Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.Zaccess


  • This topic is locked This topic is locked
18 replies to this topic

#1 snorkerz

snorkerz

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 17 August 2013 - 10:44 AM

So, malwarebytes tells me I have this.  Have tried the obvious removal tools without luck, so here are some logs . . .

 

Firstly DDS

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16384  BrowserJavaVersion: 10.25.2
Run by DavidR at 16:27:22 on 2013-08-17
Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.6028.3556 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\BlueStacks\HD-Service.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files (x86)\BlueStacks\HD-Network.exe
C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\msiexec.exe
C:\Users\DavidR\AppData\Local\Temp\Temp1_tdsskiller.zip\TDSSKiller.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/?hl%3Den&scc=1&ltmpl=default&ltmplcache=2&hl=en
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://asus13.msn.com
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [Ditto] C:\Program Files\Ditto\Ditto.exe
uRun: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon /a devices
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSPanel.exe /S
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [vmware-tray.exe] "Z:\system\vm\vmware-tray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\DavidR\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTF~1.LNK - A:\Freenet\freenet.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\FREEST~1.LNK - C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{FA088751-FBDA-4B91-B91B-438FCA3B3E26} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{FA088751-FBDA-4B91-B91B-438FCA3B3E26} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FA088751-FBDA-4B91-B91B-438FCA3B3E26}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{FA088751-FBDA-4B91-B91B-438FCA3B3E26}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{FA088751-FBDA-4B91-B91B-438FCA3B3E26}\26271636F6E64616C656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FA088751-FBDA-4B91-B91B-438FCA3B3E26}\357716E637561655E696D23756475707 : DHCPNameServer = 192.168.32.2
TCP: Interfaces\{FA088751-FBDA-4B91-B91B-438FCA3B3E26}\8445340205F627471626C6560284F6473707F647 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{FA088751-FBDA-4B91-B91B-438FCA3B3E26}\8445340205F627471626C6560284F6473707F647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FBD50E82-6E20-4ED2-B7F4-CCA77C168D4F} : NameServer = 156.154.70.22,156.154.71.22
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DavidR\AppData\Roaming\Mozilla\Firefox\Profiles\rwovuzkv.default\
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
R0 vsock;vSockets Driver;C:\Windows\System32\Drivers\vsock.sys [2013-8-2 70296]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-7-9 248632]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\Drivers\cmderd.sys [2013-4-15 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\Drivers\cmdguard.sys [2013-4-15 713776]
R1 cmdhlp;COMODO Internet Security Helper Driver;C:\Windows\System32\Drivers\cmdhlp.sys [2013-4-15 37560]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-6-10 393032]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-6-10 70984]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-6-10 384840]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-8-1 2095808]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-9-6 2451456]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-6 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-17 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-17 701512]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-9-5 216072]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-5-16 69640]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-6 365376]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-8-22 21152]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-8-22 342528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-8-17 25928]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-9-6 295056]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-6 683664]
R3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-7-26 23552]
S2 VMwareHostd;VMware Workstation Server;Z:\system\vm\vmware-hostd.exe -u "C:\ProgramData\VMware\hostd\config.xml" --> Z:\system\vm\vmware-hostd.exe -u C:\ProgramData\VMware\hostd\config.xml [?]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158936]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\Drivers\mcvidrv_x64.sys [2013-3-29 44544]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\Drivers\mbamchameleon.sys [2013-8-17 36680]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\Drivers\mcaudrv_x64.sys [2013-1-31 28160]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\Drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\Drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\Drivers\ssadmdm.sys [2011-5-13 177640]
S3 VCam_WDM;Virtual Webcam 8.0;C:\Windows\System32\Drivers\VCam_WDM.sys [2013-3-30 104120]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 30 ================
.
2013-08-17 13:24:19 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-08-17 10:59:39 -------- d-----w- C:\Users\DavidR\AppData\Roaming\SUPERAntiSpyware.com
2013-08-17 10:59:25 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-08-17 10:59:25 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-08-17 10:56:41 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2013-08-17 10:56:41 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2013-08-17 10:54:42 -------- d-----w- C:\ProgramData\AVG2013
2013-08-17 10:52:00 -------- d-----w- C:\Users\DavidR\AppData\Local\MFAData
2013-08-17 10:52:00 -------- d-----w- C:\Users\DavidR\AppData\Local\Avg2013
2013-08-17 10:52:00 -------- d-----w- C:\ProgramData\MFAData
2013-08-17 10:36:08 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2013-08-17 09:16:42 -------- d-----w- C:\Users\DavidR\AppData\Roaming\Malwarebytes
2013-08-17 09:16:36 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-17 09:16:35 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-17 09:16:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-17 09:11:41 -------- d-----w- C:\Users\DavidR\AppData\Local\Lunarsoft
2013-08-17 09:11:41 -------- d-----w- C:\Program Files (x86)\Lunarsoft
2013-08-16 18:22:38 -------- d-----w- C:\Program Files (x86)\AAALOGO
2013-08-08 06:31:05 261808 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10213.bin
2013-08-05 15:46:29 67664 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2013-08-04 10:00:02 -------- d-----w- C:\Program Files\CCleaner
2013-08-02 08:15:45 70296 ----a-w- C:\Windows\System32\drivers\vsock.sys
2013-08-02 08:15:45 67224 ----a-w- C:\Windows\System32\vsocklib.dll
2013-08-02 08:15:45 63128 ----a-w- C:\Windows\SysWow64\vsocklib.dll
2013-08-02 08:14:59 357456 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2013-08-02 08:14:56 436304 ----a-w- C:\Windows\SysWow64\vmnat.exe
2013-08-02 08:14:56 30800 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2013-08-02 08:14:53 933968 ----a-w- C:\Windows\System32\vnetlib64.dll
2013-08-02 08:14:48 52376 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2013-08-02 08:14:27 -------- d-----w- C:\Program Files\Common Files\VMware
2013-08-02 08:14:04 -------- d-----w- C:\Program Files (x86)\VMware
2013-08-02 08:14:04 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2013-08-01 15:48:58 57096 ----a-w- C:\Windows\System32\certsentry.dll
2013-08-01 15:48:58 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
.
==================== Find3M  ====================
.
2013-08-17 15:09:43 380 ----a-w- C:\Users\DavidR\AppData\Roaming\sp_data.sys
2013-07-09 00:28:50 248632 ----a-w- C:\Windows\System32\drivers\avgwfpa.sys
2013-07-08 20:59:58 713776 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
2013-06-23 13:18:42 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2013-06-18 15:16:16 37560 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2013-06-18 15:16:14 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2013-06-18 15:15:49 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
2013-06-18 15:15:47 348584 ----a-w- C:\Windows\SysWow64\guard32.dll
2013-06-18 15:15:46 437688 ----a-w- C:\Windows\System32\guard64.dll
2013-06-18 15:15:38 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
2013-06-18 15:15:38 344792 ----a-w- C:\Windows\System32\cmdvrt64.dll
2013-06-18 15:15:35 278232 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2013-06-18 15:15:34 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
2013-06-14 09:09:21 121696 ----a-w- C:\Windows\File Renamer - Basic Uninstaller.exe
2013-06-12 20:48:23 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-12 20:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-12 20:47:57 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 16:35:46.18 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 snorkerz

snorkerz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 17 August 2013 - 10:48 AM

And malwarebytes

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.16.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16384
DavidR :: DAVID [administrator]

Protection: Enabled

17/08/2013 16:09:56
MBAM-log-2013-08-17 (16-17-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217015
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\etadpug (Trojan.Zaccess) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 



#3 snorkerz

snorkerz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 17 August 2013 - 10:49 AM

minitoolbox and TDSS

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by DavidR (administrator) on 17-08-2013 at 16:18:43
Running from "C:\Users\DavidR\Desktop"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Qualcomm Atheros AR9485 Wireless Network Adapter = WiFi (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.0.16 metric=1 publish=Yes
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="VMware Network Adapter VMnet8" address=192.168.220.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet1" address=192.168.150.1 mask=255.255.255.0

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : David
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-E5-43-3F-CF-2B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 30-85-A9-26-6D-8D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter WiFi:

   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 Wireless Network Adapter
   Physical Address. . . . . . . . . : 74-E5-43-3F-CF-2B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d4c5:445a:f75a:1942%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.8(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 17 August 2013 16:08:56
   Lease Expires . . . . . . . . . . : 18 August 2013 16:08:59
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 259319107
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-D9-D8-CC-74-E5-43-3F-CF-2B
   DNS Servers . . . . . . . . . . . : 156.154.70.22
                                       156.154.71.22
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet1:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
   Physical Address. . . . . . . . . : 00-50-56-C0-00-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5087:db2c:3c77:99af%17(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.150.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 352342102
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-D9-D8-CC-74-E5-43-3F-CF-2B
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
   Physical Address. . . . . . . . . : 00-50-56-C0-00-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2cfe:9e5b:ccd8:c30e%18(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.220.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 369119318
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-D9-D8-CC-74-E5-43-3F-CF-2B
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2E8AEDAB-D9B1-476D-A897-580ACF9F2287}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{12B80042-F3D9-494E-AE38-32CEE523EEF0}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  156.154.70.22

Name:    google.com
Addresses:  2a00:1450:4001:800::1001
   173.194.112.8
   173.194.112.3
   173.194.112.5
   173.194.112.0
   173.194.112.4
   173.194.112.14
   173.194.112.7
   173.194.112.1
   173.194.112.9
   173.194.112.2
   173.194.112.6

Pinging google.com [173.194.112.8] with 32 bytes of data:
Reply from 173.194.112.8: bytes=32 time=43ms TTL=53
Reply from 173.194.112.8: bytes=32 time=43ms TTL=53

Ping statistics for 173.194.112.8:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 43ms, Maximum = 43ms, Average = 43ms
Server:  UnKnown
Address:  156.154.70.22

Name:    yahoo.com
Addresses:  206.190.36.45
   98.139.183.24
   98.138.253.109

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=190ms TTL=51
Reply from 206.190.36.45: bytes=32 time=204ms TTL=51

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 190ms, Maximum = 204ms, Average = 197ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=7ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 7ms, Average = 4ms
===========================================================================
Interface List
 14...16 e5 43 3f cf 2b ......Microsoft Wi-Fi Direct Virtual Adapter
 13...30 85 a9 26 6d 8d ......Realtek PCIe GBE Family Controller
 12...74 e5 43 3f cf 2b ......Qualcomm Atheros AR9485 Wireless Network Adapter
 17...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
 18...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.8     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0     192.168.0.16      192.168.0.8     26
      169.254.0.0      255.255.0.0         On-link     192.168.150.1    306
      169.254.0.0      255.255.0.0         On-link     192.168.220.1    306
  169.254.255.255  255.255.255.255         On-link     192.168.150.1    276
  169.254.255.255  255.255.255.255         On-link     192.168.220.1    276
      192.168.0.0    255.255.255.0         On-link       192.168.0.8    281
      192.168.0.8  255.255.255.255         On-link       192.168.0.8    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.8    281
    192.168.150.0    255.255.255.0         On-link     192.168.150.1    276
    192.168.150.1  255.255.255.255         On-link     192.168.150.1    276
  192.168.150.255  255.255.255.255         On-link     192.168.150.1    276
    192.168.220.0    255.255.255.0         On-link     192.168.220.1    276
    192.168.220.1  255.255.255.255         On-link     192.168.220.1    276
  192.168.220.255  255.255.255.255         On-link     192.168.220.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.150.1    276
        224.0.0.0        240.0.0.0         On-link     192.168.220.1    276
        224.0.0.0        240.0.0.0         On-link       192.168.0.8    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.150.1    276
  255.255.255.255  255.255.255.255         On-link     192.168.220.1    276
  255.255.255.255  255.255.255.255         On-link       192.168.0.8    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      169.254.0.0      255.255.0.0     192.168.0.16       1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 17    276 fe80::/64                On-link
 18    276 fe80::/64                On-link
 12    281 fe80::/64                On-link
 18    276 fe80::2cfe:9e5b:ccd8:c30e/128
                                    On-link
 17    276 fe80::5087:db2c:3c77:99af/128
                                    On-link
 12    281 fe80::d4c5:445a:f75a:1942/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    276 ff00::/8                 On-link
 18    276 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/17/2013 11:54:55 AM) (Source: MsiInstaller) (User: David)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 27046. CA_Error27046: DriverInstallation(0xC007001C): Driver installation failed

Error: (08/17/2013 11:54:55 AM) (Source: MsiInstaller) (User: David)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 27046. CA_Error27046: DriverInstallationFun(0xC007001C): Driver installation failed

Error: (08/17/2013 10:18:14 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.2.9200.16384, time stamp: 0x501088d9
Faulting module name: mshtml.dll, version: 10.0.9200.16390, time stamp: 0x501b4dcf
Exception code: 0xc0000005
Fault offset: 0x001b926b
Faulting process ID: 0x824
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report ID: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (08/17/2013 09:52:09 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1120

Start Time: 01ce9b26ccb0b859

Termination Time: 164

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 48cc29d6-071a-11e3-beb5-3085a9266d8d

Faulting package full name:

Faulting package-relative application ID:

Error: (08/17/2013 09:41:59 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program VMware Authorization Service because of this error.

Program: VMware Authorization Service
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000026E
Disk type: 0

Error: (08/17/2013 09:41:59 AM) (Source: Application Error) (User: )
Description: Faulting application name: vmware-authd.exe, version: 9.0.2.35902, time stamp: 0x512c7614
Faulting module name: vmware-authd.exe, version: 9.0.2.35902, time stamp: 0x512c7614
Exception code: 0xc0000006
Fault offset: 0x000038b1
Faulting process ID: 0x10b0
Faulting application start time: 0xvmware-authd.exe0
Faulting application path: vmware-authd.exe1
Faulting module path: vmware-authd.exe2
Report ID: vmware-authd.exe3
Faulting package full name: vmware-authd.exe4
Faulting package-relative application ID: vmware-authd.exe5

Error: (08/17/2013 06:02:52 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.2.9200.16384, time stamp: 0x501088d9
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16384, time stamp: 0x5010ac2f
Exception code: 0xe06d7363
Fault offset: 0x00014b32
Faulting process ID: 0x6b64
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report ID: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (08/17/2013 03:01:41 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Windows Defender Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/11/2013 00:13:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_wcncsvc, version: 6.2.9200.16384, time stamp: 0x50108897
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010acd2
Exception code: 0xc0000005
Fault offset: 0x0000000000019d00
Faulting process ID: 0x6ec
Faulting application start time: 0xsvchost.exe_wcncsvc0
Faulting application path: svchost.exe_wcncsvc1
Faulting module path: svchost.exe_wcncsvc2
Report ID: svchost.exe_wcncsvc3
Faulting package full name: svchost.exe_wcncsvc4
Faulting package-relative application ID: svchost.exe_wcncsvc5

Error: (08/10/2013 05:25:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 11.7.700.224, time stamp: 0x51a6766d
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16384, time stamp: 0x5010ac2f
Exception code: 0xe06d7363
Fault offset: 0x00014b32
Faulting process ID: 0x3f94
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report ID: FlashPlayerUpdateService.exe3
Faulting package full name: FlashPlayerUpdateService.exe4
Faulting package-relative application ID: FlashPlayerUpdateService.exe5

System errors:
=============
Error: (08/17/2013 04:19:26 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (08/17/2013 04:17:27 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (08/17/2013 04:01:11 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (08/17/2013 03:59:11 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (08/17/2013 03:53:02 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (08/17/2013 03:12:24 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (08/17/2013 03:04:54 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (08/17/2013 02:51:14 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (08/17/2013 02:51:13 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (08/17/2013 02:48:25 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Microsoft Office Sessions:
=========================
Error: (08/17/2013 11:54:55 AM) (Source: MsiInstaller)(User: David)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 27046. CA_Error27046: DriverInstallation(0xC007001C): Driver installation failed(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/17/2013 11:54:55 AM) (Source: MsiInstaller)(User: David)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 27046. CA_Error27046: DriverInstallationFun(0xC007001C): Driver installation failed(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/17/2013 10:18:14 AM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16384501088d9mshtml.dll10.0.9200.16390501b4dcfc0000005001b926b82401ce9b2a411d908cC:\Windows\SysWOW64\svchost.exeC:\Windows\SYSTEM32\mshtml.dllf16684c8-071d-11e3-beb5-3085a9266d8d

Error: (08/17/2013 09:52:09 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16384112001ce9b26ccb0b859164C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE48cc29d6-071a-11e3-beb5-3085a9266d8d

Error: (08/17/2013 09:41:59 AM) (Source: Application Error)(User: )
Description: VMware Authorization ServiceC000026E0

Error: (08/17/2013 09:41:59 AM) (Source: Application Error)(User: )
Description: vmware-authd.exe9.0.2.35902512c7614vmware-authd.exe9.0.2.35902512c7614c0000006000038b110b001ce9397a7d53270Z:\system\vm\vmware-authd.exeZ:\system\vm\vmware-authd.exee0a42855-0718-11e3-beb4-3085a9266d8d

Error: (08/17/2013 06:02:52 AM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16384501088d9KERNELBASE.dll6.2.9200.163845010ac2fe06d736300014b326b6401ce9b06f7f37e55C:\Windows\SysWOW64\svchost.exeC:\Windows\SYSTEM32\KERNELBASE.dll44a5ebe7-06fa-11e3-beb4-3085a9266d8d

Error: (08/17/2013 03:01:41 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Windows Defender Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/11/2013 00:13:02 PM) (Source: Application Error)(User: )
Description: svchost.exe_wcncsvc6.2.9200.1638450108897ntdll.dll6.2.9200.163845010acd2c00000050000000000019d006ec01ce9395e1ca6293C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllfc561b98-0276-11e3-beb4-3085a9266d8d

Error: (08/10/2013 05:25:06 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.7.700.22451a6766dKERNELBASE.dll6.2.9200.163845010ac2fe06d736300014b323f9401ce95e62afb2f73C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SYSTEM32\KERNELBASE.dll6a18fe54-01d9-11e3-beb4-3085a9266d8d

CodeIntegrity Errors:
===================================
  Date: 2013-08-17 16:11:08.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-17 16:09:35.399
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-17 16:02:33.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-17 15:46:20.768
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-17 15:44:28.965
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-17 12:34:55.664
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-17 11:39:42.377
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-17 11:38:25.680
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-17 11:22:18.883
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-17 11:22:18.448
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

