Jump to content

Yet another rootkit.0access infection


Recommended Posts

Count me among the legion of users infected with 0access. :-( I have read a number of posts on this forum about rootkit.0access in the hopes that I could fix the problem myself without bothering the forum. Alas, I was unsuccessful. So any help would be much appreciated.

Symptoms include web redirection, vanishing antivirus software, and persistence after removal.

In an attempt to be proactive, I downloaded the latest OTL.exe and ran it. Here is the log (no extras.txt was produced):

Many thanks in advance!

OTL logfile created on: 14/08/2012 04:44:44 p.m. - Run 3

OTL by OldTimer - Version 3.2.57.0 Folder = F:\

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000500A | Country: Puerto Rico | Language: ESU | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 58.28% Memory free

5.86 Gb Paging File | 4.69 Gb Available in Paging File | 79.93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 216.47 Gb Total Space | 158.02 Gb Free Space | 73.00% Space Free | Partition Type: NTFS

Drive D: | 16.12 Gb Total Space | 2.33 Gb Free Space | 14.43% Space Free | Partition Type: NTFS

Drive F: | 3.65 Gb Total Space | 3.64 Gb Free Space | 99.86% Space Free | Partition Type: FAT32

Computer Name: LIZMARIE | User Name: new user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 16:02:02 | 000,596,992 | ---- | M] (OldTimer Tools) -- F:\OTL.exe

PRC - [2012/06/12 21:16:05 | 000,932,528 | ---- | M] () -- C:\Users\new user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2012/05/29 10:37:22 | 025,249,400 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe

PRC - [2012/05/04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe

PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

PRC - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/12/08 17:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe

PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe

PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe

PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/12 21:16:05 | 000,932,528 | ---- | M] () -- C:\Users\new user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/12/09 15:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)

SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2009/10/16 15:09:20 | 001,044,136 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdwcoms.exe -- (lxdw_device)

SRV:64bit: - [2009/10/16 15:09:10 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdwserv.exe -- (lxdwCATSCustConnectService)

SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/08/03 04:10:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/26 18:46:07 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)

SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/16 15:09:10 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe -- (lxdwCATSCustConnectService)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/09/08 02:46:56 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)

DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/04/29 06:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)

DRV:64bit: - [2010/04/22 21:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/04/19 20:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)

DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)

DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2009/10/07 08:45:38 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)

DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)

DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{132AF8E0-2CE4-4CDF-A74F-269284EC4815}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl

IE:64bit: - HKLM\..\SearchScopes\{26E28BF0-3F60-459F-9065-C2F8316C6B19}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{4D748940-5539-482D-AE11-09A4925183CF}: "URL" = http://search.yahoo....psg&type=HPNTDF

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{731D710B-925E-4ACB-BDF2-05A041C5162B}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{132AF8E0-2CE4-4CDF-A74F-269284EC4815}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl

IE - HKLM\..\SearchScopes\{26E28BF0-3F60-459F-9065-C2F8316C6B19}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\..\SearchScopes\{4D748940-5539-482D-AE11-09A4925183CF}: "URL" = http://search.yahoo....psg&type=HPNTDF

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\..\SearchScopes\{731D710B-925E-4ACB-BDF2-05A041C5162B}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 08 3A 5D 01 61 B1 DD 42 A3 44 97 74 30 3F 3D CA [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 08 3A 5D 01 61 B1 DD 42 A3 44 97 74 30 3F 3D CA [binary data]

IE - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?...s&o=2159&gct=hp

IE - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 08 3A 5D 01 61 B1 DD 42 A3 44 97 74 30 3F 3D CA [binary data]

IE - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\..\URLSearchHook: - No CLSID value found

IE - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\..\URLSearchHook: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Helper.dll ()

IE - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.bing.com/...015&form=ZGAIDF

IE - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADRA_enUS465

IE - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\..\SearchScopes\{AD5AF6D2-8938-4B89-AEE7-650ECDE99499}: "URL" = http://websearch.ask...44-BDE9D500F68C

IE - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\..\SearchScopes\{D425C0D4-5B7F-4A7E-8EC6-8A8B00D0D507}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}

IE - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\new user\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/24 20:46:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/24 20:46:27 | 000,000,000 | ---D | M]

[2011/06/08 22:41:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\new user\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll

CHR - plugin: registryAccess (Enabled) = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj\7.15.2.0_0\background/registryAccess.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: DivX HiQ = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\

O1 HOSTS File: ([2012/08/10 15:35:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll ()

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()

O2 - BHO: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll ()

O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()

O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3:64bit: - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\..\Toolbar\WebBrowser: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()

O3 - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\..\Toolbar\WebBrowser: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003..\Run: [Facebook Update] C:\Users\new user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)

O4 - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003..\Run: [spotify Web Helper] C:\Users\new user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O15 - HKU\S-1-5-21-2364319718-3598979702-3902896861-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16151958-9F8E-49FF-AC68-5A1DADC2DB59}: DhcpNameServer = 192.168.1.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C2E51C8-29C5-4A42-A639-88062870966E}: DhcpNameServer = 172.16.202.215 172.16.202.215 8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4A945C6-5EB6-4BBC-806E-97B91E5C990A}: DhcpNameServer = 10.154.75.180

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9E69046-4B35-4ED2-BFB6-2CF003180388}: DhcpNameServer = 192.168.1.4

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 16:30:01 | 004,731,615 | ---- | C] (Swearware) -- C:\Users\new user\Desktop\ComboFix.exe

[2012/08/14 16:30:01 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\new user\Desktop\OTL.exe

[2012/08/10 16:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/08/10 16:13:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/08/10 15:01:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/08/10 15:01:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/08/10 15:01:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/08/10 15:01:27 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/10 15:00:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/08/08 14:22:46 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\Malwarebytes

[2012/08/08 14:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/08/08 14:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/08 14:21:00 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\SUPERAntiSpyware.com

[2012/08/08 14:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/08/08 14:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/08/01 04:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery

[2012/08/01 03:16:32 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook

[2012/07/24 15:52:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2012/07/23 21:32:39 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\{A12456E4-532A-4DAE-97CD-E8E4DA611D35}

[2012/07/23 21:32:27 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\{E545ACA4-AB43-4426-8F44-7EE239356D2A}

[2012/07/19 23:19:23 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\{D7D0A3DC-7F88-4660-8A67-DA98FD8C6F6B}

[2012/07/19 23:19:07 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\{386794EB-E449-471E-925A-46F829C8C474}

========== Files - Modified Within 30 Days ==========

[2012/08/14 16:42:10 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/14 16:26:18 | 000,000,057 | ---- | M] () -- C:\Users\new user\Desktop\ESET Online Scanner.URL

[2012/08/14 16:23:14 | 004,731,615 | ---- | M] (Swearware) -- C:\Users\new user\Desktop\ComboFix.exe

[2012/08/14 16:10:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/14 16:04:52 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/14 16:04:52 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/14 16:02:02 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\new user\Desktop\OTL.exe

[2012/08/14 15:57:11 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/14 15:56:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/14 15:56:52 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/10 15:35:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/08/10 15:08:14 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2364319718-3598979702-3902896861-1003UA.job

[2012/08/10 13:54:25 | 000,730,596 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/10 13:54:25 | 000,626,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/10 13:54:25 | 000,107,978 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/08 14:12:22 | 000,002,054 | -H-- | M] () -- C:\Users\new user\Documents\Default.rdp

[2012/08/05 00:36:51 | 344,517,369 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/08/04 00:10:50 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2364319718-3598979702-3902896861-1003Core.job

[2012/08/03 15:19:53 | 000,001,761 | ---- | M] () -- C:\Users\new user\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/08/14 16:29:40 | 000,000,057 | ---- | C] () -- C:\Users\new user\Desktop\ESET Online Scanner.URL

[2012/08/10 15:01:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/08/10 15:01:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/08/10 15:01:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/08/10 15:01:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/08/10 15:01:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/08/03 23:53:25 | 344,517,369 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/08/03 15:19:53 | 000,001,761 | ---- | C] () -- C:\Users\new user\Desktop\iTunes.lnk

[2012/07/20 18:23:54 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/03/26 23:15:28 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2011/12/24 18:25:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\Tvhnyl4k.dat

[2011/10/19 18:20:35 | 000,001,088 | ---- | C] () -- C:\Users\new user\Documents - Shortcut.lnk

[2011/08/24 21:37:42 | 000,002,029 | ---- | C] () -- C:\Windows\hpdj3600.ini

[2011/05/27 16:01:46 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdwdrs.dll

[2011/05/27 16:01:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdwcaps.dll

[2011/05/27 16:01:46 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdwcnv4.dll

[2010/12/24 01:23:55 | 000,747,466 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2011/06/14 14:32:53 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ooVoo Details

[2011/12/14 15:54:24 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\SoftGrid Client

[2011/07/15 15:12:03 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\dingogames

[2011/08/25 03:17:12 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\DreamDale

[2011/07/27 00:17:06 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\Leadertech

[2011/08/25 03:16:53 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\MB3

[2012/06/14 17:30:59 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\ooVoo Details

[2011/06/09 18:37:26 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\PlayFirst

[2011/08/25 03:08:27 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\SmashFrenzy3

[2012/08/03 02:20:21 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\SoftGrid Client

[2012/06/12 21:20:25 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\Spotify

[2011/12/11 05:48:29 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\Tific

[2012/07/05 01:09:40 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\WildTangent

[2011/09/27 22:17:30 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\Windows Live Writer

[2012/08/04 00:10:50 | 000,001,056 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2364319718-3598979702-3902896861-1003Core.job

[2012/08/10 15:08:14 | 000,001,078 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2364319718-3598979702-3902896861-1003UA.job

[2012/07/22 17:51:56 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Thank you MrC! Here is the RogueKiller report:

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: new user [Admin rights]

Mode: Scan -- Date: 08/15/2012 08:36:37

¤¤¤ Bad processes: 2 ¤¤¤

[HJ NAME] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

[RESIDUE] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM250HI +++++

--- User ---

[MBR] 57724b09c560d221df681b42151c16ce

[bSP] ee8e043c0b0ec0759bb08539b27649b8 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 221664 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 454377472 | Size: 16507 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] bc5be550994f624eb1a175af8924c367

[bSP] ee8e043c0b0ec0759bb08539b27649b8 : Windows Vista/7 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 221664 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 454377472 | Size: 16507 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] bc5be550994f624eb1a175af8924c367

[bSP] ee8e043c0b0ec0759bb08539b27649b8 : Windows Vista/7 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 221664 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 454377472 | Size: 16507 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

My apologies - the last scan was not run as Administrator. I repeated the scan with Run as Administrator and got these results:

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: new user [Admin rights]

Mode: Scan -- Date: 08/15/2012 08:43:20

¤¤¤ Bad processes: 1 ¤¤¤

[HJ NAME] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM250HI +++++

--- User ---

[MBR] 57724b09c560d221df681b42151c16ce

[bSP] ee8e043c0b0ec0759bb08539b27649b8 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 221664 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 454377472 | Size: 16507 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] bc5be550994f624eb1a175af8924c367

[bSP] ee8e043c0b0ec0759bb08539b27649b8 : Windows Vista/7 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 221664 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 454377472 | Size: 16507 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] bc5be550994f624eb1a175af8924c367

[bSP] ee8e043c0b0ec0759bb08539b27649b8 : Windows Vista/7 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 221664 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 454377472 | Size: 16507 Mo

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Link to post
Share on other sites

TDSSKiller was run and the system was rebooted. Here is the log:

08:48:38.0270 3892 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05

08:48:38.0285 3892 ============================================================

08:48:38.0285 3892 Current date / time: 2012/08/15 08:48:38.0285

08:48:38.0285 3892 SystemInfo:

08:48:38.0285 3892

08:48:38.0285 3892 OS Version: 6.1.7600 ServicePack: 0.0

08:48:38.0285 3892 Product type: Workstation

08:48:38.0285 3892 ComputerName: LIZMARIE

08:48:38.0285 3892 UserName: new user

08:48:38.0285 3892 Windows directory: C:\Windows

08:48:38.0285 3892 System windows directory: C:\Windows

08:48:38.0285 3892 Running under WOW64

08:48:38.0285 3892 Processor architecture: Intel x64

08:48:38.0285 3892 Number of processors: 1

08:48:38.0285 3892 Page size: 0x1000

08:48:38.0285 3892 Boot type: Normal boot

08:48:38.0285 3892 ============================================================

08:48:38.0550 3892 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:48:38.0550 3892 ============================================================

08:48:38.0550 3892 \Device\Harddisk0\DR0:

08:48:38.0550 3892 MBR partitions:

08:48:38.0550 3892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

08:48:38.0550 3892 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B0F0000

08:48:38.0550 3892 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1B154000, BlocksNum 0x203D800

08:48:38.0550 3892 ============================================================

08:48:38.0597 3892 C: <-> \Device\Harddisk0\DR0\Partition2

08:48:38.0660 3892 D: <-> \Device\Harddisk0\DR0\Partition3

08:48:38.0660 3892 ============================================================

08:48:38.0660 3892 Initialize success

08:48:38.0660 3892 ============================================================

08:48:55.0211 0220 ============================================================

08:48:55.0211 0220 Scan started

08:48:55.0211 0220 Mode: Manual; SigCheck; TDLFS;

08:48:55.0211 0220 ============================================================

08:48:55.0554 0220 ================ Scan services =============================

08:48:55.0773 0220 [ 1b00662092f9f9568b995902f0cc40d5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

08:48:55.0866 0220 1394ohci - ok

08:48:55.0929 0220 [ f146e2ba475893dd77b2370dc1211fc6 ] 52241408 C:\Windows\system32\drivers\39978438.sys

08:48:55.0991 0220 [ 6f11e88748cdefd2f76aa215f97ddfe5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

08:48:56.0007 0220 ACPI - ok

08:48:56.0054 0220 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

08:48:56.0100 0220 AcpiPmi - ok

08:48:56.0225 0220 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

08:48:56.0225 0220 AdobeARMservice - ok

08:48:56.0366 0220 [ f19c98ad81d2c0e1bbfd8153d2c80ee8 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

08:48:56.0381 0220 AdobeFlashPlayerUpdateSvc - ok

08:48:56.0444 0220 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

08:48:56.0459 0220 adp94xx - ok

08:48:56.0522 0220 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

08:48:56.0537 0220 adpahci - ok

08:48:56.0568 0220 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

08:48:56.0584 0220 adpu320 - ok

08:48:56.0615 0220 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

08:48:56.0740 0220 AeLookupSvc - ok

08:48:56.0802 0220 [ d1e343bc00136ce03c4d403194d06a80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

08:48:56.0818 0220 AERTFilters - ok

08:48:56.0865 0220 [ db9d6c6b2cd95a9ca414d045b627422e ] AFD C:\Windows\system32\drivers\afd.sys

08:48:56.0912 0220 AFD - ok

08:48:56.0958 0220 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

08:48:56.0974 0220 agp440 - ok

08:48:57.0005 0220 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe

08:48:57.0052 0220 ALG - ok

08:48:57.0083 0220 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

08:48:57.0099 0220 aliide - ok

08:48:57.0146 0220 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\DRIVERS\amdide.sys

08:48:57.0161 0220 amdide - ok

08:48:57.0192 0220 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

08:48:57.0224 0220 AmdK8 - ok

08:48:57.0255 0220 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

08:48:57.0286 0220 AmdPPM - ok

08:48:57.0348 0220 [ ec7ebab00a4d8448bab68d1e49b4beb9 ] amdsata C:\Windows\system32\drivers\amdsata.sys

08:48:57.0364 0220 amdsata - ok

08:48:57.0411 0220 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

08:48:57.0426 0220 amdsbs - ok

08:48:57.0442 0220 [ db27766102c7bf7e95140a2aa81d042e ] amdxata C:\Windows\system32\drivers\amdxata.sys

08:48:57.0458 0220 amdxata - ok

08:48:57.0504 0220 [ 363571bc0c79e394e69300d1f2e3ddae ] androidusb C:\Windows\system32\Drivers\androidusb.sys

08:48:57.0536 0220 androidusb - ok

08:48:57.0598 0220 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\Windows\system32\drivers\appid.sys

08:48:57.0645 0220 AppID - ok

08:48:57.0676 0220 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

08:48:57.0738 0220 AppIDSvc - ok

08:48:57.0785 0220 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\Windows\System32\appinfo.dll

08:48:57.0816 0220 Appinfo - ok

08:48:57.0894 0220 [ 3debbecf665dcdde3a95d9b902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

08:48:57.0910 0220 Apple Mobile Device - ok

08:48:57.0972 0220 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys

08:48:57.0988 0220 arc - ok

08:48:58.0019 0220 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

08:48:58.0035 0220 arcsas - ok

08:48:58.0066 0220 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

08:48:58.0113 0220 AsyncMac - ok

08:48:58.0144 0220 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\DRIVERS\atapi.sys

08:48:58.0160 0220 atapi - ok

08:48:58.0222 0220 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

08:48:58.0284 0220 AudioEndpointBuilder - ok

08:48:58.0300 0220 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\Windows\System32\Audiosrv.dll

08:48:58.0347 0220 AudioSrv - ok

08:48:58.0409 0220 [ b20b5fa5ca050e9926e4d1db81501b32 ] AxInstSV C:\Windows\System32\AxInstSV.dll

08:48:58.0456 0220 AxInstSV - ok

08:48:58.0518 0220 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

08:48:58.0550 0220 b06bdrv - ok

08:48:58.0612 0220 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

08:48:58.0643 0220 b57nd60a - ok

08:48:58.0706 0220 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll

08:48:58.0737 0220 BDESVC - ok

08:48:58.0784 0220 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

08:48:58.0815 0220 Beep - ok

08:48:58.0862 0220 [ 4992c609a6315671463e30f6512bc022 ] BFE C:\Windows\System32\bfe.dll

08:48:58.0908 0220 BFE - ok

08:48:58.0971 0220 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

08:48:59.0018 0220 blbdrive - ok

08:48:59.0080 0220 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

08:48:59.0096 0220 Bonjour Service - ok

08:48:59.0142 0220 [ 19d20159708e152267e53b66677a4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

08:48:59.0189 0220 bowser - ok

08:48:59.0220 0220 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

08:48:59.0267 0220 BrFiltLo - ok

08:48:59.0298 0220 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

08:48:59.0314 0220 BrFiltUp - ok

08:48:59.0376 0220 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

08:48:59.0439 0220 BridgeMP - ok

08:48:59.0470 0220 [ 94fbc06f294d58d02361918418f996e3 ] Browser C:\Windows\System32\browser.dll

08:48:59.0548 0220 Browser - ok

08:48:59.0595 0220 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys

08:48:59.0610 0220 Brserid - ok

08:48:59.0626 0220 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

08:48:59.0673 0220 BrSerWdm - ok

08:48:59.0704 0220 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

08:48:59.0751 0220 BrUsbMdm - ok

08:48:59.0782 0220 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

08:48:59.0813 0220 BrUsbSer - ok

08:48:59.0844 0220 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

08:48:59.0891 0220 BTHMODEM - ok

08:48:59.0938 0220 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll

08:49:00.0000 0220 bthserv - ok

08:49:00.0032 0220 catchme - ok

08:49:00.0078 0220 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

08:49:00.0125 0220 cdfs - ok

08:49:00.0172 0220 [ 83d2d75e1efb81b3450c18131443f7db ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

