Jump to content

MBAM won't update anymore - infected


Recommended Posts

Hello everyone, the problem is that within the period of last month where I didn't update my free MBAM, I've probably caught some sort of infection that caused MBAM to stop updating. Everytime I tried to update the program I would get an updating error. I've reinstalled, cleaned with mbam-clean and restarted, but that doesn't seem to help. I am clueless as to what is causing this issue, any assistance would be greatly appreciated! Here are the DDS and Attach files along with a screenshot of the error.

post-118994-0-89701500-1349356159.jpg

DDS.txt

Attach.txt

Link to post
Share on other sites

Hello Blankz13.

Please always Copy & Paste the contents of logs into main-body of reply box. Do not use attach.

You may use separate replies for each log if you want.

Please insure Spybot's Tea Timer is OFF, otherwise it will block any fixes we may use.

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Do not click any FIX button. We just need an initial report.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27

Run by Moo at 16:59:35 on 2012-10-04

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.5533 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Moo\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\Moo\AppData\Local\Akamai\netsession_win.exe

C:\Users\Moo\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Moo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Moo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Moo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Moo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Moo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Moo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Moo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Moo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Moo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Moo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Moo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

F:\Malware Bytes\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\system32\mspaint.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Moo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Moo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: NJStarBHO Class: {e74f179f-f6cc-4be0-9638-dea49583953f} - C:\Program Files (x86)\NJStar Communicator\NJStarBHO32.dll

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [Google Update] "C:\Users\Moo\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

uRun: [Octoshape Streaming Services] "C:\Users\Moo\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray

uRun: [Akamai NetSession Interface] "C:\Users\Moo\AppData\Local\Akamai\netsession_win.exe"

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRunOnce: [Malwarebytes Anti-Malware] F:\Malware Bytes\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\MICROS~1\Office14\ONBttnIE.dll/105

IE: QQ

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

LSP: C:\ProgramData\Baidu\BaiduPlayer\BdAccLSP(1.0.14.138).dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{279FE8B6-33E7-44B1-A7B3-CDA3658FD8A4}\865716E676 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7F657AD3-AC3D-4285-93A6-F5A0147B9D06} : DhcpNameServer = 209.18.47.61 209.18.47.62

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: NJStarBHO Class: {E74F179F-F6CC-4BE0-9638-DEA49583953F} - C:\Program Files (x86)\NJStar Communicator\NJStarBHO32.dll

BHO-X64: NJCommunicator Plugin for IE9 - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRunOnce-x64: [Malwarebytes Anti-Malware] F:\Malware Bytes\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Moo\AppData\Roaming\Mozilla\Firefox\Profiles\gyjzsbuj.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Baidu\BaiduPlayer\1.17.0.172\npxbdyy.dll

FF - plugin: C:\Program Files (x86)\Baidu\BaiduPlayer\1.17.0.172\npxbdyyreg.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Moo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Moo\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 MBAMScheduler;MBAMScheduler;F:\Malware Bytes\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-4 399432]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-7-22 690472]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-11 1153368]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-13 136176]

S2 MBAMService;MBAMService;F:\Malware Bytes\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-4 676936]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 atillk64;atillk64;C:\Users\Moo\Desktop\PC Tools\GPU-Z\ATIWinFlash\atillk64.sys [2011-12-27 14608]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-13 136176]

S3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-10 114144]

S3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

.

=============== Created Last 30 ================

.

2012-10-04 18:20:12 -------- d-----w- C:\Users\Moo\AppData\Local\{82A88B75-CC49-4BCE-9CFC-5DCB9099A6D8}

2012-10-04 09:44:39 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{770744E0-C2D5-4515-B357-03147FB50B9D}\offreg.dll

2012-10-04 06:29:00 -------- d-----w- C:\Users\Moo\AppData\Roaming\Malwarebytes

2012-10-04 06:28:54 -------- d-----w- C:\ProgramData\Malwarebytes

2012-10-04 06:28:53 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-10-04 06:19:38 -------- d-----w- C:\Users\Moo\AppData\Local\{F80719D3-6459-4150-8A04-6788082AF32E}

2012-10-02 14:48:42 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{770744E0-C2D5-4515-B357-03147FB50B9D}\mpengine.dll

2012-10-01 16:33:48 -------- d-----w- C:\Users\Moo\AppData\Local\{037B723B-C5E2-4D87-B6FC-72E2C4AE9D64}

2012-09-29 20:34:16 -------- d-----w- C:\Windows\AutoKMS

2012-09-29 20:25:13 -------- d-----w- C:\Windows\PCHEALTH

2012-09-29 20:23:09 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2012-09-29 19:18:27 -------- d-----w- C:\Users\Moo\AppData\Local\{2A49C49E-EF7B-43DF-A2ED-7FD31692DE12}

2012-09-28 20:39:59 0 ----a-w- C:\Windows\ativpsrm.bin

2012-09-28 20:34:29 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2012-09-28 20:34:23 -------- d-----w- C:\Program Files\ATI

2012-09-28 20:34:05 -------- d-----w- C:\Program Files\ATI Technologies

2012-09-28 20:33:11 -------- d-----w- C:\AMD

2012-09-28 20:30:16 -------- d-----w- C:\Users\Moo\AppData\Local\{E83B316D-A754-45EA-B3AC-D575093D29BB}