3GP Media Player 1.0.1
7-Zip 9.20
AAA Logo 1.2
AAA Logo 3.2 Free Trial
Abbott USB Data Cable Installation (Version: 1.00.0000)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Anti-Malware Toolkit 1.13.326 (Version: 1.13.326)
ASUS InstantOn (Version: 3.0.2)
ASUS LifeFrame3 (Version: 3.1.4)
ASUS Live Update (Version: 3.1.7)
ASUS Power4Gear Hybrid (Version: 2.0.3)
ASUS Smart Gesture (Version: 1.0.35)
ASUS Splendid Video Enhancement Technology (Version: 1.03.0002)
ASUS Tutor (Version: 1.0.7)
ASUS USB Charger Plus (Version: 2.1.4)
ASUS WebStorage Sync Agent (Version: 1.1.6.112)
ASUSDVD (Version: 10.0.4126.52)
AsusVibe2.0 (Version: 2.0.10.168)
ATK Package (Version: 1.0.0022)
BlueStacks App Player (Version: 0.7.16.910)
BlueStacks Notification Center (Version: 0.7.13.899)
Canon IJ Network Tool (Version: 3.1.1)
Canon MP495 series MP Drivers
CCleaner (Version: 4.04)
Comodo Dragon (Version: 28.1.0.0)
COMODO Firewall (Version: 6.1.14723.2813)
Corel PaintShop Pro X5 (Version: 15.0.0.183)
Coupon Printer (Version: 2.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Ditto
Duplicate Finder (Version: 4.2.1.0)
FastStone Photo Resizer 3.1 (Version: 3.1)
File Renamer - Basic (Version: 6.3)
FileZilla Client 3.6.0.2 (Version: 3.6.0.2)
FMS Empty Folder Remover 1.9
Free RAR Extract Frog (Version: 4.70)
Freemake Video Converter version 4.0.1 (Version: 4.0.1)
Freenet
Freeraser (Version: 1.0.0.23)
FreeStyle Auto-Assist
FreeStyle CoPilot Health Management System (Version: 4.2.605)
Google Chrome (Version: 28.0.1500.95)
Google Update Helper (Version: 1.3.21.153)
ICA (Version: 15.0.0.183)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® Processor Graphics (Version: 9.17.10.2828)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
IPM_PSP_COM (Version: 15.0.0.183)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
jZip (Version: 2.0.0.132700)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Media Player Codec Pack 4.2.7 (Version: 4.2.7)
Microsoft Office (Version: 14.0.6120.5004)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MultiCommander
Nitro Pro 7 (Version: 7.5.0.29)
PSPPContent (Version: 15.0.0.183)
PSPPHelp (Version: 15.0.0.183)
PSPPro64 (Version: 15.0.0.183)
Qualcomm Atheros Client Installation Program (Version: 10.0)
Realtek Ethernet Controller Driver (Version: 8.2.612.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6685)
Realtek PCIE Card Reader (Version: 6.2.8400.27024)
Recuva (Version: 1.45)
RoboForm 7-9-0-0 (All Users) (Version: 7-9-0-0)
Setup (Version: 15.0.0.183)
Shared C Run-time for x64 (Version: 10.0.0)
SpywareBlaster 4.6 (Version: 4.6.1)
SUPERAntiSpyware (Version: 5.6.1032)
tools-freebsd (Version: 9.2.3.1031769)
tools-linux (Version: 9.2.3.1031769)
tools-netware (Version: 9.2.3.1031769)
tools-solaris (Version: 9.2.3.1031769)
tools-windows (Version: 9.2.3.1031769)
tools-winPre2k (Version: 9.2.3.1031769)
TrueCrypt (Version: 7.1a)
UMPlayer 0.98 [P4] (Version: 0.98)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VMware Workstation (Version: 9.0.2)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (Version: 10/29/2012 1.0.0.148)

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 6027.68 MB
Available physical RAM: 3677.48 MB
Total Pagefile: 6987.68 MB
Available Pagefile: 4151.13 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.89 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:471.05 GB) (Free:406.78 GB) NTFS
2 Drive d: () (Fixed) (Total:292.97 GB) (Free:292.84 GB) NTFS

========================= Users: ========================================

User accounts for \\DAVID

Administrator            DavidR                   Guest                   

**** End of log ****

 

 

 

 

16:21:55.0870 4736  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:21:55.0870 4736  UEFI system
16:21:56.0224 4736  ============================================================
16:21:56.0224 4736  Current date / time: 2013/08/17 16:21:56.0224
16:21:56.0224 4736  SystemInfo:
16:21:56.0224 4736 
16:21:56.0224 4736  OS Version: 6.2.9200 ServicePack: 0.0
16:21:56.0224 4736  Product type: Workstation
16:21:56.0224 4736  ComputerName: DAVID
16:21:56.0224 4736  UserName: DavidR
16:21:56.0224 4736  Windows directory: C:\Windows
16:21:56.0224 4736  System windows directory: C:\Windows
16:21:56.0224 4736  Running under WOW64
16:21:56.0224 4736  Processor architecture: Intel x64
16:21:56.0224 4736  Number of processors: 2
16:21:56.0224 4736  Page size: 0x1000
16:21:56.0224 4736  Boot type: Normal boot
16:21:56.0224 4736  ============================================================
16:21:57.0766 4736  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01,

SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:57.0766 4736  ============================================================
16:21:57.0766 4736  \Device\Harddisk0\DR0:
16:21:57.0766 4736  GPT partitions:
16:21:57.0766 4736  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {329CE1AF-

F76B-48CA-B20A-A5FAD7E2AB75}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
16:21:57.0766 4736  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {605D0A6A-

0F82-4FAC-836B-A6FA9541D23E}, Name: Basic data partition, StartLBA 0x96800, BlocksNum 0x12C000
16:21:57.0766 4736  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {1F42F20F-

7620-4921-B9B2-F21E6A2801A2}, Name: Microsoft reserved partition, StartLBA 0x1C2800, BlocksNum 0x40000
16:21:57.0766 4736  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C894C542-

286B-44CE-B957-740581F7AE24}, Name: Basic data partition, StartLBA 0x202800, BlocksNum 0x3AE1A000
16:21:57.0766 4736  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AEAF05E5-

A227-4D77-8EBF-BF2CC32CAFCD}, Name: Basic data partition, StartLBA 0x3B01C800, BlocksNum 0x124F8000
16:21:57.0766 4736  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {811DE286-

B904-439C-B0E5-48F8C11CEEFC}, Name: Basic data partition, StartLBA 0x4D515000, BlocksNum 0x249F1000
16:21:57.0766 4736  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {4A26645A-

1E43-42E0-BED1-E6C7F4423E90}, Name: Basic data partition, StartLBA 0x71F06800, BlocksNum 0x2800000
16:21:57.0766 4736  MBR partitions:
16:21:57.0766 4736  ============================================================
16:21:57.0813 4736  C: <-> \Device\Harddisk0\DR0\Partition4
16:21:57.0938 4736  D: <-> \Device\Harddisk0\DR0\Partition6
16:21:57.0938 4736  ============================================================
16:21:57.0938 4736  Initialize success
16:21:57.0938 4736  ============================================================
16:22:00.0763 5220  ============================================================
16:22:00.0763 5220  Scan started
16:22:00.0763 5220  Mode: Manual;
16:22:00.0763 5220  ============================================================
16:22:01.0500 5220  ================ Scan system memory ========================
16:22:01.0500 5220  System memory - ok
16:22:01.0500 5220  ================ Scan services =============================
16:22:01.0625 5220  [ ABDCD326E1DD1C62509ED94C278A7453 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
16:22:01.0640 5220  !SASCORE - ok
16:22:01.0921 5220  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
16:22:01.0937 5220  1394ohci - ok
16:22:01.0953 5220  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\Windows\system32\drivers\3ware.sys
16:22:01.0953 5220  3ware - ok
16:22:01.0968 5220  [ A3BDA4D1186C8F47FA1BC8E91F197537 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:22:01.0984 5220  ACPI - ok
16:22:01.0992 5220  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
16:22:01.0992 5220  acpiex - ok
16:22:02.0012 5220  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
16:22:02.0012 5220  acpipagr - ok
16:22:02.0027 5220  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
16:22:02.0027 5220  AcpiPmi - ok
16:22:02.0027 5220  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
16:22:02.0027 5220  acpitime - ok
16:22:02.0074 5220  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:22:02.0074 5220  AdobeARMservice - ok
16:22:02.0248 5220  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe
16:22:02.0248 5220  AdobeFlashPlayerUpdateSvc - ok
16:22:02.0576 5220  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:22:02.0576 5220  adp94xx - ok
16:22:02.0608 5220  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:22:02.0623 5220  adpahci - ok
16:22:02.0639 5220  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:22:02.0639 5220  adpu320 - ok
16:22:02.0670 5220  [ AB34A3211A1D2AB977DE00CD7BC5A464 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:22:02.0670 5220  AeLookupSvc - ok
16:22:02.0701 5220  [ 9E975BDC89C83900B2C534C4E1B018F8 ] AFD             C:\Windows\system32\drivers\afd.sys
16:22:02.0717 5220  AFD - ok
16:22:02.0748 5220  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
16:22:02.0764 5220  AgereSoftModem - ok
16:22:02.0795 5220  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:22:02.0795 5220  agp440 - ok
16:22:02.0811 5220  [ 16F6F6B7903B913AB41AB848C8BB5658 ] AiCharger       C:\Windows\system32\DRIVERS\AiCharger.sys
16:22:02.0811 5220  AiCharger - ok
16:22:02.0826 5220  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\Windows\System32\alg.exe
16:22:02.0826 5220  ALG - ok
16:22:02.0858 5220  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
16:22:02.0873 5220  AllUserInstallAgent - ok
16:22:02.0873 5220  [ FB88D16B55F788EEB7590584FE2D8F1A ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
16:22:02.0873 5220  AmdK8 - ok
16:22:02.0905 5220  [ 81402FF3373CE4DF77D5C874E369A985 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
16:22:02.0905 5220  AmdPPM - ok
16:22:02.0905 5220  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:22:02.0905 5220  amdsata - ok
16:22:02.0936 5220  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:22:02.0936 5220  amdsbs - ok
16:22:02.0951 5220  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:22:02.0951 5220  amdxata - ok
16:22:02.0967 5220  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\Windows\system32\drivers\appid.sys
16:22:02.0967 5220  AppID - ok
16:22:02.0998 5220  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:22:02.0998 5220  AppIDSvc - ok
16:22:02.0998 5220  [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo         C:\Windows\System32\appinfo.dll
16:22:02.0998 5220  Appinfo - ok
16:22:03.0014 5220  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\Windows\system32\drivers\arc.sys
16:22:03.0014 5220  arc - ok
16:22:03.0045 5220  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:22:03.0061 5220  arcsas - ok
16:22:03.0123 5220  [ FA713019412C061385F09BD373BF747A ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey

\ASLDRSrv.exe
16:22:03.0127 5220  ASLDRService - ok
16:22:03.0147 5220  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
16:22:03.0147 5220  ASMMAP64 - ok
16:22:03.0183 5220  [ 6A122B4F0E5293CACFA8A5F2CBA9B356 ] ASUS InstantOn  C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
16:22:03.0187 5220  ASUS InstantOn - ok
16:22:03.0207 5220  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:22:03.0207 5220  AsyncMac - ok
16:22:03.0239 5220  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:22:03.0239 5220  atapi - ok
16:22:03.0317 5220  [ D55EBCD80CA519020338F75E420FDF3F ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
16:22:03.0395 5220  athr - ok
16:22:03.0411 5220  [ DBC598E47E7A382E60E2A4745D41FEF9 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
16:22:03.0411 5220  ATKGFNEXSrv - ok
16:22:03.0442 5220  [ 41CEAFFCF3550785E59E3EC9BEE8D97A ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI

\atkwmiacpi64.sys
16:22:03.0442 5220  ATKWMIACPIIO - ok
16:22:03.0458 5220  [ 437EB91CB20144375DDE145149778405 ] ATP             C:\Windows\System32\drivers\AsusTP.sys
16:22:03.0473 5220  ATP - ok
16:22:03.0505 5220  [ 81C712A88D62B7B30AE961BBE2B88547 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
16:22:03.0505 5220  AudioEndpointBuilder - ok
16:22:03.0520 5220  [ 19F399667D97F9C144AC1FA74D2D881B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:22:03.0536 5220  Audiosrv - ok
16:22:03.0567 5220  [ 958F862A0BC07E539BC9D52DBD2D227B ] Avgwfpa         C:\Windows\system32\DRIVERS\avgwfpa.sys
16:22:03.0567 5220  Avgwfpa - ok
16:22:03.0598 5220  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:22:03.0598 5220  AxInstSV - ok
16:22:03.0630 5220  [ 45C6EC94DE3D466B4B452EA0E3870321 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:22:03.0645 5220  b06bdrv - ok
16:22:03.0661 5220  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
16:22:03.0661 5220  BasicDisplay - ok
16:22:03.0676 5220  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
16:22:03.0676 5220  BasicRender - ok
16:22:03.0708 5220  [ 5BEC02F0A82187227E7457F4600DDFDA ] BDESVC          C:\Windows\System32\bdesvc.dll
16:22:03.0723 5220  BDESVC - ok
16:22:03.0723 5220  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:22:03.0723 5220  Beep - ok
16:22:03.0739 5220  [ 407F85D5387EDBB665A7969DF4D4712B ] BFE             C:\Windows\System32\bfe.dll
16:22:03.0755 5220  BFE - ok
16:22:03.0801 5220  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\Windows\System32\qmgr.dll
16:22:07.0355 5220  BITS - ok
16:22:07.0386 5220  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:22:07.0386 5220  bowser - ok
16:22:07.0417 5220  [ 88F6F0E54F37F99FE7D5513B7623E444 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
16:22:07.0417 5220  BrokerInfrastructure - ok
16:22:07.0417 5220  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\Windows\System32\browser.dll
16:22:07.0417 5220  Browser - ok
16:22:07.0464 5220  [ 6E6439EBD58C1387CB4002C0ECD8C662 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
16:22:07.0464 5220  BstHdAndroidSvc - ok
16:22:07.0511 5220  [ 832EAE5E41094000A54E8D1FC687FB5E ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
16:22:07.0511 5220  BstHdDrv - ok
16:22:07.0542 5220  [ 374239AAF1FB71FA5791C314BCA218EF ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
16:22:07.0589 5220  BstHdLogRotatorSvc - ok
16:22:07.0605 5220  [ 351075A2ADDF86F5C4BA10CA27E8973D ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
16:22:07.0605 5220  BthAvrcpTg - ok
16:22:07.0620 5220  [ 20BACDB113A0195EA5DCB8F3A660BD9A ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
16:22:07.0620 5220  BthEnum - ok
16:22:07.0636 5220  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
16:22:07.0636 5220  BthHFEnum - ok
16:22:07.0667 5220  [ 531D83EA26C5FFAA79F0A1DC3B0698CF ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
16:22:07.0667 5220  bthhfhid - ok
16:22:07.0683 5220  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
16:22:07.0683 5220  BTHMODEM - ok
16:22:07.0699 5220  [ 091BB978E9504D0AD14586929431A957 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:22:07.0699 5220  BthPan - ok
16:22:07.0745 5220  [ 8BD82AE3B077665AFDFAEA6ED5B3937F ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
16:22:07.0745 5220  BTHPORT - ok
16:22:07.0777 5220  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\Windows\system32\bthserv.dll
16:22:07.0777 5220  bthserv - ok
16:22:07.0792 5220  [ 100E21C77568CF4CB7817A2BC3F91B98 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:22:07.0792 5220  BTHUSB - ok
16:22:07.0824 5220  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:22:07.0824 5220  cdfs - ok
16:22:07.0839 5220  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\Windows\System32\drivers\cdrom.sys
16:22:07.0839 5220  cdrom - ok
16:22:07.0870 5220  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:22:07.0870 5220  CertPropSvc - ok
16:22:07.0886 5220  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\Windows\System32\drivers\circlass.sys
16:22:07.0886 5220  circlass - ok
16:22:07.0917 5220  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
16:22:07.0917 5220  CLFS - ok
16:22:07.0933 5220  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
16:22:07.0949 5220  CmBatt - ok
16:22:08.0514 5220  [ D996E50B7CE4B9740697A21F9B25409C ] cmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
16:22:08.0608 5220  cmdAgent - ok
16:22:08.0639 5220  [ 1932DA9360F359BACA8B7B31718798B6 ] cmderd          C:\Windows\system32\DRIVERS\cmderd.sys
16:22:08.0639 5220  cmderd - ok
16:22:08.0795 5220  [ 2336737C2EF855A6A3B1F255AABF0A7B ] cmdGuard        C:\Windows\system32\DRIVERS\cmdguard.sys
16:22:08.0795 5220  cmdGuard - ok
16:22:08.0826 5220  [ 8C44C6725809D975175022CA7810F116 ] cmdhlp          C:\Windows\system32\DRIVERS\cmdhlp.sys
16:22:08.0826 5220  cmdhlp - ok
16:22:08.0858 5220  [ BB2B324DAD05112164F86D85CC4B8880 ] cmdvirth        C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
16:22:08.0858 5220  cmdvirth - ok
16:22:08.0889 5220  [ 1894FD2D5966A81D3B07A7C4D8724D59 ] CNG             C:\Windows\system32\Drivers\cng.sys
16:22:08.0904 5220  CNG - ok
16:22:08.0920 5220  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
16:22:08.0920 5220  CompositeBus - ok
16:22:08.0920 5220  COMSysApp - ok
16:22:08.0936 5220  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\Windows\system32\drivers\condrv.sys
16:22:08.0936 5220  condrv - ok
16:22:09.0045 5220  [ 9F5AFC3EE57412798B1A559B620386A0 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:22:09.0045 5220  cphs - ok
16:22:09.0614 5220  [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:22:09.0614 5220  CryptSvc - ok
16:22:09.0661 5220  [ E8A676D196E9A4DED7A6C74DEA90FA4E ] dam             C:\Windows\system32\drivers\dam.sys
16:22:09.0661 5220  dam - ok
16:22:09.0692 5220  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:22:09.0708 5220  DcomLaunch - ok
16:22:09.0723 5220  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:22:09.0739 5220  defragsvc - ok
16:22:09.0754 5220  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
16:22:09.0754 5220  DeviceAssociationService - ok
16:22:09.0786 5220  [ D7A3877D9E126E21925DA873677C1D65 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
16:22:09.0801 5220  DeviceInstall - ok
16:22:09.0817 5220  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
16:22:09.0817 5220  Dfsc - ok
16:22:09.0848 5220  [ 6DBE7FE196F8E9D212DCC34EDDF7C3C1 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:22:09.0848 5220  Dhcp - ok
16:22:09.0879 5220  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\Windows\system32\drivers\discache.sys
16:22:09.0879 5220  discache - ok
16:22:09.0879 5220  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\Windows\system32\drivers\disk.sys
16:22:09.0895 5220  disk - ok
16:22:09.0895 5220  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
16:22:09.0911 5220  dmvsc - ok
16:22:09.0926 5220  [ 9ACE7E657107EB51E5E89FD883F2FD2D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:22:09.0942 5220  Dnscache - ok
16:22:09.0942 5220  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\Windows\System32\dot3svc.dll
16:22:09.0942 5220  dot3svc - ok
16:22:09.0958 5220  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\Windows\system32\dps.dll
16:22:09.0958 5220  DPS - ok
16:22:10.0304 5220  [ 308195495181C8F3D51E6ED5B58D54AC ] DragonUpdater   C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
16:22:10.0335 5220  DragonUpdater - ok
16:22:10.0367 5220  [ 013C53A30F896F00C563FD53E695AEF4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:22:10.0367 5220  drmkaud - ok
16:22:10.0398 5220  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
16:22:10.0398 5220  DsmSvc - ok
16:22:10.0429 5220  [ C58425E4F1E115BB271FBF3FC348AB11 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:22:10.0445 5220  DXGKrnl - ok
16:22:10.0476 5220  [ 651FBD69A9713D623D456A240F96179C ] e1iexpress      C:\Windows\system32\DRIVERS\e1i63x64.sys
16:22:10.0492 5220  e1iexpress - ok
16:22:10.0523 5220  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\Windows\System32\eapsvc.dll
16:22:10.0523 5220  Eaphost - ok
16:22:10.0585 5220  [ C815C4FAE6A816DFB58975F3D0396692 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:22:10.0663 5220  ebdrv - ok
16:22:10.0695 5220  [ 6E0E63801FBEF27995107B8269BCFAAD ] EFS             C:\Windows\System32\lsass.exe
16:22:10.0695 5220  EFS - ok
16:22:10.0710 5220  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
16:22:10.0710 5220  EhStorClass - ok
16:22:10.0742 5220  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
16:22:10.0742 5220  EhStorTcgDrv - ok
16:22:10.0742 5220  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\Windows\System32\drivers\errdev.sys
16:22:10.0742 5220  ErrDev - ok
16:22:10.0788 5220  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\Windows\system32\es.dll
16:22:10.0788 5220  EventSystem - ok
16:22:10.0804 5220  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:22:10.0804 5220  exfat - ok
16:22:10.0820 5220  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:22:10.0820 5220  fastfat - ok
16:22:10.0867 5220  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\Windows\system32\fxssvc.exe
16:22:10.0867 5220  Fax - ok
16:22:10.0913 5220  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\Windows\System32\drivers\fdc.sys
16:22:10.0913 5220  fdc - ok
16:22:10.0929 5220  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\Windows\system32\fdPHost.dll
16:22:10.0929 5220  fdPHost - ok
16:22:10.0945 5220  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\Windows\system32\fdrespub.dll
16:22:10.0945 5220  FDResPub - ok
16:22:10.0945 5220  [ DFC2156EEC9E0CBC4F8311983567E3AA ] fhsvc           C:\Windows\system32\fhsvc.dll
16:22:10.0945 5220  fhsvc - ok
16:22:10.0976 5220  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:22:10.0976 5220  FileInfo - ok
16:22:10.0976 5220  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:22:10.0976 5220  Filetrace - ok
16:22:11.0007 5220  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
16:22:11.0007 5220  flpydisk - ok
16:22:11.0007 5220  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:22:11.0007 5220  FltMgr - ok
16:22:11.0054 5220  [ 305CB1E16576F436BC8797E629A3D46D ] FontCache       C:\Windows\system32\FntCache.dll
16:22:11.0070 5220  FontCache - ok
16:22:11.0132 5220  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF

\PresentationFontCache.exe
16:22:11.0132 5220  FontCache3.0.0.0 - ok
16:22:11.0168 5220  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:22:11.0168 5220  FsDepends - ok
16:22:11.0176 5220  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:22:11.0176 5220  Fs_Rec - ok
16:22:11.0196 5220  [ 79E687A2829B9EBDF488F78260651094 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:22:11.0200 5220  fvevol - ok
16:22:11.0220 5220  [ 3EF3FCCC0E70EEC5C2AD996F32BBA642 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
16:22:11.0220 5220  FxPPM - ok
16:22:11.0228 5220  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:22:11.0228 5220  gagp30kx - ok
16:22:11.0244 5220  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
16:22:11.0244 5220  gencounter - ok
16:22:11.0275 5220  [ A1F17108F3ED752D2614D767792327C5 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
16:22:11.0275 5220  GPIOClx0101 - ok
16:22:11.0322 5220  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:22:11.0338 5220  gpsvc - ok
16:22:11.0369 5220  [ 3CC07DAD48FA53193AE2F85DD8200B5E ] hcmon           C:\Windows\system32\drivers\hcmon.sys
16:22:11.0369 5220  hcmon - ok
16:22:11.0400 5220  [ 9FC1F11D4D19F61DFE5CC878B4557D3A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:22:11.0400 5220  HdAudAddService - ok
16:22:11.0416 5220  [ 8D6810577E9C4F56DCB8E9BACAC7287B ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
16:22:11.0416 5220  HDAudBus - ok
16:22:11.0431 5220  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
16:22:11.0431 5220  HidBatt - ok
16:22:11.0447 5220  [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth          C:\Windows\System32\drivers\hidbth.sys
16:22:11.0463 5220  HidBth - ok
16:22:11.0478 5220  [ AC0526C4E3A7954F750B8F8D95EFB340 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
16:22:11.0478 5220  hidi2c - ok
16:22:11.0494 5220  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\Windows\System32\drivers\hidir.sys
16:22:11.0494 5220  HidIr - ok
16:22:11.0541 5220  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\Windows\system32\hidserv.dll
16:22:11.0541 5220  hidserv - ok
16:22:11.0572 5220  [ A9F2301B8D28BB4D887F5AEBB55ACB3A ] HIDSwitch       C:\Windows\System32\drivers\AsHIDSwitch64.sys
16:22:11.0572 5220  HIDSwitch - ok
16:22:11.0588 5220  [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
16:22:11.0588 5220  HidUsb - ok
16:22:11.0619 5220  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:22:11.0619 5220  hkmsvc - ok
16:22:11.0634 5220  [ 6CC1AD7B0E071C317B7FB8FC6AEF0EDA ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:22:11.0634 5220  HomeGroupListener - ok
16:22:11.0666 5220  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:22:11.0681 5220  HomeGroupProvider - ok
16:22:11.0697 5220  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:22:11.0697 5220  HpSAMD - ok
16:22:11.0759 5220  [ 47DBBF38E00C3F7404B71F6509241EF1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:22:11.0775 5220  HTTP - ok
16:22:11.0775 5220  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:22:11.0775 5220  hwpolicy - ok
16:22:11.0806 5220  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
16:22:11.0806 5220  hyperkbd - ok
16:22:11.0806 5220  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
16:22:11.0822 5220  HyperVideo - ok
16:22:11.0838 5220  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
16:22:11.0838 5220  i8042prt - ok
16:22:11.0884 5220  [ 0FE66A51D81A25AACEAAE4C26308121D ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
16:22:11.0884 5220  iaStorA - ok
16:22:11.0931 5220  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:22:11.0931 5220  iaStorV - ok
16:22:12.0053 5220  [ ABEFA4BD23329FD9BD47496BF2E58774 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader

\RIconMan.exe
16:22:12.0100 5220  IconMan_R - ok
16:22:12.0622 5220  [ 11A31FC2481BFE69B0507ED8C80215F4 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:22:12.0778 5220  igfx - ok
16:22:12.0809 5220  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:22:12.0809 5220  iirsp - ok
16:22:12.0856 5220  [ 45EACE8D94B9CEC746A85154892C4FDC ] IKEEXT          C:\Windows\System32\ikeext.dll
16:22:12.0872 5220  IKEEXT - ok
16:22:12.0887 5220  [ 2450F67F040479B66737125032DCC16B ] inspect         C:\Windows\system32\DRIVERS\inspect.sys
16:22:12.0887 5220  inspect - ok
16:22:13.0178 5220  [ DF74EBA74729CD86D011AB52111D6802 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:22:13.0237 5220  IntcAzAudAddService - ok
16:22:13.0268 5220  [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
16:22:13.0284 5220  IntcDAud - ok
16:22:13.0378 5220  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS

Client\HeciServer.exe
16:22:13.0393 5220  Intel® Capability Licensing Service Interface - ok
16:22:13.0425 5220  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:22:13.0425 5220  intelide - ok
16:22:13.0456 5220  [ F9E126AA767E2E6E3128434A43C9F713 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
16:22:13.0456 5220  intelppm - ok
16:22:13.0456 5220  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:22:13.0456 5220  IpFilterDriver - ok
16:22:13.0519 5220  [ CAC5202757EF68C4849B0DFFA75F6D3C ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:22:13.0519 5220  iphlpsvc - ok
16:22:13.0550 5220  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
16:22:13.0550 5220  IPMIDRV - ok
16:22:13.0565 5220  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:22:13.0565 5220  IPNAT - ok
16:22:13.0581 5220  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:22:13.0581 5220  IRENUM - ok
16:22:13.0597 5220  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:22:13.0597 5220  isapnp - ok
16:22:13.0628 5220  [ F5F0DE1B7F256997501EECECE9648108 ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
16:22:13.0628 5220  iScsiPrt - ok
16:22:13.0706 5220  [ 78ABBE558F57144047F10A0F50FE4B2F ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine

Components\DAL\jhi_service.exe
16:22:13.0706 5220  jhi_service - ok
16:22:13.0753 5220  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
16:22:13.0753 5220  kbdclass - ok
16:22:13.0769 5220  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
16:22:13.0769 5220  kbdhid - ok
16:22:13.0784 5220  [ A8080BEBCDB7A16495CE1205921DCAC5 ] kbfiltr         C:\Windows\System32\drivers\kbfiltr.sys
16:22:13.0784 5220  kbfiltr - ok
16:22:13.0800 5220  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
16:22:13.0800 5220  kdnic - ok
16:22:13.0815 5220  [ 6E0E63801FBEF27995107B8269BCFAAD ] KeyIso          C:\Windows\system32\lsass.exe
16:22:13.0815 5220  KeyIso - ok
16:22:13.0847 5220  [ A4751040DB14E30E61A4E47481C77274 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:22:13.0847 5220  KSecDD - ok
16:22:13.0847 5220  [ E427D299CFE267A2465D3AAF81440ED9 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:22:13.0847 5220  KSecPkg - ok
16:22:13.0862 5220  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:22:13.0862 5220  ksthunk - ok
16:22:13.0878 5220  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:22:13.0878 5220  KtmRm - ok
16:22:13.0940 5220  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:22:13.0940 5220  LanmanServer - ok
16:22:13.0972 5220  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:22:13.0972 5220  LanmanWorkstation - ok
16:22:13.0995 5220  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:22:13.0995 5220  lltdio - ok
16:22:14.0015 5220  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:22:14.0015 5220  lltdsvc - ok
16:22:14.0031 5220  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:22:14.0031 5220  lmhosts - ok
16:22:14.0062 5220  [ 2C24DC448DBE8DB9BE1441B824C57E79 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine

Components\LMS\LMS.exe
16:22:14.0062 5220  LMS - ok
16:22:14.0093 5220  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:22:14.0093 5220  LSI_SAS - ok
16:22:14.0124 5220  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:22:14.0124 5220  LSI_SAS2 - ok
16:22:14.0140 5220  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:22:14.0144 5220  LSI_SCSI - ok
16:22:14.0168 5220  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
16:22:14.0168 5220  LSI_SSS - ok
16:22:14.0200 5220  [ 8FEFDCEE40B75FD23B4BC60DA6576113 ] LSM             C:\Windows\System32\lsm.dll
16:22:14.0204 5220  LSM - ok
16:22:14.0220 5220  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:22:14.0220 5220  luafv - ok
16:22:14.0236 5220  [ FB365D68B0A9DDEA218DF7D8192A7AF4 ] ManyCam         C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
16:22:14.0236 5220  ManyCam - ok
16:22:14.0283 5220  [ 31C6AFFFAD7C733A65F888929548BC22 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
16:22:14.0283 5220  mbamchameleon - ok
16:22:14.0314 5220  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:22:14.0314 5220  MBAMProtector - ok
16:22:14.0377 5220  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamscheduler.exe
16:22:14.0377 5220  MBAMScheduler - ok
16:22:14.0423 5220  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamservice.exe
16:22:14.0423 5220  MBAMService - ok
16:22:14.0455 5220  [ 5858C4ABE87D0A842A941D6BD08038F1 ] mcaudrv_simple  C:\Windows\system32\drivers\mcaudrv_x64.sys
16:22:14.0455 5220  mcaudrv_simple - ok
16:22:14.0486 5220  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\Windows\system32\drivers\megasas.sys
16:22:14.0486 5220  megasas - ok
16:22:14.0502 5220  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:22:14.0502 5220  MegaSR - ok
16:22:14.0533 5220  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
16:22:14.0533 5220  MEIx64 - ok
16:22:14.0564 5220  [ DBD28A7997CF7303E610989C565C9B29 ] MMCSS           C:\Windows\system32\mmcss.dll
16:22:14.0564 5220  MMCSS - ok
16:22:14.0580 5220  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\Windows\system32\drivers\modem.sys
16:22:14.0580 5220  Modem - ok
16:22:14.0595 5220  [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:22:14.0595 5220  monitor - ok
16:22:14.0611 5220  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\Windows\System32\drivers\mouclass.sys
16:22:14.0611 5220  mouclass - ok
16:22:14.0627 5220  [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
16:22:14.0627 5220  mouhid - ok
16:22:14.0627 5220  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:22:14.0627 5220  mountmgr - ok
16:22:14.0673 5220  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service

\maintenanceservice.exe
16:22:14.0673 5220  MozillaMaintenance - ok
16:22:14.0673 5220  [ 36BF4D86F166ACBC14F0B8B8F90CBCEA ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:22:14.0673 5220  mpsdrv - ok
16:22:14.0720 5220  [ 411EA973A1961C287927DF13891EB41E ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:22:14.0736 5220  MpsSvc - ok
16:22:14.0767 5220  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:22:14.0767 5220  MRxDAV - ok
16:22:14.0783 5220  [ 1EEAA5A62E8C49DDF58798F06F78BFFA ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:22:14.0783 5220  mrxsmb - ok
16:22:14.0798 5220  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:22:14.0798 5220  mrxsmb10 - ok
16:22:14.0814 5220  [ BFBE1EA55ECC15733933D429E384BCA4 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:22:14.0814 5220  mrxsmb20 - ok
16:22:14.0830 5220  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
16:22:14.0830 5220  MsBridge - ok
16:22:14.0845 5220  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\Windows\System32\msdtc.exe
16:22:14.0845 5220  MSDTC - ok
16:22:14.0861 5220  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:22:14.0861 5220  Msfs - ok
16:22:14.0877 5220  [ 62435ABF8D6199659D451DFBC94E773C ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
16:22:14.0892 5220  msgpiowin32 - ok
16:22:14.0908 5220  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:22:14.0908 5220  mshidkmdf - ok
16:22:14.0923 5220  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
16:22:14.0923 5220  mshidumdf - ok
16:22:14.0939 5220  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:22:14.0939 5220  msisadrv - ok
16:22:14.0986 5220  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:22:14.0986 5220  MSiSCSI - ok
16:22:14.0986 5220  msiserver - ok
16:22:15.0002 5220  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:22:15.0002 5220  MSKSSRV - ok
16:22:15.0017 5220  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
16:22:15.0017 5220  MsLldp - ok
16:22:15.0127 5220  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:22:15.0127 5220  MSPCLOCK - ok
16:22:15.0186 5220  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:22:15.0190 5220  MSPQM - ok
16:22:15.0242 5220  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:22:15.0250 5220  MsRPC - ok
16:22:15.0266 5220  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
16:22:15.0266 5220  mssmbios - ok
16:22:15.0282 5220  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:22:15.0282 5220  MSTEE - ok
16:22:15.0297 5220  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
16:22:15.0297 5220  MTConfig - ok
16:22:15.0313 5220  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\Windows\system32\Drivers\mup.sys
16:22:15.0313 5220  Mup - ok
16:22:15.0328 5220  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
16:22:15.0328 5220  mvumis - ok
16:22:15.0360 5220  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\Windows\system32\qagentRT.dll
16:22:15.0375 5220  napagent - ok
16:22:15.0391 5220  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:22:15.0407 5220  NativeWifiP - ok
16:22:15.0422 5220  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\Windows\System32\ncasvc.dll
16:22:15.0422 5220  NcaSvc - ok
16:22:15.0438 5220  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
16:22:15.0438 5220  NcdAutoSetup - ok
16:22:15.0469 5220  [ EAB473DFB958489D3145FE4DD5F5E77B ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:22:15.0469 5220  NDIS - ok
16:22:15.0485 5220  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:22:15.0485 5220  NdisCap - ok
16:22:15.0500 5220  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
16:22:15.0500 5220  NdisImPlatform - ok
16:22:15.0500 5220  [ 8757D4A9701F9F4B59978839F46C32A7 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:22:15.0500 5220  NdisTapi - ok
16:22:15.0516 5220  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:22:15.0516 5220  Ndisuio - ok
16:22:15.0516 5220  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:22:15.0516 5220  NdisWan - ok
16:22:15.0532 5220  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
16:22:15.0532 5220  NDISWANLEGACY - ok
16:22:15.0532 5220  [ FC891984160AAD8D3F047888C6BF1467 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:22:15.0532 5220  NDProxy - ok
16:22:15.0532 5220  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
16:22:15.0547 5220  Ndu - ok
16:22:15.0547 5220  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:22:15.0547 5220  NetBIOS - ok
16:22:15.0563 5220  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:22:15.0563 5220  NetBT - ok
16:22:15.0578 5220  [ 6E0E63801FBEF27995107B8269BCFAAD ] Netlogon        C:\Windows\system32\lsass.exe
16:22:15.0578 5220  Netlogon - ok
16:22:15.0610 5220  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\Windows\System32\netman.dll
16:22:15.0610 5220  Netman - ok
16:22:15.0625 5220  [ 20F6FD63E6D456114BC8056D62792786 ] netprofm        C:\Windows\System32\netprofmsvc.dll
16:22:15.0625 5220  netprofm - ok
16:22:15.0657 5220  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\SMSvcHost.exe
16:22:15.0672 5220  NetTcpPortSharing - ok
16:22:16.0090 5220  [ 57B9C04D673F236D41FAB03842C8640B ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
16:22:16.0280 5220  NETwNs64 - ok
16:22:16.0296 5220  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:22:16.0296 5220  nfrd960 - ok
16:22:16.0390 5220  [ 385A3F3346669DB51644CFF0EA40E345 ] NitroDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Professional

\7.0\NitroPDFDriverService2x64.exe
16:22:16.0390 5220  NitroDriverReadSpool2 - ok
16:22:16.0436 5220  [ 05B42A91867DA3FF71C59747DC785996 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:22:16.0452 5220  NlaSvc - ok
16:22:16.0655 5220  [ B6E56578E167AD7D146F1B316490AC03 ] nlsX86cc        C:\Windows\SysWOW64\NLSSRV32.EXE
16:22:16.0655 5220  nlsX86cc - ok
16:22:17.0015 5220  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:22:17.0030 5220  Npfs - ok
16:22:17.0030 5220  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
16:22:17.0030 5220  npsvctrig - ok
16:22:17.0061 5220  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\Windows\system32\nsisvc.dll
16:22:17.0061 5220  nsi - ok
16:22:17.0077 5220  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:22:17.0093 5220  nsiproxy - ok
16:22:17.0140 5220  [ 4A7EEA9C4AD5CBFDA3C0E5B821C99CAD ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:22:17.0160 5220  Ntfs - ok
16:22:17.0184 5220  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\Windows\system32\drivers\Null.sys
16:22:17.0184 5220  Null - ok
16:22:17.0204 5220  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:22:17.0208 5220  nvraid - ok
16:22:17.0220 5220  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:22:17.0220 5220  nvstor - ok
16:22:17.0236 5220  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:22:17.0236 5220  nv_agp - ok
16:22:17.0298 5220  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source

Engine\OSE.EXE
16:22:17.0298 5220  ose - ok
16:22:17.0454 5220  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared

\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:22:17.0548 5220  osppsvc - ok
16:22:17.0564 5220  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:22:17.0579 5220  p2pimsvc - ok
16:22:17.0658 5220  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:22:17.0658 5220  p2psvc - ok
16:22:17.0720 5220  [ B87EFC9994F53124622FA2A0CAA6D828 ] PAC7302         C:\Windows\system32\DRIVERS\PAC7302.SYS
16:22:17.0736 5220  PAC7302 - ok
16:22:17.0767 5220  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\Windows\System32\drivers\parport.sys
16:22:17.0767 5220  Parport - ok
16:22:17.0783 5220  [ C1D7BA7F0DE487DFEEB51BF8D3EC5562 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:22:17.0783 5220  partmgr - ok
16:22:17.0798 5220  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\Windows\system32\drivers\pci.sys
16:22:17.0798 5220  pci - ok
16:22:17.0814 5220  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:22:17.0814 5220  pciide - ok
16:22:17.0829 5220  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:22:17.0829 5220  pcmcia - ok
16:22:17.0845 5220  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:22:17.0845 5220  pcw - ok
16:22:17.0861 5220  [ 674B0AAFB88A04D313B032C623F6AC9A ] pdc             C:\Windows\system32\drivers\pdc.sys
16:22:17.0861 5220  pdc - ok
16:22:17.0892 5220  [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:22:17.0908 5220  PEAUTH - ok
16:22:17.0986 5220  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:22:17.0986 5220  PerfHost - ok
16:22:18.0508 5220  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\Windows\system32\pla.dll
16:22:18.0570 5220  pla - ok
16:22:18.0602 5220  [ D7A3877D9E126E21925DA873677C1D65 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:22:18.0602 5220  PlugPlay - ok
16:22:18.0633 5220  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:22:18.0633 5220  PNRPAutoReg - ok
16:22:18.0649 5220  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:22:18.0649 5220  PNRPsvc - ok
16:22:18.0680 5220  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:22:18.0696 5220  PolicyAgent - ok
16:22:18.0711 5220  [ AAD0C7235F804728373026EEFFDBCA6C ] Power           C:\Windows\system32\umpo.dll
16:22:18.0727 5220  Power - ok
16:22:18.0774 5220  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:22:18.0774 5220  PptpMiniport - ok
16:22:19.0071 5220  [ 9D59831262CAD44E709D695FC9D5E7AB ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
16:22:19.0121 5220  PrintNotify - ok
16:22:19.0145 5220  [ 8DA167F8967AB35A2487095CB1B879A0 ] Processor       C:\Windows\System32\drivers\processr.sys
16:22:19.0149 5220  Processor - ok
16:22:19.0177 5220  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\Windows\system32\profsvc.dll
16:22:19.0185 5220  ProfSvc - ok
16:22:19.0213 5220  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:22:19.0213 5220  Psched - ok
16:22:19.0249 5220  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service