08:49:00.0203 0220 cdrom - ok

08:49:00.0250 0220 [ 312e2f82af11e79906898ac3e3d58a1f ] CertPropSvc C:\Windows\System32\certprop.dll

08:49:00.0312 0220 CertPropSvc - ok

08:49:00.0390 0220 [ 533328a3d9a9c286682525842547540c ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

08:49:00.0406 0220 CinemaNow Service - ok

08:49:00.0437 0220 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys

08:49:00.0484 0220 circlass - ok

08:49:00.0531 0220 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys

08:49:00.0546 0220 CLFS - ok

08:49:00.0640 0220 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:49:00.0656 0220 clr_optimization_v2.0.50727_32 - ok

08:49:00.0734 0220 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

08:49:00.0749 0220 clr_optimization_v2.0.50727_64 - ok

08:49:00.0843 0220 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:49:00.0858 0220 clr_optimization_v4.0.30319_32 - ok

08:49:00.0890 0220 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

08:49:00.0905 0220 clr_optimization_v4.0.30319_64 - ok

08:49:00.0936 0220 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

08:49:00.0952 0220 CmBatt - ok

08:49:00.0983 0220 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

08:49:00.0999 0220 cmdide - ok

08:49:01.0046 0220 [ ca7720b73446fddec5c69519c1174c98 ] CNG C:\Windows\system32\Drivers\cng.sys

08:49:01.0077 0220 CNG - ok

08:49:01.0108 0220 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

08:49:01.0124 0220 Compbatt - ok

08:49:01.0170 0220 [ f26b3a86f6fa87ca360b879581ab4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

08:49:01.0202 0220 CompositeBus - ok

08:49:01.0233 0220 COMSysApp - ok

08:49:01.0264 0220 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

08:49:01.0280 0220 crcdisk - ok

08:49:01.0342 0220 [ f02786b66375292e58c8777082d4396d ] CryptSvc C:\Windows\system32\cryptsvc.dll

08:49:01.0389 0220 CryptSvc - ok

08:49:01.0514 0220 [ 72794d112cbaff3bc0c29bf7350d4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

08:49:01.0545 0220 cvhsvc - ok

08:49:01.0592 0220 [ 7266972e86890e2b30c0c322e906b027 ] DcomLaunch C:\Windows\system32\rpcss.dll

08:49:01.0654 0220 DcomLaunch - ok

08:49:01.0716 0220 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll

08:49:01.0763 0220 defragsvc - ok

08:49:01.0826 0220 [ 9c253ce7311ca60fc11c774692a13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

08:49:01.0857 0220 DfsC - ok

08:49:01.0919 0220 [ ce3b9562d997f69b330d181a8875960f ] Dhcp C:\Windows\system32\dhcpcore.dll

08:49:01.0966 0220 Dhcp - ok

08:49:02.0013 0220 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys

08:49:02.0075 0220 discache - ok

08:49:02.0122 0220 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys

08:49:02.0138 0220 Disk - ok

08:49:02.0184 0220 [ 85cf424c74a1d5ec33533e1dbff9920a ] Dnscache C:\Windows\System32\dnsrslvr.dll

08:49:02.0200 0220 Dnscache - ok

08:49:02.0247 0220 [ 14452acdb09b70964c8c21bf80a13acb ] dot3svc C:\Windows\System32\dot3svc.dll

08:49:02.0309 0220 dot3svc - ok

08:49:02.0340 0220 [ 8c2ba6bea949ee6e68385f5692bafb94 ] DPS C:\Windows\system32\dps.dll

08:49:02.0387 0220 DPS - ok

08:49:02.0434 0220 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

08:49:02.0481 0220 drmkaud - ok

08:49:02.0543 0220 [ 1633b9abf52784a1331476397a48cbef ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

08:49:02.0574 0220 DXGKrnl - ok

08:49:02.0621 0220 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll

08:49:02.0668 0220 EapHost - ok

08:49:02.0793 0220 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

08:49:02.0855 0220 ebdrv - ok

08:49:02.0902 0220 [ 156f6159457d0aa7e59b62681b56eb90 ] EFS C:\Windows\System32\lsass.exe

08:49:02.0964 0220 EFS - ok

08:49:03.0074 0220 [ 47c071994c3f649f23d9cd075ac9304a ] ehRecvr C:\Windows\ehome\ehRecvr.exe

08:49:03.0120 0220 ehRecvr - ok

08:49:03.0167 0220 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe

08:49:03.0214 0220 ehSched - ok

08:49:03.0261 0220 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

08:49:03.0276 0220 elxstor - ok

08:49:03.0308 0220 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

08:49:03.0354 0220 ErrDev - ok

08:49:03.0432 0220 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll

08:49:03.0464 0220 EventSystem - ok

08:49:03.0495 0220 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys

08:49:03.0557 0220 exfat - ok

08:49:03.0604 0220 ezhiilqp - ok

08:49:03.0635 0220 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys

08:49:03.0698 0220 fastfat - ok

08:49:03.0760 0220 [ d607b2f1bee3992aa6c2c92c0a2f0855 ] Fax C:\Windows\system32\fxssvc.exe

08:49:03.0807 0220 Fax - ok

08:49:03.0854 0220 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys

08:49:03.0885 0220 fdc - ok

08:49:03.0932 0220 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll

08:49:03.0994 0220 fdPHost - ok

08:49:04.0025 0220 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

08:49:04.0088 0220 FDResPub - ok

08:49:04.0103 0220 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

08:49:04.0119 0220 FileInfo - ok

08:49:04.0150 0220 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

08:49:04.0197 0220 Filetrace - ok

08:49:04.0306 0220 [ d778107d7c2a19d7e7a884a9f0d79581 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

08:49:04.0337 0220 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

08:49:04.0337 0220 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

08:49:04.0368 0220 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

08:49:04.0400 0220 flpydisk - ok

08:49:04.0446 0220 [ f7866af72abbaf84b1fa5aa195378c59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

08:49:04.0462 0220 FltMgr - ok

08:49:04.0556 0220 [ cb5e4b9c319e3c6bb363eb7e58a4a051 ] FontCache C:\Windows\system32\FntCache.dll

08:49:04.0618 0220 FontCache - ok

08:49:04.0665 0220 [ 8d89e3131c27fdd6932189cb785e1b7a ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

08:49:04.0680 0220 FontCache3.0.0.0 - ok

08:49:04.0696 0220 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

08:49:04.0712 0220 FsDepends - ok

08:49:04.0758 0220 [ 07da62c960ddccc2d35836aeab4fc578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

08:49:04.0774 0220 fssfltr - ok

08:49:04.0883 0220 [ 28ddeeec44e988657b732cf404d504cb ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

08:49:04.0914 0220 fsssvc - ok

08:49:04.0961 0220 [ d3e3f93d67821a2db2b3d9fac2dc2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

08:49:04.0961 0220 Fs_Rec - ok

08:49:05.0008 0220 [ ae87ba80d0ec3b57126ed2cdc15b24ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

08:49:05.0039 0220 fvevol - ok

08:49:05.0055 0220 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

08:49:05.0070 0220 gagp30kx - ok

08:49:05.0180 0220 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

08:49:05.0180 0220 GamesAppService - ok

08:49:05.0242 0220 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

08:49:05.0258 0220 GEARAspiWDM - ok

08:49:05.0304 0220 [ fe5ab4525bc2ec68b9119a6e5d40128b ] gpsvc C:\Windows\System32\gpsvc.dll

08:49:05.0351 0220 gpsvc - ok

08:49:05.0460 0220 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

08:49:05.0476 0220 gupdate - ok

08:49:05.0507 0220 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

08:49:05.0523 0220 gupdatem - ok

08:49:05.0570 0220 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

08:49:05.0585 0220 gusvc - ok

08:49:05.0616 0220 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

08:49:05.0648 0220 hcw85cir - ok

08:49:05.0679 0220 [ 6410f6f415b2a5a9037224c41da8bf12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

08:49:05.0741 0220 HdAudAddService - ok

08:49:05.0788 0220 [ 0a49913402747a0b67de940fb42cbdbb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

08:49:05.0835 0220 HDAudBus - ok

08:49:05.0882 0220 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

08:49:05.0897 0220 HidBatt - ok

08:49:05.0913 0220 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

08:49:05.0960 0220 HidBth - ok

08:49:05.0991 0220 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

08:49:06.0022 0220 HidIr - ok

08:49:06.0069 0220 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll

08:49:06.0116 0220 hidserv - ok

08:49:06.0178 0220 [ b3bf6b5b50006def50b66306d99fcf6f ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

08:49:06.0194 0220 HidUsb - ok

08:49:06.0256 0220 [ efa58ede58dd74388ffd04cb32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll

08:49:06.0318 0220 hkmsvc - ok

08:49:06.0365 0220 [ 046b2673767ca626e2cfb7fdf735e9e8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

08:49:06.0396 0220 HomeGroupListener - ok

08:49:06.0459 0220 [ 06a7422224d9865a5613710a089987df ] HomeGroupProvider C:\Windows\system32\provsvc.dll

08:49:06.0490 0220 HomeGroupProvider - ok

08:49:06.0599 0220 [ cc518f83732860997c3faf56d15627a7 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

08:49:06.0630 0220 hpqwmiex - ok

08:49:06.0662 0220 [ 0886d440058f203eba0e1825e4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

08:49:06.0677 0220 HpSAMD - ok

08:49:06.0740 0220 [ f630dd7564ebb7248a13b1cc774d9ea6 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

08:49:06.0755 0220 HPWMISVC - ok

08:49:06.0802 0220 [ cee049cac4efa7f4e1e4ad014414a5d4 ] HTTP C:\Windows\system32\drivers\HTTP.sys

