Jump to content

Can't remove Trojan.Dropper.BCMiner


Recommended Posts

This trojan keeps redirecting webpages to ads and now the internet doesn't work at ALL.

Here are the logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by Angelo at 13:03:42 on 2012-06-30

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1845.942 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\System32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\RtLED\RtLEDService.exe

C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe

C:\Program Files\Realtek\RtLED\RtLED.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Eraser\Eraser.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe

C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\Browny02\BrYNSvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\windows\system32\taskeng.exe

C:\windows\system32\taskeng.exe

C:\Windows\system32\WUDFHost.exe

C:\windows\system32\wbem\wmiprvse.exe

\\?\C:\windows\system32\wbem\WMIADAP.EXE

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\taskhost.exe

C:\windows\System32\svchost.exe -k WerSvcGroup

C:\windows\system32\igfxsrvc.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/

mStart Page = hxxp://lenovo.msn.com

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll

BHO: IEPwdBankBHO Class: {56cbb761-da41-4e31-b270-b13b4b0a61d0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [Google Update] "C:\Users\Angelo\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

mRun: [VitaKeyTSR] "C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun: [NokiaInternetModem_AppStart.exe] "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"

mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"

mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"

mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe

mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe

mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Angelo\Desktop\PartyPoker.lnk

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{3E34E9DE-FBCC-4629-B42B-0014EBD8D882} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{3E34E9DE-FBCC-4629-B42B-0014EBD8D882}\343524 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3E34E9DE-FBCC-4629-B42B-0014EBD8D882}\35475607860293930303 : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{7351B29F-BEA3-4F1F-A4EB-AE9D8A965B66} : DhcpNameServer = 64.71.255.198 64.71.255.253

TCP: Interfaces\{D27A83E8-B972-4B86-8195-B42B7A967A20} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll

BHO-X64: IEPwdBankBHO Class: {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll

BHO-X64: IEPwdBankBHO - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun-x64: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

mRun-x64: [VitaKeyTSR] "C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun-x64: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun-x64: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun-x64: [NokiaInternetModem_AppStart.exe] "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun-x64: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"

mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"

mRun-x64: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"

mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe

mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe

mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

mRun-x64: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Angelo\Desktop\PartyPoker.lnk

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Angelo\AppData\Roaming\Mozilla\Firefox\Profiles\zwmj45cc.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Angelo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]

R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]

R1 mwlPSDFilter;mwlPSDFilter;C:\windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 EgisTec Data Security Service;EgisTec Data Security Service;C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe [2010-5-27 314736]

R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-5-27 709488]

R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\system32\Drivers\FPSensor.sys --> C:\windows\system32\Drivers\FPSensor.sys [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-19 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-16 654408]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]

R2 RtLedService;RtLedService Installer;C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-2-5 311296]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-17 1153368]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-19 2320920]

R2 UsbService;Eltima Usb to Ethernet Connector;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2012-1-25 326656]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]

R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-1-25 245760]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]

R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys --> C:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;C:\windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys --> C:\windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 vm332avs;Lenovo Camera2;C:\windows\system32\Drivers\vm332avs.sys --> C:\windows\system32\Drivers\vm332avs.sys [?]

R3 vuhub;Virtual Usb Hub;C:\windows\system32\DRIVERS\vuhub.sys --> C:\windows\system32\DRIVERS\vuhub.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-12-2 8192]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-26 257696]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-17 129976]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;C:\windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys --> C:\windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys [?]

S3 nokia_cs1x_cdc_ecm;nokia_cs1x_cdc_ecm;C:\windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys --> C:\windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys [?]

S3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;C:\windows\system32\DRIVERS\nokia_cs1x_cpo.sys --> C:\windows\system32\DRIVERS\nokia_cs1x_cpo.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]

S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-17 21:07:15 332 ----a-w- C:\Start_.cmd

2012-06-17 21:07:14 -------- d-----w- C:\ComboFix

2012-06-17 20:02:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-06-17 20:02:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-06-17 19:36:44 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-06-17 19:36:42 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-06-17 19:36:42 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-06-17 19:36:42 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-06-17 19:36:42 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-06-16 21:21:16 -------- d-----w- C:\Users\Angelo\AppData\Roaming\Malwarebytes

2012-06-16 21:21:14 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-16 21:21:13 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-06-16 21:21:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-14 00:51:59 208896 ----a-w- C:\windows\System32\profsvc.dll

2012-06-08 02:50:35 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%

2012-06-07 01:29:23 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F1C44406-B880-42FE-9618-85D975AEF2B3}\mpengine.dll

2012-06-05 05:54:16 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-01 12:08:57 -------- d-----w- C:\Program Files\Microsoft IntelliPoint

.

==================== Find3M ====================

.

2012-05-27 03:00:09 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-27 03:00:09 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-05-27 03:00:04 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-05-15 01:32:20 3144192 ----a-w- C:\windows\System32\win32k.sys

2012-05-04 10:52:22 5505392 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-05-04 10:08:16 3958128 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08:15 3902320 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-04-28 03:50:40 204800 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-04-26 05:34:38 76288 ----a-w- C:\windows\System32\rdpwsx.dll

2012-04-26 05:34:37 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-04-26 05:28:32 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

2012-04-24 05:59:45 182272 ----a-w- C:\windows\System32\cryptsvc.dll

2012-04-24 05:59:45 1460224 ----a-w- C:\windows\System32\crypt32.dll

2012-04-24 05:59:45 140288 ----a-w- C:\windows\System32\cryptnet.dll

2012-04-24 04:47:04 139264 ----a-w- C:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:47:04 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll

2012-04-24 04:47:03 1156608 ----a-w- C:\windows\SysWow64\crypt32.dll

2012-04-07 12:18:36 3213824 ----a-w- C:\windows\System32\msi.dll

2012-04-07 11:34:37 2342400 ----a-w- C:\windows\SysWow64\msi.dll

.

============= FINISH: 13:04:50.54 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/1/2011 4:54:30 PM

System Uptime: 6/20/2012 9:15:53 PM (232 hours ago)

.

Motherboard: LENOVO | | MoutCook

Processor: Intel® Pentium® CPU P6200 @ 2.13GHz | CPU 1 | 917/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 254 GiB total, 183.276 GiB free.

D: is FIXED (NTFS) - 29 GiB total, 28.907 GiB free.

E: is Removable

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP153: 5/31/2012 10:51:21 PM - Windows Update

RP154: 6/1/2012 10:53:02 PM - Windows Update

RP155: 6/2/2012 10:52:24 PM - Windows Update

RP156: 6/4/2012 3:00:13 AM - Windows Update

RP157: 6/4/2012 7:12:02 PM - Windows Update

RP158: 6/5/2012 1:52:52 AM - Windows Update

RP159: 6/6/2012 9:27:39 PM - Windows Update

RP160: 6/14/2012 3:00:25 AM - Windows Update

RP161: 6/21/2012 7:37:48 AM - Scheduled Checkpoint

RP162: 6/29/2012 7:10:25 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

µTorrent

Adobe AIR

Adobe Reader 9.0.1

Apple Application Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Best Buy pc app

BioExcess

BlackBerry Desktop Software 6.1

Brother MFL-Pro Suite DCP-7060D

CyberLink YouCam

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Energy Management

File Shredder 2.0

FormatFactory 2.95

Free Video to MP3 Converter version 5.0.2.1125

GOM Player

Google Chrome

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Internet Banking Payment Assistant 2.2

Java Auto Updater

Java 6 Update 30

Junk Mail filter update

Lenovo EasyCamera

Lenovo OneKey Recovery

Lenovo Security Suite

Lenovo_Wireless_Driver

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Nokia Internet Modem

Nuance PaperPort 12

Nuance PDF Viewer Plus

PartyPoker

PokerStars

Power2Go

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Scansoft PDF Professional

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype™ 5.5

Spybot - Search & Destroy

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

6/30/2012 12:56:09 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Tdx. This service might not be installed.

6/30/2012 12:56:09 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

6/27/2012 9:48:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

.

==== End Of File ===========================

Thank you in advance!

Link to post
Share on other sites

Hello scriibblez and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Step 2

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 3

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Link to post
Share on other sites

Hi Maniac, thank you for your response.

I tried to run Flash Disinfector but nothing seems to happen when I run the file. I tried to run as administrator as well, but again.. nothing pops up or anything. Is this normal? I rebooted regardless, and continued onto the next steps.

This is the Farbar log:

Farbar Service Scanner Version: 25-06-2012 01

Ran by Angelo (administrator) on 30-06-2012 at 14:49:13

Running from "C:\Users\Angelo\Desktop"

Microsoft Windows 7 Home Premium (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is OK.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Google IP is accessible.

Attempt to access Google.com returned error: Other errors

Yahoo IP is accessible.

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys

[2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll

[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll

[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Please run Farbar Service Scanner.

Type the following in the edit box after "Search:".

afd.sys;tcpip.sys;mpssvc.dll;SDRSVC.dll;wuaueng.dll;cryptsvc.dll;

Click Search Files button and post the log (FSS.txt) it makes to your reply.

In your next reply, post the following log files:

  • TDSSKiller log
  • Farbar Service Scanner log

Link to post
Share on other sites

There were no malicious objects found; only 3 suspicious threats.

14:08:57.0144 2056 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22

14:08:57.0191 2056 ============================================================

14:08:57.0191 2056 Current date / time: 2012/07/01 14:08:57.0191

14:08:57.0191 2056 SystemInfo:

14:08:57.0191 2056

14:08:57.0191 2056 OS Version: 6.1.7600 ServicePack: 0.0

14:08:57.0191 2056 Product type: Workstation

14:08:57.0191 2056 ComputerName: ANGELO-PC

14:08:57.0191 2056 UserName: Angelo

14:08:57.0191 2056 Windows directory: C:\windows

14:08:57.0191 2056 System windows directory: C:\windows

14:08:57.0191 2056 Running under WOW64

14:08:57.0191 2056 Processor architecture: Intel x64

14:08:57.0191 2056 Number of processors: 2

14:08:57.0191 2056 Page size: 0x1000

14:08:57.0191 2056 Boot type: Normal boot

14:08:57.0191 2056 ============================================================

14:08:57.0831 2056 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:08:57.0846 2056 Drive \Device\Harddisk1\DR2 - Size: 0xF4800000 (3.82 Gb), SectorSize: 0x200, Cylinders: 0x1F2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

14:08:57.0846 2056 ============================================================

14:08:57.0846 2056 \Device\Harddisk0\DR0:

14:08:57.0846 2056 MBR partitions:

14:08:57.0846 2056 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000

14:08:57.0846 2056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800

14:08:57.0862 2056 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800

14:08:57.0862 2056 \Device\Harddisk1\DR2:

14:08:57.0862 2056 MBR partitions:

14:08:57.0862 2056 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x7A2000

14:08:57.0862 2056 ============================================================

14:08:57.0924 2056 C: <-> \Device\Harddisk0\DR0\Partition1

14:08:57.0971 2056 D: <-> \Device\Harddisk0\DR0\Partition2

14:08:57.0971 2056 ============================================================

14:08:57.0971 2056 Initialize success

14:08:57.0971 2056 ============================================================

14:09:22.0182 4428 ============================================================

14:09:22.0182 4428 Scan started

14:09:22.0182 4428 Mode: Manual; SigCheck; TDLFS;

14:09:22.0182 4428 ============================================================

14:09:23.0290 4428 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys

14:09:23.0571 4428 1394ohci - ok

14:09:23.0649 4428 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys

14:09:23.0680 4428 ACPI - ok

14:09:23.0711 4428 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys

14:09:23.0805 4428 AcpiPmi - ok

14:09:23.0898 4428 ACPIVPC (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys

14:09:23.0930 4428 ACPIVPC - ok

14:09:24.0148 4428 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

14:09:24.0179 4428 AdobeFlashPlayerUpdateSvc - ok

14:09:24.0320 4428 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

14:09:24.0398 4428 adp94xx - ok

14:09:24.0460 4428 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

14:09:24.0507 4428 adpahci - ok

14:09:24.0554 4428 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

14:09:24.0569 4428 adpu320 - ok

14:09:24.0616 4428 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

14:09:24.0803 4428 AeLookupSvc - ok

14:09:24.0881 4428 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys

14:09:24.0959 4428 AFD - ok

14:09:24.0990 4428 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys

14:09:25.0022 4428 agp440 - ok

14:09:25.0068 4428 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

14:09:25.0146 4428 ALG - ok

14:09:25.0162 4428 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys

14:09:25.0178 4428 aliide - ok

14:09:25.0193 4428 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys

14:09:25.0209 4428 amdide - ok

14:09:25.0209 4428 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

14:09:25.0256 4428 AmdK8 - ok

14:09:25.0271 4428 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

14:09:25.0287 4428 AmdPPM - ok

14:09:25.0349 4428 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys

14:09:25.0365 4428 amdsata - ok

14:09:25.0412 4428 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

14:09:25.0443 4428 amdsbs - ok

14:09:25.0458 4428 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys

14:09:25.0490 4428 amdxata - ok

14:09:25.0521 4428 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys

14:09:25.0630 4428 AppID - ok

14:09:25.0661 4428 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

14:09:25.0755 4428 AppIDSvc - ok

14:09:25.0786 4428 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll

14:09:25.0848 4428 Appinfo - ok

14:09:26.0004 4428 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:09:26.0020 4428 Apple Mobile Device - ok

14:09:26.0114 4428 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

14:09:26.0145 4428 arc - ok

14:09:26.0145 4428 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

14:09:26.0160 4428 arcsas - ok

14:09:26.0176 4428 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

14:09:26.0285 4428 AsyncMac - ok

14:09:26.0316 4428 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys

14:09:26.0332 4428 atapi - ok

14:09:26.0520 4428 athr (f8633cdd09647a64ee8db550630427ff) C:\windows\system32\DRIVERS\athrx.sys

14:09:26.0629 4428 athr - ok

14:09:26.0817 4428 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll

14:09:26.0941 4428 AudioEndpointBuilder - ok

14:09:26.0941 4428 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll

14:09:27.0019 4428 AudioSrv - ok

14:09:27.0066 4428 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll

14:09:27.0175 4428 AxInstSV - ok

14:09:27.0285 4428 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

14:09:27.0331 4428 b06bdrv - ok

14:09:27.0378 4428 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

14:09:27.0441 4428 b57nd60a - ok

14:09:27.0503 4428 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

14:09:27.0565 4428 BDESVC - ok

14:09:27.0581 4428 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

14:09:27.0675 4428 Beep - ok

14:09:27.0768 4428 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll

14:09:27.0862 4428 BFE - ok

14:09:27.0955 4428 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\System32\qmgr.dll

14:09:28.0033 4428 BITS - ok

14:09:28.0143 4428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

14:09:28.0189 4428 blbdrive - ok

14:09:28.0299 4428 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

14:09:28.0330 4428 Bonjour Service - ok

14:09:28.0377 4428 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys

14:09:28.0455 4428 bowser - ok

14:09:28.0486 4428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

14:09:28.0548 4428 BrFiltLo - ok

14:09:28.0548 4428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

14:09:28.0564 4428 BrFiltUp - ok

14:09:28.0626 4428 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll

14:09:28.0720 4428 Browser - ok

14:09:28.0767 4428 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

14:09:28.0845 4428 Brserid - ok

14:09:28.0907 4428 BrSerIf (34f6c504b150f99dae69d7073d2a4df4) C:\windows\system32\DRIVERS\BrSerIf.sys

14:09:28.0969 4428 BrSerIf - ok

14:09:29.0001 4428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

14:09:29.0047 4428 BrSerWdm - ok

14:09:29.0079 4428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

14:09:29.0141 4428 BrUsbMdm - ok

14:09:29.0172 4428 BrUsbSer (601cb966fffebc6806626dc8e7aa0ef2) C:\windows\system32\DRIVERS\BrUsbSer.sys

14:09:29.0203 4428 BrUsbSer - ok

14:09:29.0297 4428 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe

14:09:29.0313 4428 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning

14:09:29.0313 4428 BrYNSvc - detected UnsignedFile.Multi.Generic (1)

14:09:29.0344 4428 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys

14:09:29.0406 4428 BthEnum - ok

14:09:29.0453 4428 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

14:09:29.0547 4428 BTHMODEM - ok

14:09:29.0547 4428 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys

14:09:29.0593 4428 BthPan - ok

14:09:29.0671 4428 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys

14:09:29.0734 4428 BTHPORT - ok

14:09:29.0781 4428 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

14:09:29.0874 4428 bthserv - ok

14:09:29.0905 4428 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys

14:09:29.0952 4428 BTHUSB - ok

14:09:30.0015 4428 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

14:09:30.0093 4428 cdfs - ok

14:09:30.0139 4428 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys

14:09:30.0186 4428 cdrom - ok

14:09:30.0233 4428 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll

14:09:30.0327 4428 CertPropSvc - ok

14:09:30.0342 4428 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

14:09:30.0389 4428 circlass - ok

14:09:30.0436 4428 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

14:09:30.0467 4428 CLFS - ok

14:09:30.0545 4428 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:09:30.0576 4428 clr_optimization_v2.0.50727_32 - ok

14:09:30.0607 4428 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:09:30.0623 4428 clr_optimization_v2.0.50727_64 - ok

14:09:30.0717 4428 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:09:30.0763 4428 clr_optimization_v4.0.30319_32 - ok

14:09:30.0810 4428 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:09:30.0826 4428 clr_optimization_v4.0.30319_64 - ok

14:09:30.0857 4428 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

14:09:30.0919 4428 CmBatt - ok

14:09:30.0951 4428 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys

14:09:30.0966 4428 cmdide - ok

14:09:31.0044 4428 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys

14:09:31.0153 4428 CNG - ok

14:09:31.0185 4428 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

14:09:31.0200 4428 Compbatt - ok

14:09:31.0216 4428 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys

14:09:31.0263 4428 CompositeBus - ok

14:09:31.0294 4428 COMSysApp - ok

14:09:31.0309 4428 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

14:09:31.0325 4428 crcdisk - ok

14:09:31.0387 4428 CryptSvc (f02786b66375292e58c8777082d4396d) C:\windows\system32\cryptsvc.dll

14:09:31.0450 4428 CryptSvc - ok

14:09:31.0512 4428 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll

14:09:31.0606 4428 DcomLaunch - ok

14:09:31.0684 4428 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

14:09:31.0793 4428 defragsvc - ok

14:09:31.0840 4428 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys

14:09:31.0918 4428 DfsC - ok

14:09:31.0980 4428 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll

14:09:32.0105 4428 Dhcp - ok

14:09:32.0136 4428 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

14:09:32.0214 4428 discache - ok

14:09:32.0277 4428 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

14:09:32.0308 4428 Disk - ok

14:09:32.0355 4428 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll

14:09:32.0417 4428 Dnscache - ok

14:09:32.0464 4428 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll

14:09:32.0557 4428 dot3svc - ok

14:09:32.0589 4428 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll

14:09:32.0667 4428 DPS - ok

14:09:32.0682 4428 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

14:09:32.0713 4428 drmkaud - ok

14:09:32.0823 4428 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\windows\System32\drivers\dxgkrnl.sys

14:09:32.0869 4428 DXGKrnl - ok

14:09:32.0901 4428 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

14:09:32.0979 4428 EapHost - ok

14:09:33.0244 4428 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

14:09:33.0384 4428 ebdrv - ok

14:09:33.0525 4428 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe

14:09:33.0587 4428 EFS - ok

14:09:33.0712 4428 EgisTec Data Security Service (c49212d3d964b77d15755412cc55144c) C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe

14:09:33.0743 4428 EgisTec Data Security Service - ok

14:09:33.0821 4428 EgisTec Service (fb74fd6a2cbb69926078645010b65943) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe

14:09:33.0883 4428 EgisTec Service - ok

14:09:34.0008 4428 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe

14:09:34.0102 4428 ehRecvr - ok

14:09:34.0133 4428 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

14:09:34.0149 4428 ehSched - ok

14:09:34.0336 4428 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

14:09:34.0383 4428 elxstor - ok

14:09:34.0398 4428 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys

14:09:34.0429 4428 ErrDev - ok

14:09:34.0476 4428 ETD (f6ad6e0674ef94390f0554bf946977af) C:\windows\system32\DRIVERS\ETD.sys

14:09:34.0539 4428 ETD - ok

14:09:34.0601 4428 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

14:09:34.0695 4428 EventSystem - ok

14:09:34.0741 4428 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

14:09:34.0819 4428 exfat - ok

14:09:34.0835 4428 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

14:09:34.0913 4428 fastfat - ok

14:09:35.0007 4428 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe

14:09:35.0100 4428 Fax - ok

14:09:35.0100 4428 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

14:09:35.0131 4428 fdc - ok

14:09:35.0163 4428 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

14:09:35.0209 4428 fdPHost - ok

14:09:35.0225 4428 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

14:09:35.0287 4428 FDResPub - ok

14:09:35.0334 4428 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

14:09:35.0365 4428 FileInfo - ok

14:09:35.0381 4428 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

14:09:35.0459 4428 Filetrace - ok

14:09:35.0459 4428 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

14:09:35.0490 4428 flpydisk - ok

14:09:35.0537 4428 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys

14:09:35.0584 4428 FltMgr - ok

14:09:35.0709 4428 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll

14:09:35.0833 4428 FontCache - ok

14:09:35.0896 4428 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:09:35.0911 4428 FontCache3.0.0.0 - ok

14:09:35.0989 4428 FPSensor (54a9c5a6aa0bb0041a4af7172ffc3d9f) C:\windows\system32\Drivers\FPSensor.sys

14:09:36.0021 4428 FPSensor - ok

14:09:36.0036 4428 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

14:09:36.0052 4428 FsDepends - ok

14:09:36.0114 4428 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys

14:09:36.0130 4428 Fs_Rec - ok

14:09:36.0208 4428 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys

14:09:36.0255 4428 fvevol - ok

14:09:36.0286 4428 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

14:09:36.0301 4428 gagp30kx - ok

14:09:36.0364 4428 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

14:09:36.0379 4428 GEARAspiWDM - ok

14:09:36.0457 4428 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll

14:09:36.0520 4428 gpsvc - ok

14:09:36.0551 4428 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

14:09:36.0613 4428 hcw85cir - ok

14:09:36.0660 4428 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys

14:09:36.0738 4428 HdAudAddService - ok

14:09:36.0785 4428 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys

14:09:36.0847 4428 HDAudBus - ok

14:09:36.0879 4428 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys

14:09:36.0910 4428 HECIx64 - ok

14:09:36.0925 4428 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

14:09:36.0957 4428 HidBatt - ok

14:09:36.0988 4428 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

14:09:37.0050 4428 HidBth - ok

14:09:37.0081 4428 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

14:09:37.0113 4428 HidIr - ok

14:09:37.0159 4428 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll

14:09:37.0269 4428 hidserv - ok

14:09:37.0315 4428 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys

14:09:37.0347 4428 HidUsb - ok

14:09:37.0409 4428 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll

14:09:37.0503 4428 hkmsvc - ok

14:09:37.0534 4428 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll

14:09:37.0596 4428 HomeGroupListener - ok

14:09:37.0627 4428 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll

14:09:37.0690 4428 HomeGroupProvider - ok

14:09:37.0737 4428 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys

14:09:37.0752 4428 HpSAMD - ok

14:09:37.0893 4428 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys

14:09:38.0002 4428 HTTP - ok

14:09:38.0033 4428 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys

14:09:38.0049 4428 hwpolicy - ok

14:09:38.0095 4428 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

14:09:38.0111 4428 i8042prt - ok

14:09:38.0189 4428 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys

14:09:38.0236 4428 iaStor - ok

14:09:38.0345 4428 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

14:09:38.0361 4428 IAStorDataMgrSvc - ok

14:09:38.0423 4428 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys

14:09:38.0470 4428 iaStorV - ok

14:09:38.0595 4428 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:09:38.0641 4428 idsvc - ok

14:09:39.0499 4428 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys

14:09:39.0905 4428 igfx - ok

14:09:40.0077 4428 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

14:09:40.0108 4428 iirsp - ok

14:09:40.0201 4428 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll

14:09:40.0311 4428 IKEEXT - ok

14:09:40.0357 4428 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys

14:09:40.0435 4428 Impcd - ok

14:09:40.0482 4428 InputFilter_Hid_FlexDef2b (caa8bc6737dfa3bf1a50175cfb226788) C:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys

14:09:40.0545 4428 InputFilter_Hid_FlexDef2b - ok

14:09:40.0779 4428 IntcAzAudAddService (daecb75c7c2a4bdeafead19a6fd327c5) C:\windows\system32\drivers\RTKVHD64.sys

14:09:40.0888 4428 IntcAzAudAddService - ok

14:09:41.0028 4428 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys

14:09:41.0059 4428 intelide - ok

14:09:41.0106 4428 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

14:09:41.0153 4428 intelppm - ok

14:09:41.0215 4428 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

14:09:41.0309 4428 IPBusEnum - ok

14:09:41.0309 4428 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys

14:09:41.0356 4428 IpFilterDriver - ok

14:09:41.0449 4428 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll

14:09:41.0543 4428 iphlpsvc - ok

14:09:41.0574 4428 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys

14:09:41.0605 4428 IPMIDRV - ok

14:09:41.0652 4428 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

14:09:41.0715 4428 IPNAT - ok

14:09:41.0871 4428 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

14:09:41.0917 4428 iPod Service - ok

14:09:41.0949 4428 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

14:09:41.0964 4428 IRENUM - ok

14:09:41.0980 4428 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys

14:09:41.0995 4428 isapnp - ok

14:09:42.0011 4428 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys

14:09:42.0042 4428 iScsiPrt - ok

14:09:42.0073 4428 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys

14:09:42.0105 4428 k57nd60a - ok

14:09:42.0151 4428 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

14:09:42.0167 4428 kbdclass - ok

14:09:42.0198 4428 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys

14:09:42.0245 4428 kbdhid - ok

14:09:42.0307 4428 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe

14:09:42.0323 4428 KeyIso - ok

14:09:42.0339 4428 KMService - ok

14:09:42.0370 4428 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys

14:09:42.0385 4428 KSecDD - ok

14:09:42.0417 4428 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys

14:09:42.0432 4428 KSecPkg - ok

14:09:42.0463 4428 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

14:09:42.0541 4428 ksthunk - ok

14:09:42.0619 4428 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

14:09:42.0729 4428 KtmRm - ok

14:09:42.0775 4428 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys

14:09:42.0791 4428 L1C - ok

14:09:42.0853 4428 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll

14:09:42.0931 4428 LanmanServer - ok

14:09:42.0978 4428 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll

14:09:43.0072 4428 LanmanWorkstation - ok

14:09:43.0103 4428 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys

14:09:43.0119 4428 LHDmgr - ok

14:09:43.0165 4428 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

14:09:43.0228 4428 lltdio - ok

14:09:43.0306 4428 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

14:09:43.0384 4428 lltdsvc - ok

14:09:43.0399 4428 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

14:09:43.0446 4428 lmhosts - ok

14:09:43.0555 4428 LMS (0b4f38aa22d5634c48edb18fe257f005) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

14:09:43.0602 4428 LMS - ok

14:09:43.0633 4428 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

14:09:43.0649 4428 LSI_FC - ok

14:09:43.0696 4428 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

14:09:43.0727 4428 LSI_SAS - ok

14:09:43.0727 4428 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

14:09:43.0743 4428 LSI_SAS2 - ok

14:09:43.0758 4428 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

14:09:43.0774 4428 LSI_SCSI - ok

14:09:43.0805 4428 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

14:09:43.0883 4428 luafv - ok

14:09:43.0930 4428 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys

14:09:43.0945 4428 MBAMProtector - ok

14:09:44.0055 4428 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

14:09:44.0086 4428 MBAMService - ok

14:09:44.0148 4428 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll

14:09:44.0195 4428 Mcx2Svc - ok

14:09:44.0242 4428 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

14:09:44.0257 4428 megasas - ok

14:09:44.0273 4428 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

14:09:44.0304 4428 MegaSR - ok

14:09:44.0382 4428 Microsoft SharePoint Workspace Audit Service - ok

14:09:44.0413 4428 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

14:09:44.0491 4428 MMCSS - ok

14:09:44.0491 4428 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

14:09:44.0554 4428 Modem - ok

14:09:44.0585 4428 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

14:09:44.0616 4428 monitor - ok

14:09:44.0647 4428 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

14:09:44.0663 4428 mouclass - ok

14:09:44.0710 4428 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

14:09:44.0757 4428 mouhid - ok

14:09:44.0788 4428 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys

14:09:44.0803 4428 mountmgr - ok

14:09:44.0850 4428 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

14:09:44.0881 4428 MozillaMaintenance - ok

14:09:44.0959 4428 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys

14:09:44.0991 4428 MpFilter - ok

14:09:45.0006 4428 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys

14:09:45.0022 4428 mpio - ok

14:09:45.0053 4428 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

14:09:45.0084 4428 mpsdrv - ok

14:09:45.0100 4428 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys

14:09:45.0147 4428 MRxDAV - ok

14:09:45.0193 4428 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys

14:09:45.0256 4428 mrxsmb - ok

14:09:45.0303 4428 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys

14:09:45.0349 4428 mrxsmb10 - ok

14:09:45.0381 4428 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys

14:09:45.0412 4428 mrxsmb20 - ok

14:09:45.0443 4428 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys

14:09:45.0474 4428 msahci - ok

14:09:45.0490 4428 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys

14:09:45.0505 4428 msdsm - ok

14:09:45.0537 4428 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

14:09:45.0583 4428 MSDTC - ok

14:09:45.0615 4428 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

14:09:45.0677 4428 Msfs - ok

14:09:45.0724 4428 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

14:09:45.0786 4428 mshidkmdf - ok

14:09:45.0786 4428 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys

14:09:45.0802 4428 msisadrv - ok

14:09:45.0864 4428 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

14:09:45.0958 4428 MSiSCSI - ok

14:09:45.0958 4428 msiserver - ok

14:09:45.0989 4428 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

14:09:46.0051 4428 MSKSSRV - ok

14:09:46.0083 4428 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

14:09:46.0129 4428 MSPCLOCK - ok

14:09:46.0145 4428 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

14:09:46.0207 4428 MSPQM - ok

14:09:46.0270 4428 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys

14:09:46.0317 4428 MsRPC - ok

14:09:46.0332 4428 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

14:09:46.0379 4428 mssmbios - ok

14:09:46.0395 4428 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

14:09:46.0488 4428 MSTEE - ok

14:09:46.0488 4428 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

14:09:46.0504 4428 MTConfig - ok

14:09:46.0535 4428 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

14:09:46.0566 4428 Mup - ok

14:09:46.0582 4428 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\windows\system32\DRIVERS\mwlPSDFilter.sys

14:09:46.0613 4428 mwlPSDFilter - ok

14:09:46.0613 4428 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\windows\system32\DRIVERS\mwlPSDNServ.sys

14:09:46.0644 4428 mwlPSDNServ - ok

14:09:46.0660 4428 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\windows\system32\DRIVERS\mwlPSDVDisk.sys

14:09:46.0676 4428 mwlPSDVDisk - ok

14:09:46.0738 4428 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll

14:09:46.0800 4428 napagent - ok

14:09:46.0847 4428 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

14:09:46.0910 4428 NativeWifiP - ok

14:09:47.0019 4428 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys

14:09:47.0066 4428 NDIS - ok

14:09:47.0097 4428 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

14:09:47.0128 4428 NdisCap - ok

14:09:47.0159 4428 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

14:09:47.0222 4428 NdisTapi - ok

14:09:47.0253 4428 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys

14:09:47.0315 4428 Ndisuio - ok

14:09:47.0362 4428 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys

14:09:47.0409 4428 NdisWan - ok

14:09:47.0440 4428 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys

14:09:47.0518 4428 NDProxy - ok

14:09:47.0549 4428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

14:09:47.0596 4428 NetBIOS - ok

14:09:47.0627 4428 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys

14:09:47.0705 4428 NetBT - ok

14:09:47.0768 4428 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe

14:09:47.0768 4428 Netlogon - ok

14:09:47.0861 4428 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

14:09:48.0017 4428 Netman - ok

14:09:48.0064 4428 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

14:09:48.0158 4428 netprofm - ok

14:09:48.0220 4428 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:09:48.0251 4428 NetTcpPortSharing - ok

14:09:48.0672 4428 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys

14:09:48.0860 4428 netw5v64 - ok

14:09:49.0031 4428 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

14:09:49.0062 4428 nfrd960 - ok

14:09:49.0109 4428 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys

14:09:49.0125 4428 NisDrv - ok

14:09:49.0218 4428 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

14:09:49.0250 4428 NisSrv - ok

14:09:49.0312 4428 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll

14:09:49.0390 4428 NlaSvc - ok

14:09:49.0437 4428 nokia_cs1x_cdc_acm (72c68daac5bb340f601b0f3a2d0c9d2d) C:\windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys

14:09:49.0499 4428 nokia_cs1x_cdc_acm - ok

14:09:49.0546 4428 nokia_cs1x_cdc_ecm (c655858a74feca05f32adafe8b2aab8e) C:\windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys

14:09:49.0593 4428 nokia_cs1x_cdc_ecm - ok

14:09:49.0640 4428 nokia_cs1x_cpo (f39e2fb4a53747780921a2c2077e929a) C:\windows\system32\DRIVERS\nokia_cs1x_cpo.sys

14:09:49.0671 4428 nokia_cs1x_cpo - ok

14:09:49.0702 4428 nokia_cs1x_dc_enum (3e5312f22ff4ffda2d608a90bbffe65b) C:\windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys

14:09:49.0749 4428 nokia_cs1x_dc_enum - ok

14:09:49.0796 4428 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

14:09:49.0874 4428 Npfs - ok

14:09:49.0905 4428 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

14:09:49.0983 4428 nsi - ok

14:09:49.0998 4428 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

14:09:50.0092 4428 nsiproxy - ok

14:09:50.0264 4428 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys

14:09:50.0357 4428 Ntfs - ok

14:09:50.0498 4428 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

14:09:50.0560 4428 Null - ok

14:09:50.0591 4428 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys

14:09:50.0622 4428 nvraid - ok

14:09:50.0654 4428 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys

14:09:50.0669 4428 nvstor - ok

14:09:50.0700 4428 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys

14:09:50.0732 4428 nv_agp - ok

14:09:50.0732 4428 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys

14:09:50.0763 4428 ohci1394 - ok

14:09:50.0888 4428 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:09:50.0919 4428 ose - ok

14:09:51.0293 4428 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

14:09:51.0480 4428 osppsvc - ok

14:09:51.0636 4428 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

14:09:51.0699 4428 p2pimsvc - ok

14:09:51.0761 4428 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

14:09:51.0792 4428 p2psvc - ok

14:09:51.0839 4428 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

14:09:51.0855 4428 Parport - ok

14:09:51.0886 4428 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\windows\system32\drivers\partmgr.sys

14:09:51.0902 4428 partmgr - ok

14:09:51.0933 4428 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

14:09:51.0995 4428 PcaSvc - ok

14:09:52.0026 4428 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys

14:09:52.0058 4428 pci - ok

14:09:52.0058 4428 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

14:09:52.0073 4428 pciide - ok

14:09:52.0089 4428 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

14:09:52.0104 4428 pcmcia - ok

14:09:52.0120 4428 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

14:09:52.0136 4428 pcw - ok

14:09:52.0260 4428 PDFProFiltSrvPP (c1c3baf078be5a14384a4ba2d730817d) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

14:09:52.0276 4428 PDFProFiltSrvPP - ok

14:09:52.0338 4428 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

14:09:52.0448 4428 PEAUTH - ok

14:09:52.0557 4428 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

14:09:52.0604 4428 PerfHost - ok

14:09:52.0775 4428 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll

14:09:52.0900 4428 pla - ok

14:09:52.0994 4428 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll

14:09:53.0040 4428 PlugPlay - ok

14:09:53.0040 4428 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

14:09:53.0056 4428 PNRPAutoReg - ok

14:09:53.0103 4428 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

14:09:53.0118 4428 PNRPsvc - ok

14:09:53.0196 4428 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys

14:09:53.0212 4428 Point64 - ok

14:09:53.0274 4428 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll

14:09:53.0399 4428 PolicyAgent - ok

14:09:53.0430 4428 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

14:09:53.0508 4428 Power - ok

14:09:53.0571 4428 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys

14:09:53.0633 4428 PptpMiniport - ok

14:09:53.0664 4428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

14:09:53.0711 4428 Processor - ok

14:09:53.0758 4428 ProfSvc (97293447431311c06703368ad0f6c4be) C:\windows\system32\profsvc.dll