\PsiService_2.exe
16:22:19.0249 5220  PSI_SVC_2 - ok
16:22:19.0264 5220  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\Windows\system32\qwave.dll
16:22:19.0280 5220  QWAVE - ok
16:22:19.0296 5220  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:22:19.0296 5220  QWAVEdrv - ok
16:22:19.0327 5220  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:22:19.0327 5220  RasAcd - ok
16:22:19.0342 5220  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:22:19.0342 5220  RasAgileVpn - ok
16:22:19.0358 5220  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\Windows\System32\rasauto.dll
16:22:19.0358 5220  RasAuto - ok
16:22:19.0374 5220  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:22:19.0374 5220  Rasl2tp - ok
16:22:19.0405 5220  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\Windows\System32\rasmans.dll
16:22:19.0421 5220  RasMan - ok
16:22:19.0421 5220  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:22:19.0421 5220  RasPppoe - ok
16:22:19.0452 5220  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:22:19.0452 5220  RasSstp - ok
16:22:19.0452 5220  [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:22:19.0467 5220  rdbss - ok
16:22:19.0467 5220  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
16:22:19.0467 5220  rdpbus - ok
16:22:19.0483 5220  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:22:19.0483 5220  RDPDR - ok
16:22:19.0499 5220  [ 3B4F32CA8B37584ECF98BCE136E38B96 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:22:19.0499 5220  RdpVideoMiniport - ok
16:22:19.0530 5220  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:22:19.0530 5220  RDPWD - ok
16:22:19.0561 5220  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:22:19.0577 5220  rdyboost - ok
16:22:19.0608 5220  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:22:19.0608 5220  RemoteAccess - ok
16:22:19.0624 5220  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:22:19.0624 5220  RemoteRegistry - ok
16:22:19.0639 5220  [ 17EF582CBC4809F96B9E6D0543480763 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:22:19.0639 5220  RFCOMM - ok
16:22:19.0686 5220  [ 381E606B90F32E501D1E2C852D211AB9 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:22:19.0686 5220  RpcEptMapper - ok
16:22:19.0717 5220  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\Windows\system32\locator.exe
16:22:19.0733 5220  RpcLocator - ok
16:22:19.0811 5220  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\Windows\system32\rpcss.dll
16:22:19.0827 5220  RpcSs - ok
16:22:19.0858 5220  [ CED82FC17230CAE5AE7DE24A19D31361 ] RSBASTOR        C:\Windows\system32\DRIVERS\RtsBaStor.sys
16:22:19.0858 5220  RSBASTOR - ok
16:22:19.0874 5220  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:22:19.0874 5220  rspndr - ok
16:22:19.0921 5220  [ 7D9DA8EC6784A9EE213C676709D46BE6 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
16:22:19.0921 5220  RTL8168 - ok
16:22:19.0952 5220  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
16:22:19.0952 5220  s3cap - ok
16:22:19.0983 5220  [ 6E0E63801FBEF27995107B8269BCFAAD ] SamSs           C:\Windows\system32\lsass.exe
16:22:19.0983 5220  SamSs - ok
16:22:20.0073 5220  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
16:22:20.0104 5220  SASDIFSV - ok
16:22:20.0120 5220  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
16:22:20.0120 5220  SASKUTIL - ok
16:22:20.0160 5220  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:22:20.0164 5220  sbp2port - ok
16:22:20.0188 5220  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:22:20.0192 5220  SCardSvr - ok
16:22:20.0208 5220  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:22:20.0208 5220  scfilter - ok
16:22:20.0236 5220  [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule        C:\Windows\system32\schedsvc.dll
16:22:20.0251 5220  Schedule - ok
16:22:20.0283 5220  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:22:20.0283 5220  SCPolicySvc - ok
16:22:20.0298 5220  [ 6D3A4C1E3E809C02476B32ACB68C1707 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
16:22:20.0298 5220  sdbus - ok
16:22:20.0330 5220  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:22:20.0330 5220  SDRSVC - ok
16:22:20.0361 5220  [ 6BF842A03DAA25CBBA9A585E25731E06 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
16:22:20.0361 5220  sdstor - ok
16:22:20.0376 5220  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:22:20.0376 5220  secdrv - ok
16:22:20.0408 5220  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\Windows\system32\seclogon.dll
16:22:20.0408 5220  seclogon - ok
16:22:20.0423 5220  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\Windows\System32\sens.dll
16:22:20.0423 5220  SENS - ok
16:22:20.0439 5220  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:22:20.0439 5220  SensrSvc - ok
16:22:20.0455 5220  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\Windows\system32\drivers\SerCx.sys
16:22:20.0455 5220  SerCx - ok
16:22:20.0486 5220  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\Windows\System32\drivers\serenum.sys
16:22:20.0486 5220  Serenum - ok
16:22:20.0501 5220  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\Windows\System32\drivers\serial.sys
16:22:20.0501 5220  Serial - ok
16:22:20.0517 5220  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\Windows\System32\drivers\sermouse.sys
16:22:20.0517 5220  sermouse - ok
16:22:20.0564 5220  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\Windows\system32\sessenv.dll
16:22:20.0564 5220  SessionEnv - ok
16:22:20.0595 5220  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
16:22:20.0595 5220  sfloppy - ok
16:22:20.0626 5220  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:22:20.0626 5220  SharedAccess - ok
16:22:20.0658 5220  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:22:20.0673 5220  ShellHWDetection - ok
16:22:20.0689 5220  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:22:20.0689 5220  SiSRaid2 - ok
16:22:20.0736 5220  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:22:20.0736 5220  SiSRaid4 - ok
16:22:20.0798 5220  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:22:20.0798 5220  SNMPTRAP - ok
16:22:20.0830 5220  [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
16:22:20.0830 5220  spaceport - ok
16:22:20.0861 5220  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
16:22:20.0861 5220  SpbCx - ok
16:22:20.0908 5220  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\Windows\System32\spoolsv.exe
16:22:20.0923 5220  Spooler - ok
16:22:21.0170 5220  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:22:21.0206 5220  sppsvc - ok
16:22:21.0281 5220  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:22:21.0281 5220  srv - ok
16:22:21.0328 5220  [ 0DE224F7B8041B17AA53D00327A86396 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:22:21.0328 5220  srv2 - ok
16:22:21.0343 5220  [ 9400C71F5A1A380B494B6922F007D485 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:22:21.0343 5220  srvnet - ok
16:22:21.0375 5220  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\System32\drivers\ssadbus.sys
16:22:21.0390 5220  ssadbus - ok
16:22:21.0406 5220  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
16:22:21.0406 5220  ssadmdfl - ok
16:22:21.0422 5220  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
16:22:21.0422 5220  ssadmdm - ok
16:22:21.0453 5220  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:22:21.0468 5220  SSDPSRV - ok
16:22:21.0468 5220  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:22:21.0484 5220  SstpSvc - ok
16:22:21.0500 5220  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:22:21.0500 5220  stexstor - ok
16:22:21.0531 5220  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\Windows\System32\wiaservc.dll
16:22:21.0547 5220  stisvc - ok
16:22:21.0562 5220  [ C588BBD37B432CE3204E5765B459E6B2 ] storahci        C:\Windows\system32\drivers\storahci.sys
16:22:21.0562 5220  storahci - ok
16:22:21.0593 5220  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
16:22:21.0593 5220  storflt - ok
16:22:21.0609 5220  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\Windows\system32\storsvc.dll
16:22:21.0625 5220  StorSvc - ok
16:22:21.0640 5220  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:22:21.0640 5220  storvsc - ok
16:22:21.0640 5220  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\Windows\system32\svsvc.dll
16:22:21.0656 5220  svsvc - ok
16:22:21.0656 5220  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\Windows\System32\drivers\swenum.sys
16:22:21.0656 5220  swenum - ok
16:22:21.0687 5220  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\Windows\System32\swprv.dll
16:22:21.0703 5220  swprv - ok
16:22:21.0750 5220  [ DC21E1F06343773D7E24362DCEF7944B ] SysMain         C:\Windows\system32\sysmain.dll
16:22:21.0765 5220  SysMain - ok
16:22:21.0765 5220  [ F1DA8D3C4395E4B1D58D308A4B062B24 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
16:22:21.0781 5220  SystemEventsBroker - ok
16:22:21.0781 5220  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
16:22:21.0797 5220  TabletInputService - ok
16:22:21.0797 5220  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:22:21.0812 5220  TapiSrv - ok
16:22:21.0859 5220  [ AF6A8D27FCABFF85DDC1D4599582B4FE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:22:21.0890 5220  Tcpip - ok
16:22:21.0906 5220  [ AF6A8D27FCABFF85DDC1D4599582B4FE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:22:21.0937 5220  TCPIP6 - ok
16:22:21.0937 5220  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:22:21.0937 5220  tcpipreg - ok
16:22:21.0968 5220  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:22:21.0984 5220  tdx - ok
16:22:22.0004 5220  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
16:22:22.0008 5220  terminpt - ok
16:22:22.0039 5220  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\Windows\System32\termsrv.dll
16:22:22.0039 5220  TermService - ok
16:22:22.0055 5220  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\Windows\system32\themeservice.dll
16:22:22.0055 5220  Themes - ok
16:22:22.0086 5220  [ DBD28A7997CF7303E610989C565C9B29 ] THREADORDER     C:\Windows\system32\mmcss.dll
16:22:22.0086 5220  THREADORDER - ok
16:22:22.0102 5220  [ 2A8B087AE47AC8486859CF479BB704C8 ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
16:22:22.0117 5220  TimeBroker - ok
16:22:22.0165 5220  [ 151BD0387B1B320CC9AACE6DB071803B ] TPM             C:\Windows\system32\drivers\tpm.sys
16:22:22.0169 5220  TPM - ok
16:22:22.0185 5220  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\Windows\System32\trkwks.dll
16:22:22.0189 5220  TrkWks - ok
16:22:22.0221 5220  [ 370A6907DDF79532A39319492B1FA38A ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
16:22:22.0225 5220  truecrypt - ok
16:22:22.0272 5220  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:22:22.0272 5220  TrustedInstaller - ok
16:22:22.0287 5220  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:22:22.0303 5220  TsUsbFlt - ok
16:22:22.0319 5220  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
16:22:22.0319 5220  TsUsbGD - ok
16:22:22.0350 5220  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:22:22.0350 5220  tunnel - ok
16:22:22.0350 5220  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:22:22.0365 5220  uagp35 - ok
16:22:22.0381 5220  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
16:22:22.0381 5220  UASPStor - ok
16:22:22.0381 5220  [ AA48AEC5CEB2AA8ED1B1A5758B017F72 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
16:22:22.0381 5220  UCX01000 - ok
16:22:22.0412 5220  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:22:22.0412 5220  udfs - ok
16:22:22.0444 5220  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:22:22.0444 5220  UI0Detect - ok
16:22:22.0459 5220  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:22:22.0459 5220  uliagpkx - ok
16:22:22.0475 5220  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\Windows\System32\drivers\umbus.sys
16:22:22.0475 5220  umbus - ok
16:22:22.0506 5220  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\Windows\System32\drivers\umpass.sys
16:22:22.0506 5220  UmPass - ok
16:22:22.0522 5220  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\Windows\System32\umrdp.dll
16:22:22.0537 5220  UmRdpService - ok
16:22:22.0615 5220  [ E1A119AD21F5AFE22EB516C549306D3D ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine

Components\UNS\UNS.exe
16:22:22.0615 5220  UNS - ok
16:22:22.0709 5220  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\Windows\System32\upnphost.dll
16:22:22.0709 5220  upnphost - ok
16:22:22.0772 5220  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
16:22:22.0772 5220  usbccgp - ok
16:22:22.0787 5220  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
16:22:22.0787 5220  usbcir - ok
16:22:22.0787 5220  [ 742BAFBB51C5B7811098ADE8C7EF5534 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
16:22:22.0803 5220  usbehci - ok
16:22:22.0819 5220  [ 566A32B2054C8E5360DB7839F64D0F58 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
16:22:22.0834 5220  usbhub - ok
16:22:22.0834 5220  [ 12EAB6FB15B572D9C6D9FFC33F87EC3F ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
16:22:22.0850 5220  USBHUB3 - ok
16:22:22.0850 5220  [ F656F5D696A921DA67E98CF9C2BEDA20 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
16:22:22.0865 5220  usbohci - ok
16:22:22.0897 5220  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\Windows\System32\drivers\usbprint.sys
16:22:22.0897 5220  usbprint - ok
16:22:22.0912 5220  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
16:22:22.0912 5220  USBSTOR - ok
16:22:22.0928 5220  [ 1BBB5F562E80CF9E2F1587150FE3216E ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
16:22:22.0928 5220  usbuhci - ok
16:22:22.0944 5220  [ 75357960FD491E12416342CA12975FDA ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:22:22.0944 5220  usbvideo - ok
16:22:22.0959 5220  [ 8ABF3C3ED6BF5ED15DC947795FF6ACAC ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
16:22:22.0975 5220  USBXHCI - ok
16:22:22.0990 5220  [ 6E0E63801FBEF27995107B8269BCFAAD ] VaultSvc        C:\Windows\system32\lsass.exe
16:22:22.0990 5220  VaultSvc - ok
16:22:23.0022 5220  [ 9024E915F803431E2C2C85070DC919FB ] VCam_WDM        C:\Windows\system32\DRIVERS\VCam_WDM.sys
16:22:23.0022 5220  VCam_WDM - ok
16:22:23.0037 5220  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:22:23.0037 5220  vdrvroot - ok
16:22:23.0069 5220  [ 728C2DEEE875D6968632638922D6A1D7 ] vds             C:\Windows\System32\vds.exe
16:22:23.0084 5220  vds - ok
16:22:23.0084 5220  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
16:22:23.0084 5220  VerifierExt - ok
16:22:23.0131 5220  [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
16:22:23.0131 5220  vhdmp - ok
16:22:23.0151 5220  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\Windows\system32\drivers\viaide.sys
16:22:23.0155 5220  viaide - ok
16:22:23.0159 5220  VMAuthdService - ok
16:22:23.0191 5220  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:22:23.0191 5220  vmbus - ok
16:22:23.0211 5220  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
16:22:23.0215 5220  VMBusHID - ok
16:22:23.0239 5220  [ 6203C901DEFF10631AAD919B3BD1489B ] vmci            C:\Windows\system32\drivers\vmci.sys
16:22:23.0239 5220  vmci - ok
16:22:23.0262 5220  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
16:22:23.0262 5220  vmicheartbeat - ok
16:22:23.0278 5220  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
16:22:23.0278 5220  vmickvpexchange - ok
16:22:23.0294 5220  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\Windows\System32\ICSvc.dll
16:22:23.0294 5220  vmicrdv - ok
16:22:23.0294 5220  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
16:22:23.0294 5220  vmicshutdown - ok
16:22:23.0309 5220  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\Windows\System32\ICSvc.dll
16:22:23.0309 5220  vmictimesync - ok
16:22:23.0340 5220  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\Windows\System32\ICSvc.dll
16:22:23.0356 5220  vmicvss - ok
16:22:23.0403 5220  [ AEF53B47E960F227BF7638A6A1A9D5C6 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
16:22:23.0403 5220  VMnetAdapter - ok
16:22:23.0434 5220  [ C234A1DC2F06A15B9210787F54253810 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
16:22:23.0434 5220  VMnetBridge - ok
16:22:23.0434 5220  VMnetDHCP - ok
16:22:23.0450 5220  [ 25FBBC8C168AEE1753C330352EA6D009 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
16:22:23.0450 5220  VMnetuserif - ok
16:22:23.0481 5220  [ 415B167695C4B5960A13098622EF3D80 ] vmusb           C:\Windows\System32\Drivers\vmusb.sys
16:22:23.0481 5220  vmusb - ok
16:22:23.0528 5220  [ B55A8DADA1D825B73C811101B06E012F ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-