08:49:06.0864 0220 HTTP - ok

08:49:06.0896 0220 [ f17766a19145f111856378df337a5d79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

08:49:06.0911 0220 hwpolicy - ok

08:49:06.0942 0220 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

08:49:06.0958 0220 i8042prt - ok

08:49:07.0036 0220 [ 1384872112e8e7fd5786eceb8bddf4c9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

08:49:07.0052 0220 iaStor - ok

08:49:07.0098 0220 [ b75e45c564e944a2657167d197ab29da ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

08:49:07.0114 0220 iaStorV - ok

08:49:07.0161 0220 [ 2f2be70d3e02b6fa877921ab9516d43c ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

08:49:07.0192 0220 idsvc - ok

08:49:07.0613 0220 [ c6238c6abd6ac99f5d152da4e9439a3d ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

08:49:07.0769 0220 igfx - ok

08:49:07.0816 0220 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

08:49:07.0832 0220 iirsp - ok

08:49:07.0894 0220 [ c5b4683680df085b57bc53e5ef34861f ] IKEEXT C:\Windows\System32\ikeext.dll

08:49:07.0956 0220 IKEEXT - ok

08:49:08.0066 0220 [ d311e2dd59a34079d89c249b2a4d9fdb ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

08:49:08.0112 0220 IntcAzAudAddService - ok

08:49:08.0144 0220 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\DRIVERS\intelide.sys

08:49:08.0159 0220 intelide - ok

08:49:08.0190 0220 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

08:49:08.0222 0220 intelppm - ok

08:49:08.0331 0220 [ 1663a135865f0ba6e853353e98e67f2a ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

08:49:08.0346 0220 IntuitUpdateServiceV4 - ok

08:49:08.0378 0220 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll

08:49:08.0424 0220 IPBusEnum - ok

08:49:08.0456 0220 [ 722dd294df62483cecaae6e094b4d695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:49:08.0502 0220 IpFilterDriver - ok

08:49:08.0580 0220 [ f8e058d17363ec580e4b7232778b6cb5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

08:49:08.0612 0220 iphlpsvc - ok

08:49:08.0658 0220 [ e2b4a4494db7cb9b89b55ca268c337c5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

08:49:08.0690 0220 IPMIDRV - ok

08:49:08.0721 0220 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

08:49:08.0783 0220 IPNAT - ok

08:49:08.0892 0220 [ 46d249f9db7844cc01050a9345f0f61b ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

08:49:08.0908 0220 iPod Service - ok

08:49:08.0939 0220 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

08:49:08.0970 0220 IRENUM - ok

08:49:08.0986 0220 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

08:49:09.0002 0220 isapnp - ok

08:49:09.0048 0220 [ fa4d2557de56d45b0a346f93564be6e1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

08:49:09.0064 0220 iScsiPrt - ok

08:49:09.0095 0220 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

08:49:09.0095 0220 kbdclass - ok

08:49:09.0142 0220 [ 6def98f8541e1b5dceb2c822a11f7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

08:49:09.0173 0220 kbdhid - ok

08:49:09.0189 0220 [ 156f6159457d0aa7e59b62681b56eb90 ] KeyIso C:\Windows\system32\lsass.exe

08:49:09.0204 0220 KeyIso - ok

08:49:09.0251 0220 [ 4f4b5fde429416877de7143044582eb5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

08:49:09.0267 0220 KSecDD - ok

08:49:09.0282 0220 [ 6f40465a44ecdc1731befafec5bdd03c ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

08:49:09.0298 0220 KSecPkg - ok

08:49:09.0329 0220 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

08:49:09.0376 0220 ksthunk - ok

08:49:09.0454 0220 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll

08:49:09.0516 0220 KtmRm - ok

08:49:09.0563 0220 [ 81f1d04d4d0e433099365127375fd501 ] LanmanServer C:\Windows\System32\srvsvc.dll

08:49:09.0579 0220 LanmanServer - ok

08:49:09.0610 0220 [ 27026eac8818e8a6c00a1cad2f11d29a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

08:49:09.0657 0220 LanmanWorkstation - ok

08:49:09.0719 0220 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

08:49:09.0782 0220 lltdio - ok

08:49:09.0844 0220 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll

08:49:09.0891 0220 lltdsvc - ok

08:49:09.0906 0220 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll

08:49:09.0938 0220 lmhosts - ok

08:49:09.0984 0220 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

08:49:10.0000 0220 LSI_FC - ok

08:49:10.0016 0220 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

08:49:10.0031 0220 LSI_SAS - ok

08:49:10.0062 0220 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

08:49:10.0078 0220 LSI_SAS2 - ok

08:49:10.0094 0220 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

08:49:10.0109 0220 LSI_SCSI - ok

08:49:10.0140 0220 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys

08:49:10.0187 0220 luafv - ok

08:49:10.0265 0220 [ b2085e335f2b57077b0cbadb6f1245cd ] lvpopf64 C:\Windows\system32\DRIVERS\lvpopf64.sys

08:49:10.0281 0220 lvpopf64 - ok

08:49:10.0328 0220 [ ded333dbdbbcc3555a6e6244522e2f1a ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys

08:49:10.0343 0220 LVPr2M64 - ok

08:49:10.0374 0220 [ ded333dbdbbcc3555a6e6244522e2f1a ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys

08:49:10.0390 0220 LVPr2Mon - ok

08:49:10.0437 0220 [ a35679e56e78091e1042a2d7adbf2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

08:49:10.0452 0220 LVPrcS64 - ok

08:49:10.0484 0220 [ 986c1cb787a007baa5f74e7d316d7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys

08:49:10.0499 0220 LVRS64 - ok

08:49:10.0655 0220 [ 5747bc465abea2858c5d037252aed84e ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys

08:49:10.0764 0220 LVUVC64 - ok

08:49:10.0858 0220 [ 0c4bc1d7db00896ee53862fcf29e6b5c ] lxdwCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe

08:49:10.0858 0220 lxdwCATSCustConnectService - ok

08:49:10.0889 0220 lxdw_device - ok

08:49:10.0967 0220 [ f84c8f1000bc11e3b7b23cbd3baff111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

08:49:10.0998 0220 Mcx2Svc - ok

08:49:11.0045 0220 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

08:49:11.0061 0220 megasas - ok

08:49:11.0092 0220 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

08:49:11.0108 0220 MegaSR - ok

08:49:11.0154 0220 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll

08:49:11.0186 0220 MMCSS - ok

08:49:11.0217 0220 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys

08:49:11.0279 0220 Modem - ok

08:49:11.0310 0220 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys

08:49:11.0342 0220 monitor - ok

08:49:11.0388 0220 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

08:49:11.0404 0220 mouclass - ok

08:49:11.0451 0220 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

08:49:11.0482 0220 mouhid - ok

08:49:11.0529 0220 [ 791af66c4d0e7c90a3646066386fb571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

08:49:11.0544 0220 mountmgr - ok

08:49:11.0591 0220 [ c177a7ebf5e8a0b596f618870516cab8 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

08:49:11.0607 0220 MpFilter - ok

08:49:11.0638 0220 [ 609d1d87649ecc19796f4d76d4c15cea ] mpio C:\Windows\system32\DRIVERS\mpio.sys

08:49:11.0654 0220 mpio - ok

08:49:11.0685 0220 [ 8fbf6b31fe8af1833d93c5913d5b4d55 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys

08:49:11.0685 0220 MpNWMon - ok

08:49:11.0700 0220 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

08:49:11.0747 0220 mpsdrv - ok

08:49:11.0825 0220 [ aecab449567d1846dad63ece49e893e3 ] MpsSvc C:\Windows\system32\mpssvc.dll

08:49:11.0903 0220 MpsSvc - ok

08:49:11.0950 0220 [ 30524261bb51d96d6fcbac20c810183c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

08:49:11.0981 0220 MRxDAV - ok

08:49:12.0044 0220 [ 040d62a9d8ad28922632137acdd984f2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

08:49:12.0059 0220 mrxsmb - ok

08:49:12.0122 0220 [ f0067552f8f9b33d7c59403ab808a3cb ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:49:12.0153 0220 mrxsmb10 - ok

08:49:12.0200 0220 [ 3c142d31de9f2f193218a53fe2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:49:12.0231 0220 mrxsmb20 - ok

08:49:12.0262 0220 [ 5e939cf91ea4a841dbafe4627e0292bb ] msahci C:\Windows\system32\DRIVERS\msahci.sys

08:49:12.0278 0220 msahci - ok

08:49:12.0309 0220 [ 8d27b597229aed79430fb9db3bcbfbd0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

08:49:12.0324 0220 msdsm - ok

08:49:12.0340 0220 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe

08:49:12.0356 0220 MSDTC - ok

08:49:12.0402 0220 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

08:49:12.0434 0220 Msfs - ok

08:49:12.0480 0220 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

08:49:12.0512 0220 mshidkmdf - ok

08:49:12.0543 0220 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

08:49:12.0558 0220 msisadrv - ok

08:49:12.0590 0220 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

08:49:12.0621 0220 MSiSCSI - ok

08:49:12.0636 0220 msiserver - ok

08:49:12.0683 0220 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

08:49:12.0746 0220 MSKSSRV - ok

08:49:12.0761 0220 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

08:49:12.0824 0220 MSPCLOCK - ok

08:49:12.0855 0220 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

08:49:12.0902 0220 MSPQM - ok

08:49:12.0948 0220 [ 89cb141aa8616d8c6a4610fa26c60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