14:09:53.0836 4428 ProfSvc - ok

14:09:53.0898 4428 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe

14:09:53.0914 4428 ProtectedStorage - ok

14:09:53.0945 4428 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys

14:09:54.0039 4428 Psched - ok

14:09:54.0195 4428 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

14:09:54.0288 4428 ql2300 - ok

14:09:54.0429 4428 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

14:09:54.0460 4428 ql40xx - ok

14:09:54.0507 4428 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

14:09:54.0538 4428 QWAVE - ok

14:09:54.0554 4428 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

14:09:54.0600 4428 QWAVEdrv - ok

14:09:54.0600 4428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

14:09:54.0663 4428 RasAcd - ok

14:09:54.0725 4428 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

14:09:54.0772 4428 RasAgileVpn - ok

14:09:54.0788 4428 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

14:09:54.0850 4428 RasAuto - ok

14:09:54.0912 4428 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys

14:09:55.0022 4428 Rasl2tp - ok

14:09:55.0084 4428 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll

14:09:55.0178 4428 RasMan - ok

14:09:55.0209 4428 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

14:09:55.0287 4428 RasPppoe - ok

14:09:55.0334 4428 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

14:09:55.0412 4428 RasSstp - ok

14:09:55.0474 4428 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys

14:09:55.0568 4428 rdbss - ok

14:09:55.0599 4428 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

14:09:55.0646 4428 rdpbus - ok

14:09:55.0692 4428 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

14:09:55.0755 4428 RDPCDD - ok

14:09:55.0755 4428 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

14:09:55.0802 4428 RDPENCDD - ok

14:09:55.0833 4428 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

14:09:55.0880 4428 RDPREFMP - ok

14:09:55.0911 4428 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\windows\system32\drivers\RDPWD.sys

14:09:55.0989 4428 RDPWD - ok

14:09:56.0036 4428 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys

14:09:56.0082 4428 rdyboost - ok

14:09:56.0129 4428 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

14:09:56.0223 4428 RemoteAccess - ok

14:09:56.0285 4428 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

14:09:56.0363 4428 RemoteRegistry - ok

14:09:56.0441 4428 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys

14:09:56.0504 4428 RFCOMM - ok

14:09:56.0550 4428 RimUsb (ad42432d22940b4215177be113e4919c) C:\windows\system32\Drivers\RimUsb_AMD64.sys

14:09:56.0613 4428 RimUsb - ok

14:09:56.0644 4428 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys

14:09:56.0691 4428 RimVSerPort - ok

14:09:56.0706 4428 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys

14:09:56.0753 4428 ROOTMODEM - ok

14:09:56.0784 4428 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

14:09:56.0847 4428 RpcEptMapper - ok

14:09:56.0879 4428 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

14:09:56.0895 4428 RpcLocator - ok

14:09:56.0941 4428 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll

14:09:57.0004 4428 RpcSs - ok

14:09:57.0035 4428 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

14:09:57.0113 4428 rspndr - ok

14:09:57.0160 4428 RSUSBSTOR (79bad3e977966af21df982def5a99c76) C:\windows\system32\Drivers\RtsUStor.sys

14:09:57.0191 4428 RSUSBSTOR - ok

14:09:57.0285 4428 RtLedService (0d2bb5612cc0af08edd08ff8e196a9a5) C:\Program Files\Realtek\RtLED\RtLEDService.exe

14:09:57.0331 4428 RtLedService ( UnsignedFile.Multi.Generic ) - warning

14:09:57.0331 4428 RtLedService - detected UnsignedFile.Multi.Generic (1)

14:09:57.0347 4428 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe

14:09:57.0378 4428 SamSs - ok

14:09:57.0409 4428 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys

14:09:57.0441 4428 sbp2port - ok

14:09:57.0612 4428 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

14:09:57.0659 4428 SBSDWSCService - ok

14:09:57.0690 4428 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

14:09:57.0753 4428 SCardSvr - ok

14:09:57.0815 4428 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys

14:09:57.0909 4428 scfilter - ok

14:09:58.0018 4428 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll

14:09:58.0111 4428 Schedule - ok

14:09:58.0158 4428 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll

14:09:58.0205 4428 SCPolicySvc - ok

14:09:58.0236 4428 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll

14:09:58.0299 4428 SDRSVC - ok

14:09:58.0377 4428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

14:09:58.0455 4428 secdrv - ok

14:09:58.0470 4428 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll

14:09:58.0548 4428 seclogon - ok

14:09:58.0579 4428 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

14:09:58.0673 4428 SENS - ok

14:09:58.0689 4428 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

14:09:58.0767 4428 SensrSvc - ok

14:09:58.0782 4428 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

14:09:58.0813 4428 Serenum - ok

14:09:58.0845 4428 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

14:09:58.0860 4428 Serial - ok

14:09:58.0876 4428 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

14:09:58.0907 4428 sermouse - ok

14:09:58.0938 4428 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll

14:09:58.0985 4428 SessionEnv - ok

14:09:59.0001 4428 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys

14:09:59.0063 4428 sffdisk - ok

14:09:59.0063 4428 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys

14:09:59.0110 4428 sffp_mmc - ok

14:09:59.0110 4428 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys

14:09:59.0125 4428 sffp_sd - ok

14:09:59.0125 4428 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

14:09:59.0141 4428 sfloppy - ok

14:09:59.0188 4428 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll

14:09:59.0235 4428 ShellHWDetection - ok

14:09:59.0250 4428 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

14:09:59.0266 4428 SiSRaid2 - ok

14:09:59.0281 4428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

14:09:59.0281 4428 SiSRaid4 - ok

14:09:59.0328 4428 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

14:09:59.0391 4428 Smb - ok

14:09:59.0437 4428 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

14:09:59.0484 4428 SNMPTRAP - ok

14:09:59.0515 4428 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

14:09:59.0531 4428 spldr - ok

14:09:59.0593 4428 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe

14:09:59.0656 4428 Spooler - ok

14:09:59.0952 4428 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe

14:10:00.0077 4428 sppsvc - ok

14:10:00.0186 4428 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

14:10:00.0280 4428 sppuinotify - ok

14:10:00.0389 4428 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys

14:10:00.0436 4428 srv - ok

14:10:00.0498 4428 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys

14:10:00.0561 4428 srv2 - ok

14:10:00.0623 4428 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys

14:10:00.0654 4428 srvnet - ok

14:10:00.0732 4428 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

14:10:00.0841 4428 SSDPSRV - ok

14:10:00.0873 4428 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

14:10:00.0904 4428 SstpSvc - ok

14:10:00.0951 4428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

14:10:00.0951 4428 stexstor - ok

14:10:01.0029 4428 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll

14:10:01.0091 4428 stisvc - ok

14:10:01.0107 4428 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

14:10:01.0122 4428 swenum - ok

14:10:01.0185 4428 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

14:10:01.0278 4428 swprv - ok

14:10:01.0465 4428 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll

14:10:01.0575 4428 SysMain - ok

14:10:01.0715 4428 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll

14:10:01.0762 4428 TabletInputService - ok

14:10:01.0824 4428 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll

14:10:01.0887 4428 TapiSrv - ok

14:10:01.0902 4428 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

14:10:01.0949 4428 TBS - ok

14:10:02.0152 4428 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\drivers\tcpip.sys

14:10:02.0230 4428 Tcpip - ok

14:10:02.0511 4428 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\DRIVERS\tcpip.sys

14:10:02.0557 4428 TCPIP6 - ok

14:10:02.0651 4428 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys

14:10:02.0713 4428 tcpipreg - ok

14:10:02.0729 4428 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

14:10:02.0791 4428 TDPIPE - ok

14:10:02.0823 4428 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys

14:10:02.0885 4428 TDTCP - ok

14:10:02.0916 4428 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys

14:10:02.0932 4428 TermDD - ok

14:10:03.0025 4428 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll

14:10:03.0119 4428 TermService - ok

14:10:03.0135 4428 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

14:10:03.0197 4428 Themes - ok

14:10:03.0244 4428 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

14:10:03.0291 4428 THREADORDER - ok

14:10:03.0306 4428 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

14:10:03.0369 4428 TrkWks - ok

14:10:03.0447 4428 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe

14:10:03.0478 4428 TrustedInstaller - ok

14:10:03.0493 4428 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys

14:10:03.0540 4428 tssecsrv - ok

14:10:03.0587 4428 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys

14:10:03.0696 4428 tunnel - ok

14:10:03.0743 4428 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

14:10:03.0759 4428 uagp35 - ok

14:10:03.0790 4428 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys

14:10:03.0883 4428 udfs - ok

14:10:03.0915 4428 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

14:10:03.0930 4428 UI0Detect - ok

14:10:03.0961 4428 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys

14:10:03.0961 4428 uliagpkx - ok

14:10:03.0993 4428 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys

14:10:04.0024 4428 umbus - ok

14:10:04.0039 4428 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

14:10:04.0086 4428 UmPass - ok

14:10:04.0383 4428 UNS (6fdb1ca1add261f893c90738eba37197) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

14:10:04.0476 4428 UNS - ok

14:10:04.0632 4428 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

14:10:04.0726 4428 upnphost - ok

14:10:04.0804 4428 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys

14:10:04.0882 4428 USBAAPL64 - ok

14:10:04.0944 4428 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys

14:10:04.0991 4428 usbaudio - ok

14:10:05.0038 4428 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys

14:10:05.0116 4428 usbccgp - ok

14:10:05.0163 4428 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys

14:10:05.0225 4428 usbcir - ok

14:10:05.0256 4428 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys

14:10:05.0287 4428 usbehci - ok

14:10:05.0334 4428 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys

14:10:05.0365 4428 usbhub - ok

14:10:05.0397 4428 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys

14:10:05.0428 4428 usbohci - ok

14:10:05.0459 4428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

14:10:05.0475 4428 usbprint - ok

14:10:05.0521 4428 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

14:10:05.0553 4428 usbscan - ok

14:10:05.0693 4428 UsbService (068d8fb5be679cc214bbf91971f692d0) C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe

14:10:05.0724 4428 UsbService ( UnsignedFile.Multi.Generic ) - warning

14:10:05.0724 4428 UsbService - detected UnsignedFile.Multi.Generic (1)

14:10:05.0771 4428 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS

14:10:05.0849 4428 USBSTOR - ok

14:10:05.0880 4428 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys

14:10:05.0911 4428 usbuhci - ok

14:10:05.0974 4428 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys

14:10:06.0036 4428 usbvideo - ok

14:10:06.0083 4428 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\windows\system32\DRIVERS\usb8023x.sys

14:10:06.0114 4428 usb_rndisx - ok

14:10:06.0145 4428 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

14:10:06.0239 4428 UxSms - ok

14:10:06.0286 4428 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe

14:10:06.0301 4428 VaultSvc - ok

14:10:06.0333 4428 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys

14:10:06.0348 4428 vdrvroot - ok

14:10:06.0411 4428 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe

14:10:06.0473 4428 vds - ok

14:10:06.0504 4428 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

14:10:06.0535 4428 vga - ok

14:10:06.0567 4428 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

14:10:06.0629 4428 VgaSave - ok

14:10:06.0645 4428 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys

14:10:06.0660 4428 vhdmp - ok

14:10:06.0676 4428 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys

14:10:06.0676 4428 viaide - ok

14:10:06.0754 4428 vm332avs (640563f62cbb9b0a306232fa37945149) C:\windows\system32\Drivers\vm332avs.sys

14:10:06.0801 4428 vm332avs - ok

14:10:06.0816 4428 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys

14:10:06.0832 4428 volmgr - ok

14:10:06.0863 4428 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys

14:10:06.0894 4428 volmgrx - ok

14:10:06.0925 4428 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys

14:10:06.0972 4428 volsnap - ok

14:10:07.0003 4428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

14:10:07.0035 4428 vsmraid - ok

14:10:07.0191 4428 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe

14:10:07.0237 4428 VSS - ok

14:10:07.0393 4428 vuhub (e07d31ee76ee18bfca49ad9a89782d43) C:\windows\system32\DRIVERS\vuhub.sys

