32.0324 9212  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:29:32.0374 9212  ql2300 - ok
19:29:32.0401 9212  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:29:32.0403 9212  ql40xx - ok
19:29:32.0428 9212  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:29:32.0432 9212  QWAVE - ok
19:29:32.0445 9212  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:29:32.0445 9212  QWAVEdrv - ok
19:29:32.0451 9212  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:29:32.0452 9212  RasAcd - ok
19:29:32.0472 9212  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:29:32.0473 9212  RasAgileVpn - ok
19:29:32.0489 9212  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:29:32.0491 9212  RasAuto - ok
19:29:32.0505 9212  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:29:32.0506 9212  Rasl2tp - ok
19:29:32.0525 9212  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
19:29:32.0530 9212  RasMan - ok
19:29:32.0545 9212  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:29:32.0546 9212  RasPppoe - ok
19:29:32.0562 9212  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:29:32.0563 9212  RasSstp - ok
19:29:32.0581 9212  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:29:32.0583 9212  rdbss - ok
19:29:32.0599 9212  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:29:32.0600 9212  rdpbus - ok
19:29:32.0617 9212  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:29:32.0617 9212  RDPCDD - ok
19:29:32.0666 9212  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:29:32.0699 9212  RDPDR - ok
19:29:32.0721 9212  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:29:32.0722 9212  RDPENCDD - ok
19:29:32.0727 9212  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:29:32.0728 9212  RDPREFMP - ok
19:29:32.0751 9212  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:29:32.0754 9212  RDPWD - ok
19:29:32.0772 9212  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:29:32.0774 9212  rdyboost - ok
19:29:32.0788 9212  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:29:32.0791 9212  RemoteAccess - ok
19:29:32.0815 9212  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:29:32.0818 9212  RemoteRegistry - ok
19:29:32.0848 9212  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:29:32.0851 9212  RFCOMM - ok
19:29:32.0878 9212  [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
19:29:32.0879 9212  RimUsb - ok
19:29:32.0966 9212  [ A10B40CF9EB57D24E44717A2D38A00F4 ] RivaTuner64     C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
19:29:32.0975 9212  RivaTuner64 - ok
19:29:32.0993 9212  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:29:32.0995 9212  RpcEptMapper - ok
19:29:33.0016 9212  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:29:33.0018 9212  RpcLocator - ok
19:29:33.0042 9212  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
19:29:33.0045 9212  RpcSs - ok
19:29:33.0083 9212  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:29:33.0084 9212  rspndr - ok
19:29:33.0106 9212  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
19:29:33.0118 9212  s3cap - ok
19:29:33.0128 9212  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
19:29:33.0129 9212  SamSs - ok
19:29:33.0445 9212  SASDIFSV - ok
19:29:33.0457 9212  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
19:29:33.0459 9212  sbp2port - ok
19:29:33.0491 9212  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:29:33.0494 9212  SCardSvr - ok
19:29:33.0516 9212  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:29:33.0517 9212  scfilter - ok
19:29:33.0564 9212  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
19:29:33.0590 9212  Schedule - ok
19:29:33.0616 9212  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:29:33.0617 9212  SCPolicySvc - ok
19:29:33.0654 9212  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:29:33.0679 9212  SDRSVC - ok
19:29:33.0706 9212  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:29:33.0707 9212  secdrv - ok
19:29:33.0721 9212  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
19:29:33.0723 9212  seclogon - ok
19:29:33.0740 9212  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:29:33.0742 9212  SENS - ok
19:29:33.0759 9212  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:29:33.0761 9212  SensrSvc - ok