08:49:12.0964 0220 MsRPC - ok

08:49:12.0995 0220 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

08:49:13.0011 0220 mssmbios - ok

08:49:13.0026 0220 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

08:49:13.0089 0220 MSTEE - ok

08:49:13.0120 0220 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

08:49:13.0151 0220 MTConfig - ok

08:49:13.0182 0220 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys

08:49:13.0198 0220 Mup - ok

08:49:13.0229 0220 [ 4987e079a4530fa737a128be54b63b12 ] napagent C:\Windows\system32\qagentRT.dll

08:49:13.0307 0220 napagent - ok

08:49:13.0354 0220 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

08:49:13.0385 0220 NativeWifiP - ok

08:49:13.0479 0220 [ cad515dbd07d082bb317d9928ce8962c ] NDIS C:\Windows\system32\drivers\ndis.sys

08:49:13.0494 0220 NDIS - ok

08:49:13.0526 0220 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

08:49:13.0572 0220 NdisCap - ok

08:49:13.0604 0220 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

08:49:13.0650 0220 NdisTapi - ok

08:49:13.0682 0220 [ f105ba1e22bf1f2ee8f005d4305e4bec ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

08:49:13.0728 0220 Ndisuio - ok

08:49:13.0775 0220 [ 557dfab9ca1fcb036ac77564c010dad3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

08:49:13.0806 0220 NdisWan - ok

08:49:13.0822 0220 [ 659b74fb74b86228d6338d643cd3e3cf ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

08:49:13.0884 0220 NDProxy - ok

08:49:13.0962 0220 [ 307bc83250fc8e3b2878d81e7d760299 ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys

08:49:13.0978 0220 Netaapl ( UnsignedFile.Multi.Generic ) - warning

08:49:13.0978 0220 Netaapl - detected UnsignedFile.Multi.Generic (1)

08:49:14.0025 0220 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

08:49:14.0072 0220 NetBIOS - ok

08:49:14.0103 0220 [ 9162b273a44ab9dce5b44362731d062a ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

08:49:14.0165 0220 NetBT - ok

08:49:14.0181 0220 [ 156f6159457d0aa7e59b62681b56eb90 ] Netlogon C:\Windows\system32\lsass.exe

08:49:14.0196 0220 Netlogon - ok

08:49:14.0259 0220 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll

08:49:14.0290 0220 Netman - ok

08:49:14.0321 0220 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll

08:49:14.0384 0220 netprofm - ok

08:49:14.0415 0220 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:49:14.0430 0220 NetTcpPortSharing - ok

08:49:14.0571 0220 [ 64428dfdaf6e88366cb51f45a79c5f69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys

08:49:14.0664 0220 netw5v64 - ok

08:49:14.0711 0220 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

08:49:14.0727 0220 nfrd960 - ok

08:49:14.0789 0220 [ 5f7d72cbcdd025af1f38fdeee5646968 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

08:49:14.0805 0220 NisDrv - ok

08:49:14.0883 0220 [ 566ddd5d82520da01d75f81428ac4c38 ] NisSrv c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

08:49:14.0898 0220 NisSrv - ok

08:49:14.0945 0220 [ d9a0ce66046d6efa0c61baa885cba0a8 ] NlaSvc C:\Windows\System32\nlasvc.dll

08:49:15.0008 0220 NlaSvc - ok

08:49:15.0054 0220 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

08:49:15.0101 0220 Npfs - ok

08:49:15.0132 0220 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll

08:49:15.0195 0220 nsi - ok

08:49:15.0226 0220 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

08:49:15.0288 0220 nsiproxy - ok

08:49:15.0366 0220 [ 378e0e0dfea67d98ae6ea53adbbd76bc ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

08:49:15.0413 0220 Ntfs - ok

08:49:15.0429 0220 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys

08:49:15.0491 0220 Null - ok

08:49:15.0554 0220 [ a4d9c9a608a97f59307c2f2600edc6a4 ] nvraid C:\Windows\system32\drivers\nvraid.sys

08:49:15.0569 0220 nvraid - ok

08:49:15.0585 0220 [ 6c1d5f70e7a6a3fd1c90d840edc048b9 ] nvstor C:\Windows\system32\drivers\nvstor.sys

08:49:15.0600 0220 nvstor - ok

08:49:15.0647 0220 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

08:49:15.0663 0220 nv_agp - ok

08:49:15.0694 0220 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

08:49:15.0725 0220 ohci1394 - ok

08:49:15.0788 0220 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:49:15.0803 0220 ose - ok

08:49:15.0959 0220 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

08:49:16.0053 0220 osppsvc - ok

08:49:16.0084 0220 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

08:49:16.0131 0220 p2pimsvc - ok

08:49:16.0178 0220 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll

08:49:16.0193 0220 p2psvc - ok

08:49:16.0224 0220 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

08:49:16.0240 0220 Parport - ok

08:49:16.0271 0220 [ 90061b1acfe8ccaa5345750ffe08d8b8 ] partmgr C:\Windows\system32\drivers\partmgr.sys

08:49:16.0287 0220 partmgr - ok

08:49:16.0302 0220 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

08:49:16.0349 0220 PcaSvc - ok

08:49:16.0396 0220 [ f36f6504009f2fb0dfd1b17a116ad74b ] pci C:\Windows\system32\DRIVERS\pci.sys

08:49:16.0412 0220 pci - ok

08:49:16.0443 0220 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\DRIVERS\pciide.sys

08:49:16.0458 0220 pciide - ok

08:49:16.0490 0220 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

08:49:16.0505 0220 pcmcia - ok

08:49:16.0536 0220 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys

08:49:16.0552 0220 pcw - ok

08:49:16.0583 0220 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys

08:49:16.0646 0220 PEAUTH - ok

08:49:16.0724 0220 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe

08:49:16.0770 0220 PerfHost - ok

08:49:16.0848 0220 [ 557e9a86f65f0de18c9b6751dfe9d3f1 ] pla C:\Windows\system32\pla.dll

08:49:16.0926 0220 pla - ok

08:49:16.0989 0220 [ 98b1721b8718164293b9701b98c52d77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

08:49:17.0020 0220 PlugPlay - ok

08:49:17.0036 0220 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

08:49:17.0067 0220 PNRPAutoReg - ok

08:49:17.0098 0220 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

08:49:17.0129 0220 PNRPsvc - ok

08:49:17.0160 0220 [ 166eb40d1f5b47e615de3d0fffe5f243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

08:49:17.0223 0220 PolicyAgent - ok

08:49:17.0285 0220 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll

08:49:17.0332 0220 Power - ok

08:49:17.0379 0220 [ 27cc19e81ba5e3403c48302127bda717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

08:49:17.0441 0220 PptpMiniport - ok

08:49:17.0504 0220 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys

08:49:17.0535 0220 Processor - ok

08:49:17.0582 0220 [ 97293447431311c06703368ad0f6c4be ] ProfSvc C:\Windows\system32\profsvc.dll

08:49:17.0613 0220 ProfSvc - ok

08:49:17.0628 0220 [ 156f6159457d0aa7e59b62681b56eb90 ] ProtectedStorage C:\Windows\system32\lsass.exe

08:49:17.0644 0220 ProtectedStorage - ok

08:49:17.0675 0220 [ ee992183bd8eaefd9973f352e587a299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

08:49:17.0706 0220 Psched - ok

08:49:17.0769 0220 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

08:49:17.0816 0220 ql2300 - ok

08:49:17.0831 0220 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

08:49:17.0847 0220 ql40xx - ok

08:49:17.0894 0220 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll

08:49:17.0940 0220 QWAVE - ok

08:49:17.0972 0220 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

08:49:17.0987 0220 QWAVEdrv - ok

08:49:18.0018 0220 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

08:49:18.0050 0220 RasAcd - ok

08:49:18.0096 0220 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

08:49:18.0128 0220 RasAgileVpn - ok

08:49:18.0143 0220 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll

08:49:18.0206 0220 RasAuto - ok

08:49:18.0252 0220 [ 87a6e852a22991580d6d39adc4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

08:49:18.0315 0220 Rasl2tp - ok

08:49:18.0362 0220 [ 47394ed3d16d053f5906efe5ab51cc83 ] RasMan C:\Windows\System32\rasmans.dll

08:49:18.0408 0220 RasMan - ok

08:49:18.0440 0220 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

08:49:18.0502 0220 RasPppoe - ok

08:49:18.0533 0220 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

08:49:18.0596 0220 RasSstp - ok

08:49:18.0627 0220 [ 3bac8142102c15d59a87757c1d41dce5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

08:49:18.0689 0220 rdbss - ok

08:49:18.0720 0220 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

08:49:18.0752 0220 rdpbus - ok

08:49:18.0783 0220 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

08:49:18.0814 0220 RDPCDD - ok

08:49:18.0861 0220 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

08:49:18.0923 0220 RDPENCDD - ok

08:49:18.0954 0220 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

08:49:19.0001 0220 RDPREFMP - ok

08:49:19.0048 0220 [ 447de7e3dea39d422c1504f245b668b1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

08:49:19.0095 0220 RDPWD - ok

08:49:19.0126 0220 [ 634b9a2181d98f15941236886164ec8b ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

08:49:19.0142 0220 rdyboost - ok

08:49:19.0188 0220 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll

08:49:19.0251 0220 RemoteAccess - ok

08:49:19.0282 0220 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

08:49:19.0344 0220 RemoteRegistry - ok

08:49:19.0376 0220 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

08:49:19.0422 0220 RpcEptMapper - ok

08:49:19.0485 0220 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe

08:49:19.0516 0220 RpcLocator - ok

08:49:19.0547 0220 [ 7266972e86890e2b30c0c322e906b027 ] RpcSs C:\Windows\System32\rpcss.dll

08:49:19.0594 0220 RpcSs - ok

08:49:19.0625 0220 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

08:49:19.0688 0220 rspndr - ok

08:49:19.0734 0220 [ ee082e06a82ff630351d1e0ebbd3d8d0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