usbarbitrator64.exe
16:22:23.0544 5220  VMUSBArbService - ok
16:22:23.0544 5220  VMware NAT Service - ok
16:22:23.0559 5220  VMwareHostd - ok
16:22:23.0606 5220  [ D37CB37BF3FB6612BCA19D81EFA16122 ] vmx86           C:\Windows\system32\drivers\vmx86.sys
16:22:23.0622 5220  vmx86 - ok
16:22:23.0653 5220  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:22:23.0653 5220  volmgr - ok
16:22:23.0669 5220  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:22:23.0669 5220  volmgrx - ok
16:22:23.0684 5220  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:22:23.0684 5220  volsnap - ok
16:22:23.0715 5220  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\Windows\System32\drivers\vpci.sys
16:22:23.0731 5220  vpci - ok
16:22:23.0747 5220  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:22:23.0747 5220  vsmraid - ok
16:22:23.0762 5220  [ EF1E48D431223F670CFFD6169B1A136F ] vsock           C:\Windows\system32\drivers\vsock.sys
16:22:23.0762 5220  vsock - ok
16:22:23.0809 5220  [ EA658570314042C914964FC72AB50E6B ] VSS             C:\Windows\system32\vssvc.exe
16:22:23.0825 5220  VSS - ok
16:22:24.0118 5220  [ 65EFAEC68FA234F36880533A79D7B1C1 ] vstor2-mntapi10-shared C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
16:22:24.0118 5220  vstor2-mntapi10-shared - ok
16:22:24.0578 5220  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
16:22:24.0578 5220  VSTXRAID - ok
16:22:24.0593 5220  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:22:24.0593 5220  vwifibus - ok
16:22:24.0609 5220  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:22:24.0609 5220  vwififlt - ok
16:22:24.0609 5220  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:22:24.0609 5220  vwifimp - ok
16:22:24.0640 5220  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\Windows\system32\w32time.dll
16:22:24.0656 5220  W32Time - ok
16:22:24.0671 5220  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
16:22:24.0671 5220  WacomPen - ok
16:22:24.0687 5220  [ B69492CBD928534160594A7B33602575 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:22:24.0687 5220  Wanarp - ok
16:22:24.0687 5220  [ B69492CBD928534160594A7B33602575 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:22:24.0687 5220  Wanarpv6 - ok
16:22:24.0749 5220  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\Windows\system32\wbengine.exe
16:22:24.0765 5220  wbengine - ok
16:22:24.0796 5220  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:22:24.0812 5220  WbioSrvc - ok
16:22:24.0812 5220  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
16:22:24.0828 5220  Wcmsvc - ok
16:22:24.0828 5220  [ 68C2831A05A339DA8462C6F45BFCB84C ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:22:24.0843 5220  wcncsvc - ok
16:22:24.0859 5220  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:22:24.0859 5220  WcsPlugInService - ok
16:22:24.0874 5220  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\Windows\system32\drivers\wd.sys
16:22:24.0874 5220  Wd - ok
16:22:24.0890 5220  [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
16:22:24.0890 5220  WdBoot - ok
16:22:24.0921 5220  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:22:24.0937 5220  Wdf01000 - ok
16:22:24.0953 5220  [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
16:22:24.0968 5220  WdFilter - ok
16:22:24.0984 5220  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:22:24.0984 5220  WdiServiceHost - ok
16:22:24.0984 5220  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:22:24.0999 5220  WdiSystemHost - ok
16:22:25.0015 5220  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\Windows\System32\webclnt.dll
16:22:25.0015 5220  WebClient - ok
16:22:25.0046 5220  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:22:25.0046 5220  Wecsvc - ok
16:22:25.0062 5220  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:22:25.0062 5220  wercplsupport - ok
16:22:25.0078 5220  [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:22:25.0093 5220  WerSvc - ok
16:22:25.0093 5220  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
16:22:25.0093 5220  WFPLWFS - ok
16:22:25.0124 5220  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\Windows\System32\wiarpc.dll
16:22:25.0128 5220  WiaRpc - ok
16:22:25.0152 5220  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:22:25.0156 5220  WIMMount - ok
16:22:25.0188 5220  WinDefend - ok
16:22:25.0307 5220  [ 1369928779943B5C7AABA263E6E2BBC1 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
16:22:25.0322 5220  WinHttpAutoProxySvc - ok
16:22:25.0369 5220  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:22:25.0385 5220  Winmgmt - ok
16:22:25.0463 5220  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:22:25.0525 5220  WinRM - ok
16:22:25.0557 5220  [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
16:22:25.0557 5220  WinUsb - ok
16:22:25.0603 5220  [ CAC452B32656A0A51356912F4A9943CA ] WlanSvc         C:\Windows\System32\wlansvc.dll
16:22:25.0619 5220  WlanSvc - ok
16:22:25.0650 5220  [ 08EFA13A2234C8C3B8A99E4B88BE7E9B ] wlidsvc         C:\Windows\system32\wlidsvc.dll
16:22:25.0713 5220  wlidsvc - ok
16:22:25.0729 5220  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
16:22:25.0729 5220  WmiAcpi - ok
16:22:25.0775 5220  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:22:25.0775 5220  wmiApSrv - ok
16:22:25.0807 5220  WMPNetworkSvc - ok
16:22:25.0822 5220  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
16:22:25.0822 5220  wpcfltr - ok
16:22:25.0854 5220  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:22:25.0869 5220  WPCSvc - ok
16:22:25.0869 5220  [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:22:25.0885 5220  WPDBusEnum - ok
16:22:25.0900 5220  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
16:22:25.0900 5220  WpdUpFltr - ok
16:22:25.0916 5220  [ 58D492F986EC519ECDD54D93618758F8 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:22:25.0916 5220  ws2ifsl - ok
16:22:26.0053 5220  [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:22:26.0053 5220  wscsvc - ok
16:22:26.0100 5220  [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
16:22:26.0100 5220  WSDPrintDevice - ok
16:22:26.0131 5220  [ 6ED437C0BE2280AF78070B4BEDD0D221 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
16:22:26.0131 5220  WSDScan - ok
16:22:26.0139 5220  WSearch - ok
16:22:26.0227 5220  [ FEC16FE5EAC2D8CD4628B69667B90DE6 ] WSService       C:\Windows\System32\WSService.dll
16:22:26.0251 5220  WSService - ok
16:22:26.0470 5220  [ C80DB258C195ACBF86ED42B53554EB28 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:22:26.0548 5220  wuauserv - ok
16:22:26.0548 5220  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:22:26.0548 5220  WudfPf - ok
16:22:26.0579 5220  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
16:22:26.0579 5220  WUDFRd - ok
16:22:26.0595 5220  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP    C:\Windows\system32\DRIVERS\WUDFRd.sys
16:22:26.0595 5220  WUDFSensorLP - ok
16:22:26.0610 5220  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:22:26.0626 5220  wudfsvc - ok
16:22:26.0641 5220  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
16:22:26.0641 5220  WUDFWpdFs - ok
16:22:26.0657 5220  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
16:22:26.0657 5220  WUDFWpdMtp - ok
16:22:26.0720 5220  [ 9FE55B90B1778C4FE351ECD1AEFD8AAF ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:22:26.0766 5220  WwanSvc - ok
16:22:26.0829 5220  ‮etadpug - ok
16:22:26.0829 5220  ================ Scan global ===============================
16:22:26.0860 5220  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
16:22:26.0891 5220  [ B36597EF454D4FEA2F11429A9A1424BD ] C:\Windows\system32\winsrv.dll
16:22:26.0923 5220  [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
16:22:26.0954 5220  [ 754A2CC1F32107EA87CBD305ABE3E618 ] C:\Windows\system32\services.exe
16:22:26.0970 5220  [Global] - ok
16:22:26.0970 5220  ================ Scan MBR ==================================
16:22:26.0970 5220  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
16:22:26.0985 5220  \Device\Harddisk0\DR0 - ok
16:22:26.0985 5220  ================ Scan VBR ==================================
16:22:26.0985 5220  [ A6822ECFA78D27FEE80B12210B5597C2 ] \Device\Harddisk0\DR0\Partition1
16:22:26.0985 5220  \Device\Harddisk0\DR0\Partition1 - ok
16:22:27.0001 5220  [ C62E4CF175E6829FADE1BD6AF0BA5F6D ] \Device\Harddisk0\DR0\Partition2
16:22:27.0001 5220  \Device\Harddisk0\DR0\Partition2 - ok
16:22:27.0001 5220  [ CB80690E2997A1BAD86C7537FF18D3F4 ] \Device\Harddisk0\DR0\Partition3
16:22:27.0001 5220  \Device\Harddisk0\DR0\Partition3 - ok
16:22:27.0016 5220  [ 148F668FBAA88DA4EF0D429C3A0A2BCC ] \Device\Harddisk0\DR0\Partition4
16:22:27.0016 5220  \Device\Harddisk0\DR0\Partition4 - ok
16:22:27.0048 5220  [ C8501FD830AE3FCCF396893677CD2EAD ] \Device\Harddisk0\DR0\Partition5
16:22:27.0063 5220  \Device\Harddisk0\DR0\Partition5 - ok
16:22:27.0095 5220  [ 59C581204B6BC5506957B045C3485212 ] \Device\Harddisk0\DR0\Partition6
16:22:27.0138 5220  \Device\Harddisk0\DR0\Partition6 - ok
16:22:27.0170 5220  [ 6FC8D288DE766EA14987EBEE86676264 ] \Device\Harddisk0\DR0\Partition7
16:22:27.0174 5220  \Device\Harddisk0\DR0\Partition7 - ok
16:22:27.0174 5220  ============================================================
16:22:27.0174 5220  Scan finished
16:22:27.0174 5220  ============================================================
16:22:27.0182 6072  Detected object count: 0
16:22:27.0182 6072  Actual detected object count: 0



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 17 August 2013 - 08:59 PM


Hello snorkerz

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 snorkerz

snorkerz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 18 August 2013 - 04:47 AM

Thankyou Gringo.

 

AdwCleaner:

 

# AdwCleaner v2.306 - Logfile created 08/18/2013 at 10:04:26
# Updated 19/07/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : DavidR - DAVID
# Boot Mode : Normal
# Running from : C:\Users\DavidR\Downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\DavidR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\Users\DavidR\AppData\Local\jZip
Folder Deleted : C:\Users\DavidR\AppData\Local\Temp\jZip

***** [Registry] *****

Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freemake Video Converter_is1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16384

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\DavidR\AppData\Roaming\Mozilla\Firefox\Profiles\rwovuzkv.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\DavidR\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [4583 octets] - [07/05/2013 12:03:42]
AdwCleaner[R3].txt - [2114 octets] - [18/08/2013 10:02:25]
AdwCleaner[S1].txt - [4906 octets] - [07/05/2013 12:06:13]
AdwCleaner[S2].txt - [2075 octets] - [18/08/2013 10:04:26]

########## EOF - C:\AdwCleaner[S2].txt - [2135 octets] ##########

 

 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.9 (08.17.2013:3)
OS: Windows 8 x64
Ran by DavidR on 18/08/2013 at 10:14:21.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

 

~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

 

~~~ Folders

 

~~~ FireFox

Emptied folder: C:\Users\DavidR\AppData\Roaming\mozilla\firefox\profiles\rwovuzkv.default\minidumps [1 files]

 

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/08/2013 at 10:39:04.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Machine does not seem to be running slowly, but my usual use is not very memory/processor intensive.  The only sign on my system of zaccess was via Malwarebytes but I have not run that to check if the problem is still there in case it interferes with the process you are following.

 

Thanks for your help so far.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 18 August 2013 - 06:55 AM


Hello snorkerz

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 snorkerz

snorkerz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 18 August 2013 - 08:05 AM

ComboFix 13-08-18.01 - DavidR 18/08/2013  13:30:07.1.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.6028.4491 [GMT 1:00]
Running from: c:\users\DavidR\Desktop\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetStretch.exe
c:\users\DavidR\Documents\~WRL0302.tmp
c:\users\DavidR\Documents\~WRL2630.tmp
c:\windows\msvcr71.dll
c:\windows\PFRO.log
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-18 to 2013-08-18  )))))))))))))))))))))))))))))))
.
.
2013-08-18 09:14 . 2013-08-18 09:14 -------- d-----w- c:\windows\ERUNT
2013-08-17 13:24 . 2013-08-17 13:24 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-17 10:59 . 2013-08-17 10:59 -------- d-----w- c:\users\DavidR\AppData\Roaming\SUPERAntiSpyware.com
2013-08-17 10:59 . 2013-08-17 10:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-17 10:59 . 2013-08-17 10:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-08-17 10:56 . 2013-08-17 10:56 -------- d-----w- c:\program files (x86)\SpywareBlaster
2013-08-17 10:56 . 2010-01-10 18:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2013-08-17 10:54 . 2013-08-17 10:54 -------- d-----w- c:\programdata\AVG2013
2013-08-17 10:52 . 2013-08-17 10:55 -------- d-----w- c:\programdata\MFAData
2013-08-17 10:52 . 2013-08-17 10:52 -------- d-----w- c:\users\DavidR\AppData\Local\MFAData
2013-08-17 10:52 . 2013-08-17 10:52 -------- d-----w- c:\users\DavidR\AppData\Local\Avg2013
2013-08-17 10:36 . 2013-08-17 10:36 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2013-08-17 09:16 . 2013-08-17 09:16 -------- d-----w- c:\users\DavidR\AppData\Roaming\Malwarebytes
2013-08-17 09:16 . 2013-08-17 09:16 -------- d-----w- c:\programdata\Malwarebytes
2013-08-17 09:16 . 2013-08-17 09:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-17 09:16 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-17 09:11 . 2013-08-17 09:11 -------- d-----w- c:\users\DavidR\AppData\Local\Lunarsoft
2013-08-17 09:11 . 2013-08-17 09:11 -------- d-----w- c:\program files (x86)\Lunarsoft
2013-08-16 18:22 . 2013-08-16 18:31 -------- d-----w- c:\program files (x86)\AAALOGO
2013-08-13 22:51 . 2013-08-13 22:51 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-08-08 06:31 . 2013-08-08 06:31 261808 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10213.bin
2013-08-05 15:46 . 2013-02-26 01:28 67664 ----a-w- c:\windows\system32\drivers\vmx86.sys
2013-08-04 10:00 . 2013-08-04 10:00 -------- d-----w- c:\program files\CCleaner
2013-08-02 08:15 . 2012-10-24 13:17 67224 ----a-w- c:\windows\system32\vsocklib.dll
2013-08-02 08:15 . 2012-10-24 13:17 70296 ----a-w- c:\windows\system32\drivers\vsock.sys
2013-08-02 08:15 . 2012-10-24 13:17 63128 ----a-w- c:\windows\SysWow64\vsocklib.dll
2013-08-02 08:14 . 2013-02-26 01:28 357456 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2013-08-02 08:14 . 2013-02-26 01:28 436304 ----a-w- c:\windows\SysWow64\vmnat.exe
2013-08-02 08:14 . 2013-02-26 01:28 30800 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2013-08-02 08:14 . 2013-02-26 01:29 933968 ----a-w- c:\windows\system32\vnetlib64.dll
2013-08-02 08:14 . 2012-10-11 15:15 52376 ----a-w- c:\windows\system32\drivers\hcmon.sys
2013-08-02 08:14 . 2013-08-02 08:14 -------- d-----w- c:\program files\Common Files\VMware
2013-08-02 08:14 . 2013-08-02 08:14 -------- d-----w- c:\program files (x86)\VMware
2013-08-02 08:14 . 2013-08-02 08:14 -------- d-----w- c:\program files (x86)\Common Files\VMware
2013-08-01 15:48 . 2013-08-01 15:48 57096 ----a-w- c:\windows\system32\certsentry.dll
2013-08-01 15:48 . 2013-08-01 15:48 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-18 09:06 . 2013-02-24 12:45 380 ----a-w- c:\users\DavidR\AppData\Roaming\sp_data.sys
2013-07-09 00:28 . 2013-07-09 00:28 248632 ----a-w- c:\windows\system32\drivers\avgwfpa.sys
2013-07-08 20:59 . 2013-04-15 17:38 713776 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-06-23 13:18 . 2013-06-23 13:18 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-06-18 15:16 . 2013-04-25 10:05 118400 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-06-18 15:16 . 2013-04-15 17:38 37560 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 15:16 . 2013-04-15 17:38 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-06-18 15:15 . 2013-04-15 17:38 43216 ----a-w- c:\windows\system32\cmdcsr.dll
2013-06-18 15:15 . 2013-04-23 14:04 348584 ----a-w- c:\windows\SysWow64\guard32.dll
2013-06-18 15:15 . 2013-04-23 14:04 437688 ----a-w- c:\windows\system32\guard64.dll
2013-06-18 15:15 . 2013-04-15 17:38 45784 ----a-w- c:\windows\system32\cmdkbd64.dll
2013-06-18 15:15 . 2013-04-15 17:38 344792 ----a-w- c:\windows\system32\cmdvrt64.dll
2013-06-18 15:15 . 2013-04-15 17:38 278232 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2013-06-18 15:15 . 2013-04-15 17:38 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2013-06-14 09:09 . 2013-06-14 09:09 121696 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2013-06-12 20:48 . 2013-05-14 15:35 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-12 20:48 . 2013-05-14 15:35 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 20:47 . 2013-06-20 09:37 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-23 11:00 . 2013-02-24 12:47 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2012-11-08 1717872]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2013-06-23 1516496]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-07-26 109784]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-08-17 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSPanel.exe" [2012-07-24 3411328]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-06-10 601928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-9-6 549040]
CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-4-18 48248]
FreeStyle Auto-Assist.lnk - c:\program files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe [2013-6-18 64336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 ?etadpug;Google Update Service (gupdate);c:\program files (x86)\Google\Desktop\Install\{427abdf7-0921-9404-e3b5-b3c46aa3750b}\   \...\???\{427abdf7-0921-9404-e3b5-b3c46aa3750b}\GoogleUpdate.exe <;c:\program files (x86)\Google\Desktop\Install\{427abdf7-0921-9404-e3b5-b3c46aa3750b}\   \...\???\{427abdf7-0921-9404-e3b5-b3c46aa3750b}\GoogleUpdate.exe < [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 VMwareHostd;VMware Workstation Server;z:\system\vm\vmware-hostd.exe;z:\system\vm\vmware-hostd.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\System32\drivers\ssadbus.sys;c:\windows\SYSNATIVE\drivers\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 VCam_WDM;Virtual Webcam 8.0;c:\windows\system32\DRIVERS\VCam_WDM.sys;c:\windows\SYSNATIVE\DRIVERS\VCam_WDM.sys [x]
R3 WSDScan;WSD Scan Support;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\System32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdhlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 23:56 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-05-11 10:37 215264 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-27 18:25]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-04 08:36]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-04 08:36]
.
2013-08-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3c414631-1081-42e2-9fdd-8b2f6f21886f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-08-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task dd2dd25b-75c4-4f6f-89a2-9b0cb83fcb83.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-16 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-16 398656]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-13 12936848]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-06-07 90832]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxp://mail.google.com/mail/?hl%3Den&scc=1&ltmpl=default&ltmplcache=2&hl=en
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FA088751-FBDA-4B91-B91B-438FCA3B3E26}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{FA088751-FBDA-4B91-B91B-438FCA3B3E26}\8445340205F627471626C6560284F6473707F647: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{FBD50E82-6E20-4ED2-B7F4-CCA77C168D4F}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\DavidR\AppData\Roaming\Mozilla\Firefox\Profiles\rwovuzkv.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-vmware-tray.exe - z:\system\vm\vmware-tray.exe
c:\users\DavidR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start Freenet.lnk - a:\freenet\freenet.exe
Toolbar-Locked - (no file)
WebBrowser-{4D594333-0076-A76A-76A7-7A786E7484D7} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Freenet - a:\freenet\freenetuninstaller.exe
.
.
Binary file temp00 matches
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:5c,07,f9,63,2b,9b,ce,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-08-18  13:53:45
ComboFix-quarantined-files.txt  2013-08-18 12:53
.
Pre-Run: 438,149,197,824 bytes free
Post-Run: 437,565,784,064 bytes free
.
- - End Of File - - E606A14450B720CFDF46D365C88C830D
 

 

 

No obvious problems (well I have lost my multiple home pages ;))



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 18 August 2013 - 08:14 AM


Hello snorkerz



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 snorkerz

snorkerz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 18 August 2013 - 08:23 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2013
Ran by DavidR (administrator) on 18-08-2013 14:19:02
Running from C:\Users\DavidR\Desktop
Windows 8 (X64) OS Language: English(UK)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKCU\...\Run: [Ditto] - C:\Program Files\Ditto\Ditto.exe [1717872 2012-11-08] ()
HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2013-06-23] (TrueCrypt Foundation)
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-07-26] (Siber Systems)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-15] (SUPERAntiSpyware)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-08-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSPanel.exe [3411328 2012-07-24] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-06-10] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FreeStyle Auto-Assist.lnk
ShortcutTarget: FreeStyle Auto-Assist.lnk -> C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe (Abbott Diabetes Care)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/?hl%3Den&scc=1&ltmpl=default&ltmplcache=2&hl=en
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.landlordzone.co.uk/forums/search.php?searchid=1531847
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {4D594333-0076-A76A-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Winsock: Catalog5 04 %SystemRoot%\System32\mswsock.dll [289280] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 04 %SystemRoot%\System32\mswsock.dll [355328] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FA088751-FBDA-4B91-B91B-438FCA3B3E26}: [NameServer]156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{FBD50E82-6E20-4ED2-B7F4-CCA77C168D4F}: [NameServer]156.154.70.22,156.154.71.22