2012-09-23 07:21:23 -------- d-----w- C:\Users\Moo\AppData\Local\{CFE4BC51-868C-428C-A4BE-EB8C0D9A4586}

2012-09-21 05:07:14 -------- d-----w- C:\Users\Moo\AppData\Local\{F1FAFB52-A3F8-4309-B6AE-41B15EEC5511}

2012-09-21 05:01:42 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-09-21 05:01:24 -------- d-----w- C:\Program Files\iPod

2012-09-21 05:01:23 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-09-21 05:01:23 -------- d-----w- C:\Program Files\iTunes

2012-09-21 05:01:23 -------- d-----w- C:\Program Files (x86)\iTunes

2012-09-20 21:43:33 -------- d-----w- C:\Users\Moo\AppData\Local\Runic Games

2012-09-19 07:00:46 -------- d-----r- C:\Program Files (x86)\Skype

2012-09-16 23:31:20 -------- d-----w- C:\Users\Moo\AppData\Roaming\Baidu

2012-09-16 23:31:07 -------- d-----w- C:\ProgramData\Baidu

2012-09-16 23:31:06 -------- d-----w- C:\Program Files (x86)\Baidu

2012-09-16 20:24:55 -------- d-----w- C:\Users\Moo\AppData\Local\{5E975624-D5A4-42BC-88A0-B0298D8AD4D1}

2012-09-12 17:37:00 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-09-12 17:37:00 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-09-10 05:20:46 -------- d-----w- C:\Users\Moo\AppData\Roaming\PrimoPDF

2012-09-10 05:19:50 95008 ----a-w- C:\Windows\System32\Primomonnt.dll

2012-09-10 05:19:50 -------- d-----w- C:\Users\Moo\AppData\Roaming\OpenCandy

.

==================== Find3M ====================

.

2012-09-30 03:16:53 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-09-30 03:16:53 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-09-30 03:12:35 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-08-24 18:05:27 1197568 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 18:02:20 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2012-08-24 17:10:47 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 17:08:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2012-08-24 16:45:23 482816 ----a-w- C:\Windows\System32\html.iec

2012-08-24 16:02:45 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 16:01:45 386048 ----a-w- C:\Windows\SysWow64\html.iec

2012-08-24 15:27:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll

2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll

2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll

2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe

2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll

2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll

2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-07-09 17:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-07-09 17:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

.

============= FINISH: 17:00:03.62 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 8/11/2010 1:23:32 AM

System Uptime: 10/4/2012 2:22:09 AM (15 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5Q PRO TURBO

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | LGA 775 | 3194/356mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 17.031 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is FIXED (NTFS) - 75 GiB total, 38.239 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Ralink RT61 Turbo Wireless LAN Card

Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_25611814&REV_00\4&1B359D48&0&00F0

Manufacturer: Ralink Technology Corp.

Name: Ralink RT61 Turbo Wireless LAN Card

PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_25611814&REV_00\4&1B359D48&0&00F0

Service: rt61x64

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Digital Editions

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

AIM 7

Akamai NetSession Interface

Apple Application Support

Apple Software Update

BaiduPlayer1.17.0.172

Bandisoft MPEG-1 Decoder

Battlefield 3™

Battlelog Web Plugins

BS.Player FREE

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Combined Community Codec Pack 2009-09-09

Counter-Strike

D3DX10

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Diablo III

DivX Setup

Dota 2

Download Updater (AOL LLC)

Driver Sweeper version 2.7.5

ESN Sonar

Geeks3D.com FurMark 1.9.1

Google Chrome

Google Earth Plug-in

Google Update Helper

Heroes of Newerth

High-Definition Video Playback

HP Update

Java Auto Updater

Java™ 6 Update 20

Java™ 6 Update 22

Java™ 6 Update 27

Malwarebytes Anti-Malware version 1.65.0.1400

Maple 15

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 15.0 (x86 en-US)

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 10 Movie ThemePack Basic

Nero Audio Pack 1

Nero Core Components 10

Nero Kwik Media

Nero Update

NeroKwikMedia Help (CHM)

Nexon Game Manager

NJStar Communicator

Octoshape Streaming Services

Origin

Pando Media Booster

PunkBuster Services

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Samsung_MonSetup

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Skype™ 5.10

Spybot - Search & Destroy

StarCraft II

Steam

Tencent QQ

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VC80CRTRedist - 8.0.50727.6195

Vuze

Winamp

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Xiph.Org Open Codecs 0.85.17777

.

==== Event Viewer Messages From Past Week ========

.

9/29/2012 8:43:05 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

9/29/2012 4:40:10 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

9/29/2012 3:44:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

9/28/2012 4:28:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.

9/28/2012 4:26:57 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

9/28/2012 4:25:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

9/28/2012 4:25:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

9/28/2012 4:25:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

9/28/2012 4:25:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

9/28/2012 4:25:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

9/28/2012 4:25:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/28/2012 4:25:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

9/28/2012 4:24:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

9/28/2012 4:24:56 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/28/2012 4:24:56 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/28/2012 4:24:56 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

9/28/2012 4:24:56 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/28/2012 4:24:56 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/28/2012 4:24:56 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

9/28/2012 4:24:56 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/28/2012 4:24:56 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/28/2012 4:24:56 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/28/2012 4:24:56 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/28/2012 4:24:09 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .

10/4/2012 3:52:11 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

10/4/2012 2:23:58 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

10/4/2012 2:23:56 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

10/1/2012 8:29:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.

10/1/2012 2:54:20 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

10/1/2012 2:46:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

10/1/2012 2:45:53 AM, Error: Microsoft-Windows-Service Pack Installer [8] - Service Pack installation failed with error code 0x800f0a13.

.

==== End Of File ===========================

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-10-04 17:31:48

-----------------------------

17:31:48.099 OS Version: Windows x64 6.1.7600

17:31:48.099 Number of processors: 4 586 0xF0B

17:31:48.099 ComputerName: MOO-PC UserName: Moo

17:31:48.570 Initialize success

17:31:52.767 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-4

17:31:52.768 Disk 0 Vendor: WDC_WD800JB-00JJC0 05.01C05 Size: 76318MB BusType: 3

17:31:52.770 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-7

17:31:52.771 Disk 1 Vendor: WDC_WD1200JS-00MHB0 02.01C03 Size: 114473MB BusType: 3

17:31:52.781 Disk 1 MBR read successfully

17:31:52.783 Disk 1 MBR scan

17:31:52.784 Disk 1 Windows 7 default MBR code

17:31:52.788 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

17:31:52.790 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848

17:31:52.809 Disk 1 scanning C:\Windows\system32\drivers

17:31:58.161 Service scanning

17:32:07.587 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

17:32:10.904 Modules scanning

17:32:10.909 Scan finished successfully

17:32:19.724 Disk 1 MBR has been saved successfully to "C:\Users\Moo\Desktop\MBR.dat"

17:32:19.734 The log file has been saved successfully to "C:\Users\Moo\Desktop\aswMBR.txt"

The Fix button was not enabled

Link to post
Share on other sites

17:37:47.0739 3536 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

17:37:47.0993 3536 ============================================================

17:37:47.0993 3536 Current date / time: 2012/10/04 17:37:47.0993

17:37:47.0993 3536 SystemInfo:

17:37:47.0993 3536

17:37:47.0994 3536 OS Version: 6.1.7600 ServicePack: 0.0

17:37:47.0994 3536 Product type: Workstation

17:37:47.0994 3536 ComputerName: MOO-PC

17:37:47.0994 3536 UserName: Moo

17:37:47.0994 3536 Windows directory: C:\Windows

17:37:47.0994 3536 System windows directory: C:\Windows

17:37:47.0994 3536 Running under WOW64

17:37:47.0994 3536 Processor architecture: Intel x64

17:37:47.0994 3536 Number of processors: 4

17:37:47.0994 3536 Page size: 0x1000

17:37:47.0994 3536 Boot type: Normal boot

17:37:47.0994 3536 ============================================================

17:37:48.0764 3536 Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:37:48.0770 3536 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0xD72C, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040

17:37:48.0774 3536 ============================================================

17:37:48.0774 3536 \Device\Harddisk0\DR0:

17:37:48.0774 3536 MBR partitions:

17:37:48.0774 3536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

17:37:48.0774 3536 \Device\Harddisk1\DR1:

17:37:48.0775 3536 MBR partitions:

17:37:48.0775 3536 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

17:37:48.0775 3536 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800

17:37:48.0775 3536 ============================================================

17:37:48.0800 3536 C: <-> \Device\Harddisk1\DR1\Partition2

17:37:48.0801 3536 F: <-> \Device\Harddisk0\DR0\Partition1

17:37:48.0801 3536 ============================================================

17:37:48.0801 3536 Initialize success

17:37:48.0801 3536 ============================================================

17:38:09.0285 3468 ============================================================

17:38:09.0285 3468 Scan started

17:38:09.0285 3468 Mode: Manual;

17:38:09.0285 3468 ============================================================

17:38:09.0745 3468 ================ Scan system memory ========================

17:38:09.0746 3468 System memory - ok

17:38:09.0746 3468 ================ Scan services =============================

17:38:09.0865 3468 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

17:38:09.0867 3468 1394ohci - ok

17:38:09.0893 3468 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

17:38:09.0897 3468 ACPI - ok

17:38:09.0923 3468 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

17:38:09.0923 3468 AcpiPmi - ok

17:38:10.0054 3468 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

17:38:10.0054 3468 AdobeARMservice - ok

17:38:10.0092 3468 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

17:38:10.0099 3468 adp94xx - ok

17:38:10.0113 3468 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

17:38:10.0117 3468 adpahci - ok

17:38:10.0129 3468 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

17:38:10.0131 3468 adpu320 - ok

17:38:10.0158 3468 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

17:38:10.0159 3468 AeLookupSvc - ok

17:38:10.0205 3468 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys

17:38:10.0219 3468 AFD - ok

17:38:10.0232 3468 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

17:38:10.0233 3468 agp440 - ok

17:38:10.0423 3468 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll

17:38:10.0423 3468 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76

17:38:10.0430 3468 Akamai ( HiddenFile.Multi.Generic ) - warning

17:38:10.0430 3468 Akamai - detected HiddenFile.Multi.Generic (1)