14:10:07.0425 4428 vuhub - ok

14:10:07.0440 4428 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

14:10:07.0503 4428 vwifibus - ok

14:10:07.0534 4428 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

14:10:07.0596 4428 vwififlt - ok

14:10:07.0659 4428 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

14:10:07.0737 4428 W32Time - ok

14:10:07.0752 4428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

14:10:07.0783 4428 WacomPen - ok

14:10:07.0846 4428 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

14:10:07.0893 4428 WANARP - ok

14:10:07.0908 4428 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

14:10:07.0939 4428 Wanarpv6 - ok

14:10:08.0111 4428 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

14:10:08.0173 4428 WatAdminSvc - ok

14:10:08.0314 4428 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe

14:10:08.0439 4428 wbengine - ok

14:10:08.0579 4428 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

14:10:08.0626 4428 WbioSrvc - ok

14:10:08.0704 4428 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll

14:10:08.0782 4428 wcncsvc - ok

14:10:08.0813 4428 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

14:10:08.0875 4428 WcsPlugInService - ok

14:10:08.0922 4428 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

14:10:08.0938 4428 Wd - ok

14:10:09.0000 4428 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

14:10:09.0047 4428 Wdf01000 - ok

14:10:09.0063 4428 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

14:10:09.0109 4428 WdiServiceHost - ok

14:10:09.0109 4428 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

14:10:09.0141 4428 WdiSystemHost - ok

14:10:09.0187 4428 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll

14:10:09.0250 4428 WebClient - ok

14:10:09.0312 4428 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

14:10:09.0421 4428 Wecsvc - ok

14:10:09.0437 4428 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

14:10:09.0484 4428 wercplsupport - ok

14:10:09.0515 4428 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

14:10:09.0546 4428 WerSvc - ok

14:10:09.0609 4428 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

14:10:09.0687 4428 WfpLwf - ok

14:10:09.0702 4428 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

14:10:09.0718 4428 WIMMount - ok

14:10:09.0749 4428 WinDefend - ok

14:10:09.0827 4428 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

14:10:09.0905 4428 Winmgmt - ok

14:10:10.0092 4428 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll

14:10:10.0233 4428 WinRM - ok

14:10:10.0451 4428 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys

14:10:10.0498 4428 WinUsb - ok

14:10:10.0623 4428 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

14:10:10.0701 4428 Wlansvc - ok

14:10:10.0794 4428 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

14:10:10.0810 4428 wlcrasvc - ok

14:10:11.0059 4428 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:10:11.0153 4428 wlidsvc - ok

14:10:11.0293 4428 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

14:10:11.0309 4428 WmiAcpi - ok

14:10:11.0387 4428 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

14:10:11.0434 4428 wmiApSrv - ok

14:10:11.0496 4428 WMPNetworkSvc - ok

14:10:11.0543 4428 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

14:10:11.0574 4428 WPCSvc - ok

14:10:11.0605 4428 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll

14:10:11.0637 4428 WPDBusEnum - ok

14:10:11.0683 4428 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

14:10:11.0761 4428 ws2ifsl - ok

14:10:11.0808 4428 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\system32\wscsvc.dll

14:10:11.0871 4428 wscsvc - ok

14:10:11.0917 4428 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys

14:10:11.0949 4428 WSDPrintDevice - ok

14:10:11.0949 4428 WSearch - ok

14:10:12.0027 4428 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys

14:10:12.0058 4428 wsvd - ok

14:10:12.0276 4428 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll

14:10:12.0370 4428 wuauserv - ok

14:10:12.0510 4428 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys

14:10:12.0604 4428 WudfPf - ok

14:10:12.0651 4428 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys

14:10:12.0713 4428 WUDFRd - ok

14:10:12.0744 4428 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll

14:10:12.0822 4428 wudfsvc - ok

14:10:12.0853 4428 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

14:10:12.0931 4428 WwanSvc - ok

14:10:12.0963 4428 {79007602-0CDB-4405-9DBF-1257BB3226EE} - ok

14:10:12.0994 4428 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:10:13.0571 4428 \Device\Harddisk0\DR0 - ok

14:10:13.0587 4428 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR2

14:10:13.0727 4428 \Device\Harddisk1\DR2 - ok

14:10:13.0727 4428 Boot (0x1200) (56ddd760577959baf9844df38a6b18cc) \Device\Harddisk0\DR0\Partition0

14:10:13.0727 4428 \Device\Harddisk0\DR0\Partition0 - ok

14:10:13.0743 4428 Boot (0x1200) (480129f3973c9b42f7d979dea7932675) \Device\Harddisk0\DR0\Partition1

14:10:13.0743 4428 \Device\Harddisk0\DR0\Partition1 - ok

14:10:13.0774 4428 Boot (0x1200) (d359b0ef8f415e99e8dbaba05f82db47) \Device\Harddisk0\DR0\Partition2

14:10:13.0774 4428 \Device\Harddisk0\DR0\Partition2 - ok

14:10:13.0789 4428 Boot (0x1200) (d210ae37f0d6bcb2d7ad53ad645973d2) \Device\Harddisk1\DR2\Partition0

14:10:13.0789 4428 \Device\Harddisk1\DR2\Partition0 - ok

14:10:13.0789 4428 ============================================================

14:10:13.0789 4428 Scan finished

14:10:13.0789 4428 ============================================================

14:10:13.0789 2836 Detected object count: 3

14:10:13.0789 2836 Actual detected object count: 3

14:10:28.0360 2836 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:28.0360 2836 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:28.0360 2836 RtLedService ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:28.0360 2836 RtLedService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:28.0375 2836 UsbService ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:28.0375 2836 UsbService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:57.0610 2756 Deinitialize success

Farbar log:

Farbar Service Scanner Version: 25-06-2012 01

Ran by Angelo (administrator) on 01-07-2012 at 14:13:14

Microsoft Windows 7 Home Premium (X64)

************************************************

======== Search: "afd.sys;tcpip.sys;mpssvc.dll;SDRSVC.dll;wuaueng.dll;cryptsvc.dll;" =========

C:\windows\System32\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\windows\System32\MPSSVC.dll

[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\windows\System32\sdrsvc.dll

[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\windows\System32\wuaueng.dll

[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\windows\System32\drivers\afd.sys

[2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\windows\System32\drivers\tcpip.sys

[2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 00:28] - 0142336 ____A (Microsoft Corporation) 21993009E0CCB9B4FA195F14D3408626

C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 00:36] - 0140288 ____A (Microsoft Corporation) 06E771AA596B8761107AB57E99F128D7

C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 00:33] - 0141312 ____A (Microsoft Corporation) F522279B4717E2BFF269C771FAC2B78E

C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 00:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

[2009-07-13 19:33] - [2009-07-13 21:15] - 0135680 ____A (Microsoft Corporation) 9C231178CE4FB385F4B54B0A9080B8A4

C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll

[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys

[2012-02-15 07:22] - [2011-12-28 00:01] - 0498176 ____A (Microsoft Corporation) 36A14FD1A23F57046361733B792CA8DB

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

[2011-12-02 04:32] - [2011-04-24 23:09] - 0499200 ____A (Microsoft Corporation) F4AD06143EAC303F55D0E86C40802976

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys

[2012-02-15 07:22] - [2011-12-27 23:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys

[2011-12-02 04:32] - [2011-04-24 22:34] - 0499200 ____A (Microsoft Corporation) D5B031C308A409A0A576BFF4CF083D30

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys

[2012-02-15 07:22] - [2011-12-28 00:01] - 0499200 ____A (Microsoft Corporation) CCA39961E76B491DDF44B1E90FC8971D

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

[2011-12-02 04:32] - [2011-04-24 22:44] - 0499712 ____A (Microsoft Corporation) FBFF8B7C9D116229E9208A0D1CAEB49B

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys

[2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys

[2011-12-02 04:32] - [2011-04-24 22:44] - 0499712 ____A (Microsoft Corporation) 6EF20DDF3172E97D69F596FB90602F29

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys

[2009-07-13 19:21] - [2009-07-13 19:21] - 0500224 ____A (Microsoft Corporation) B9384E03479D2506BC924C16A3DB87BC

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\wuaueng.dll

[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys

[2012-05-08 19:51] - [2012-03-30 06:26] - 1901424 ____A (Microsoft Corporation) 885B202006EE17AE99B9FBCEC9AF88C9

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys

[2011-12-02 04:31] - [2011-09-29 13:41] - 1912176 ____A (Microsoft Corporation) 3810F06A4D74A7D62641EE73D6B3C660

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys

[2011-12-02 04:32] - [2011-04-25 02:16] - 1927552 ____A (Microsoft Corporation) B77977AEB2FF159D01DB08A309989C5F

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys

[2012-05-08 19:51] - [2012-03-30 07:35] - 1918320 ____A (Microsoft Corporation) ACB82BDA8F46C84F465C1AFA517DC4B9

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

[2011-12-02 04:31] - [2011-09-29 12:29] - 1923952 ____A (Microsoft Corporation) FC62769E7BFF2896035AEED399108162

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys

[2011-12-02 04:32] - [2011-04-25 01:33] - 1923968 ____A (Microsoft Corporation) 92CE29D95AC9DD2D0EE9061D551BA250

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys

[2012-05-08 19:51] - [2012-03-30 06:19] - 1877872 ____A (Microsoft Corporation) 5EFD096DEF47F8B88EF591DA92143440

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys

[2011-12-02 04:31] - [2011-09-29 12:17] - 1886064 ____A (Microsoft Corporation) AC3E29880DB5659532A1AA3439304A43

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys

[2011-12-02 04:32] - [2011-04-25 01:28] - 1893248 ____A (Microsoft Corporation) 1F748D5439B65E0BEBD92F65048F030D

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys

[2011-02-11 18:25] - [2011-02-11 18:25] - 1889152 ____A (Microsoft Corporation) 542C6767C68C9D6AAACA59436B0D15C2

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys

[2012-01-15 20:53] - [2010-04-09 03:56] - 1892232 ____A (Microsoft Corporation) A9C0F786AC1F736891D05CE0A1D29DEB

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys

[2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys

[2011-12-02 04:31] - [2011-09-29 12:24] - 1897328 ____A (Microsoft Corporation) F18F56EFC0BFB9C87BA01C37B27F4DA5

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys

[2011-12-02 04:32] - [2011-04-25 01:32] - 1896832 ____A (Microsoft Corporation) 61DC720BB065D607D5823F13D2A64321

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys

[2011-02-11 18:25] - [2011-02-11 18:25] - 1896832 ____A (Microsoft Corporation) 90A2D722CF64D911879D6C4A4F802A4D

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys

[2012-01-15 20:53] - [2010-04-09 07:06] - 1898376 ____A (Microsoft Corporation) 7FC877A25796D8ADF539E64703FCA7E1

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

[2009-07-13 19:25] - [2009-07-13 21:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

C:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7600.16385_none_80feadf380799a73\sdrsvc.dll

[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 01:22] - 0186880 ____A (Microsoft Corporation) B7337E9C9E5936355BB700AA33E0936E

C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 01:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705

C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 01:36] - 0183808 ____A (Microsoft Corporation) CE8BF1423AEE47DA5275FBC8AD3BD642

C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll

[2009-07-13 19:49] - [2009-07-13 21:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384

C:\Windows\SysWOW64\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 00:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

[2011-12-03 19:50] - [2010-11-20 08:18] - 0136192 ____A (Microsoft Corporation) A585BEBF7D054BD9618EDA0922D5484A

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\MPSSVC.dll

[2011-12-03 19:51] - [2010-11-20 09:26] - 0828416 ____A (Microsoft Corporation) 54FFC9C8898113ACE189D4AA7199D2C1

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys

[2011-12-03 19:50] - [2010-11-20 05:23] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuaueng.dll

[2011-12-03 19:50] - [2010-11-20 09:27] - 2420736 ____A (Microsoft Corporation) 9DF12EDBC698B0BC353B3EF84861E430

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys

[2011-12-03 19:51] - [2010-11-20 09:33] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d\sdrsvc.dll

[2011-12-03 19:49] - [2010-11-20 09:27] - 0170496 ____A (Microsoft Corporation) 6EA4234DC55346E0709560FE7C2C1972

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll

[2011-12-03 19:50] - [2010-11-20 09:25] - 0177152 ____A (Microsoft Corporation) 15597883FBE9B056F276ADA3AD87D9AF

====== End Of Search ======

Link to post
Share on other sites

Thanks!