FireFox:
========
FF ProfilePath: C:\Users\DavidR\AppData\Roaming\Mozilla\Firefox\Profiles\rwovuzkv.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Ant Video Downloader - C:\Users\DavidR\AppData\Roaming\Mozilla\Firefox\Profiles\rwovuzkv.default\Extensions\anttoolbar@ant.com
FF Extension: No Name - C:\Users\DavidR\AppData\Roaming\Mozilla\Firefox\Profiles\rwovuzkv.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
FF Extension: helper - C:\Users\DavidR\AppData\Roaming\Mozilla\Firefox\Profiles\rwovuzkv.default\Extensions\helper@savefrom.net.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: about:blank
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
CHR Extension: (Google Docs) - C:\Users\DavidR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\DavidR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\DavidR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\DavidR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Freemake Video Converter) - C:\Users\DavidR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0
CHR Extension: (RoboForm Lite) - C:\Users\DavidR\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidhjpmgjfbkmcfpfakmdddddgfbhahj\4.6.9_0
CHR Extension: (Gmail) - C:\Users\DavidR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-06-10] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-06-10] (BlueStack Systems, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6199520 2013-07-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-06-18] (COMODO)
S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2095808 2013-08-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-09-05] (Nitro PDF Software)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
S2 VMAuthdService; Z:\system\vm\vmware-authd.exe [x]
S2 VMwareHostd; Z:\system\vm\vmware-hostd.exe -u "C:\ProgramData\VMware\hostd\config.xml" [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{427abdf7-0921-9404-e3b5-b3c46aa3750b}\   \...\???\{427abdf7-0921-9404-e3b5-b3c46aa3750b}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-07-09] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-06-10] (BlueStack Systems)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-06-10] (BlueStack Systems)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-06-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [713776 2013-07-08] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [37560 2013-06-18] (COMODO)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [118400 2013-06-18] (COMODO)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [44544 2013-01-15] (ManyCam LLC)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-08-17] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-08-17] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 PAC7302; C:\Windows\system32\DRIVERS\PAC7302.SYS [527360 2007-09-10] (PixArt Imaging Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 VCam_WDM; C:\Windows\system32\DRIVERS\VCam_WDM.sys [104120 2012-05-25] (e2eSoft)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
U3 catchme; \??\C:\ComboFix\catchme.sys [x]
U0 msahci;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-18 14:18 - 2013-08-18 14:18 - 01575580 _____ (Farbar) C:\Users\DavidR\Desktop\FRST64.exe
2013-08-18 14:18 - 2013-08-18 14:18 - 00000000 ____D C:\FRST
2013-08-18 13:53 - 2013-08-18 13:53 - 00022315 _____ C:\ComboFix.txt
2013-08-18 13:27 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-18 13:27 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-18 13:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-18 13:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-18 13:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-18 13:27 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-08-18 13:27 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-18 13:27 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-18 13:27 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-18 13:26 - 2013-08-18 13:53 - 00000000 ____D C:\Qoobox
2013-08-18 13:25 - 2013-08-18 13:49 - 00000000 ____D C:\Windows\erdnt
2013-08-18 13:24 - 2013-08-18 13:24 - 05105231 ____R (Swearware) C:\Users\DavidR\Desktop\ComboFix.exe
2013-08-18 10:56 - 2013-08-18 12:00 - 00012206 _____ C:\Users\DavidR\Documents\eviction timescales.xlsx
2013-08-18 10:39 - 2013-08-18 10:39 - 00001403 _____ C:\Users\DavidR\Desktop\JRT.txt
2013-08-18 10:14 - 2013-08-18 10:14 - 00000000 ____D C:\Windows\ERUNT
2013-08-18 10:12 - 2013-08-18 10:12 - 01018166 _____ (Thisisu) C:\Users\DavidR\Desktop\JRT.exe
2013-08-18 10:06 - 2013-08-18 10:06 - 00000117 _____ C:\Windows\system32\netcfg-39750.txt
2013-08-18 10:05 - 2013-08-18 10:05 - 00000117 _____ C:\Windows\system32\netcfg-61639765.txt
2013-08-18 10:04 - 2013-08-18 10:04 - 00002202 _____ C:\AdwCleaner[S2].txt
2013-08-18 10:02 - 2013-08-18 10:03 - 00002114 _____ C:\AdwCleaner[R3].txt
2013-08-18 10:01 - 2013-08-18 10:01 - 00666633 _____ C:\Users\DavidR\Downloads\AdwCleaner.exe
2013-08-17 20:00 - 2013-08-17 20:00 - 00003678 _____ C:\Users\DavidR\Desktop\testimonial.htm
2013-08-17 19:59 - 2013-08-17 19:59 - 00021245 _____ C:\Users\DavidR\Documents\testimonial.htm
2013-08-17 19:59 - 2013-08-17 19:59 - 00000000 ____D C:\Users\DavidR\Documents\testimonial_files
2013-08-17 16:37 - 2013-08-17 16:37 - 00002758 _____ C:\Users\DavidR\Desktop\attach.zip
2013-08-17 16:36 - 2013-08-17 16:36 - 00007735 _____ C:\Users\DavidR\Desktop\attach.txt
2013-08-17 16:36 - 2013-08-17 16:35 - 00021464 _____ C:\Users\DavidR\Desktop\dds.txt
2013-08-17 16:24 - 2013-08-17 16:24 - 00077607 _____ C:\Users\DavidR\Desktop\tds.txt
2013-08-17 16:20 - 2013-08-17 16:20 - 00038673 _____ C:\Users\DavidR\Desktop\minitoolbox 170813 1620.txt
2013-08-17 16:09 - 2013-08-17 16:09 - 00000117 _____ C:\Windows\system32\netcfg-28625.txt
2013-08-17 16:08 - 2013-08-17 16:08 - 00000117 _____ C:\Windows\system32\netcfg-1591562.txt
2013-08-17 15:42 - 2013-08-17 15:42 - 00000117 _____ C:\Windows\system32\netcfg-60500.txt
2013-08-17 15:41 - 2013-08-17 15:41 - 00000117 _____ C:\Windows\system32\netcfg-14653734.txt
2013-08-17 15:39 - 2013-08-17 15:39 - 00000117 _____ C:\Windows\system32\netcfg-14548656.txt
2013-08-17 15:39 - 2013-08-17 15:39 - 00000117 _____ C:\Windows\system32\netcfg-14541390.txt
2013-08-17 15:39 - 2013-08-17 15:39 - 00000117 _____ C:\Windows\system32\netcfg-14533250.txt
2013-08-17 15:39 - 2013-08-17 15:39 - 00000117 _____ C:\Windows\system32\netcfg-14525500.txt
2013-08-17 15:39 - 2013-08-17 15:39 - 00000117 _____ C:\Windows\system32\netcfg-14518000.txt
2013-08-17 15:39 - 2013-08-17 15:39 - 00000117 _____ C:\Windows\system32\netcfg-14511015.txt
2013-08-17 15:38 - 2013-08-17 15:38 - 00000117 _____ C:\Windows\system32\netcfg-14505640.txt
2013-08-17 14:24 - 2013-08-17 15:39 - 00000000 ____D C:\Users\DavidR\Desktop\mbar
2013-08-17 14:24 - 2013-08-17 14:24 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2013-08-17 14:23 - 2013-08-17 14:23 - 12081912 _____ (Malwarebytes Corp.) C:\Users\DavidR\Downloads\mbar-1.06.1.1005.exe
2013-08-17 11:59 - 2013-08-18 11:59 - 00000524 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task dd2dd25b-75c4-4f6f-89a2-9b0cb83fcb83.job
2013-08-17 11:59 - 2013-08-18 02:00 - 00000524 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3c414631-1081-42e2-9fdd-8b2f6f21886f.job
2013-08-17 11:59 - 2013-08-17 11:59 - 00003574 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 3c414631-1081-42e2-9fdd-8b2f6f21886f
2013-08-17 11:59 - 2013-08-17 11:59 - 00003492 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task dd2dd25b-75c4-4f6f-89a2-9b0cb83fcb83
2013-08-17 11:59 - 2013-08-17 11:59 - 00001841 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-08-17 11:59 - 2013-08-17 11:59 - 00000000 ____D C:\Users\DavidR\AppData\Roaming\SUPERAntiSpyware.com
2013-08-17 11:59 - 2013-08-17 11:59 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-08-17 11:59 - 2013-08-17 11:59 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-17 11:56 - 2013-08-17 11:56 - 00001116 _____ C:\Users\DavidR\Desktop\SpywareBlaster.lnk
2013-08-17 11:56 - 2013-08-17 11:56 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-08-17 11:56 - 2010-01-10 19:40 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2013-08-17 11:54 - 2013-08-17 11:54 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-17 11:52 - 2013-08-17 11:55 - 00000000 ____D C:\ProgramData\MFAData
2013-08-17 11:52 - 2013-08-17 11:52 - 00000000 ____D C:\Users\DavidR\AppData\Local\MFAData
2013-08-17 11:52 - 2013-08-17 11:52 - 00000000 ____D C:\Users\DavidR\AppData\Local\Avg2013
2013-08-17 11:51 - 2013-08-17 11:51 - 04491824 _____ (AVG Technologies) C:\Users\DavidR\Documents\avg_avct_stb_all_2013_3392_cm10.exe
2013-08-17 11:36 - 2013-08-17 11:36 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2013-08-17 11:18 - 2013-08-17 11:19 - 00000794 _____ C:\Windows\setupact.log
2013-08-17 11:18 - 2013-08-17 11:18 - 00000000 _____ C:\Windows\setuperr.log
2013-08-17 10:58 - 2013-08-17 16:20 - 00038673 _____ C:\Users\DavidR\Desktop\Result.txt
2013-08-17 10:58 - 2013-08-17 11:00 - 02218636 _____ C:\Users\DavidR\Downloads\tdsskiller.zip
2013-08-17 10:56 - 2013-08-17 10:56 - 00760937 _____ (Farbar) C:\Users\DavidR\Desktop\MiniToolBox.exe
2013-08-17 10:23 - 2013-08-17 10:23 - 00000440 _____ C:\RoboFormDataHere.txt
2013-08-17 10:16 - 2013-08-17 10:16 - 00001146 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-17 10:16 - 2013-08-17 10:16 - 00000000 ____D C:\Users\DavidR\AppData\Roaming\Malwarebytes
2013-08-17 10:16 - 2013-08-17 10:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-17 10:16 - 2013-08-17 10:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-17 10:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-17 10:13 - 2013-08-17 10:14 - 00000000 ____D C:\Users\DavidR\Desktop\Download
2013-08-17 10:11 - 2013-08-17 10:11 - 00445730 _____ (Lunarsoft                                                   ) C:\Users\DavidR\Downloads\Anti-Malware_Toolkit_Setup.exe
2013-08-17 10:11 - 2013-08-17 10:11 - 00001218 _____ C:\Users\Public\Desktop\Anti-Malware Toolkit.lnk
2013-08-17 10:11 - 2013-08-17 10:11 - 00000000 ____D C:\Users\DavidR\AppData\Local\Lunarsoft
2013-08-17 10:11 - 2013-08-17 10:11 - 00000000 ____D C:\Program Files (x86)\Lunarsoft
2013-08-17 09:59 - 2013-08-17 09:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\DavidR\Downloads\HijackThis.exe
2013-08-17 09:59 - 2013-08-17 09:59 - 00013165 _____ C:\Users\DavidR\Downloads\hijackthis.log
2013-08-17 09:41 - 2013-08-17 09:41 - 00001455 _____ C:\Users\DavidR\Desktop\RKreport[2]_D_08172013_02d0941.txt
2013-08-17 09:37 - 2013-08-17 09:37 - 00001371 _____ C:\Users\DavidR\Desktop\RKreport[1]_S_08172013_02d0937.txt
2013-08-17 09:34 - 2013-08-17 09:38 - 00000000 ____D C:\Users\DavidR\Desktop\RK_Quarantine
2013-08-16 23:22 - 2013-08-16 23:22 - 01309248 _____ C:\Users\DavidR\Downloads\www-tenancyservices-co-uk-paradigm.zip
2013-08-16 23:22 - 2013-08-16 23:22 - 00000000 ____D C:\Users\DavidR\Downloads\www-tenancyservices-co-uk-paradigm
2013-08-16 19:31 - 2013-08-16 19:31 - 00001016 _____ C:\Users\DavidR\Desktop\AAA Logo 3.2.lnk
2013-08-16 19:30 - 2013-08-16 19:30 - 07158008 _____ C:\Users\DavidR\Downloads\aaalogo320.zip
2013-08-16 19:22 - 2013-08-16 19:31 - 00000000 ____D C:\Program Files (x86)\AAALOGO
2013-08-16 19:22 - 2013-08-16 19:22 - 00000942 _____ C:\Users\DavidR\Desktop\AAA Logo.lnk
2013-08-16 19:21 - 2013-08-16 19:21 - 00000000 ____D C:\Users\DavidR\Downloads\AAA Logo Maker 1.2 Full Version
2013-08-16 19:20 - 2013-08-16 19:21 - 15856522 _____ C:\Users\DavidR\Downloads\AAA Logo Maker 1.2 Full Version.rar
2013-08-13 23:51 - 2013-08-13 23:51 - 00002052 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-13 23:51 - 2013-08-13 23:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-13 21:21 - 2013-08-14 19:39 - 00011894 _____ C:\Users\DavidR\Documents\amazon wages.xlsx
2013-08-12 16:59 - 2013-08-12 16:59 - 00000000 ____D C:\Users\DavidR\Documents\Outlook Files
2013-08-09 18:48 - 2013-08-09 18:48 - 00015254 _____ C:\Users\DavidR\Documents\Backup of cvl lba.wbk
2013-08-09 18:48 - 2013-08-09 18:48 - 00012597 _____ C:\Users\DavidR\Documents\cvl.xlsx
2013-08-08 13:28 - 2013-08-08 13:28 - 00015183 _____ C:\Users\DavidR\Documents\joe rent statement aug 2013.xlsx
2013-08-07 17:22 - 2013-08-07 17:22 - 00008923 _____ C:\Users\DavidR\Documents\hours.xlsx
2013-08-06 17:27 - 2013-08-06 17:27 - 00000000 ____D C:\Users\DavidR\Documents\Freemake
2013-08-06 16:30 - 2013-08-06 16:30 - 00000156 _____ C:\Windows\system32\netcfg-232897046.txt
2013-08-05 21:39 - 2013-08-09 18:34 - 00071168 ___SH C:\Users\DavidR\Thumbs.db
2013-08-05 16:58 - 2013-08-05 17:00 - 187695104 _____ C:\Users\DavidR\Downloads\android-x86-4.0-RC2-eeepc.iso
2013-08-05 16:46 - 2013-08-18 13:40 - 00913114 _____ C:\Windows\WindowsUpdate.log
2013-08-05 16:46 - 2013-08-05 16:46 - 00001182 _____ C:\Windows\system32\netcfg-147438656.txt
2013-08-05 16:46 - 2013-08-05 16:46 - 00001182 _____ C:\Windows\system32\netcfg-147432937.txt
2013-08-05 16:46 - 2013-08-05 16:46 - 00000132 _____ C:\Windows\system32\netcfg-147439875.txt
2013-08-05 16:46 - 2013-08-05 16:46 - 00000132 _____ C:\Windows\system32\netcfg-147433906.txt
2013-08-05 16:46 - 2013-08-05 16:46 - 00000125 _____ C:\Windows\system32\netcfg-147444593.txt
2013-08-05 16:46 - 2013-08-05 16:46 - 00000125 _____ C:\Windows\system32\netcfg-147436859.txt
2013-08-05 16:46 - 2013-08-05 16:46 - 00000121 _____ C:\Windows\system32\netcfg-147423171.txt
2013-08-05 16:46 - 2013-02-26 02:28 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2013-08-05 16:45 - 2013-08-05 16:45 - 00000128 _____ C:\Windows\system32\netcfg-147417406.txt
2013-08-05 16:45 - 2013-08-05 16:45 - 00000128 _____ C:\Windows\system32\netcfg-147414656.txt
2013-08-05 16:45 - 2013-08-05 16:45 - 00000123 _____ C:\Windows\system32\netcfg-147418843.txt
2013-08-04 11:00 - 2013-08-04 11:00 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-04 11:00 - 2013-08-04 11:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-04 09:50 - 2013-08-04 10:09 - 1342258712 _____ C:\Users\DavidR\Downloads\IE8.WinXP.For.WindowsVMWare.exe
2013-08-03 23:57 - 2013-08-03 23:57 - 00000131 _____ C:\Windows\system32\netcfg-567000.txt
2013-08-03 15:40 - 2013-08-03 15:40 - 03807232 _____ C:\Users\DavidR\Downloads\tor_vm.iso
2013-08-03 14:08 - 2013-08-03 14:08 - 00011264 ___SH C:\Users\DavidR\Desktop\Thumbs.db
2013-08-02 12:22 - 2013-07-22 17:49 - 00001094 _____ C:\Users\Public\Documents\NEW 02082013 Appeal phone costs.xls - Shortcut.lnk
2013-08-02 09:15 - 2013-08-02 09:15 - 00001182 _____ C:\Windows\system32\netcfg-57997031.txt
2013-08-02 09:15 - 2013-08-02 09:15 - 00001182 _____ C:\Windows\system32\netcfg-57977531.txt
2013-08-02 09:15 - 2013-08-02 09:15 - 00000132 _____ C:\Windows\system32\netcfg-58011703.txt
2013-08-02 09:15 - 2013-08-02 09:15 - 00000132 _____ C:\Windows\system32\netcfg-57978562.txt
2013-08-02 09:15 - 2013-08-02 09:15 - 00000125 _____ C:\Windows\system32\netcfg-58015578.txt
2013-08-02 09:15 - 2013-08-02 09:15 - 00000125 _____ C:\Windows\system32\netcfg-57981828.txt
2013-08-02 09:15 - 2012-10-24 14:17 - 00070296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2013-08-02 09:15 - 2012-10-24 14:17 - 00067224 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2013-08-02 09:15 - 2012-10-24 14:17 - 00063128 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2013-08-02 09:14 - 2013-08-02 09:14 - 00000121 _____ C:\Windows\system32\netcfg-57967187.txt
2013-08-02 09:14 - 2013-08-02 09:14 - 00000000 ____D C:\Program Files\Common Files\VMware
2013-08-02 09:14 - 2013-08-02 09:14 - 00000000 ____D C:\Program Files (x86)\VMware
2013-08-02 09:14 - 2013-02-26 02:29 - 00933968 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2013-08-02 09:14 - 2013-02-26 02:28 - 00436304 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2013-08-02 09:14 - 2013-02-26 02:28 - 00357456 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2013-08-02 09:14 - 2013-02-26 02:28 - 00030800 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2013-08-02 09:14 - 2012-10-11 16:15 - 00052376 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2013-08-01 16:48 - 2013-08-01 16:48 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-08-01 16:48 - 2013-08-01 16:48 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-07-29 11:23 - 2013-08-07 15:27 - 00000000 ____D C:\Users\DavidR\Documents\DWP
2013-07-28 14:26 - 2013-08-03 15:41 - 00000000 ____D C:\Users\DavidR\Documents\Tree
2013-07-23 20:50 - 2013-08-18 09:57 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6CFF7734-D77B-42D7-AFFB-9A5DDA3BF814}
2013-07-22 21:49 - 2013-07-22 21:55 - 00004774 _____ C:\Users\DavidR\Downloads\members_Landlords_Jul_22_2013.csv
2013-07-22 21:16 - 2013-07-22 21:16 - 00020096 _____ C:\Users\DavidR\Downloads\privatemessages-Snorkerz-22-07-2013 (1).txt
2013-07-22 21:15 - 2013-07-22 21:15 - 00022722 _____ C:\Users\DavidR\Downloads\privatemessages-Snorkerz-22-07-2013.txt
2013-07-22 15:50 - 2013-07-22 15:50 - 00016010 _____ C:\Users\DavidR\Documents\Tenancy Services Enqs.csv
2013-07-22 15:47 - 2013-07-22 15:47 - 00002673 _____ C:\Users\DavidR\Documents\customers.csv
2013-07-22 15:39 - 2013-07-22 15:39 - 00028952 _____ C:\Users\DavidR\Documents\Tenancy Services Enqs.xlsx