17:38:10.0441 3468 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

17:38:10.0443 3468 ALG - ok

17:38:10.0460 3468 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

17:38:10.0460 3468 aliide - ok

17:38:10.0512 3468 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

17:38:10.0515 3468 AMD External Events Utility - ok

17:38:10.0531 3468 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys

17:38:10.0532 3468 amdide - ok

17:38:10.0557 3468 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

17:38:10.0558 3468 AmdK8 - ok

17:38:10.0824 3468 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

17:38:11.0034 3468 amdkmdag - ok

17:38:11.0071 3468 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

17:38:11.0073 3468 amdkmdap - ok

17:38:11.0089 3468 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

17:38:11.0090 3468 AmdPPM - ok

17:38:11.0133 3468 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys

17:38:11.0133 3468 amdsata - ok

17:38:11.0146 3468 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

17:38:11.0147 3468 amdsbs - ok

17:38:11.0187 3468 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys

17:38:11.0187 3468 amdxata - ok

17:38:11.0222 3468 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys

17:38:11.0222 3468 AppID - ok

17:38:11.0245 3468 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

17:38:11.0246 3468 AppIDSvc - ok

17:38:11.0256 3468 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll

17:38:11.0257 3468 Appinfo - ok

17:38:11.0314 3468 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:38:11.0315 3468 Apple Mobile Device - ok

17:38:11.0356 3468 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

17:38:11.0359 3468 AppMgmt - ok

17:38:11.0375 3468 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

17:38:11.0376 3468 arc - ok

17:38:11.0389 3468 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

17:38:11.0389 3468 arcsas - ok

17:38:11.0410 3468 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

17:38:11.0410 3468 AsyncMac - ok

17:38:11.0428 3468 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys

17:38:11.0428 3468 atapi - ok

17:38:11.0488 3468 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

17:38:11.0489 3468 AtiHDAudioService - ok

17:38:11.0627 3468 [ 26D973D6D9A0D133DFDA7D8C1ADC04B7 ] atillk64 C:\Users\Moo\Desktop\PC Tools\GPU-Z\ATIWinFlash\atillk64.sys

17:38:11.0627 3468 atillk64 - ok

17:38:11.0671 3468 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

17:38:11.0696 3468 AudioEndpointBuilder - ok

17:38:11.0726 3468 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll

17:38:11.0729 3468 AudioSrv - ok

17:38:11.0757 3468 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll

17:38:11.0758 3468 AxInstSV - ok

17:38:11.0789 3468 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

17:38:11.0803 3468 b06bdrv - ok

17:38:11.0843 3468 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

17:38:11.0846 3468 b57nd60a - ok

17:38:11.0874 3468 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

17:38:11.0876 3468 BDESVC - ok

17:38:11.0900 3468 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

17:38:11.0900 3468 Beep - ok

17:38:11.0937 3468 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll

17:38:11.0953 3468 BFE - ok

17:38:11.0993 3468 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll

17:38:12.0018 3468 BITS - ok

17:38:12.0038 3468 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

17:38:12.0038 3468 blbdrive - ok

17:38:12.0114 3468 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

17:38:12.0129 3468 Bonjour Service - ok

17:38:12.0166 3468 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

17:38:12.0167 3468 bowser - ok

17:38:12.0180 3468 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:38:12.0180 3468 BrFiltLo - ok

17:38:12.0197 3468 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:38:12.0198 3468 BrFiltUp - ok

17:38:12.0234 3468 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll

17:38:12.0237 3468 Browser - ok

17:38:12.0259 3468 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

17:38:12.0261 3468 Brserid - ok

17:38:12.0279 3468 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

17:38:12.0279 3468 BrSerWdm - ok

17:38:12.0305 3468 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

17:38:12.0305 3468 BrUsbMdm - ok

17:38:12.0316 3468 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

17:38:12.0316 3468 BrUsbSer - ok

17:38:12.0332 3468 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

17:38:12.0332 3468 BTHMODEM - ok

17:38:12.0354 3468 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

17:38:12.0355 3468 bthserv - ok

17:38:12.0368 3468 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

17:38:12.0368 3468 cdfs - ok

17:38:12.0390 3468 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

17:38:12.0391 3468 cdrom - ok

17:38:12.0421 3468 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll

17:38:12.0423 3468 CertPropSvc - ok

17:38:12.0439 3468 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

17:38:12.0440 3468 circlass - ok

17:38:12.0461 3468 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

17:38:12.0467 3468 CLFS - ok

17:38:12.0546 3468 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:38:12.0548 3468 clr_optimization_v2.0.50727_32 - ok

17:38:12.0590 3468 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:38:12.0591 3468 clr_optimization_v2.0.50727_64 - ok

17:38:12.0652 3468 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:38:12.0686 3468 clr_optimization_v4.0.30319_32 - ok

17:38:12.0723 3468 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:38:12.0725 3468 clr_optimization_v4.0.30319_64 - ok