Step 1

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

  • aswMBR log
  • OTL log with Extras.txt

Link to post
Share on other sites

Hi, here are the logs :)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-02 12:41:22

-----------------------------

12:41:22.139 OS Version: Windows x64 6.1.7600

12:41:22.139 Number of processors: 2 586 0x2505

12:41:22.139 ComputerName: ANGELO-PC UserName: Angelo

12:41:23.777 Initialize success

12:41:41.480 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

12:41:41.480 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3

12:41:41.496 Disk 0 MBR read successfully

12:41:41.496 Disk 0 MBR scan

12:41:41.496 Disk 0 Windows 7 default MBR code

12:41:41.512 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048

12:41:41.527 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 260243 MB offset 411648

12:41:41.527 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 533389312

12:41:41.558 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 594198528

12:41:41.590 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 533391360

12:41:41.621 Disk 0 scanning C:\windows\system32\drivers

12:41:49.343 Service scanning

12:42:05.910 Modules scanning

12:42:05.926 Disk 0 trace - called modules:

12:42:05.957 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

12:42:05.957 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80025cc530]

12:42:05.972 3 CLASSPNP.SYS[fffff88001b0e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002410050]

12:42:05.988 Scan finished successfully

12:42:38.140 Disk 0 MBR has been saved successfully to "C:\Users\Angelo\Desktop\MBR.dat"

12:42:38.140 The log file has been saved successfully to "C:\Users\Angelo\Desktop\aswMBR.txt"

OTL:

OTL logfile created on: 7/2/2012 12:43:04 PM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Angelo\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.80 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 50.76% Memory free

3.60 Gb Paging File | 2.22 Gb Available in Paging File | 61.65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 254.14 Gb Total Space | 183.21 Gb Free Space | 72.09% Space Free | Partition Type: NTFS

Drive D: | 29.00 Gb Total Space | 28.91 Gb Free Space | 99.70% Space Free | Partition Type: NTFS

Drive E: | 3.81 Gb Total Space | 1.84 Gb Free Space | 48.44% Space Free | Partition Type: FAT32

Computer Name: ANGELO-PC | User Name: Angelo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/02 12:38:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Angelo\Desktop\OTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/09/01 18:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

PRC - [2010/10/26 18:20:52 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

PRC - [2010/10/26 18:16:06 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

PRC - [2010/10/05 15:12:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe

PRC - [2010/06/10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

PRC - [2010/05/27 23:14:52 | 000,376,176 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe

PRC - [2010/05/27 23:14:02 | 000,709,488 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe

PRC - [2010/05/27 23:13:38 | 000,314,736 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe

PRC - [2010/03/10 18:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

PRC - [2010/03/10 18:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

PRC - [2010/03/09 01:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe

PRC - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

PRC - [2010/03/05 21:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

PRC - [2010/03/03 16:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/03/03 16:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe

PRC - [2010/01/19 13:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

PRC - [2009/09/30 08:02:38 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2009/09/30 08:02:36 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/05/05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:37:49 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll

MOD - [2012/06/14 03:37:17 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll

MOD - [2012/06/14 03:37:09 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll

MOD - [2012/05/09 03:50:54 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll

MOD - [2012/05/09 03:48:29 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll

MOD - [2012/05/09 03:47:25 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll

MOD - [2012/05/09 03:47:18 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll

MOD - [2012/05/09 03:47:14 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll

MOD - [2012/05/09 03:47:13 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll

MOD - [2012/05/09 03:47:05 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/10/05 15:13:26 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\ressources\plugins\DiscoveryGeneric.plugin

MOD - [2010/10/05 15:13:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\ressources\plugins\DiscoveryNdis.plugin

MOD - [2010/10/05 15:12:54 | 001,048,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\wxmsw28u_core_vc_custom.dll

MOD - [2010/10/05 15:12:54 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\UIToolkit.dll

MOD - [2010/10/05 15:12:54 | 000,726,528 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\wxbase28u_vc_custom.dll

MOD - [2010/10/05 15:12:54 | 000,500,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\Toolkit.dll

MOD - [2010/10/05 15:12:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\pcre3.dll

MOD - [2010/10/05 15:12:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe

MOD - [2010/10/05 15:12:52 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\Preferences.dll

MOD - [2010/10/05 15:12:50 | 000,308,224 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\Device.dll

MOD - [2010/10/05 15:12:50 | 000,246,784 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\DB.dll

MOD - [2010/10/05 15:12:50 | 000,125,440 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\Discovery.dll

MOD - [2010/10/05 15:12:50 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\DriveDetector.dll

MOD - [2010/10/05 15:12:48 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\ComCore.dll

MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2010/09/22 14:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/02/05 10:43:20 | 000,311,296 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtLED\RtLEDService.exe -- (RtLedService)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WinHttpAutoProxySvc)

SRV - [2012/06/17 15:36:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/05/26 23:00:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/12/02 05:34:30 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)

SRV - [2010/05/27 23:14:02 | 000,709,488 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service)

SRV - [2010/05/27 23:13:38 | 000,314,736 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe -- (EgisTec Data Security Service)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)

SRV - [2010/03/03 16:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)

SRV - [2009/09/30 08:02:38 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2009/09/30 08:02:36 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/05/05 04:05:24 | 000,326,656 | R--- | M] (ASUSTek COMPUTER INC.) [Auto | Running] -- C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe -- (UsbService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/08/31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2011/03/19 06:22:49 | 000,035,888 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys)

DRV:64bit: - [2011/03/19 06:22:48 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2011/03/19 06:22:48 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2011/03/19 06:22:48 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/06/19 00:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b) Siliten HID Devices(FlexDef2b)

DRV:64bit: - [2010/05/10 21:17:50 | 000,229,488 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)

DRV:64bit: - [2010/04/22 16:07:26 | 000,098,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokia_cs1x_cdc_acm.sys -- (nokia_cs1x_cdc_acm)

DRV:64bit: - [2010/04/22 16:07:26 | 000,097,280 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nokia_cs1x_dc_enum.sys -- (nokia_cs1x_dc_enum)

DRV:64bit: - [2010/04/22 16:07:26 | 000,053,760 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokia_cs1x_cdc_ecm.sys -- (nokia_cs1x_cdc_ecm)

DRV:64bit: - [2010/04/22 16:07:26 | 000,013,824 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokia_cs1x_cpo.sys -- (nokia_cs1x_cpo)

DRV:64bit: - [2010/03/26 05:14:50 | 000,162,304 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/03/24 05:57:20 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/03/03 15:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/03/02 12:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/02/26 17:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/02/22 06:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2010/01/15 14:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)

DRV:64bit: - [2009/10/18 20:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)

DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/07/21 10:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/06/10 16:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2007/12/16 22:25:14 | 000,047,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vuhub.sys -- (vuhub)

DRV:64bit: - [2006/12/12 03:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2591753365-2526377709-281079065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKU\S-1-5-21-2591753365-2526377709-281079065-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2591753365-2526377709-281079065-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\S-1-5-21-2591753365-2526377709-281079065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2591753365-2526377709-281079065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Angelo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Angelo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 15:36:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 12:06:15 | 000,000,000 | ---D | M]

[2011/12/04 08:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angelo\AppData\Roaming\Mozilla\Extensions

[2012/06/17 15:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angelo\AppData\Roaming\Mozilla\Firefox\Profiles\zwmj45cc.default\extensions

[2012/04/17 13:29:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Angelo\AppData\Roaming\Mozilla\Firefox\Profiles\zwmj45cc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2012/05/21 12:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/06/17 15:58:13 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ANGELO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZWMJ45CC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012/06/17 15:36:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/06/17 15:36:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/17 15:36:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Angelo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll

CHR - Extension: YouTube = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AdBlock = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.34_0\

CHR - Extension: ICE Quick Stream = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\4.92_1\

CHR - Extension: Hover Zoom = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.3.6_0\

CHR - Extension: Gmail = C:\Users\Angelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)

O2 - BHO: (IEPwdBankBHO Class) - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. )

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)

O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [updatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()

O4 - HKLM..\Run: [indexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NokiaInternetModem_AppStart.exe] C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe ()

O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [uCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe File not found

O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )

O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)

O4 - HKU\S-1-5-21-2591753365-2526377709-281079065-1000..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Angelo\Desktop\PartyPoker.lnk File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Angelo\Desktop\PartyPoker.lnk File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E34E9DE-FBCC-4629-B42B-0014EBD8D882}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7351B29F-BEA3-4F1F-A4EB-AE9D8A965B66}: DhcpNameServer = 64.71.255.198 64.71.255.253

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D27A83E8-B972-4B86-8195-B42B7A967A20}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{90a54729-1fd4-11e1-9c81-f0def14dbde2}\Shell - "" = AutoRun

O33 - MountPoints2\{90a54729-1fd4-11e1-9c81-f0def14dbde2}\Shell\AutoRun\command - "" = E:\Memorybar.exe

O33 - MountPoints2\{a7f50fc9-1c6a-11e1-b5a6-f0def14dbde2}\Shell - "" = AutoRun

O33 - MountPoints2\{a7f50fc9-1c6a-11e1-b5a6-f0def14dbde2}\Shell\AutoRun\command - "" = E:\application\Nokia_Internet_Modem.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/02 12:41:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Angelo\Desktop\aswMBR.exe

[2012/07/02 12:41:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Angelo\Desktop\OTL.exe

[2012/07/01 14:08:45 | 002,134,616 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Angelo\Desktop\tdsskiller.exe

[2012/06/30 14:36:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Angelo\Desktop\dds.scr

[2012/06/19 22:07:21 | 000,000,000 | ---D | C] -- C:\Users\Angelo\Desktop\Angeloo

[2012/06/19 18:59:24 | 000,000,000 | ---D | C] -- C:\Users\Angelo\Desktop\Angelo

[2012/06/17 17:07:14 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012/06/17 17:07:08 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/06/17 17:06:40 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2012/06/17 17:06:38 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2012/06/17 16:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/06/17 16:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/06/17 16:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/06/17 15:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/06/17 15:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/06/16 17:21:16 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Roaming\Malwarebytes

[2012/06/16 17:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/06/16 17:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/06/16 17:21:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/06/16 17:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/06/14 03:01:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2012/06/14 03:01:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2012/06/14 03:01:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2012/06/14 03:01:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2012/06/14 03:01:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2012/06/14 03:01:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2012/06/14 03:01:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2012/06/14 03:01:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2012/06/14 03:01:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2012/06/14 03:01:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2012/06/14 03:01:10 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2012/06/14 03:01:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2012/06/14 03:01:09 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2012/06/13 20:51:58 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll

[2012/06/13 20:51:57 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll

[2012/06/13 20:51:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe

[2012/06/13 20:51:49 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe

[2012/06/13 20:51:47 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe

[2012/06/13 20:51:46 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe

[2012/06/13 20:51:42 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll

[2012/06/13 20:51:40 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll

[2012/06/13 20:51:39 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll

[2012/06/07 22:50:35 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%

[2 C:\Users\Angelo\Desktop\*.tmp files -> C:\Users\Angelo\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/02 12:42:38 | 000,000,512 | ---- | M] () -- C:\Users\Angelo\Desktop\MBR.dat

[2012/07/02 12:39:50 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2591753365-2526377709-281079065-1000UA.job

[2012/07/02 12:39:40 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/07/02 12:39:39 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2591753365-2526377709-281079065-1000Core.job

[2012/07/02 12:39:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/07/02 12:38:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Angelo\Desktop\OTL.exe

[2012/07/02 12:38:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Angelo\Desktop\aswMBR.exe

[2012/07/01 14:07:04 | 002,134,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Angelo\Desktop\tdsskiller.exe

[2012/06/30 14:54:29 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/30 14:54:29 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/30 14:45:47 | 1450,582,016 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/30 14:44:39 | 000,729,880 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/06/30 14:44:39 | 000,626,540 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/06/30 14:44:39 | 000,107,784 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/06/30 14:35:20 | 000,340,645 | ---- | M] () -- C:\Users\Angelo\Desktop\FSS.exe