==================== One Month Modified Files and Folders =======

2013-08-18 14:18 - 2013-08-18 14:18 - 01575580 _____ (Farbar) C:\Users\DavidR\Desktop\FRST64.exe
2013-08-18 14:18 - 2013-08-18 14:18 - 00000000 ____D C:\FRST
2013-08-18 14:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-18 13:59 - 2013-02-24 13:51 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3931322812-2115508100-2002302982-1001
2013-08-18 13:56 - 2013-04-04 09:36 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-18 13:53 - 2013-08-18 13:53 - 00022315 _____ C:\ComboFix.txt
2013-08-18 13:53 - 2013-08-18 13:26 - 00000000 ____D C:\Qoobox
2013-08-18 13:53 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default
2013-08-18 13:50 - 2013-02-24 13:45 - 00000000 ___RD C:\Users\DavidR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-18 13:49 - 2013-08-18 13:25 - 00000000 ____D C:\Windows\erdnt
2013-08-18 13:47 - 2012-07-26 06:26 - 00000215 _____ C:\Windows\system.ini
2013-08-18 13:40 - 2013-08-05 16:46 - 00913114 _____ C:\Windows\WindowsUpdate.log
2013-08-18 13:25 - 2013-04-27 12:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-18 13:24 - 2013-08-18 13:24 - 05105231 ____R (Swearware) C:\Users\DavidR\Desktop\ComboFix.exe
2013-08-18 12:00 - 2013-08-18 10:56 - 00012206 _____ C:\Users\DavidR\Documents\eviction timescales.xlsx
2013-08-18 11:59 - 2013-08-17 11:59 - 00000524 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task dd2dd25b-75c4-4f6f-89a2-9b0cb83fcb83.job
2013-08-18 10:56 - 2013-04-04 09:36 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-18 10:39 - 2013-08-18 10:39 - 00001403 _____ C:\Users\DavidR\Desktop\JRT.txt
2013-08-18 10:14 - 2013-08-18 10:14 - 00000000 ____D C:\Windows\ERUNT
2013-08-18 10:12 - 2013-08-18 10:12 - 01018166 _____ (Thisisu) C:\Users\DavidR\Desktop\JRT.exe
2013-08-18 10:06 - 2013-08-18 10:06 - 00000117 _____ C:\Windows\system32\netcfg-39750.txt
2013-08-18 10:06 - 2013-06-20 19:47 - 00000000 ____D C:\ProgramData\VMware
2013-08-18 10:06 - 2013-02-24 13:45 - 00000380 _____ C:\Users\DavidR\AppData\Roaming\sp_data.sys
2013-08-18 10:06 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-18 10:05 - 2013-08-18 10:05 - 00000117 _____ C:\Windows\system32\netcfg-61639765.txt
2013-08-18 10:05 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-08-18 10:04 - 2013-08-18 10:04 - 00002202 _____ C:\AdwCleaner[S2].txt
2013-08-18 10:03 - 2013-08-18 10:02 - 00002114 _____ C:\AdwCleaner[R3].txt
2013-08-18 10:01 - 2013-08-18 10:01 - 00666633 _____ C:\Users\DavidR\Downloads\AdwCleaner.exe
2013-08-18 09:57 - 2013-07-23 20:50 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6CFF7734-D77B-42D7-AFFB-9A5DDA3BF814}
2013-08-18 02:00 - 2013-08-17 11:59 - 00000524 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3c414631-1081-42e2-9fdd-8b2f6f21886f.job
2013-08-17 20:00 - 2013-08-17 20:00 - 00003678 _____ C:\Users\DavidR\Desktop\testimonial.htm
2013-08-17 19:59 - 2013-08-17 19:59 - 00021245 _____ C:\Users\DavidR\Documents\testimonial.htm
2013-08-17 19:59 - 2013-08-17 19:59 - 00000000 ____D C:\Users\DavidR\Documents\testimonial_files
2013-08-17 16:37 - 2013-08-17 16:37 - 00002758 _____ C:\Users\DavidR\Desktop\attach.zip
2013-08-17 16:36 - 2013-08-17 16:36 - 00007735 _____ C:\Users\DavidR\Desktop\attach.txt
2013-08-17 16:35 - 2013-08-17 16:36 - 00021464 _____ C:\Users\DavidR\Desktop\dds.txt
2013-08-17 16:24 - 2013-08-17 16:24 - 00077607 _____ C:\Users\DavidR\Desktop\tds.txt
2013-08-17 16:20 - 2013-08-17 16:20 - 00038673 _____ C:\Users\DavidR\Desktop\minitoolbox 170813 1620.txt
2013-08-17 16:20 - 2013-08-17 10:58 - 00038673 _____ C:\Users\DavidR\Desktop\Result.txt
2013-08-17 16:19 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-17 16:09 - 2013-08-17 16:09 - 00000117 _____ C:\Windows\system32\netcfg-28625.txt
2013-08-17 16:08 - 2013-08-17 16:08 - 00000117 _____ C:\Windows\system32\netcfg-1591562.txt
2013-08-17 15:42 - 2013-08-17 15:42 - 00000117 _____ C:\Windows\system32\netcfg-60500.txt
2013-08-17 15:41 - 2013-08-17 15:41 - 00000117 _____ C:\Windows\system32\netcfg-14653734.txt
2013-08-17 15:39 - 2013-08-17 15:39 - 00000117 _____ C:\Windows\system32\netcfg-14548656.txt
2013-08-17 15:39 - 2013-08-17 15:39 - 00000117 _____ C:\Windows\system32\netcfg-14541390.txt
2013-08-17 15:39 - 2013-08-17 15:39 - 00000117 _____ C:\Windows\system32\netcfg-14533250.txt
2013-08-17 15:39 - 2013-08-17 15:39 - 00000117 _____ C:\Windows\system32\netcfg-14525500.txt
2013-08-17 15:39 - 2013-08-17 15:39 - 00000117 _____ C:\Windows\system32\netcfg-14518000.txt
2013-08-17 15:39 - 2013-08-17 15:39 - 00000117 _____ C:\Windows\system32\netcfg-14511015.txt
2013-08-17 15:39 - 2013-08-17 14:24 - 00000000 ____D C:\Users\DavidR\Desktop\mbar
2013-08-17 15:38 - 2013-08-17 15:38 - 00000117 _____ C:\Windows\system32\netcfg-14505640.txt
2013-08-17 14:24 - 2013-08-17 14:24 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2013-08-17 14:23 - 2013-08-17 14:23 - 12081912 _____ (Malwarebytes Corp.) C:\Users\DavidR\Downloads\mbar-1.06.1.1005.exe
2013-08-17 11:59 - 2013-08-17 11:59 - 00003574 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 3c414631-1081-42e2-9fdd-8b2f6f21886f
2013-08-17 11:59 - 2013-08-17 11:59 - 00003492 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task dd2dd25b-75c4-4f6f-89a2-9b0cb83fcb83
2013-08-17 11:59 - 2013-08-17 11:59 - 00001841 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-08-17 11:59 - 2013-08-17 11:59 - 00000000 ____D C:\Users\DavidR\AppData\Roaming\SUPERAntiSpyware.com
2013-08-17 11:59 - 2013-08-17 11:59 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-08-17 11:59 - 2013-08-17 11:59 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-17 11:56 - 2013-08-17 11:56 - 00001116 _____ C:\Users\DavidR\Desktop\SpywareBlaster.lnk
2013-08-17 11:56 - 2013-08-17 11:56 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-08-17 11:55 - 2013-08-17 11:52 - 00000000 ____D C:\ProgramData\MFAData
2013-08-17 11:54 - 2013-08-17 11:54 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-17 11:52 - 2013-08-17 11:52 - 00000000 ____D C:\Users\DavidR\AppData\Local\MFAData
2013-08-17 11:52 - 2013-08-17 11:52 - 00000000 ____D C:\Users\DavidR\AppData\Local\Avg2013
2013-08-17 11:51 - 2013-08-17 11:51 - 04491824 _____ (AVG Technologies) C:\Users\DavidR\Documents\avg_avct_stb_all_2013_3392_cm10.exe
2013-08-17 11:50 - 2012-08-03 00:11 - 00797116 _____ C:\Windows\system32\perfh010.dat
2013-08-17 11:50 - 2012-08-03 00:11 - 00158042 _____ C:\Windows\system32\perfc010.dat
2013-08-17 11:50 - 2012-07-26 08:28 - 01789848 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-17 11:36 - 2013-08-17 11:36 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2013-08-17 11:31 - 2012-07-26 06:26 - 00000257 _____ C:\Windows\win.ini
2013-08-17 11:19 - 2013-08-17 11:18 - 00000794 _____ C:\Windows\setupact.log
2013-08-17 11:18 - 2013-08-17 11:18 - 00000000 _____ C:\Windows\setuperr.log
2013-08-17 11:00 - 2013-08-17 10:58 - 02218636 _____ C:\Users\DavidR\Downloads\tdsskiller.zip
2013-08-17 10:56 - 2013-08-17 10:56 - 00760937 _____ (Farbar) C:\Users\DavidR\Desktop\MiniToolBox.exe
2013-08-17 10:23 - 2013-08-17 10:23 - 00000440 _____ C:\RoboFormDataHere.txt
2013-08-17 10:18 - 2013-06-21 14:46 - 00000000 ____D C:\Users\DavidR\AppData\Roaming\VMware
2013-08-17 10:16 - 2013-08-17 10:16 - 00001146 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-17 10:16 - 2013-08-17 10:16 - 00000000 ____D C:\Users\DavidR\AppData\Roaming\Malwarebytes
2013-08-17 10:16 - 2013-08-17 10:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-17 10:16 - 2013-08-17 10:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-17 10:14 - 2013-08-17 10:13 - 00000000 ____D C:\Users\DavidR\Desktop\Download
2013-08-17 10:14 - 2013-03-30 11:32 - 00161280 ___SH C:\Users\DavidR\Downloads\Thumbs.db
2013-08-17 10:11 - 2013-08-17 10:11 - 00445730 _____ (Lunarsoft                                                   ) C:\Users\DavidR\Downloads\Anti-Malware_Toolkit_Setup.exe
2013-08-17 10:11 - 2013-08-17 10:11 - 00001218 _____ C:\Users\Public\Desktop\Anti-Malware Toolkit.lnk
2013-08-17 10:11 - 2013-08-17 10:11 - 00000000 ____D C:\Users\DavidR\AppData\Local\Lunarsoft
2013-08-17 10:11 - 2013-08-17 10:11 - 00000000 ____D C:\Program Files (x86)\Lunarsoft
2013-08-17 10:05 - 2013-05-14 15:02 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-08-17 09:59 - 2013-08-17 09:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\DavidR\Downloads\HijackThis.exe
2013-08-17 09:59 - 2013-08-17 09:59 - 00013165 _____ C:\Users\DavidR\Downloads\hijackthis.log
2013-08-17 09:48 - 2013-06-21 14:46 - 00000000 ____D C:\Users\DavidR\AppData\Local\VMware
2013-08-17 09:41 - 2013-08-17 09:41 - 00001455 _____ C:\Users\DavidR\Desktop\RKreport[2]_D_08172013_02d0941.txt
2013-08-17 09:38 - 2013-08-17 09:34 - 00000000 ____D C:\Users\DavidR\Desktop\RK_Quarantine
2013-08-17 09:37 - 2013-08-17 09:37 - 00001371 _____ C:\Users\DavidR\Desktop\RKreport[1]_S_08172013_02d0937.txt
2013-08-16 23:22 - 2013-08-16 23:22 - 01309248 _____ C:\Users\DavidR\Downloads\www-tenancyservices-co-uk-paradigm.zip
2013-08-16 23:22 - 2013-08-16 23:22 - 00000000 ____D C:\Users\DavidR\Downloads\www-tenancyservices-co-uk-paradigm
2013-08-16 20:06 - 2013-04-04 09:36 - 00000000 ____D C:\Users\DavidR\AppData\Local\Google
2013-08-16 20:06 - 2013-04-04 09:36 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-16 19:31 - 2013-08-16 19:31 - 00001016 _____ C:\Users\DavidR\Desktop\AAA Logo 3.2.lnk
2013-08-16 19:31 - 2013-08-16 19:22 - 00000000 ____D C:\Program Files (x86)\AAALOGO
2013-08-16 19:30 - 2013-08-16 19:30 - 07158008 _____ C:\Users\DavidR\Downloads\aaalogo320.zip
2013-08-16 19:22 - 2013-08-16 19:22 - 00000942 _____ C:\Users\DavidR\Desktop\AAA Logo.lnk
2013-08-16 19:21 - 2013-08-16 19:21 - 00000000 ____D C:\Users\DavidR\Downloads\AAA Logo Maker 1.2 Full Version
2013-08-16 19:21 - 2013-08-16 19:20 - 15856522 _____ C:\Users\DavidR\Downloads\AAA Logo Maker 1.2 Full Version.rar
2013-08-16 16:50 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2013-08-15 22:47 - 2013-03-02 11:04 - 00472064 ___SH C:\Users\DavidR\Documents\Thumbs.db
2013-08-15 21:04 - 2013-02-24 16:04 - 00000000 ____D C:\Users\DavidR\AppData\Roaming\Nitro PDF
2013-08-14 19:39 - 2013-08-13 21:21 - 00011894 _____ C:\Users\DavidR\Documents\amazon wages.xlsx
2013-08-13 23:56 - 2013-02-24 15:22 - 00000000 ____D C:\Users\DavidR\AppData\Local\Adobe
2013-08-13 23:51 - 2013-08-13 23:51 - 00002052 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-13 23:51 - 2013-08-13 23:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-13 23:51 - 2012-08-17 01:52 - 00000000 ____D C:\ProgramData\Adobe
2013-08-12 22:29 - 2013-06-30 12:04 - 00000000 ____D C:\Users\DavidR\Documents\TenancyServices Ltd
2013-08-12 16:59 - 2013-08-12 16:59 - 00000000 ____D C:\Users\DavidR\Documents\Outlook Files
2013-08-10 13:32 - 2013-04-27 10:49 - 00000000 ____D C:\Users\DavidR\.umplayer
2013-08-09 19:21 - 2013-05-14 13:50 - 00000000 ____D C:\Users\DavidR\AppData\Local\CrashDumps
2013-08-09 18:48 - 2013-08-09 18:48 - 00015254 _____ C:\Users\DavidR\Documents\Backup of cvl lba.wbk
2013-08-09 18:48 - 2013-08-09 18:48 - 00012597 _____ C:\Users\DavidR\Documents\cvl.xlsx
2013-08-09 18:34 - 2013-08-05 21:39 - 00071168 ___SH C:\Users\DavidR\Thumbs.db
2013-08-08 13:28 - 2013-08-08 13:28 - 00015183 _____ C:\Users\DavidR\Documents\joe rent statement aug 2013.xlsx
2013-08-07 18:30 - 2013-05-03 10:05 - 00000000 ____D C:\Users\DavidR\AppData\Roaming\Dropbox
2013-08-07 18:29 - 2012-08-17 01:53 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-08-07 17:22 - 2013-08-07 17:22 - 00008923 _____ C:\Users\DavidR\Documents\hours.xlsx
2013-08-07 15:27 - 2013-07-29 11:23 - 00000000 ____D C:\Users\DavidR\Documents\DWP
2013-08-06 17:27 - 2013-08-06 17:27 - 00000000 ____D C:\Users\DavidR\Documents\Freemake
2013-08-06 16:30 - 2013-08-06 16:30 - 00000156 _____ C:\Windows\system32\netcfg-232897046.txt
2013-08-05 21:39 - 2013-02-24 13:42 - 00000000 ____D C:\Users\DavidR
2013-08-05 17:00 - 2013-08-05 16:58 - 187695104 _____ C:\Users\DavidR\Downloads\android-x86-4.0-RC2-eeepc.iso
2013-08-05 16:46 - 2013-08-05 16:46 - 00001182 _____ C:\Windows\system32\netcfg-147438656.txt
2013-08-05 16:46 - 2013-08-05 16:46 - 00001182 _____ C:\Windows\system32\netcfg-147432937.txt
2013-08-05 16:46 - 2013-08-05 16:46 - 00000132 _____ C:\Windows\system32\netcfg-147439875.txt
2013-08-05 16:46 - 2013-08-05 16:46 - 00000132 _____ C:\Windows\system32\netcfg-147433906.txt
2013-08-05 16:46 - 2013-08-05 16:46 - 00000125 _____ C:\Windows\system32\netcfg-147444593.txt
2013-08-05 16:46 - 2013-08-05 16:46 - 00000125 _____ C:\Windows\system32\netcfg-147436859.txt
2013-08-05 16:46 - 2013-08-05 16:46 - 00000121 _____ C:\Windows\system32\netcfg-147423171.txt
2013-08-05 16:45 - 2013-08-05 16:45 - 00000128 _____ C:\Windows\system32\netcfg-147417406.txt
2013-08-05 16:45 - 2013-08-05 16:45 - 00000128 _____ C:\Windows\system32\netcfg-147414656.txt
2013-08-05 16:45 - 2013-08-05 16:45 - 00000123 _____ C:\Windows\system32\netcfg-147418843.txt
2013-08-04 11:02 - 2013-05-10 11:06 - 00000000 ____D C:\Users\DavidR\AppData\Roaming\FileZilla
2013-08-04 11:02 - 2013-04-12 01:24 - 00000000 ____D C:\Windows\Minidump
2013-08-04 11:02 - 2012-08-02 23:24 - 00000000 ____D C:\Windows\Panther
2013-08-04 11:00 - 2013-08-04 11:00 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-04 11:00 - 2013-08-04 11:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-04 10:09 - 2013-08-04 09:50 - 1342258712 _____ C:\Users\DavidR\Downloads\IE8.WinXP.For.WindowsVMWare.exe
2013-08-03 23:57 - 2013-08-03 23:57 - 00000131 _____ C:\Windows\system32\netcfg-567000.txt
2013-08-03 23:50 - 2013-06-23 14:52 - 00000000 ____D C:\Users\DavidR\AppData\Roaming\TrueCrypt
2013-08-03 23:48 - 2013-05-14 15:22 - 00055494 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-08-03 15:41 - 2013-07-28 14:26 - 00000000 ____D C:\Users\DavidR\Documents\Tree
2013-08-03 15:41 - 2013-03-02 10:53 - 00000000 ____D C:\Users\DavidR\Documents\CCC
2013-08-03 15:40 - 2013-08-03 15:40 - 03807232 _____ C:\Users\DavidR\Downloads\tor_vm.iso
2013-08-03 14:08 - 2013-08-03 14:08 - 00011264 ___SH C:\Users\DavidR\Desktop\Thumbs.db
2013-08-02 09:15 - 2013-08-02 09:15 - 00001182 _____ C:\Windows\system32\netcfg-57997031.txt
2013-08-02 09:15 - 2013-08-02 09:15 - 00001182 _____ C:\Windows\system32\netcfg-57977531.txt
2013-08-02 09:15 - 2013-08-02 09:15 - 00000132 _____ C:\Windows\system32\netcfg-58011703.txt
2013-08-02 09:15 - 2013-08-02 09:15 - 00000132 _____ C:\Windows\system32\netcfg-57978562.txt
2013-08-02 09:15 - 2013-08-02 09:15 - 00000125 _____ C:\Windows\system32\netcfg-58015578.txt
2013-08-02 09:15 - 2013-08-02 09:15 - 00000125 _____ C:\Windows\system32\netcfg-57981828.txt
2013-08-02 09:14 - 2013-08-02 09:14 - 00000121 _____ C:\Windows\system32\netcfg-57967187.txt
2013-08-02 09:14 - 2013-08-02 09:14 - 00000000 ____D C:\Program Files\Common Files\VMware
2013-08-02 09:14 - 2013-08-02 09:14 - 00000000 ____D C:\Program Files (x86)\VMware
2013-08-02 09:14 - 2013-06-23 11:46 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2013-08-02 09:14 - 2013-06-20 19:47 - 01799312 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-01 16:48 - 2013-08-01 16:48 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-08-01 16:48 - 2013-08-01 16:48 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-08-01 15:17 - 2013-04-28 10:00 - 00000000 ____D C:\EFSTMPWP
2013-07-31 17:09 - 2013-06-14 10:09 - 00000000 ____D C:\Users\DavidR\AppData\Local\File Renamer Basic
2013-07-30 22:33 - 2013-05-16 09:29 - 00000000 ____D C:\Users\DavidR\AppData\Roaming\tor
2013-07-26 16:54 - 2013-02-24 14:32 - 00004072 _____ C:\Windows\System32\Tasks\Open URL by RoboForm
2013-07-26 16:54 - 2013-02-24 14:32 - 00003488 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2013-07-26 16:53 - 2013-02-24 14:25 - 00000000 ____D C:\Users\DavidR\AppData\Roaming\RoboForm
2013-07-24 16:59 - 2013-02-24 17:07 - 00534016 _____ C:\Users\DavidR\Documents\eviction ebook.pub
2013-07-22 21:55 - 2013-07-22 21:49 - 00004774 _____ C:\Users\DavidR\Downloads\members_Landlords_Jul_22_2013.csv
2013-07-22 21:52 - 2013-02-24 13:54 - 00000000 ____D C:\Users\DavidR\AppData\Local\Microsoft Help
2013-07-22 21:16 - 2013-07-22 21:16 - 00020096 _____ C:\Users\DavidR\Downloads\privatemessages-Snorkerz-22-07-2013 (1).txt
2013-07-22 21:15 - 2013-07-22 21:15 - 00022722 _____ C:\Users\DavidR\Downloads\privatemessages-Snorkerz-22-07-2013.txt
2013-07-22 17:49 - 2013-08-02 12:22 - 00001094 _____ C:\Users\Public\Documents\NEW 02082013 Appeal phone costs.xls - Shortcut.lnk
2013-07-22 15:50 - 2013-07-22 15:50 - 00016010 _____ C:\Users\DavidR\Documents\Tenancy Services Enqs.csv
2013-07-22 15:47 - 2013-07-22 15:47 - 00002673 _____ C:\Users\DavidR\Documents\customers.csv
2013-07-22 15:39 - 2013-07-22 15:39 - 00028952 _____ C:\Users\DavidR\Documents\Tenancy Services Enqs.xlsx

Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{427abdf7-0921-9404-e3b5-b3c46aa3750b}
C:\Users\DavidR\wipe.bat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-13 09:05

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2013
Ran by DavidR at 2013-08-18 14:20:10
Running from C:\Users\DavidR\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
3GP Media Player 1.0.1 (x32)
7-Zip 9.20 (x32)
AAA Logo 1.2 (x32)
AAA Logo 3.2 Free Trial (x32)
Abbott USB Data Cable Installation (x32 Version: 1.00.0000)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Anti-Malware Toolkit 1.13.326 (x32 Version: 1.13.326)
ASUS InstantOn (x32 Version: 3.0.2)
ASUS LifeFrame3 (x32 Version: 3.1.4)
ASUS Live Update (x32 Version: 3.1.7)
ASUS Power4Gear Hybrid (Version: 2.0.3)
ASUS Smart Gesture (x32 Version: 1.0.35)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.03.0002)
ASUS Tutor (x32 Version: 1.0.7)
ASUS USB Charger Plus (x32 Version: 2.1.4)
ASUS WebStorage Sync Agent (x32 Version: 1.1.6.112)
ASUSDVD (x32 Version: 10.0.4126.52)
AsusVibe2.0 (x32 Version: 2.0.10.168)
ATK Package (x32 Version: 1.0.0022)
BlueStacks App Player (x32 Version: 0.7.16.910)
BlueStacks Notification Center (x32 Version: 0.7.13.899)
Canon IJ Network Tool (x32 Version: 3.1.1)
Canon MP495 series MP Drivers
CCleaner (Version: 4.04)
Comodo Dragon (x32 Version: 28.1.0.0)
COMODO Firewall (Version: 6.1.14723.2813)
Corel PaintShop Pro X5 (x32 Version: 15.0.0.183)
Coupon Printer (x32 Version: 2.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Ditto
dows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (Version: 10/29/2012 1.0.0.148)
Duplicate Finder (x32 Version: 4.2.1.0)
FastStone Photo Resizer 3.1 (x32 Version: 3.1)
File Renamer - Basic (x32 Version: 6.3)
FileZilla Client 3.6.0.2 (HKCU Version: 3.6.0.2)
FMS Empty Folder Remover 1.9 (x32)
Free RAR Extract Frog (x32 Version: 4.70)
Freeraser (x32 Version: 1.0.0.23)
FreeStyle Auto-Assist (x32)
FreeStyle CoPilot Health Management System (x32 Version: 4.2.605)
Google Chrome (x32 Version: 28.0.1500.95)
Google Update Helper (x32 Version: 1.3.21.153)
ICA (x32 Version: 15.0.0.183)
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Processor Graphics (x32 Version: 9.17.10.2828)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
IPM_PSP_COM (x32 Version: 15.0.0.183)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Media Player Codec Pack 4.2.7 (x32 Version: 4.2.7)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 21.0 (x86 en-US) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
MultiCommander
Nitro Pro 7 (Version: 7.5.0.29)
PSPPContent (x32 Version: 15.0.0.183)
PSPPHelp (x32 Version: 15.0.0.183)
PSPPro64 (Version: 15.0.0.183)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6685)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.27024)
Recuva (Version: 1.45)
RoboForm 7-9-0-0 (All Users) (x32 Version: 7-9-0-0)
Setup (x32 Version: 15.0.0.183)
Shared C Run-time for x64 (Version: 10.0.0)
SpywareBlaster 4.6 (x32 Version: 4.6.1)
SUPERAntiSpyware (Version: 5.6.1032)
tools-freebsd (x32 Version: 9.2.3.1031769)
tools-linux (x32 Version: 9.2.3.1031769)
tools-netware (x32 Version: 9.2.3.1031769)
tools-solaris (x32 Version: 9.2.3.1031769)
tools-windows (x32 Version: 9.2.3.1031769)
tools-winPre2k (x32 Version: 9.2.3.1031769)
TrueCrypt (x32 Version: 7.1a)
UMPlayer 0.98 [P4] (x32 Version: 0.98)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VMware Workstation (Version: 9.0.2)
VMware Workstation (x32 Version: 9.0.2)

==================== Restore Points  =========================

30-07-2013 22:44:41 Removed Cyphertite 64-bit
07-08-2013 17:28:42 Removed WinFlash
17-08-2013 02:01:37 Scheduled Checkpoint

==================== Hosts content: ==========================

2012-07-26 06:26 - 2013-08-18 13:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AE65E70-6A3C-4DDB-9843-233239E2C23B} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-07-26] (Microsoft Corporation)
Task: {0CC90462-7EEC-4B31-8B01-FFA61A25A540} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2013-07-08] (COMODO)
Task: {105F4F90-BBF0-44F6-8D7C-D1A8EAF68802} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-07-08] (COMODO)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1ACCD14E-31DD-4F8D-B1D9-9ED8180EFF73} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3931322812-2115508100-2002302982-1001
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {26C02F2C-5D20-44DD-B03F-E87F8FF3EA9B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {2B28902F-A99D-4568-8C8B-FEE05F3984CC} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {3E679807-3640-4CA2-A8D9-D692B906C29C} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {4C4A6C88-C59A-4E58-AF84-7A10997C0589} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {4C4AD8B0-3601-48A8-A976-BFCD4D513B71} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {52A5A14A-7212-4405-A2C0-3FE0537CDA1F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {6091093F-B32A-47FC-A621-AD912A2D26C8} - System32\Tasks\User_Feed_Synchronization-{6CFF7734-D77B-42D7-AFFB-9A5DDA3BF814} => C:\Windows\system32\msfeedssync.exe [2012-07-26] (Microsoft Corporation)
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {65A546AA-F410-4D1E-9FD4-3832B74F1ACD} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-07-26] (Siber Systems)
Task: {67EE7F69-B6C5-499F-AA58-0EAA92D83EC0} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-07-26] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {8C50DD76-DD30-4D0E-A805-334C59E02E1B} - System32\Tasks\SUPERAntiSpyware Scheduled Task 3c414631-1081-42e2-9fdd-8b2f6f21886f => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: {8EADD759-9ED1-4D5F-8738-550039575CD0} - System32\Tasks\SUPERAntiSpyware Scheduled Task dd2dd25b-75c4-4f6f-89a2-9b0cb83fcb83 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B93FF524-2F2A-4D7A-8645-3AC906CECDDB} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {C8E06C59-AE26-48CF-885C-541E1C8FC616} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {C9FA836E-D618-4813-A415-A85DC60CF3F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-04] (Google Inc.)
Task: {CB4EF6EC-9E8B-4DCE-B3A3-FF15B38D0FB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-04] (Google Inc.)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DDEC597C-0456-42B5-8DA5-64D08F869C0A} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E5918CB5-CB06-4D74-80C7-8DD0399361C4} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-07-26] (Microsoft Corporation)
Task: {EB97B3DC-DB34-4C82-8251-9387FB85757F} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-04] (ASUS)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3c414631-1081-42e2-9fdd-8b2f6f21886f.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task dd2dd25b-75c4-4f6f-89a2-9b0cb83fcb83.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (08/18/2013 01:46:19 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys

Error: (08/18/2013 11:45:40 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (08/18/2013 11:44:17 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (08/18/2013 11:39:08 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-18 14:03:52.202
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-18 13:46:19.382
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-18 10:43:18.359
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-18 10:11:04.722
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-18 10:08:22.728
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-17 17:01:25.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-17 17:00:18.193
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-17 16:11:08.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-17 16:09:35.399
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-17 16:02:33.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 6027.68 MB
Available physical RAM: 4643.75 MB
Total Pagefile: 6987.68 MB
Available Pagefile: 5487.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:471.05 GB) (Free:407.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:292.97 GB) (Free:292.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 4F41109B)

Partition: GPT Partition Type
==================== End Of Log ============================



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 18 August 2013 - 10:23 AM

Hello snorkerz



I need you to download this script I have made for you --> Attached File  fixlist.txt   646bytes   4 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 snorkerz

snorkerz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 18 August 2013 - 10:28 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2013
Ran by DavidR at 2013-08-18 16:27:52 Run:1
Running from C:\Users\DavidR\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Winsock: Catalog5 04 %SystemRoot%\System32\mswsock.dll [289280] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 04 %SystemRoot%\System32\mswsock.dll [355328] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{427abdf7-0921-9404-e3b5-b3c46aa3750b}\   \...\???\{427abdf7-0921-9404-e3b5-b3c46aa3750b}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Program Files (x86)\Google\Desktop\Install\{427abdf7-0921-9404-e3b5-b3c46aa3750b}
C:\Users\DavidR\wipe.bat

 

 

*****************

Winsock: Catalog5 entry 000000000004\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000004\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
*etadpug => Service deleted successfully.
C:\Program Files (x86)\Google\Desktop\Install\{427abdf7-0921-9404-e3b5-b3c46aa3750b} => Moved successfully.
C:\Users\DavidR\wipe.bat => Moved successfully.

==== End of Fixlog ====



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 18 August 2013 - 10:54 AM


Hello snorkerz

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 snorkerz

snorkerz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 18 August 2013 - 12:27 PM

ComboFix 13-08-18.01 - DavidR 18/08/2013  17:10:12.2.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.6028.4589 [GMT 1:00]
Running from: c:\users\DavidR\Desktop\ComboFix.exe
Command switches used :: c:\users\DavidR\Desktop\CFScript.txt
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-18 to 2013-08-18  )))))))))))))))))))))))))))))))
.
.
2013-08-18 16:50 . 2013-08-18 16:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-18 16:50 . 2013-08-18 16:50 -------- d-----w- c:\users\DavidR\AppData\Local\temp
2013-08-18 13:18 . 2013-08-18 13:18 -------- d-----w- C:\FRST
2013-08-18 09:14 . 2013-08-18 09:14 -------- d-----w- c:\windows\ERUNT
2013-08-17 13:24 . 2013-08-17 13:24 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-17 10:59 . 2013-08-17 10:59 -------- d-----w- c:\users\DavidR\AppData\Roaming\SUPERAntiSpyware.com
2013-08-17 10:59 . 2013-08-17 10:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-17 10:59 . 2013-08-17 10:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-08-17 10:56 . 2013-08-17 10:56 -------- d-----w- c:\program files (x86)\SpywareBlaster
2013-08-17 10:56 . 2010-01-10 18:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2013-08-17 10:54 . 2013-08-17 10:54 -------- d-----w- c:\programdata\AVG2013
2013-08-17 10:52 . 2013-08-17 10:55 -------- d-----w- c:\programdata\MFAData
2013-08-17 10:52 . 2013-08-17 10:52 -------- d-----w- c:\users\DavidR\AppData\Local\MFAData
2013-08-17 10:52 . 2013-08-17 10:52 -------- d-----w- c:\users\DavidR\AppData\Local\Avg2013
2013-08-17 10:36 . 2013-08-17 10:36 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2013-08-17 09:16 . 2013-08-17 09:16 -------- d-----w- c:\users\DavidR\AppData\Roaming\Malwarebytes
2013-08-17 09:16 . 2013-08-17 09:16 -------- d-----w- c:\programdata\Malwarebytes
2013-08-17 09:16 . 2013-08-17 09:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-17 09:16 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-17 09:11 . 2013-08-17 09:11 -------- d-----w- c:\users\DavidR\AppData\Local\Lunarsoft
2013-08-17 09:11 . 2013-08-17 09:11 -------- d-----w- c:\program files (x86)\Lunarsoft
2013-08-16 18:22 . 2013-08-16 18:31 -------- d-----w- c:\program files (x86)\AAALOGO
2013-08-13 22:51 . 2013-08-13 22:51 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-08-08 06:31 . 2013-08-08 06:31 261808 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10213.bin
2013-08-05 15:46 . 2013-02-26 01:28 67664 ----a-w- c:\windows\system32\drivers\vmx86.sys
2013-08-04 10:00 . 2013-08-04 10:00 -------- d-----w- c:\program files\CCleaner
2013-08-02 08:15 . 2012-10-24 13:17 67224 ----a-w- c:\windows\system32\vsocklib.dll
2013-08-02 08:15 . 2012-10-24 13:17 70296 ----a-w- c:\windows\system32\drivers\vsock.sys
2013-08-02 08:15 . 2012-10-24 13:17 63128 ----a-w- c:\windows\SysWow64\vsocklib.dll
2013-08-02 08:14 . 2013-02-26 01:28 357456 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2013-08-02 08:14 . 2013-02-26 01:28 436304 ----a-w- c:\windows\SysWow64\vmnat.exe
2013-08-02 08:14 . 2013-02-26 01:28 30800 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2013-08-02 08:14 . 2013-02-26 01:29 933968 ----a-w- c:\windows\system32\vnetlib64.dll
2013-08-02 08:14 . 2012-10-11 15:15 52376 ----a-w- c:\windows\system32\drivers\hcmon.sys
2013-08-02 08:14 . 2013-08-02 08:14 -------- d-----w- c:\program files\Common Files\VMware
2013-08-02 08:14 . 2013-08-02 08:14 -------- d-----w- c:\program files (x86)\VMware
2013-08-02 08:14 . 2013-08-02 08:14 -------- d-----w- c:\program files (x86)\Common Files\VMware
2013-08-01 15:48 . 2013-08-01 15:48 57096 ----a-w- c:\windows\system32\certsentry.dll
2013-08-01 15:48 . 2013-08-01 15:48 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-18 09:06 . 2013-02-24 12:45 380 ----a-w- c:\users\DavidR\AppData\Roaming\sp_data.sys
2013-07-09 00:28 . 2013-07-09 00:28 248632 ----a-w- c:\windows\system32\drivers\avgwfpa.sys
2013-07-08 20:59 . 2013-04-15 17:38 713776 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-06-23 13:18 . 2013-06-23 13:18 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-06-18 15:16 . 2013-04-25 10:05 118400 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-06-18 15:16 . 2013-04-15 17:38 37560 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 15:16 . 2013-04-15 17:38 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-06-18 15:15 . 2013-04-15 17:38 43216 ----a-w- c:\windows\system32\cmdcsr.dll
2013-06-18 15:15 . 2013-04-23 14:04 348584 ----a-w- c:\windows\SysWow64\guard32.dll
2013-06-18 15:15 . 2013-04-23 14:04 437688 ----a-w- c:\windows\system32\guard64.dll
2013-06-18 15:15 . 2013-04-15 17:38 45784 ----a-w- c:\windows\system32\cmdkbd64.dll
2013-06-18 15:15 . 2013-04-15 17:38 344792 ----a-w- c:\windows\system32\cmdvrt64.dll
2013-06-18 15:15 . 2013-04-15 17:38 278232 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2013-06-18 15:15 . 2013-04-15 17:38 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2013-06-14 09:09 . 2013-06-14 09:09 121696 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2013-06-12 20:48 . 2013-05-14 15:35 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-12 20:48 . 2013-05-14 15:35 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 20:47 . 2013-06-20 09:37 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-23 11:00 . 2013-02-24 12:47 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2012-11-08 1717872]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2013-06-23 1516496]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-07-26 109784]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-08-17 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSPanel.exe" [2012-07-24 3411328]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-06-10 601928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-9-6 549040]
CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-4-18 48248]
FreeStyle Auto-Assist.lnk - c:\program files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe [2013-6-18 64336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 VMwareHostd;VMware Workstation Server;z:\system\vm\vmware-hostd.exe;z:\system\vm\vmware-hostd.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\System32\drivers\ssadbus.sys;c:\windows\SYSNATIVE\drivers\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 VCam_WDM;Virtual Webcam 8.0;c:\windows\system32\DRIVERS\VCam_WDM.sys;c:\windows\SYSNATIVE\DRIVERS\VCam_WDM.sys [x]
R3 WSDScan;WSD Scan Support;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\System32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdhlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 23:56 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-05-11 10:37 215264 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-27 18:25]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-04 08:36]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-04 08:36]
.
2013-08-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3c414631-1081-42e2-9fdd-8b2f6f21886f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-08-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task dd2dd25b-75c4-4f6f-89a2-9b0cb83fcb83.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-16 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-16 398656]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-13 12936848]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-06-07 90832]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxp://mail.google.com/mail/?hl%3Den&scc=1&ltmpl=default&ltmplcache=2&hl=en
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FA088751-FBDA-4B91-B91B-438FCA3B3E26}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{FA088751-FBDA-4B91-B91B-438FCA3B3E26}\8445340205F627471626C6560284F6473707F647: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{FBD50E82-6E20-4ED2-B7F4-CCA77C168D4F}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\DavidR\AppData\Roaming\Mozilla\Firefox\Profiles\rwovuzkv.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{4D594333-0076-A76A-76A7-7A786E7484D7} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:5c,07,f9,63,2b,9b,ce,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-08-18  17:55:20
ComboFix-quarantined-files.txt  2013-08-18 16:55
ComboFix2.txt  2013-08-18 12:53
.
Pre-Run: 437,514,657,792 bytes free
Post-Run: 437,463,248,896 bytes free
.
- - End Of File - - A8E6A6AAE0865FA312D639E54234667D
 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 18 August 2013 - 09:06 PM


Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • Coupon Printer
      jZip



Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 snorkerz

snorkerz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 19 August 2013 - 09:24 AM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.17.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16384
DavidR :: DAVID [administrator]

Protection: Disabled

19/08/2013 14:45:41
mbam-log-2013-08-19 (14-45-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221802
Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:23:16, on 19/08/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16384)

FIREFOX: 21.0 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~2\NITROP~1\PROFES~1\NitroPDF.exe
C:\Users\DavidR\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/?hl%3Den&scc=1&ltmpl=default&ltmplcache=2&hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon /a devices
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: CodecPackUpdateChecker.lnk = C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
O4 - Global Startup: FreeStyle Auto-Assist.lnk = C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA088751-FBDA-4B91-B91B-438FCA3B3E26}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBD50E82-6E20-4ED2-B7F4-CCA77C168D4F}: NameServer = 156.154.70.22,156.154.71.22
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool2 (NitroDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - Z:\system\vm\vmware-authd.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - Z:\system\vm\vmware-hostd.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12901 bytes






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users