17:38:12.0752 3468 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

17:38:12.0752 3468 CmBatt - ok

17:38:12.0762 3468 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

17:38:12.0763 3468 cmdide - ok

17:38:12.0803 3468 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys

17:38:12.0810 3468 CNG - ok

17:38:12.0824 3468 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

17:38:12.0824 3468 Compbatt - ok

17:38:12.0846 3468 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

17:38:12.0846 3468 CompositeBus - ok

17:38:12.0857 3468 COMSysApp - ok

17:38:12.0906 3468 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys

17:38:12.0906 3468 cpuz135 - ok

17:38:12.0909 3468 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

17:38:12.0910 3468 crcdisk - ok

17:38:12.0961 3468 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll

17:38:12.0964 3468 CryptSvc - ok

17:38:12.0992 3468 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys

17:38:13.0006 3468 CSC - ok

17:38:13.0041 3468 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll

17:38:13.0057 3468 CscService - ok

17:38:13.0091 3468 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll

17:38:13.0108 3468 DcomLaunch - ok

17:38:13.0137 3468 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

17:38:13.0141 3468 defragsvc - ok

17:38:13.0178 3468 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

17:38:13.0179 3468 DfsC - ok

17:38:13.0206 3468 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll

17:38:13.0222 3468 Dhcp - ok

17:38:13.0279 3468 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

17:38:13.0279 3468 discache - ok

17:38:13.0375 3468 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

17:38:13.0375 3468 Disk - ok

17:38:13.0432 3468 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll

17:38:13.0435 3468 Dnscache - ok

17:38:13.0458 3468 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll

17:38:13.0461 3468 dot3svc - ok

17:38:13.0516 3468 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

17:38:13.0517 3468 Dot4 - ok

17:38:13.0538 3468 [ 85135AD27E79B689335C08167D917CDE ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

17:38:13.0539 3468 Dot4Print - ok

17:38:13.0573 3468 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

17:38:13.0574 3468 dot4usb - ok

17:38:13.0587 3468 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll

17:38:13.0589 3468 DPS - ok

17:38:13.0615 3468 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

17:38:13.0616 3468 drmkaud - ok

17:38:13.0662 3468 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

17:38:13.0666 3468 DXGKrnl - ok

17:38:13.0692 3468 EagleX64 - ok

17:38:13.0727 3468 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

17:38:13.0729 3468 EapHost - ok

17:38:13.0805 3468 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

17:38:13.0873 3468 ebdrv - ok

17:38:13.0909 3468 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe

17:38:13.0911 3468 EFS - ok

17:38:13.0974 3468 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe

17:38:13.0991 3468 ehRecvr - ok

17:38:14.0021 3468 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

17:38:14.0023 3468 ehSched - ok

17:38:14.0062 3468 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

17:38:14.0087 3468 elxstor - ok

17:38:14.0098 3468 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

17:38:14.0098 3468 ErrDev - ok

17:38:14.0128 3468 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

17:38:14.0143 3468 EventSystem - ok

17:38:14.0160 3468 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

17:38:14.0161 3468 exfat - ok

17:38:14.0179 3468 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

17:38:14.0180 3468 fastfat - ok

17:38:14.0221 3468 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe

17:38:14.0246 3468 Fax - ok

17:38:14.0262 3468 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

17:38:14.0263 3468 fdc - ok

17:38:14.0296 3468 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

17:38:14.0297 3468 fdPHost - ok

17:38:14.0313 3468 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

17:38:14.0314 3468 FDResPub - ok

17:38:14.0327 3468 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

17:38:14.0327 3468 FileInfo - ok

17:38:14.0338 3468 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

17:38:14.0338 3468 Filetrace - ok

17:38:14.0348 3468 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

17:38:14.0348 3468 flpydisk - ok

17:38:14.0377 3468 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

17:38:14.0380 3468 FltMgr - ok

17:38:14.0434 3468 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll

17:38:14.0459 3468 FontCache - ok

17:38:14.0508 3468 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:38:14.0508 3468 FontCache3.0.0.0 - ok

17:38:14.0522 3468 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

17:38:14.0523 3468 FsDepends - ok

17:38:14.0550 3468 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

17:38:14.0550 3468 Fs_Rec - ok

17:38:14.0574 3468 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

17:38:14.0576 3468 fvevol - ok

17:38:14.0598 3468 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

17:38:14.0599 3468 gagp30kx - ok

17:38:14.0628 3468 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:38:14.0628 3468 GEARAspiWDM - ok

17:38:14.0663 3468 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll

17:38:14.0680 3468 gpsvc - ok

17:38:14.0740 3468 GPU-Z - ok

17:38:14.0798 3468 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:38:14.0799 3468 gupdate - ok

17:38:14.0820 3468 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:38:14.0821 3468 gupdatem - ok