19:29:33.0783 9212  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:29:33.0784 9212  Serenum - ok
19:29:33.0811 9212  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:29:33.0812 9212  Serial - ok
19:29:33.0827 9212  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:29:33.0828 9212  sermouse - ok
19:29:33.0848 9212  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
19:29:33.0851 9212  SessionEnv - ok
19:29:33.0863 9212  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
19:29:33.0864 9212  sffdisk - ok
19:29:33.0876 9212  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:29:33.0877 9212  sffp_mmc - ok
19:29:33.0921 9212  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
19:29:33.0922 9212  sffp_sd - ok
19:29:33.0950 9212  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:29:33.0961 9212  sfloppy - ok
19:29:33.0982 9212  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:29:33.0986 9212  SharedAccess - ok
19:29:34.0014 9212  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:29:34.0019 9212  ShellHWDetection - ok
19:29:34.0040 9212  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:29:34.0042 9212  SiSRaid2 - ok
19:29:34.0051 9212  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:29:34.0053 9212  SiSRaid4 - ok
19:29:34.0122 9212  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:29:34.0125 9212  SkypeUpdate - ok
19:29:34.0231 9212  [ F5EE2DB23FF0A80E1B9F91F9A68935D9 ] SlickVPNSrvc    C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\slickvpnsrvc.exe
19:29:34.0239 9212  SlickVPNSrvc - ok
19:29:34.0269 9212  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:29:34.0271 9212  Smb - ok
19:29:34.0303 9212  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:29:34.0304 9212  SNMPTRAP - ok
19:29:34.0314 9212  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:29:34.0314 9212  spldr - ok
19:29:34.0395 9212  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
19:29:34.0398 9212  Spooler - ok
19:29:34.0560 9212  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:29:34.0629 9212  sppsvc - ok
19:29:34.0642 9212  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:29:34.0644 9212  sppuinotify - ok
19:29:34.0660 9212  sptd - ok
19:29:34.0719 9212  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:29:34.0722 9212  SQLBrowser - ok
19:29:34.0749 9212  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:29:34.0751 9212  srv - ok
19:29:34.0782 9212  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:29:34.0784 9212  srv2 - ok
19:29:34.0808 9212  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:29:34.0809 9212  srvnet - ok
19:29:34.0856 9212  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
19:29:34.0859 9212  ssadbus - ok
19:29:34.0915 9212  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:29:34.0919 9212  SSDPSRV - ok
19:29:34.0963 9212  [ 8E1B485AEBF4743F05B4FB162F6ED430 ] ssm_bus         C:\Windows\system32\DRIVERS\ssm_bus.sys
19:29:34.0965 9212  ssm_bus - ok
19:29:34.0999 9212  [ 1DFDEE4A0E168B6362A6A0778EAFDB55 ] ssm_mdfl        C:\Windows\system32\DRIVERS\ssm_mdfl.sys
19:29:35.0000 9212  ssm_mdfl - ok
19:29:35.0024 9212  [ 1FFCC272F19BD84596378780F5C9843D ] ssm_mdm         C:\Windows\system32\DRIVERS\ssm_mdm.sys
19:29:35.0027 9212  ssm_mdm - ok
19:29:35.0038 9212  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:29:35.0040 9212  SstpSvc - ok
19:29:35.0072 9212  [ B4C983DA20E2970E21893BF0E4EE2AD8 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
19:29:35.0074 9212  ssudmdm - ok
19:29:35.0113 9212  Steam Client Service - ok
19:29:35.0139 9212  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:29:35.0140 9212  stexstor - ok
19:29:35.0203 9212  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
19:29:35.0220 9212  stisvc - ok
19:29:35.0241 9212  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
19:29:35.0242 9212  storflt - ok
19:29:35.0256 9212  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
19:29:35.0258 9212  StorSvc - ok
19:29:35.0268 9212  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
19:29:35.0269 9212  storvsc - ok
19:29:35.0280 9212  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:29:35.0281 9212  swenum - ok
19:29:35.0309 9212  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:29:35.0316 9212  swprv - ok