08:49:19.0750 0220 RTL8167 - ok

08:49:19.0812 0220 [ ce594045b2969f5fc3f77b824629ac7f ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys

08:49:19.0844 0220 rtl8192se - ok

08:49:19.0890 0220 [ 4ea7e5df0cb237156176fa0349e6e87f ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

08:49:19.0922 0220 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning

08:49:19.0922 0220 RtVOsdService - detected UnsignedFile.Multi.Generic (1)

08:49:19.0953 0220 [ 156f6159457d0aa7e59b62681b56eb90 ] SamSs C:\Windows\system32\lsass.exe

08:49:19.0968 0220 SamSs - ok

08:49:19.0984 0220 [ e3bbb89983daf5622c1d50cf49f28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

08:49:20.0000 0220 sbp2port - ok

08:49:20.0046 0220 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll

08:49:20.0109 0220 SCardSvr - ok

08:49:20.0156 0220 [ c94da20c7e3ba1dca269bc8460d98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

08:49:20.0202 0220 scfilter - ok

08:49:20.0280 0220 [ 624d0f5ff99428bb90a5b8a4123e918e ] Schedule C:\Windows\system32\schedsvc.dll

08:49:20.0312 0220 Schedule - ok

08:49:20.0358 0220 [ 312e2f82af11e79906898ac3e3d58a1f ] SCPolicySvc C:\Windows\System32\certprop.dll

08:49:20.0405 0220 SCPolicySvc - ok

08:49:20.0436 0220 [ 54e47ad086782d3ae9417c155cdceb9b ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

08:49:20.0452 0220 sdbus - ok

08:49:20.0483 0220 [ 765a27c3279ce11d14cb9e4f5869fca5 ] SDRSVC C:\Windows\System32\SDRSVC.dll

08:49:20.0530 0220 SDRSVC - ok

08:49:20.0592 0220 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

08:49:20.0655 0220 secdrv - ok

08:49:20.0686 0220 [ 463b386ebc70f98da5dff85f7e654346 ] seclogon C:\Windows\system32\seclogon.dll

08:49:20.0748 0220 seclogon - ok

08:49:20.0764 0220 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll

08:49:20.0842 0220 SENS - ok

08:49:20.0889 0220 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

08:49:20.0920 0220 SensrSvc - ok

08:49:20.0936 0220 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

08:49:20.0967 0220 Serenum - ok

08:49:21.0029 0220 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

08:49:21.0045 0220 Serial - ok

08:49:21.0060 0220 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

08:49:21.0092 0220 sermouse - ok

08:49:21.0138 0220 [ c3bc61ce47ff6f4e88ab8a3b429a36af ] SessionEnv C:\Windows\system32\sessenv.dll

08:49:21.0185 0220 SessionEnv - ok

08:49:21.0201 0220 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

08:49:21.0232 0220 sffdisk - ok

08:49:21.0279 0220 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

08:49:21.0310 0220 sffp_mmc - ok

08:49:21.0341 0220 [ 178298f767fe638c9fedcbdef58bb5e4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

08:49:21.0357 0220 sffp_sd - ok

08:49:21.0388 0220 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

08:49:21.0404 0220 sfloppy - ok

08:49:21.0466 0220 [ c6cc9297bd53e5229653303e556aa539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

08:49:21.0497 0220 Sftfs - ok

08:49:21.0560 0220 [ 13693b6354dd6e72dc5131da7d764b90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

08:49:21.0575 0220 sftlist - ok

08:49:21.0606 0220 [ 390aa7bc52cee43f6790cdea1e776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

08:49:21.0622 0220 Sftplay - ok

08:49:21.0653 0220 [ 617e29a0b0a2807466560d4c4e338d3e ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

08:49:21.0669 0220 Sftredir - ok

08:49:21.0684 0220 [ 8f571f016fa1976f445147e9e6c8ae9b ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

08:49:21.0700 0220 Sftvol - ok

08:49:21.0716 0220 [ c3cddd18f43d44ab713cf8c4916f7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

08:49:21.0731 0220 sftvsa - ok

08:49:21.0794 0220 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll

08:49:21.0856 0220 SharedAccess - ok

08:49:21.0887 0220 [ 0298ac45d0efffb2db4baa7dd186e7bf ] ShellHWDetection C:\Windows\System32\shsvcs.dll

08:49:21.0934 0220 ShellHWDetection - ok

08:49:21.0965 0220 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

08:49:21.0981 0220 SiSRaid2 - ok

08:49:22.0028 0220 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

08:49:22.0043 0220 SiSRaid4 - ok

08:49:22.0090 0220 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

08:49:22.0121 0220 Smb - ok

08:49:22.0168 0220 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe

08:49:22.0215 0220 SNMPTRAP - ok

08:49:22.0246 0220 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys

08:49:22.0262 0220 spldr - ok

08:49:22.0293 0220 [ f8e1fa03cb70d54a9892ac88b91d1e7b ] Spooler C:\Windows\System32\spoolsv.exe

08:49:22.0324 0220 Spooler - ok

08:49:22.0418 0220 [ 913d843498553a1bc8f8dbad6358e49f ] sppsvc C:\Windows\system32\sppsvc.exe

08:49:22.0496 0220 sppsvc - ok

08:49:22.0542 0220 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

08:49:22.0605 0220 sppuinotify - ok

08:49:22.0652 0220 [ 2408c0366d96bcdf63e8f1c78e4a29c5 ] srv C:\Windows\system32\DRIVERS\srv.sys

08:49:22.0698 0220 srv - ok

08:49:22.0730 0220 [ 76548f7b818881b47d8d1ae1be9c11f8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

08:49:22.0776 0220 srv2 - ok

08:49:22.0808 0220 [ 0c4540311e11664b245a263e1154cef8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

08:49:22.0823 0220 SrvHsfHDA - ok

08:49:22.0886 0220 [ 02071d207a9858fbe3a48cbfd59c4a04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

08:49:22.0932 0220 SrvHsfV92 - ok

08:49:22.0979 0220 [ 18e40c245dbfaf36fd0134a7ef2df396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

08:49:22.0995 0220 SrvHsfWinac - ok

08:49:23.0042 0220 [ 0af6e19d39c70844c5caa8fb0183c36e ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

08:49:23.0089 0220 srvnet - ok

08:49:23.0151 0220 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

08:49:23.0213 0220 SSDPSRV - ok

08:49:23.0260 0220 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll

08:49:23.0307 0220 SstpSvc - ok

08:49:23.0354 0220 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

08:49:23.0354 0220 stexstor - ok

08:49:23.0401 0220 [ 52d0e33b681bd0f33fdc08812fee4f7d ] stisvc C:\Windows\System32\wiaservc.dll

08:49:23.0447 0220 stisvc - ok

08:49:23.0494 0220 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

08:49:23.0510 0220 swenum - ok

08:49:23.0541 0220 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll

08:49:23.0603 0220 swprv - ok

08:49:23.0666 0220 [ 868dfb220a18312a12cef01ba9ac069b ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

08:49:23.0681 0220 SynTP - ok

08:49:23.0759 0220 [ 3c1284516a62078fb68f768de4f1a7be ] SysMain C:\Windows\system32\sysmain.dll

08:49:23.0822 0220 SysMain - ok

08:49:23.0853 0220 [ 238935c3cf2854886dc7cbb2a0e2cc66 ] TabletInputService C:\Windows\System32\TabSvc.dll

08:49:23.0900 0220 TabletInputService - ok

08:49:23.0931 0220 [ 884264ac597b690c5707c89723bb8e7b ] TapiSrv C:\Windows\System32\tapisrv.dll

08:49:23.0993 0220 TapiSrv - ok

08:49:24.0040 0220 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll

08:49:24.0087 0220 TBS - ok

08:49:24.0181 0220 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

08:49:24.0212 0220 Tcpip - ok

08:49:24.0259 0220 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

08:49:24.0290 0220 TCPIP6 - ok

08:49:24.0321 0220 [ 76d078af6f587b162d50210f761eb9ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

08:49:24.0383 0220 tcpipreg - ok

08:49:24.0415 0220 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

08:49:24.0477 0220 TDPIPE - ok

08:49:24.0524 0220 [ 7518f7bcfd4b308abc9192bacaf6c970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

08:49:24.0586 0220 TDTCP - ok

08:49:24.0602 0220 [ 079125c4b17b01fcaeebce0bcb290c0f ] tdx C:\Windows\system32\DRIVERS\tdx.sys

08:49:24.0649 0220 tdx - ok

08:49:24.0680 0220 [ c448651339196c0e869a355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

08:49:24.0695 0220 TermDD - ok

08:49:24.0742 0220 [ 0f05ec2887bfe197ad82a13287d2f404 ] TermService C:\Windows\System32\termsrv.dll

08:49:24.0820 0220 TermService - ok

08:49:24.0851 0220 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll

08:49:24.0898 0220 Themes - ok

08:49:24.0945 0220 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll

08:49:24.0976 0220 THREADORDER - ok

08:49:24.0992 0220 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll

08:49:25.0054 0220 TrkWks - ok

08:49:25.0132 0220 [ 840f7fb849f5887a49ba18c13b2da920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

08:49:25.0148 0220 TrustedInstaller - ok

08:49:25.0179 0220 [ 61b96c26131e37b24e93327a0bd1fb95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

08:49:25.0210 0220 tssecsrv - ok

08:49:25.0257 0220 [ 3836171a2cdf3af8ef10856db9835a70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

08:49:25.0319 0220 tunnel - ok

08:49:25.0366 0220 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

08:49:25.0366 0220 uagp35 - ok

08:49:25.0413 0220 [ c06e6f4679ceb8f430b90a51d76d8d3c ] udfs C:\Windows\system32\DRIVERS\udfs.sys