17:38:14.0835 3468 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

17:38:14.0835 3468 hcw85cir - ok

17:38:14.0868 3468 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

17:38:14.0871 3468 HdAudAddService - ok

17:38:14.0891 3468 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

17:38:14.0892 3468 HDAudBus - ok

17:38:14.0905 3468 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

17:38:14.0905 3468 HidBatt - ok

17:38:14.0922 3468 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

17:38:14.0923 3468 HidBth - ok

17:38:14.0931 3468 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

17:38:14.0931 3468 HidIr - ok

17:38:14.0948 3468 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

17:38:14.0950 3468 hidserv - ok

17:38:14.0973 3468 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

17:38:14.0973 3468 HidUsb - ok

17:38:15.0002 3468 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll

17:38:15.0004 3468 hkmsvc - ok

17:38:15.0019 3468 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

17:38:15.0022 3468 HomeGroupListener - ok

17:38:15.0047 3468 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll

17:38:15.0050 3468 HomeGroupProvider - ok

17:38:15.0066 3468 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

17:38:15.0067 3468 HpSAMD - ok

17:38:15.0101 3468 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys

17:38:15.0117 3468 HTTP - ok

17:38:15.0130 3468 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

17:38:15.0130 3468 hwpolicy - ok

17:38:15.0159 3468 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

17:38:15.0160 3468 i8042prt - ok

17:38:15.0196 3468 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

17:38:15.0200 3468 iaStorV - ok

17:38:15.0253 3468 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:38:15.0278 3468 idsvc - ok

17:38:15.0301 3468 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

17:38:15.0302 3468 iirsp - ok

17:38:15.0333 3468 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll

17:38:15.0358 3468 IKEEXT - ok

17:38:15.0369 3468 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys

17:38:15.0369 3468 intelide - ok

17:38:15.0397 3468 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

17:38:15.0397 3468 intelppm - ok

17:38:15.0416 3468 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

17:38:15.0418 3468 IPBusEnum - ok

17:38:15.0431 3468 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:38:15.0431 3468 IpFilterDriver - ok

17:38:15.0458 3468 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

17:38:15.0475 3468 iphlpsvc - ok

17:38:15.0490 3468 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

17:38:15.0490 3468 IPMIDRV - ok

17:38:15.0499 3468 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

17:38:15.0500 3468 IPNAT - ok

17:38:15.0552 3468 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

17:38:15.0577 3468 iPod Service - ok

17:38:15.0594 3468 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

17:38:15.0594 3468 IRENUM - ok

17:38:15.0618 3468 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

17:38:15.0618 3468 isapnp - ok

17:38:15.0635 3468 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

17:38:15.0637 3468 iScsiPrt - ok

17:38:15.0659 3468 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

17:38:15.0659 3468 kbdclass - ok

17:38:15.0683 3468 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

17:38:15.0684 3468 kbdhid - ok

17:38:15.0700 3468 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe

17:38:15.0701 3468 KeyIso - ok

17:38:15.0732 3468 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

17:38:15.0732 3468 KSecDD - ok

17:38:15.0747 3468 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

17:38:15.0749 3468 KSecPkg - ok

17:38:15.0752 3468 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

17:38:15.0752 3468 ksthunk - ok

17:38:15.0782 3468 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

17:38:15.0789 3468 KtmRm - ok

17:38:15.0821 3468 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys

17:38:15.0822 3468 L1E - ok

17:38:15.0858 3468 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll

17:38:15.0862 3468 LanmanServer - ok

17:38:15.0885 3468 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

17:38:15.0888 3468 LanmanWorkstation - ok

17:38:15.0916 3468 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

17:38:15.0917 3468 lltdio - ok

17:38:15.0945 3468 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

17:38:15.0952 3468 lltdsvc - ok

17:38:15.0961 3468 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

17:38:15.0962 3468 lmhosts - ok

17:38:16.0000 3468 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

17:38:16.0002 3468 LSI_FC - ok

17:38:16.0016 3468 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

17:38:16.0017 3468 LSI_SAS - ok

17:38:16.0030 3468 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:38:16.0031 3468 LSI_SAS2 - ok

17:38:16.0042 3468 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:38:16.0042 3468 LSI_SCSI - ok

17:38:16.0063 3468 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

17:38:16.0063 3468 luafv - ok

17:38:16.0237 3468 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys

17:38:16.0372 3468 LVUVC64 - ok

17:38:16.0430 3468 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

17:38:16.0430 3468 MBAMProtector - ok

17:38:16.0480 3468 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler F:\Malware Bytes\Malwarebytes' Anti-Malware\mbamscheduler.exe

17:38:16.0491 3468 MBAMScheduler - ok

17:38:16.0528 3468 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService F:\Malware Bytes\Malwarebytes' Anti-Malware\mbamservice.exe