19:29:35.0355 9212  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
19:29:35.0389 9212  SysMain - ok
19:29:35.0416 9212  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:29:35.0426 9212  TabletInputService - ok
19:29:35.0447 9212  [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
19:29:35.0448 9212  tap0901 - ok
19:29:35.0462 9212  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:29:35.0467 9212  TapiSrv - ok
19:29:35.0496 9212  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas          C:\Windows\system32\DRIVERS\tapoas.sys
19:29:35.0498 9212  tapoas - ok
19:29:35.0515 9212  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:29:35.0516 9212  TBS - ok
19:29:35.0565 9212  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:29:35.0574 9212  Tcpip - ok
19:29:35.0623 9212  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:29:35.0632 9212  TCPIP6 - ok
19:29:35.0652 9212  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:29:35.0653 9212  tcpipreg - ok
19:29:35.0669 9212  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:29:35.0670 9212  TDPIPE - ok
19:29:35.0692 9212  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:29:35.0694 9212  TDTCP - ok
19:29:35.0721 9212  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:29:35.0721 9212  tdx - ok
19:29:35.0732 9212  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:29:35.0733 9212  TermDD - ok
19:29:35.0776 9212  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
19:29:35.0793 9212  TermService - ok
19:29:35.0804 9212  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:29:35.0806 9212  Themes - ok
19:29:35.0827 9212  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:29:35.0828 9212  THREADORDER - ok
19:29:35.0852 9212  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:29:35.0854 9212  TrkWks - ok
19:29:35.0894 9212  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:29:35.0896 9212  TrustedInstaller - ok
19:29:35.0911 9212  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:29:35.0913 9212  tssecsrv - ok
19:29:35.0957 9212  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:29:35.0958 9212  tunnel - ok
19:29:35.0974 9212  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:29:35.0981 9212  uagp35 - ok
19:29:36.0046 9212  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:29:36.0060 9212  udfs - ok
19:29:36.0086 9212  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:29:36.0088 9212  UI0Detect - ok
19:29:36.0101 9212  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
19:29:36.0103 9212  uliagpkx - ok
19:29:36.0127 9212  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:29:36.0128 9212  umbus - ok
19:29:36.0135 9212  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:29:36.0136 9212  UmPass - ok
19:29:36.0151 9212  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:29:36.0154 9212  UmRdpService - ok
19:29:36.0177 9212  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:29:36.0182 9212  upnphost - ok
19:29:36.0214 9212  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
19:29:36.0216 9212  USBAAPL64 - ok
19:29:36.0259 9212  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:29:36.0261 9212  usbaudio - ok
19:29:36.0272 9212  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:29:36.0274 9212  usbccgp - ok
19:29:36.0304 9212  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
19:29:36.0305 9212  usbcir - ok
19:29:36.0321 9212  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:29:36.0322 9212  usbehci - ok
19:29:36.0356 9212  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:29:36.0357 9212  usbhub - ok
19:29:36.0371 9212  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:29:36.0372 9212  usbohci - ok
19:29:36.0393 9212  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:29:36.0394 9212  usbprint - ok
19:29:36.0415 9212  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:29:36.0416 9212  USBSTOR - ok
19:29:36.0425 9212  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:29:36.0426 9212  usbuhci - ok
19:29:36.0447 9212  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:29:36.0449 9212  UxSms - ok
19:29:36.0468 9212  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
19:29:36.0469 9212  VaultSvc - ok
19:29:36.0489 9212  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