08:49:25.0429 0220 udfs - ok

08:49:25.0475 0220 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

08:49:25.0491 0220 UI0Detect - ok

08:49:25.0522 0220 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

08:49:25.0538 0220 uliagpkx - ok

08:49:25.0585 0220 [ eab6c35e62b1b0db0d1b48b671d3a117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

08:49:25.0616 0220 umbus - ok

08:49:25.0647 0220 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

08:49:25.0678 0220 UmPass - ok

08:49:25.0725 0220 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll

08:49:25.0772 0220 upnphost - ok

08:49:25.0819 0220 [ aa33fc47ed58c34e6e9261e4f850b7eb ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

08:49:25.0850 0220 USBAAPL64 - ok

08:49:25.0912 0220 [ 77b01bc848298223a95d4ec23e1785a1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

08:49:25.0959 0220 usbaudio - ok

08:49:25.0990 0220 [ 537a4e03d7103c12d42dfd8ffdb5bdc9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

08:49:26.0021 0220 usbccgp - ok

08:49:26.0037 0220 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

08:49:26.0084 0220 usbcir - ok

08:49:26.0131 0220 [ fbb21ebe49f6d560db37ac25fbc68e66 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

08:49:26.0162 0220 usbehci - ok

08:49:26.0224 0220 [ 6b7a8a99c4a459e73c286a6763ea24cc ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

08:49:26.0240 0220 usbhub - ok

08:49:26.0255 0220 [ 8c88aa7617b4cbc2e4bed61d26b33a27 ] usbohci C:\Windows\system32\drivers\usbohci.sys

08:49:26.0287 0220 usbohci - ok

08:49:26.0333 0220 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

08:49:26.0380 0220 usbprint - ok

08:49:26.0443 0220 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

08:49:26.0474 0220 usbscan - ok

08:49:26.0505 0220 [ f39983647bc1f3e6100778ddfe9dce29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:49:26.0567 0220 USBSTOR - ok

08:49:26.0583 0220 [ 0b5b3b2df3fd1709618acfa50b8392b0 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

08:49:26.0630 0220 usbuhci - ok

08:49:26.0692 0220 [ 7cb8c573c6e4a2714402cc0a36eab4fe ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

08:49:26.0723 0220 usbvideo - ok

08:49:26.0755 0220 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll

08:49:26.0801 0220 UxSms - ok

08:49:26.0817 0220 [ 156f6159457d0aa7e59b62681b56eb90 ] VaultSvc C:\Windows\system32\lsass.exe

08:49:26.0833 0220 VaultSvc - ok

08:49:26.0879 0220 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

08:49:26.0879 0220 vdrvroot - ok

08:49:26.0911 0220 [ 44d73e0bbc1d3c8981304ba15135c2f2 ] vds C:\Windows\System32\vds.exe

08:49:26.0957 0220 vds - ok

08:49:26.0989 0220 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

08:49:27.0004 0220 vga - ok

08:49:27.0035 0220 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys

08:49:27.0082 0220 VgaSave - ok

08:49:27.0160 0220 [ c82e748660f62a242b2dfac1442f22a4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

08:49:27.0160 0220 vhdmp - ok

08:49:27.0191 0220 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys

08:49:27.0207 0220 viaide - ok

08:49:27.0238 0220 [ 2b1a3dae2b4e70dbba822b7a03fbd4a3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

08:49:27.0254 0220 volmgr - ok

08:49:27.0285 0220 [ 99b0cbb569ca79acaed8c91461d765fb ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

08:49:27.0301 0220 volmgrx - ok

08:49:27.0347 0220 [ 58f82eed8ca24b461441f9c3e4f0bf5c ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

08:49:27.0363 0220 volsnap - ok

08:49:27.0379 0220 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

08:49:27.0394 0220 vsmraid - ok

08:49:27.0472 0220 [ 787898bf9fb6d7bd87a36e2d95c899ba ] VSS C:\Windows\system32\vssvc.exe

08:49:27.0519 0220 VSS - ok

08:49:27.0550 0220 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

08:49:27.0597 0220 vwifibus - ok

08:49:27.0644 0220 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

08:49:27.0691 0220 vwififlt - ok

08:49:27.0722 0220 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

08:49:27.0769 0220 vwifimp - ok

08:49:27.0800 0220 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll

08:49:27.0831 0220 W32Time - ok

08:49:27.0878 0220 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

08:49:27.0909 0220 WacomPen - ok

08:49:27.0956 0220 [ 47ca49400643effd3f1c9a27e1d69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

08:49:28.0003 0220 WANARP - ok

08:49:28.0018 0220 [ 47ca49400643effd3f1c9a27e1d69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

08:49:28.0049 0220 Wanarpv6 - ok

08:49:28.0127 0220 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

08:49:28.0159 0220 WatAdminSvc - ok

08:49:28.0221 0220 [ 5ab1bb85bd8b5089cc5d64200dedae68 ] wbengine C:\Windows\system32\wbengine.exe

08:49:28.0252 0220 wbengine - ok

08:49:28.0283 0220 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

08:49:28.0299 0220 WbioSrvc - ok

08:49:28.0330 0220 [ dd1bae8ebfc653824d29ccf8c9054d68 ] wcncsvc C:\Windows\System32\wcncsvc.dll

08:49:28.0361 0220 wcncsvc - ok

08:49:28.0408 0220 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

08:49:28.0439 0220 WcsPlugInService - ok

08:49:28.0486 0220 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys

08:49:28.0486 0220 Wd - ok

08:49:28.0549 0220 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

08:49:28.0564 0220 Wdf01000 - ok

08:49:28.0595 0220 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll

08:49:28.0642 0220 WdiServiceHost - ok

08:49:28.0642 0220 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll

08:49:28.0673 0220 WdiSystemHost - ok

08:49:28.0720 0220 [ 733006127f235be7c35354ebee7b9a7b ] WebClient C:\Windows\System32\webclnt.dll

08:49:28.0767 0220 WebClient - ok

08:49:28.0814 0220 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll

08:49:28.0876 0220 Wecsvc - ok

08:49:28.0923 0220 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

08:49:28.0985 0220 wercplsupport - ok

08:49:29.0017 0220 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll

08:49:29.0063 0220 WerSvc - ok

08:49:29.0110 0220 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

08:49:29.0157 0220 WfpLwf - ok

08:49:29.0188 0220 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys

08:49:29.0204 0220 WIMMount - ok

08:49:29.0251 0220 WinDefend - ok

08:49:29.0266 0220 WinHttpAutoProxySvc - ok

08:49:29.0329 0220 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

08:49:29.0360 0220 Winmgmt - ok

08:49:29.0438 0220 [ 41fbb751936b387f9179e7f03a74fe29 ] WinRM C:\Windows\system32\WsmSvc.dll

08:49:29.0500 0220 WinRM - ok

08:49:29.0563 0220 [ 817eaff5d38674edd7713b9dfb8e9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

08:49:29.0609 0220 WinUsb - ok

08:49:29.0672 0220 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll

08:49:29.0703 0220 Wlansvc - ok

08:49:29.0765 0220 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

08:49:29.0781 0220 wlcrasvc - ok

08:49:29.0921 0220 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

08:49:29.0968 0220 wlidsvc - ok

08:49:29.0999 0220 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

08:49:30.0015 0220 WmiAcpi - ok

08:49:30.0062 0220 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

08:49:30.0093 0220 wmiApSrv - ok

08:49:30.0140 0220 WMPNetworkSvc - ok

08:49:30.0171 0220 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll

08:49:30.0187 0220 WPCSvc - ok

08:49:30.0202 0220 [ 2e57ddf2880a7e52e76f41c7e96d327b ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

08:49:30.0233 0220 WPDBusEnum - ok

08:49:30.0280 0220 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

08:49:30.0343 0220 ws2ifsl - ok

08:49:30.0405 0220 [ 8f9f3969933c02da96eb0f84576db43e ] wscsvc C:\Windows\system32\wscsvc.dll

08:49:30.0467 0220 wscsvc - ok

08:49:30.0483 0220 WSearch - ok

08:49:30.0577 0220 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll

08:49:30.0623 0220 wuauserv - ok

08:49:30.0670 0220 [ 7cadc74271dd6461c452c271b30bd378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

08:49:30.0733 0220 WudfPf - ok

08:49:30.0764 0220 [ 3b197af0fff08aa66b6b2241ca538d64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

08:49:30.0795 0220 WUDFRd - ok

08:49:30.0826 0220 [ b551d6637aa0e132c18ac6e504f7b79b ] wudfsvc C:\Windows\System32\WUDFSvc.dll

08:49:30.0889 0220 wudfsvc - ok

08:49:30.0920 0220 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll

08:49:30.0967 0220 WwanSvc - ok

08:49:31.0013 0220 [ b3eeacf62445e24fbb2cd4b0fb4db026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

08:49:31.0060 0220 yukonw7 - ok

08:49:31.0107 0220 ================ Scan global ===============================

08:49:31.0123 0220 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll

08:49:31.0169 0220 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll

08:49:31.0185 0220 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll

08:49:31.0216 0220 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll

08:49:31.0247 0220 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe

08:49:31.0247 0220 [Global] - ok

08:49:31.0263 0220 ================ Scan MBR ==================================

08:49:31.0263 0220 MBR (0x1B8) (267286b4d3e61023d7cbac898d1ec7fe) \Device\Harddisk0\DR0

08:49:31.0263 0220 Suspicious mbr (Forged): \Device\Harddisk0\DR0

08:49:31.0325 0220 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

08:49:31.0325 0220 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

08:49:31.0388 0220 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

08:49:31.0388 0220 \Device\Harddisk0\DR0 - detected TDSS File System (1)