17:38:16.0553 3468 MBAMService - ok

17:38:16.0572 3468 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

17:38:16.0574 3468 Mcx2Svc - ok

17:38:16.0584 3468 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

17:38:16.0584 3468 megasas - ok

17:38:16.0607 3468 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

17:38:16.0610 3468 MegaSR - ok

17:38:16.0638 3468 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

17:38:16.0639 3468 MMCSS - ok

17:38:16.0658 3468 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

17:38:16.0658 3468 Modem - ok

17:38:16.0686 3468 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

17:38:16.0686 3468 monitor - ok

17:38:16.0706 3468 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

17:38:16.0707 3468 mouclass - ok

17:38:16.0720 3468 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

17:38:16.0720 3468 mouhid - ok

17:38:16.0732 3468 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

17:38:16.0733 3468 mountmgr - ok

17:38:16.0805 3468 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

17:38:16.0807 3468 MozillaMaintenance - ok

17:38:16.0828 3468 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys

17:38:16.0829 3468 mpio - ok

17:38:16.0843 3468 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

17:38:16.0843 3468 mpsdrv - ok

17:38:16.0873 3468 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll

17:38:16.0898 3468 MpsSvc - ok

17:38:16.0917 3468 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

17:38:16.0918 3468 MRxDAV - ok

17:38:16.0958 3468 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

17:38:16.0960 3468 mrxsmb - ok

17:38:16.0997 3468 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:38:16.0999 3468 mrxsmb10 - ok

17:38:17.0012 3468 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:38:17.0013 3468 mrxsmb20 - ok

17:38:17.0034 3468 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys

17:38:17.0035 3468 msahci - ok

17:38:17.0053 3468 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

17:38:17.0054 3468 msdsm - ok

17:38:17.0079 3468 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

17:38:17.0082 3468 MSDTC - ok

17:38:17.0098 3468 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

17:38:17.0098 3468 Msfs - ok

17:38:17.0110 3468 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

17:38:17.0110 3468 mshidkmdf - ok

17:38:17.0120 3468 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

17:38:17.0120 3468 msisadrv - ok

17:38:17.0159 3468 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

17:38:17.0161 3468 MSiSCSI - ok

17:38:17.0165 3468 msiserver - ok

17:38:17.0187 3468 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

17:38:17.0188 3468 MSKSSRV - ok

17:38:17.0202 3468 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

17:38:17.0202 3468 MSPCLOCK - ok

17:38:17.0221 3468 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

17:38:17.0221 3468 MSPQM - ok

17:38:17.0241 3468 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

17:38:17.0245 3468 MsRPC - ok

17:38:17.0272 3468 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

17:38:17.0273 3468 mssmbios - ok

17:38:17.0287 3468 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

17:38:17.0288 3468 MSTEE - ok

17:38:17.0299 3468 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

17:38:17.0300 3468 MTConfig - ok

17:38:17.0326 3468 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys

17:38:17.0326 3468 MTsensor - ok

17:38:17.0365 3468 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

17:38:17.0365 3468 Mup - ok

17:38:17.0393 3468 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll

17:38:17.0407 3468 napagent - ok

17:38:17.0444 3468 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

17:38:17.0446 3468 NativeWifiP - ok

17:38:17.0556 3468 [ 7F79DA9E719D0774BDBC3622ABD3AFD9 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe

17:38:17.0572 3468 NAUpdate - ok

17:38:17.0609 3468 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys

17:38:17.0635 3468 NDIS - ok

17:38:17.0646 3468 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

17:38:17.0647 3468 NdisCap - ok

17:38:17.0664 3468 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

17:38:17.0664 3468 NdisTapi - ok

17:38:17.0679 3468 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

17:38:17.0679 3468 Ndisuio - ok

17:38:17.0693 3468 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

17:38:17.0694 3468 NdisWan - ok

17:38:17.0710 3468 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

17:38:17.0711 3468 NDProxy - ok

17:38:17.0760 3468 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

17:38:17.0762 3468 Net Driver HPZ12 - ok

17:38:17.0785 3468 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

17:38:17.0786 3468 NetBIOS - ok

17:38:17.0804 3468 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

17:38:17.0806 3468 NetBT - ok

17:38:17.0823 3468 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe

17:38:17.0824 3468 Netlogon - ok

17:38:17.0859 3468 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

17:38:17.0866 3468 Netman - ok

17:38:17.0883 3468 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

17:38:17.0899 3468 netprofm - ok

17:38:17.0919 3468 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:38:17.0921 3468 NetTcpPortSharing - ok

17:38:17.0943 3468 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

17:38:17.0943 3468 nfrd960 - ok

17:38:17.0965 3468 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll

17:38:17.0973 3468 NlaSvc - ok

17:38:17.0987 3468 NLNdisMP - ok

17:38:17.0998 3468 NLNdisPT - ok

17:38:18.0010 3468 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

17:38:18.0010 3468 Npfs - ok

17:38:18.0016 3468 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

17:38:18.0017 3468 nsi - ok

17:38:18.0029 3468 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

17:38:18.0029 3468 nsiproxy - ok

17:38:18.0090 3468 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

17:38:18.0123 3468 Ntfs - ok

17:38:18.0143 3468 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

17:38:18.0143 3468 Null - ok

17:38:18.0156 3468 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

17:38:18.0157 3468 ohci1394 - ok

17:38:18.0225 3468 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:38:18.0227 3468 ose - ok