19:29:36.0489 9212  vdrvroot - ok
19:29:36.0511 9212  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
19:29:36.0518 9212  vds - ok
19:29:36.0547 9212  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:29:36.0548 9212  vga - ok
19:29:36.0560 9212  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:29:36.0560 9212  VgaSave - ok
19:29:36.0572 9212  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
19:29:36.0575 9212  vhdmp - ok
19:29:36.0586 9212  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
19:29:36.0587 9212  viaide - ok
19:29:36.0604 9212  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
19:29:36.0607 9212  vmbus - ok
19:29:36.0622 9212  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
19:29:36.0624 9212  VMBusHID - ok
19:29:36.0639 9212  VMnetAdapter - ok
19:29:36.0650 9212  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
19:29:36.0657 9212  volmgr - ok
19:29:36.0701 9212  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:29:36.0705 9212  volmgrx - ok
19:29:36.0751 9212  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:29:36.0753 9212  volsnap - ok
19:29:36.0772 9212  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:29:36.0774 9212  vsmraid - ok
19:29:36.0841 9212  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
19:29:36.0884 9212  VSS - ok
19:29:36.0900 9212  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:29:36.0902 9212  vwifibus - ok
19:29:36.0912 9212  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:29:36.0913 9212  vwififlt - ok
19:29:36.0931 9212  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:29:36.0936 9212  W32Time - ok
19:29:36.0960 9212  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:29:36.0961 9212  WacomPen - ok
19:29:36.0989 9212  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:29:36.0990 9212  WANARP - ok
19:29:37.0007 9212  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:29:37.0007 9212  Wanarpv6 - ok
19:29:37.0052 9212  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:29:37.0086 9212  WatAdminSvc - ok
19:29:37.0121 9212  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
19:29:37.0164 9212  wbengine - ok
19:29:37.0182 9212  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:29:37.0186 9212  WbioSrvc - ok
19:29:37.0203 9212  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:29:37.0208 9212  wcncsvc - ok
19:29:37.0222 9212  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:29:37.0224 9212  WcsPlugInService - ok
19:29:37.0242 9212  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:29:37.0243 9212  Wd - ok
19:29:37.0263 9212  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:29:37.0270 9212  Wdf01000 - ok
19:29:37.0284 9212  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:29:37.0286 9212  WdiServiceHost - ok
19:29:37.0290 9212  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:29:37.0292 9212  WdiSystemHost - ok
19:29:37.0311 9212  [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient       C:\Windows\System32\webclnt.dll
19:29:37.0315 9212  WebClient - ok
19:29:37.0334 9212  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:29:37.0338 9212  Wecsvc - ok
19:29:37.0355 9212  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:29:37.0358 9212  wercplsupport - ok
19:29:37.0378 9212  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:29:37.0380 9212  WerSvc - ok
19:29:37.0397 9212  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:29:37.0398 9212  WfpLwf - ok
19:29:37.0419 9212  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:29:37.0435 9212  WIMMount - ok
19:29:37.0455 9212  WinDefend - ok
19:29:37.0483 9212  WinHttpAutoProxySvc - ok
19:29:37.0574 9212  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:29:37.0578 9212  Winmgmt - ok
19:29:37.0635 9212  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:29:37.0679 9212  WinRM - ok
19:29:37.0733 9212  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:29:37.0743 9212  WinUsb - ok
19:29:37.0812 9212  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:29:37.0823 9212  Wlansvc - ok
19:29:37.0909 9212  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:29:37.0969 9212  wlidsvc - ok
19:29:38.0005 9212  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:29:38.0031 9212  WmiAcpi - ok