08:49:31.0388 0220 ================ Scan VBR ==================================

08:49:31.0403 0220 Boot (0x1200) (cced338e4ea89a8819f6c9ec32a4e3ba) \Device\Harddisk0\DR0\Partition1

08:49:31.0403 0220 \Device\Harddisk0\DR0\Partition1 - ok

08:49:31.0435 0220 Boot (0x1200) (00ebf65158c7609d02be31d589701311) \Device\Harddisk0\DR0\Partition2

08:49:31.0435 0220 \Device\Harddisk0\DR0\Partition2 - ok

08:49:31.0466 0220 Boot (0x1200) (22bb7fb9728f155c587253b86a6e8a85) \Device\Harddisk0\DR0\Partition3

08:49:31.0466 0220 \Device\Harddisk0\DR0\Partition3 - ok

08:49:31.0466 0220 ============================================================

08:49:31.0466 0220 Scan finished

08:49:31.0466 0220 ============================================================

08:49:31.0481 1724 Detected object count: 5

08:49:31.0481 1724 Actual detected object count: 5

08:59:12.0099 1724 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

08:59:12.0099 1724 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:59:12.0099 1724 Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user

08:59:12.0099 1724 Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:59:12.0099 1724 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user

08:59:12.0099 1724 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:59:12.0785 1724 \Device\Harddisk0\DR0\# - copied to quarantine

08:59:12.0785 1724 \Device\Harddisk0\DR0 - copied to quarantine

08:59:12.0801 1724 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

08:59:12.0801 1724 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

08:59:12.0816 1724 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

08:59:12.0816 1724 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

08:59:12.0816 1724 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

08:59:12.0832 1724 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

08:59:12.0832 1724 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

08:59:12.0832 1724 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

08:59:12.0832 1724 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

08:59:12.0832 1724 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

08:59:12.0832 1724 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

08:59:12.0832 1724 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

08:59:12.0832 1724 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

08:59:12.0879 1724 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

08:59:12.0879 1724 \Device\Harddisk0\DR0 - ok

08:59:13.0004 1724 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

08:59:13.0004 1724 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:59:13.0004 1724 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

08:59:16.0389 1928 Deinitialize success

Link to post
Share on other sites

Run TDSSKiller again and choose Delete for this one only: (no need to post the log)

08:59:13.0004 1724 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:59:13.0004 1724 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Then.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Ran ComboFix, did not get "illegal operation...". Here is the log:

ComboFix 12-08-14.05 - new user 15/08/2012 10:38:09.2.1 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.2035 [GMT -4:00]

Running from: c:\users\new user\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))

.

.

2012-08-15 14:57 . 2012-08-15 14:57 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-08-15 14:57 . 2012-08-15 14:57 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-08-15 14:57 . 2012-08-15 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-08 18:22 . 2012-08-08 18:22 -------- d-----w- c:\users\new user\AppData\Roaming\Malwarebytes

2012-08-08 18:22 . 2012-08-08 18:22 -------- d-----w- c:\programdata\Malwarebytes

2012-08-08 18:22 . 2012-08-10 21:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-08 18:21 . 2012-08-08 18:21 -------- d-----w- c:\users\new user\AppData\Roaming\SUPERAntiSpyware.com

2012-08-08 18:21 . 2012-08-08 18:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-08-08 18:20 . 2012-08-10 21:34 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-08-01 08:03 . 2012-08-01 08:03 -------- d-----w- c:\programdata\Recovery

2012-07-24 19:52 . 2012-07-24 19:52 -------- d-----w- c:\windows\Sun

2012-07-20 22:23 . 2012-08-03 08:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-03 08:10 . 2012-02-28 02:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 07:02 . 2012-01-07 16:21 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-25 01:56 . 2012-06-25 01:56 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-12 03:02 . 2012-07-12 07:08 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:30 . 2012-07-12 06:41 14165504 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 05:50 . 2012-07-12 06:41 2003968 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:50 . 2012-07-12 06:41 1880064 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:09 . 2012-07-12 06:41 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:09 . 2012-07-12 06:41 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-02 22:19 . 2012-06-18 22:57 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-18 22:58 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-18 22:59 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-18 22:59 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-18 22:57 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-18 22:58 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-18 22:57 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-18 22:56 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-18 22:56 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 12:49 . 2012-07-12 07:00 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-12 07:00 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-12 07:00 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-12 07:00 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-12 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-12 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-12 07:00 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-12 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-12 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-12 07:00 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-12 07:00 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-12 07:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-12 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-12 07:00 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 08:33 . 2012-07-12 07:00 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-12 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-12 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-12 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-12 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 05:38 . 2012-07-12 06:40 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:38 . 2012-07-12 06:40 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:37 . 2012-07-12 06:40 459216 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:27 . 2012-07-12 06:40 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:27 . 2012-07-12 06:40 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:48 . 2012-07-12 06:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:48 . 2012-07-12 06:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:47 . 2012-07-12 06:40 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:42 . 2012-07-12 06:40 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-10_19.37.15 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-08-15 12:59 . 2012-08-15 12:59 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2012-08-10 19:34 . 2012-08-10 19:34 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2010-07-11 02:04 . 2012-08-15 13:02 77168 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-15 13:02 53788 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-04-16 02:53 . 2012-08-15 13:02 21718 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2364319718-3598979702-3902896861-1003_UserData.bin

+ 2010-07-11 02:04 . 2012-08-15 13:02 77168 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-15 13:02 53788 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-04-16 02:53 . 2012-08-15 13:02 21718 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2364319718-3598979702-3902896861-1003_UserData.bin

+ 2012-08-15 13:00 . 2012-08-15 13:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-08-10 19:35 . 2012-08-10 19:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-15 13:00 . 2012-08-15 13:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-10 19:35 . 2012-08-10 19:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-10 19:35 . 2009-10-07 05:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll

+ 2012-08-15 13:00 . 2009-10-07 05:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll

+ 2012-08-15 13:00 . 2009-10-07 05:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll

- 2012-08-10 19:35 . 2009-10-07 05:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll

+ 2010-11-26 20:39 . 2012-08-15 14:56 205408 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2010-11-26 20:39 . 2012-08-15 14:56 205408 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 05:01 . 2012-08-15 12:59 246580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-08-10 19:34 246580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-04-15 23:02 . 2012-08-15 12:59 4537660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2364319718-3598979702-3902896861-1003-8192.dat

- 2011-04-15 23:02 . 2012-08-10 18:57 4537660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2364319718-3598979702-3902896861-1003-8192.dat

- 2009-07-14 02:34 . 2012-08-03 19:46 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2012-08-15 13:13 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2012-08-15 13:13 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat

- 2009-07-14 02:34 . 2012-08-03 19:46 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2011-10-18 03:32 . 2012-08-10 21:34 14414764 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2364319718-3598979702-3902896861-1003-4096.dat

- 2011-10-18 03:32 . 2012-08-05 04:42 14414764 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2364319718-3598979702-3902896861-1003-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]

"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Helper.dll" [2011-06-09 357376]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]

[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]

[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{59c6f12b-f004-43e5-9997-08f2123119b6}]

2011-04-19 07:01 81920 ----a-w- c:\program files (x86)\oovootoolbar\oovootoolbarX.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]

2011-06-09 02:44 1544192 ----a-w- c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-05-04 19:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{59c6f12b-f004-43e5-9997-08f2123119b6}"= "c:\program files (x86)\oovootoolbar\oovootoolbarX.dll" [2011-04-19 81920]

"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll" [2011-06-09 1544192]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]

.

[HKEY_CLASSES_ROOT\clsid\{59c6f12b-f004-43e5-9997-08f2123119b6}]

.

[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]

[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]

[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-07 39408]

"Spotify Web Helper"="c:\users\new user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-13 932528]

"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2012-05-29 25249400]

"Facebook Update"="c:\users\new user\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-13 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]

"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 ezhiilqp;ezhiilqp;c:\windows\system32\drivers\ezhiilqp.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Servicio de actualización de Google (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07 136176]

R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe [2009-10-16 33960]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07 136176]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-10-07 271640]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]

R3 LVUVC64;QuickCam for Notebooks Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-20 22528]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-28 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]

S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe [2009-10-16 1044136]

S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-09-08 1225832]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 52241408

*NewlyCreated* - 53081440

*NewlyCreated* - 83549850

*NewlyCreated* - 92431370

*Deregistered* - 52241408

*Deregistered* - 53081440

*Deregistered* - 83549850

*Deregistered* - 92431370

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 08:10]

.

2012-08-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2364319718-3598979702-3902896861-1003Core.job

- c:\users\new user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-03 04:03]

.

2012-08-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2364319718-3598979702-3902896861-1003UA.job

- c:\users\new user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-03 04:03]

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07 15:28]

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07 15:28]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-27 6489704]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com/?l=dis&o=2159&gct=hp

uLocal Page = c:\windows\system32\blank.htm

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: intuit.com\ttlc

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-52241408.sys

SafeBoot-53081440.sys

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2364319718-3598979702-3902896861-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2364319718-3598979702-3902896861-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-15 11:01:20

ComboFix-quarantined-files.txt 2012-08-15 15:01

ComboFix2.txt 2012-08-10 20:02

.

Pre-Run: 170,066,980,864 bytes free

Post-Run: 169,990,811,648 bytes free

.

- - End Of File - - CF20D13516356D89DB7DD611C0EC2A5E

Link to post
Share on other sites

Re-installed MBAM (it was missing), updated and Quick Scanned. Found 1 TrojanProxy.Agent key, removed. The log appears below. A second scan came up clean!

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.15.06

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

new user :: LIZMARIE [administrator]

15/08/2012 11:53:30 a.m.

mbam-log-2012-08-15 (11-53-30).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215543

Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.