[2012/06/30 14:33:58 | 000,126,976 | ---- | M] () -- C:\Users\Angelo\Desktop\ResetTeaTimer.exe

[2012/06/30 14:32:42 | 000,132,597 | ---- | M] () -- C:\Users\Angelo\Desktop\Flash_Disinfector.exe

[2012/06/30 12:59:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Angelo\Desktop\dds.scr

[2012/06/17 17:07:15 | 000,000,332 | ---- | M] () -- C:\Start_.cmd

[2012/06/17 15:56:40 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/06/17 13:34:35 | 000,453,162 | ---- | M] () -- C:\Users\Angelo\Desktop\rbctestingfriday.zip

[2012/06/16 17:16:16 | 000,002,198 | ---- | M] () -- C:\windows\epplauncher.mif

[2012/06/14 03:33:39 | 000,430,656 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/06/09 14:03:43 | 000,172,994 | ---- | M] () -- C:\Users\Angelo\Desktop\Scenario 1 Assets and Liabilites.jpg

[2012/06/09 14:02:08 | 000,210,390 | ---- | M] () -- C:\Users\Angelo\Desktop\Lloyd Balanced Scenario 1.jpg

[2 C:\Users\Angelo\Desktop\*.tmp files -> C:\Users\Angelo\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/02 12:42:38 | 000,000,512 | ---- | C] () -- C:\Users\Angelo\Desktop\MBR.dat

[2012/06/30 14:36:06 | 000,340,645 | ---- | C] () -- C:\Users\Angelo\Desktop\FSS.exe

[2012/06/30 14:36:06 | 000,132,597 | ---- | C] () -- C:\Users\Angelo\Desktop\Flash_Disinfector.exe

[2012/06/30 14:36:06 | 000,126,976 | ---- | C] () -- C:\Users\Angelo\Desktop\ResetTeaTimer.exe

[2012/06/17 17:07:15 | 000,000,332 | ---- | C] () -- C:\Start_.cmd

[2012/06/17 15:56:40 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/06/17 12:00:22 | 000,453,162 | ---- | C] () -- C:\Users\Angelo\Desktop\rbctestingfriday.zip

[2012/06/09 14:03:43 | 000,172,994 | ---- | C] () -- C:\Users\Angelo\Desktop\Scenario 1 Assets and Liabilites.jpg

[2012/06/09 14:02:08 | 000,210,390 | ---- | C] () -- C:\Users\Angelo\Desktop\Lloyd Balanced Scenario 1.jpg

[2012/02/21 06:07:01 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI

[2012/02/21 06:07:00 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI

[2012/01/25 20:55:32 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL

[2012/01/25 20:54:58 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI

[2012/01/14 19:47:40 | 000,010,752 | ---- | C] () -- C:\Users\Angelo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/11 16:51:24 | 000,002,048 | -HS- | C] () -- C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\@

[2011/12/05 23:57:31 | 000,000,355 | ---- | C] () -- C:\Users\Angelo\Computer - Shortcut.lnk

[2011/12/02 05:35:14 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\srvany.exe

[2011/12/02 01:05:04 | 000,744,030 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/09/14 06:56:19 | 000,000,019 | ---- | C] () -- C:\windows\maa.dat

[2011/08/31 20:51:16 | 000,867,020 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin

[2011/08/31 20:51:16 | 000,128,204 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin

[2011/08/31 20:51:16 | 000,105,608 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin

[2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll

[2011/03/19 06:29:29 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll

[2011/03/19 06:29:29 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll

[2011/03/19 06:29:20 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll

[2011/01/19 03:29:51 | 000,001,341 | ---- | C] () -- C:\windows\vm332Rmv.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8CE646EE

< End of report >

OTL Extras logfile created on: 7/2/2012 12:43:04 PM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Angelo\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.80 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 50.76% Memory free

3.60 Gb Paging File | 2.22 Gb Available in Paging File | 61.65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 254.14 Gb Total Space | 183.21 Gb Free Space | 72.09% Space Free | Partition Type: NTFS

Drive D: | 29.00 Gb Total Space | 28.91 Gb Free Space | 99.70% Space Free | Partition Type: NTFS

Drive E: | 3.81 Gb Total Space | 1.84 Gb Free Space | 48.44% Space Free | Partition Type: FAT32

Computer Name: ANGELO-PC | User Name: Angelo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}" = Eraser 6.0.9.2343

"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery

"{5ACF5427-B4E4-4F85-A512-151E0BECF7E3}" = RtLED

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"Elantech" = ETDWare PS/2-x64 7.0.4.17_WHQL

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30

"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus

"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7060D

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{62077C63-F77A-4C72-A67E-400F4E9B14BC}" = Nokia Internet Modem

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1

"{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess

"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}" = Lenovo EasyCamera

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1

"File Shredder_is1" = File Shredder 2.0

"FormatFactory" = FormatFactory 2.95

"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.2.1125

"GOM Player" = GOM Player

"InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery

"InstallShield_{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"PartyPoker" = PartyPoker

"PokerStars" = PokerStars

"uTorrent" = µTorrent

"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2591753365-2526377709-281079065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Internet Banking Payment Assistant" = Internet Banking Payment Assistant 2.2

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/17/2012 10:34:12 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2048964

Error - 6/17/2012 10:34:12 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2048964

Error - 6/17/2012 10:34:13 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/17/2012 10:34:13 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2049963

Error - 6/17/2012 10:34:13 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2049963

Error - 6/17/2012 10:34:14 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/17/2012 10:34:14 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2050961

Error - 6/17/2012 10:34:14 AM | Computer Name = Angelo-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2050961

Error - 6/17/2012 3:36:17 PM | Computer Name = Angelo-PC | Source = Brother BrLog | ID = 1001

Description = TWN BrtTWN: [2012/06/17 15:36:17.453]: [00003096]: BrStiIf: GetDeviceList

Failed! pStiInfo = 0x0..

Error - 6/17/2012 3:36:17 PM | Computer Name = Angelo-PC | Source = Brother BrLog | ID = 1001

Description = TWN BrtTWN: [2012/06/17 15:36:17.453]: [00003096]: ##### Fatal ERROR!!

Create STI-device failed! #####

Error - 6/17/2012 3:36:17 PM | Computer Name = Angelo-PC | Source = Brother BrLog | ID = 1001

Description = TWN BrtTWN: [2012/06/17 15:36:17.453]: [00003096]: Initialize TwdsMain

Class failed!

[ System Events ]

Error - 6/21/2012 7:54:10 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7003

Description = The DHCP Client service depends the following service: Tdx. This service

might not be installed.

Error - 6/21/2012 7:54:10 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7001

Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the

DHCP Client service which failed to start because of the following error: %%1075

Error - 6/21/2012 8:54:00 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7003

Description = The DHCP Client service depends the following service: Tdx. This service

might not be installed.

Error - 6/21/2012 8:54:00 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7001

Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the

DHCP Client service which failed to start because of the following error: %%1075

Error - 6/21/2012 8:54:05 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7003

Description = The DHCP Client service depends the following service: Tdx. This service

might not be installed.

Error - 6/21/2012 8:54:05 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7001

Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the

DHCP Client service which failed to start because of the following error: %%1075

Error - 6/21/2012 8:54:05 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7003

Description = The DHCP Client service depends the following service: Tdx. This service

might not be installed.

Error - 6/21/2012 8:54:05 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7001

Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the

DHCP Client service which failed to start because of the following error: %%1075

Error - 6/21/2012 8:54:10 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7003

Description = The DHCP Client service depends the following service: Tdx. This service

might not be installed.

Error - 6/21/2012 8:54:10 PM | Computer Name = Angelo-PC | Source = Service Control Manager | ID = 7001

Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the

DHCP Client service which failed to start because of the following error: %%1075

< End of report >

Link to post
Share on other sites

Thanks!

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    [2012/01/11 16:51:24 | 000,002,048 | -HS- | C] () -- C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\@

    :files
    C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125}
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys|C:\windows\System32\drivers\afd.sys /replace
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys|C:\windows\System32\drivers\tcpip.sys /replace
    C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\MPSSVC.dll|C:\windows\System32\MPSSVC.dll /replace
    C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d\sdrsvc.dll|C:\windows\System32\sdrsvc.dll /replace
    C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuaueng.dll|C:\windows\System32\wuaueng.dll /replace
    C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll|C:\windows\System32\cryptsvc.dll /replace
    ipconfig /flushdns /c

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

Run Farbar Service Scanner on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

In your next reply, post the following log files:

  • OTL Fix log
  • Farbar Service Scanner log

Link to post
Share on other sites

Hi Maniac, here are the logs:

All processes killed

========== OTL ==========

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\@ moved successfully.

========== FILES ==========

C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U folder moved successfully.

C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\L folder moved successfully.

C:\Users\Angelo\AppData\Local\{61fcaa24-ffd0-4994-b381-d5a0462b6125} folder moved successfully.

File C:\windows\System32\drivers\afd.sys not found.

File C:\windows\System32\drivers\tcpip.sys not found.

File C:\windows\System32\MPSSVC.dll not found.

File C:\windows\System32\sdrsvc.dll not found.

File C:\windows\System32\wuaueng.dll not found.

Unable to replace file: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll with C:\windows\System32\cryptsvc.dll without a reboot.

< ipconfig /flushdns /c >

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

C:\Users\Angelo\Desktop\cmd.bat deleted successfully.

C:\Users\Angelo\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Angelo

->Temp folder emptied: 33263597 bytes

->Temporary Internet Files folder emptied: 956964287 bytes

->Java cache emptied: 56515 bytes

->FireFox cache emptied: 99691756 bytes

->Google Chrome cache emptied: 348338024 bytes

->Flash cache emptied: 3256 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 66396648 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52423 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,435.00 mb

OTL by OldTimer - Version 3.2.53.1 log created on 07032012_210539

Files\Folders moved on Reboot...

C:\Users\Angelo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

[2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll : MD5=21993009E0CCB9B4FA195F14D3408626

Registry entries deleted on Reboot...

Farbar Service Scanner Version: 25-06-2012 01

Ran by Angelo (administrator) on 03-07-2012 at 21:09:55

Running from "C:\Users\Angelo\Desktop"

Microsoft Windows 7 Home Premium (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is OK.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Google IP is accessible.

Attempt to access Google.com returned error: Other errors

Yahoo IP is accessible.

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys

[2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll

[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll

[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

Please run Farbar Service Scanner.

Type the following in the edit box after "Search:".

afd.sys;tcpip.sys;mpssvc.dll;SDRSVC.dll;wuaueng.dll;cryptsvc.dll;

Click Search Files button and post the log (FSS.txt) it makes to your reply.

Link to post
Share on other sites

Here it is!