19:29:38.0050 9212  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:29:38.0053 9212  wmiApSrv - ok
19:29:38.0072 9212  WMPNetworkSvc - ok
19:29:38.0088 9212  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:29:38.0090 9212  WPCSvc - ok
19:29:38.0108 9212  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:29:38.0111 9212  WPDBusEnum - ok
19:29:38.0124 9212  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:29:38.0125 9212  ws2ifsl - ok
19:29:38.0138 9212  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:29:38.0140 9212  wscsvc - ok
19:29:38.0172 9212  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
19:29:38.0173 9212  WSDPrintDevice - ok
19:29:38.0192 9212  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
19:29:38.0193 9212  WSDScan - ok
19:29:38.0197 9212  WSearch - ok
19:29:38.0386 9212  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:29:38.0443 9212  wuauserv - ok
19:29:38.0470 9212  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:29:38.0471 9212  WudfPf - ok
19:29:38.0506 9212  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:29:38.0508 9212  WUDFRd - ok
19:29:38.0543 9212  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:29:38.0546 9212  wudfsvc - ok
19:29:38.0562 9212  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:29:38.0566 9212  WwanSvc - ok
19:29:38.0649 9212  [ 5DFFD6BC2D8BCCA1964084F9E92F529E ] XoftSpyService  C:\Program Files (x86)\Common Files\XoftSpySE\6\xoftspyservice.exe
19:29:38.0655 9212  XoftSpyService - ok
19:29:38.0691 9212  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
19:29:38.0693 9212  xusb21 - ok
19:29:38.0731 9212  ================ Scan global ===============================
19:29:38.0753 9212  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:29:38.0778 9212  [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
19:29:38.0785 9212  [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
19:29:38.0809 9212  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:29:38.0830 9212  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:29:38.0832 9212  [Global] - ok
19:29:38.0833 9212  ================ Scan MBR ==================================
19:29:38.0855 9212  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:29:39.0108 9212  \Device\Harddisk0\DR0 - ok
19:29:39.0118 9212  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:29:39.0390 9212  \Device\Harddisk1\DR1 - ok
19:29:39.0393 9212  [ 988D3C46CBD13EC7F482B833C55264C8 ] \Device\Harddisk2\DR2
19:29:39.0397 9212  \Device\Harddisk2\DR2 - ok
19:29:39.0401 9212  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
19:29:41.0160 9212  \Device\Harddisk3\DR3 - ok
19:29:41.0160 9212  ================ Scan VBR ==================================
19:29:41.0163 9212  [ B07A9A123C1EFA1E4CC3EA2C1A04DDA1 ] \Device\Harddisk0\DR0\Partition1
19:29:41.0164 9212  \Device\Harddisk0\DR0\Partition1 - ok
19:29:41.0188 9212  [ 0ECE10C1D7AB514513EFEC51642CD2BC ] \Device\Harddisk1\DR1\Partition1
19:29:41.0189 9212  \Device\Harddisk1\DR1\Partition1 - ok
19:29:41.0205 9212  [ 493ABEE9F438C0643BD28390EAD361ED ] \Device\Harddisk1\DR1\Partition2
19:29:41.0206 9212  \Device\Harddisk1\DR1\Partition2 - ok
19:29:41.0212 9212  [ AA90B28F357C5606FA19369E725C2CF0 ] \Device\Harddisk1\DR1\Partition3
19:29:41.0213 9212  \Device\Harddisk1\DR1\Partition3 - ok
19:29:41.0230 9212  [ 6958AD148B2D18BE9FEB141076415B4F ] \Device\Harddisk1\DR1\Partition4
19:29:41.0250 9212  \Device\Harddisk1\DR1\Partition4 - ok
19:29:41.0283 9212  [ 27113729165D25CB2D1590B24222ADDB ] \Device\Harddisk1\DR1\Partition5
19:29:41.0307 9212  \Device\Harddisk1\DR1\Partition5 - ok
19:29:41.0311 9212  [ 83667D4EE965498B7AB917AC392AD561 ] \Device\Harddisk2\DR2\Partition1
19:29:41.0312 9212  \Device\Harddisk2\DR2\Partition1 - ok
19:29:41.0315 9212  [ 96A7DD59B4B649D17540EEDD3470FD0D ] \Device\Harddisk3\DR3\Partition1
19:29:41.0317 9212  \Device\Harddisk3\DR3\Partition1 - ok
19:29:41.0318 9212  ============================================================
19:29:41.0318 9212  Scan finished
19:29:41.0318 9212  ============================================================
19:29:41.0327 7908  Detected object count: 0
19:29:41.0327 7908  Actual detected object count: 0
19:29:59.0937 3672  Deinitialize success
 
AdwCleaner log: 
 
# AdwCleaner v2.115 - Logfile created 03/22/2013 at 15:47:26
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Enterprise  (64 bits)
# User : cypher - CYPHER-PC
# Boot Mode : Normal
# Running from : C:\Users\cypher\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Program Files (x86)\Freecorder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
Folder Deleted : C:\Users\cypher\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\cypher\AppData\LocalLow\Freecorder
Folder Deleted : C:\Users\cypher\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\cypher\AppData\Roaming\Mozilla\Firefox\Profiles\v3p3g27s.default\CT1060933
Folder Deleted : C:\Users\cypher\AppData\Roaming\Mozilla\Firefox\Profiles\v3p3g27s.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Deleted : C:\Users\cypher\AppData\Roaming\Mozilla\Firefox\Profiles\v3p3g27s.default\Smartbar
Folder Deleted : C:\Users\cypher\Desktop\Inbox
Folder Deleted : C:\Users\cypher\Documents\Freecorder
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecorder
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B64CD2F-6AA8-43A5-B2E2-C3CD9E4F2984}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C3A6159-0C35-4183-B381-C79375586D80}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16457
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v12.0 (en-GB)
 
File : C:\Users\cypher\AppData\Roaming\Mozilla\Firefox\Profiles\v3p3g27s.default\prefs.js
 