Farbar Service Scanner Version: 25-06-2012 01

Ran by Angelo (administrator) on 04-07-2012 at 22:08:24

Microsoft Windows 7 Home Premium (X64)

************************************************

======== Search: "afd.sys;tcpip.sys;mpssvc.dll;SDRSVC.dll;wuaueng.dll;cryptsvc.dll;" =========

C:\windows\System32\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\windows\System32\MPSSVC.dll

[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\windows\System32\sdrsvc.dll

[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\windows\System32\wuaueng.dll

[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\windows\System32\drivers\afd.sys

[2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\windows\System32\drivers\tcpip.sys

[2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 00:28] - 0142336 ____A (Microsoft Corporation) 21993009E0CCB9B4FA195F14D3408626

C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 00:36] - 0140288 ____A (Microsoft Corporation) 06E771AA596B8761107AB57E99F128D7

C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 00:33] - 0141312 ____A (Microsoft Corporation) F522279B4717E2BFF269C771FAC2B78E

C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 00:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

[2009-07-13 19:33] - [2009-07-13 21:15] - 0135680 ____A (Microsoft Corporation) 9C231178CE4FB385F4B54B0A9080B8A4

C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll

[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys

[2012-02-15 07:22] - [2011-12-28 00:01] - 0498176 ____A (Microsoft Corporation) 36A14FD1A23F57046361733B792CA8DB

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

[2011-12-02 04:32] - [2011-04-24 23:09] - 0499200 ____A (Microsoft Corporation) F4AD06143EAC303F55D0E86C40802976

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys

[2012-02-15 07:22] - [2011-12-27 23:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys

[2011-12-02 04:32] - [2011-04-24 22:34] - 0499200 ____A (Microsoft Corporation) D5B031C308A409A0A576BFF4CF083D30

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys

[2012-02-15 07:22] - [2011-12-28 00:01] - 0499200 ____A (Microsoft Corporation) CCA39961E76B491DDF44B1E90FC8971D

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

[2011-12-02 04:32] - [2011-04-24 22:44] - 0499712 ____A (Microsoft Corporation) FBFF8B7C9D116229E9208A0D1CAEB49B

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys

[2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys

[2011-12-02 04:32] - [2011-04-24 22:44] - 0499712 ____A (Microsoft Corporation) 6EF20DDF3172E97D69F596FB90602F29

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys

[2009-07-13 19:21] - [2009-07-13 19:21] - 0500224 ____A (Microsoft Corporation) B9384E03479D2506BC924C16A3DB87BC

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\wuaueng.dll

[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys

[2012-05-08 19:51] - [2012-03-30 06:26] - 1901424 ____A (Microsoft Corporation) 885B202006EE17AE99B9FBCEC9AF88C9

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys

[2011-12-02 04:31] - [2011-09-29 13:41] - 1912176 ____A (Microsoft Corporation) 3810F06A4D74A7D62641EE73D6B3C660

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys

[2011-12-02 04:32] - [2011-04-25 02:16] - 1927552 ____A (Microsoft Corporation) B77977AEB2FF159D01DB08A309989C5F

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys

[2012-05-08 19:51] - [2012-03-30 07:35] - 1918320 ____A (Microsoft Corporation) ACB82BDA8F46C84F465C1AFA517DC4B9

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

[2011-12-02 04:31] - [2011-09-29 12:29] - 1923952 ____A (Microsoft Corporation) FC62769E7BFF2896035AEED399108162

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys

[2011-12-02 04:32] - [2011-04-25 01:33] - 1923968 ____A (Microsoft Corporation) 92CE29D95AC9DD2D0EE9061D551BA250

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys

[2012-05-08 19:51] - [2012-03-30 06:19] - 1877872 ____A (Microsoft Corporation) 5EFD096DEF47F8B88EF591DA92143440

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys

[2011-12-02 04:31] - [2011-09-29 12:17] - 1886064 ____A (Microsoft Corporation) AC3E29880DB5659532A1AA3439304A43

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys

[2011-12-02 04:32] - [2011-04-25 01:28] - 1893248 ____A (Microsoft Corporation) 1F748D5439B65E0BEBD92F65048F030D

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys

[2011-02-11 18:25] - [2011-02-11 18:25] - 1889152 ____A (Microsoft Corporation) 542C6767C68C9D6AAACA59436B0D15C2

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys

[2012-01-15 20:53] - [2010-04-09 03:56] - 1892232 ____A (Microsoft Corporation) A9C0F786AC1F736891D05CE0A1D29DEB

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys

[2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys

[2011-12-02 04:31] - [2011-09-29 12:24] - 1897328 ____A (Microsoft Corporation) F18F56EFC0BFB9C87BA01C37B27F4DA5

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys

[2011-12-02 04:32] - [2011-04-25 01:32] - 1896832 ____A (Microsoft Corporation) 61DC720BB065D607D5823F13D2A64321

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys

[2011-02-11 18:25] - [2011-02-11 18:25] - 1896832 ____A (Microsoft Corporation) 90A2D722CF64D911879D6C4A4F802A4D

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys

[2012-01-15 20:53] - [2010-04-09 07:06] - 1898376 ____A (Microsoft Corporation) 7FC877A25796D8ADF539E64703FCA7E1

C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

[2009-07-13 19:25] - [2009-07-13 21:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

C:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7600.16385_none_80feadf380799a73\sdrsvc.dll

[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 01:22] - 0186880 ____A (Microsoft Corporation) B7337E9C9E5936355BB700AA33E0936E

C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 01:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705

C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 01:36] - 0183808 ____A (Microsoft Corporation) CE8BF1423AEE47DA5275FBC8AD3BD642

C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll

[2009-07-13 19:49] - [2009-07-13 21:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384

C:\Windows\SysWOW64\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 00:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

[2011-12-03 19:50] - [2010-11-20 08:18] - 0136192 ____A (Microsoft Corporation) A585BEBF7D054BD9618EDA0922D5484A

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\MPSSVC.dll

[2011-12-03 19:51] - [2010-11-20 09:26] - 0828416 ____A (Microsoft Corporation) 54FFC9C8898113ACE189D4AA7199D2C1

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys

[2011-12-03 19:50] - [2010-11-20 05:23] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuaueng.dll

[2011-12-03 19:50] - [2010-11-20 09:27] - 2420736 ____A (Microsoft Corporation) 9DF12EDBC698B0BC353B3EF84861E430

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys

[2011-12-03 19:51] - [2010-11-20 09:33] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d\sdrsvc.dll

[2011-12-03 19:49] - [2010-11-20 09:27] - 0170496 ____A (Microsoft Corporation) 6EA4234DC55346E0709560FE7C2C1972

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll

[2011-12-03 19:50] - [2010-11-20 09:25] - 0177152 ____A (Microsoft Corporation) 15597883FBE9B056F276ADA3AD87D9AF

====== End Of Search ======

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :files
    C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll|C:\windows\System32\cryptsvc.dll /replace
    C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\MPSSVC.dll|C:\windows\System32\MPSSVC.dll /replace
    C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d\sdrsvc.dll|C:\windows\System32\sdrsvc.dll /replace
    C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuaueng.dll|C:\windows\System32\wuaueng.dll /replace
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys|C:\windows\System32\drivers\afd.sys /replace
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys|C:\windows\System32\drivers\tcpip.sys /replace

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

In your next reply, post the following log files:

  • OTL Fix log
  • a new fresh Farbar Service Scanner log

Link to post
Share on other sites

Thank you for your responses :) I feel I should let you know that the internet is not completely dead on the infected laptop.. when it connects to networks it connects as "limited connectivity". Any idea why this is? And it is not the wireless network itself, because I brought this laptop to my friends house and it displays the same limited connectivity when using their wifi, while other computers connect just fine to my home and friends network. Here are the logs:

All processes killed

========== FILES ==========

Unable to replace file: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll with C:\windows\System32\cryptsvc.dll without a reboot.

File C:\windows\System32\MPSSVC.dll not found.

File C:\windows\System32\sdrsvc.dll not found.

File C:\windows\System32\wuaueng.dll not found.

File C:\windows\System32\drivers\afd.sys not found.

File C:\windows\System32\drivers\tcpip.sys not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Angelo

->Temp folder emptied: 198362 bytes

->Temporary Internet Files folder emptied: 413800 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 6106597 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 291 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb

OTL by OldTimer - Version 3.2.53.1 log created on 07052012_204240

Files\Folders moved on Reboot...

C:\Users\Angelo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

[2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll : MD5=21993009E0CCB9B4FA195F14D3408626

Registry entries deleted on Reboot...

Farbar Service Scanner Version: 25-06-2012 01

Ran by Angelo (administrator) on 05-07-2012 at 20:46:21

Running from "C:\Users\Angelo\Desktop\MWB fix"

Microsoft Windows 7 Home Premium (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is OK.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Google IP is accessible.

Attempt to access Google.com returned error: Other errors

Yahoo IP is accessible.

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys

[2012-02-15 07:22] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2012-05-08 19:51] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll

[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll

[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll

[2012-06-13 20:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

Unfortunately, there is damage important system files and registry keys, so we need to replace them to stabilize the system.

Please run this tool:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Here is the Combofix log!

ComboFix 12-07-06.02 - Angelo 07/07/2012 14:23:23.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1845.874 [GMT -4:00]

Running from: c:\users\Angelo\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\@

c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\L\00000004.@

c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\L\1afb2d56

c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\L\201d3dde

c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\n

c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\00000004.@

c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\00000008.@

c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\000000cb.@

c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\80000000.@

c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\80000032.@

c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}\U\80000064.@

c:\windows\s.bat

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_{79007602-0CDB-4405-9DBF-1257BB3226EE}

.

.

((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))

.

.

2012-06-17 20:02 . 2012-06-17 21:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-06-17 20:02 . 2012-06-17 20:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-06-17 19:36 . 2012-06-17 19:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-06-17 19:36 . 2012-06-17 19:36 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-06-17 19:36 . 2012-06-17 19:36 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-06-17 19:36 . 2012-06-17 19:36 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-06-17 19:36 . 2012-06-17 19:36 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-06-16 21:21 . 2012-06-16 21:21 -------- d-----w- c:\users\Angelo\AppData\Roaming\Malwarebytes

2012-06-16 21:21 . 2012-06-16 21:21 -------- d-----w- c:\programdata\Malwarebytes

2012-06-16 21:21 . 2012-06-16 21:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-16 21:21 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-14 00:51 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll

2012-06-08 02:50 . 2012-06-08 02:50 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-27 03:00 . 2012-05-27 01:59 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-27 03:00 . 2011-12-04 12:03 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-27 03:00 . 2012-05-27 03:00 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-08 17:02 . 2012-06-07 01:29 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1C44406-B880-42FE-9618-85D975AEF2B3}\mpengine.dll

2012-05-08 17:02 . 2012-06-05 05:54 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]

"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]

"VitaKeyTSR"="c:\program files (x86)\EgisTec BioExcess\EgisTSR.exe" [2010-05-28 376176]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]

"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-03-02 171104]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584]

"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"NokiaInternetModem_AppStart.exe"="c:\program files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" [2010-10-05 137728]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]

"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]

"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]

"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]

"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]

"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]

"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 KMService;KMService;c:\windows\system32\srvany.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 257696]

R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-19 17920]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 129976]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;c:\windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys [2010-04-22 98304]

R3 nokia_cs1x_cdc_ecm;nokia_cs1x_cdc_ecm;c:\windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys [2010-04-22 53760]

R3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;c:\windows\system32\DRIVERS\nokia_cs1x_cpo.sys [2010-04-22 13824]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-24 243744]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-03 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2010-01-15 39008]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-03-19 22576]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-03-19 20016]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-03-19 60464]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 EgisTec Data Security Service;EgisTec Data Security Service;c:\program files (x86)\EgisTec BioExcess\EgisDSService.exe [2010-05-28 314736]

S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [2010-05-28 709488]

S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2011-03-19 35888]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]

S2 RtLedService;RtLedService Installer;c:\program files\Realtek\RtLED\RtLEDService.exe [2010-02-05 311296]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]

S2 UsbService;Eltima Usb to Ethernet Connector;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [2009-05-05 326656]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]

S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-03-26 162304]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;c:\windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys [2010-04-22 97280]

S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2010-05-11 229488]

S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [2007-12-17 47616]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 03:00]

.

2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2591753365-2526377709-281079065-1000Core.job

- c:\users\Angelo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01 22:04]

.

2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2591753365-2526377709-281079065-1000UA.job

- c:\users\Angelo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01 22:04]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-02 10821224]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-12 4462496]

"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-18 7056800]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]

"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"combofix"="c:\combofix\CF2977.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://lenovo.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Angelo\AppData\Roaming\Mozilla\Firefox\Profiles\zwmj45cc.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-VeriFaceManager - c:\program files (x86)\Lenovo\VeriFace\PManage.exe

SafeBoot-MsMpSvc

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

AddRemove-Best Buy pc app - c:\programdata\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\Best Buy pc app Setup.exe

AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\Best Buy pc app Setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\ControlCenter4\BrCtrlCntr.exe

c:\program files (x86)\ControlCenter4\BrCcUxSys.exe

.

**************************************************************************

.

Completion time: 2012-07-07 14:35:43 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-07 18:35

.

Pre-Run: 198,565,834,752 bytes free

Post-Run: 197,854,912,512 bytes free

.

- - End Of File - - 722633FA474AD8C1C8B7496FD7A2156B

Link to post
Share on other sites

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll | C:\windows\System32\cryptsvc.dll
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\MPSSVC.dll | C:\windows\System32\MPSSVC.dll
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d\sdrsvc.dll | C:\windows\System32\sdrsvc.dll
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuaueng.dll | C:\windows\System32\wuaueng.dll
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys | C:\windows\System32\drivers\afd.sys
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys | C:\windows\System32\drivers\tcpip.sys

Folder::
c:\windows\Installer\{61fcaa24-ffd0-4994-b381-d5a0462b6125}

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.