Deleted : user_pref("CT1060933.1000082.isDisplayHidden", "true");
Deleted : user_pref("CT1060933.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT1060933.1000082.state", "{\"state\":\"stopped\",\"text\":\"KFOG\",\"description\":\"KFO[...]
Deleted : user_pref("CT1060933.129677514212584059.APP_WIN_FEATURES", "resizable=no,scrollbars=no,titlebar=no,o[...]
Deleted : user_pref("CT1060933.129686665230467549.APP_WIN_FEATURES", "resizable=no,hscroll=no,vscroll=no,savel[...]
Deleted : user_pref("CT1060933.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1060933.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT1060933.FirstTime", "true");
Deleted : user_pref("CT1060933.FirstTimeFF3", "true");
Deleted : user_pref("CT1060933.LoginRevertSettingsEnabled", true);
Deleted : user_pref("CT1060933.NotificationsToShow_15651", "[{\"id\":\"15317\",\"channelId\":\"15651\",\"title[...]
Deleted : user_pref("CT1060933.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT1060933.PrintItGreenStatus.enc", "dHJ1ZQ==");
Deleted : user_pref("CT1060933.RevertSettingsEnabled", true);
Deleted : user_pref("CT1060933.SearchAppState.enc", "Mw==");
Deleted : user_pref("CT1060933.SearchAppTracking.enc", "c2VudA==");
Deleted : user_pref("CT1060933.UserID", "UN92102094076776090");
Deleted : user_pref("CT1060933.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT1060933.autoDisableScopes", -1);
Deleted : user_pref("CT1060933.autocompletepro_enable", "1");
Deleted : user_pref("CT1060933.autocompletepro_enable_auto", "1");
Deleted : user_pref("CT1060933.cbfirsttime.enc", "U2F0IEphbiAwNSAyMDEzIDE3OjI0OjQ5IEdNVCswMDAwIChHTVQgU3RhbmRh[...]
Deleted : user_pref("CT1060933.defaultSearch", "false");
Deleted : user_pref("CT1060933.embeddedsData", "[{\"appId\":\"128280995260143876\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT1060933.enableAlerts", "false");
Deleted : user_pref("CT1060933.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT1060933.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT1060933.firstTimeDialogOpened", "true");
Deleted : user_pref("CT1060933.fixPageNotFoundError", "true");
Deleted : user_pref("CT1060933.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT1060933.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT1060933.fixUrls", true);
Deleted : user_pref("CT1060933.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT1060933.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT1060933.isCheckedStartAsHidden", true);
Deleted : user_pref("CT1060933.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1060933.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT1060933.isNewTabEnabled", true);
Deleted : user_pref("CT1060933.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT1060933.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT1060933.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT1060933.lastVersion", "10.14.65.43");
Deleted : user_pref("CT1060933.migrateAppsAndComponents", true);
Deleted : user_pref("CT1060933.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Deleted : user_pref("CT1060933.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT1060933.openThankYouPage", "false");
Deleted : user_pref("CT1060933.openUninstallPage", "true");
Deleted : user_pref("CT1060933.price-gong.isManagedApp", "true");
Deleted : user_pref("CT1060933.search.searchAppId", "128280995260143876");
Deleted : user_pref("CT1060933.search.searchCount", "0");
Deleted : user_pref("CT1060933.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT1060933.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT1060933.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT1060933.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT1060933.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT1060933.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT1060933.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362189428300");
Deleted : user_pref("CT1060933.serviceLayer_services_appTracking_lastUpdate", "1346078639720");
Deleted : user_pref("CT1060933.serviceLayer_services_appsMetadata_lastUpdate", "1362189427985");
Deleted : user_pref("CT1060933.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362189428429");
Deleted : user_pref("CT1060933.serviceLayer_services_location_lastUpdate", "1362189427343");
Deleted : user_pref("CT1060933.serviceLayer_services_login_10.10.10.4_lastUpdate", "1341250296361");
Deleted : user_pref("CT1060933.serviceLayer_services_login_10.10.12.5_lastUpdate", "1346078636124");
Deleted : user_pref("CT1060933.serviceLayer_services_login_10.10.2.10_lastUpdate", "1340137194301");
Deleted : user_pref("CT1060933.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353447642882");
Deleted : user_pref("CT1060933.serviceLayer_services_login_10.13.40.15_lastUpdate", "1360690207495");
Deleted : user_pref("CT1060933.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360872023566");
Deleted : user_pref("CT1060933.serviceLayer_services_login_10.14.65.43_lastUpdate", "1362189428081");
Deleted : user_pref("CT1060933.serviceLayer_services_optimizer_lastUpdate", "1342479661055");
Deleted : user_pref("CT1060933.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362189428859");
Deleted : user_pref("CT1060933.serviceLayer_services_searchAPI_lastUpdate", "1362189427382");
Deleted : user_pref("CT1060933.serviceLayer_services_serviceMap_lastUpdate", "1362189427233");
Deleted : user_pref("CT1060933.serviceLayer_services_setupAPI_lastUpdate", "1362189427483");
Deleted : user_pref("CT1060933.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362189428343");
Deleted : user_pref("CT1060933.serviceLayer_services_toolbarSettings_lastUpdate", "1362189428781");
Deleted : user_pref("CT1060933.serviceLayer_services_translation_lastUpdate", "1362189428022");
Deleted : user_pref("CT1060933.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
Deleted : user_pref("CT1060933.serviceLayer_services_userApps_lastUpdate", "1362189308908");
Deleted : user_pref("CT1060933.settingsINI", true);
Deleted : user_pref("CT1060933.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT1060933.smartbar.CTID", "CT1060933");
Deleted : user_pref("CT1060933.smartbar.Uninstall", "0");
Deleted : user_pref("CT1060933.smartbar.toolbarName", "Freecorder ");
Deleted : user_pref("CT1060933.startPage", "false");
Deleted : user_pref("CT1060933.toolbarBornServerTime", "2-6-2012");
Deleted : user_pref("CT1060933.toolbarCurrentServerTime", "2-3-2013");
Deleted : user_pref("CT1060933.upgradeFromClearSBVersion", true);
Deleted : user_pref("CT1060933_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("smartBar.searchInNewTabOwner", "CT1060933");
Deleted : user_pref("smartbar.machineId", "2XL1R2+HDNBCKB+NHOACG4EBUO2T50IBMTYTQLH427BE6COY5DKJYMDFP+ECBQBMYMS[...]
 
-\\ Google Chrome v25.0.1364.172
 
File : C:\Users\cypher\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [12087 octets] - [22/03/2013 15:47:26]
 
########## EOF - C:\AdwCleaner[S1].txt - [12148 octets] ##########
 
JunkWare Log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Enterprise x64
Ran by cypher on 22/03/2013 at 15:53:42.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/03/2013 at 16:05:42.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
**********************End Of Log Files *************************
 
My Initial problem was that I had multiple Rundll32.exe processes running simultaneous at all times.
 
Gmer and RegRun Also detected rundll32.exe as deleted or hidden.
 
Taken from Gmer
 
File for example:
 
Device  \Driver\a3ur62k9 \Device\Scsi\a3ur62k91Port4Path0Target0Lun0                                                                                          fffffa80051e62c0
Device  \Driver\a3ur62k9 \Device\Scsi\a3ur62k91 
Device  \Driver\a3ur62k9 \Device\ScsiPort4
 
---- Modules - GMER 2.1 ----
 
Module  \SystemRoot\System32\Drivers\a3ur62k9.SYS
 
Had to reboot to remove file after reboot happen Regrun rescanned before desktop loads and would flag up another file of similar name eg "e7yk51f4.SYS"
 
Since running ComboFix all rundll32 processes have stopped. The file "a3ur62k9.SYS" has been removed by combofix and no more of similar names.
 
This all may of been some type of false positives honestly I cant say looking for some help and guidance 
 
As for symptoms computer has been slower booting up. although computer does seem faster now after all these tools.
 
Love to hear your feedback 
 
Thanks Richard
 
 
 

Edited by cxxr, 22 March 2013 - 11:58 AM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 AM

Posted 22 March 2013 - 12:13 PM

Hi Richard,

Thanks for the explanation. There were some references to other potential malware/antivirus programs so I just want to make sure.

Let's take a good look at what is loading up when you boot the machine and see if all of those programs are necessary to start up right away.

Please do this.

===================================================

HijackThis

--------------------
  • Download HijackThis and save it to your desktop
  • Double click the icon to launch the program
  • Click on the Do a system scan and save a logfile button
  • Copy and paste the contents of the Notepad document which will open on your desktop in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • HijackThis log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 cxxr

cxxr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 23 March 2013 - 02:03 PM

Hi Gary 

 

Sorry for delay in replying became quite the busy weekend.

 

HiJackThis log: 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:54:08, on 23/03/2013
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
 
Running processes:
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX235"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus SX235"
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SlickVPN Service (SlickVPNSrvc) - SlickVPN - C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\slickvpnsrvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
 
--
End of file - 12905 bytes
 
Thanks Richard.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 AM

Posted 23 March 2013 - 06:10 PM

Hi Richard,

Nothing really there that would cause a significant delay during the boot up process.

Please run these for me.

===================================================

Temporary File Cleaner (TFC)

--------------------
  • Download TFC by OldTimer to your desktop.
  • Close any open windows
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • Click the Start button to begin the process
  • Allow TFC to run uninterrupted
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean
NOTE: It's normal for the computer to boot more slowly the first time after running TFC

TFC will clear out all temporary folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. TFC only cleans temporary folders and will not clean URL history, prefetch, or cookies


===================================================

Rerun Malwarebytes (MBAM)

--------------------

Temporarily disable your antivirus program.
  • Please locate your Malwarebytes icon 1208__malwarebytes.png and launch the program
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes results
  • ESET results (no log if nothing found)
  • How is your computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 cxxr

cxxr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 26 March 2013 - 01:28 PM

Hi Gary,

 

Nothing found on scans.

 

Computer start up has improved, havent found any issues yet no long loading periods.

 

Thanks Richard.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 AM

Posted 26 March 2013 - 02:15 PM

Hi Richard,

Music to my eyes! :)

Let's give it a day to make sure. Touch base tomorrow with the :thumbsup: or sooner if something goes haywire.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 AM

Posted 28 March 2013 - 09:24 AM

Hi Richard,

How are things going?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 AM

Posted 30 March 2013 - 03:13 PM

Hi Richard,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:50 AM

Posted 01 April 2013 - 09:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users