17:38:18.0397 3468 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

17:38:18.0498 3468 osppsvc - ok

17:38:18.0532 3468 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

17:38:18.0538 3468 p2pimsvc - ok

17:38:18.0558 3468 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

17:38:18.0574 3468 p2psvc - ok

17:38:18.0597 3468 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

17:38:18.0597 3468 Parport - ok

17:38:18.0632 3468 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys

17:38:18.0633 3468 partmgr - ok

17:38:18.0649 3468 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

17:38:18.0652 3468 PcaSvc - ok

17:38:18.0661 3468 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys

17:38:18.0663 3468 pci - ok

17:38:18.0671 3468 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys

17:38:18.0671 3468 pciide - ok

17:38:18.0687 3468 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

17:38:18.0689 3468 pcmcia - ok

17:38:18.0704 3468 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

17:38:18.0705 3468 pcw - ok

17:38:18.0735 3468 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

17:38:18.0751 3468 PEAUTH - ok

17:38:18.0799 3468 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

17:38:18.0833 3468 PeerDistSvc - ok

17:38:18.0894 3468 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

17:38:18.0895 3468 PerfHost - ok

17:38:18.0936 3468 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll

17:38:18.0969 3468 pla - ok

17:38:19.0014 3468 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

17:38:19.0031 3468 PlugPlay - ok

17:38:19.0055 3468 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

17:38:19.0056 3468 Pml Driver HPZ12 - ok

17:38:19.0085 3468 PnkBstrA - ok

17:38:19.0103 3468 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

17:38:19.0104 3468 PNRPAutoReg - ok

17:38:19.0123 3468 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

17:38:19.0125 3468 PNRPsvc - ok

17:38:19.0156 3468 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

17:38:19.0171 3468 PolicyAgent - ok

17:38:19.0192 3468 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

17:38:19.0195 3468 Power - ok

17:38:19.0228 3468 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

17:38:19.0229 3468 PptpMiniport - ok

17:38:19.0243 3468 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

17:38:19.0243 3468 Processor - ok

17:38:19.0272 3468 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll

17:38:19.0276 3468 ProfSvc - ok

17:38:19.0289 3468 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe

17:38:19.0290 3468 ProtectedStorage - ok

17:38:19.0310 3468 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

17:38:19.0312 3468 Psched - ok

17:38:19.0361 3468 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

17:38:19.0394 3468 ql2300 - ok

17:38:19.0417 3468 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

17:38:19.0417 3468 ql40xx - ok

17:38:19.0433 3468 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

17:38:19.0437 3468 QWAVE - ok

17:38:19.0450 3468 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

17:38:19.0450 3468 QWAVEdrv - ok

17:38:19.0461 3468 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

17:38:19.0461 3468 RasAcd - ok

17:38:19.0479 3468 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

17:38:19.0479 3468 RasAgileVpn - ok

17:38:19.0492 3468 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

17:38:19.0494 3468 RasAuto - ok

17:38:19.0509 3468 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

17:38:19.0510 3468 Rasl2tp - ok

17:38:19.0538 3468 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll

17:38:19.0553 3468 RasMan - ok

17:38:19.0570 3468 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

17:38:19.0571 3468 RasPppoe - ok

17:38:19.0583 3468 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

17:38:19.0584 3468 RasSstp - ok

17:38:19.0602 3468 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

17:38:19.0604 3468 rdbss - ok

17:38:19.0627 3468 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

17:38:19.0628 3468 rdpbus - ok

17:38:19.0639 3468 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

17:38:19.0640 3468 RDPCDD - ok

17:38:19.0662 3468 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

17:38:19.0663 3468 RDPDR - ok

17:38:19.0679 3468 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

17:38:19.0680 3468 RDPENCDD - ok

17:38:19.0691 3468 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

17:38:19.0691 3468 RDPREFMP - ok

17:38:19.0739 3468 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

17:38:19.0741 3468 RDPWD - ok

17:38:19.0783 3468 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

17:38:19.0785 3468 rdyboost - ok

17:38:19.0805 3468 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

17:38:19.0808 3468 RemoteAccess - ok

17:38:19.0816 3468 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

17:38:19.0819 3468 RemoteRegistry - ok

17:38:19.0851 3468 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

17:38:19.0853 3468 RpcEptMapper - ok

17:38:19.0867 3468 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

17:38:19.0869 3468 RpcLocator - ok

17:38:19.0886 3468 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll

17:38:19.0890 3468 RpcSs - ok

17:38:19.0907 3468 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

17:38:19.0908 3468 rspndr - ok

17:38:19.0955 3468 [ 60EB8A87357CA5B088B422D1E55A2405 ] rt61x64 C:\Windows\system32\DRIVERS\netr6164.sys

17:38:19.0959 3468 rt61x64 - ok

17:38:19.0981 3468 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys

17:38:19.0981 3468 s3cap - ok

17:38:19.0997 3468 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe

17:38:19.0998 3468 SamSs - ok

17:38:20.0010 3468 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

17:38:20.0011 3468 sbp2port - ok

17:38:20.0073 3468 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

17:38:20.0078 3468 SBSDWSCService - ok

17:38:20.0113 3468 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

17:38:20.0117 3468 SCardSvr - ok

17:38:20.0131 3468 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

17:38:20.0132 3468 scfilter - ok

17:38:20.0181 3468 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll

17:38:20.0206 3468 Schedule - ok

17:38:20.0224 3468 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll

17:38:20.0225 3468 SCPolicySvc - ok

17:38:20.0253 3468 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll

17:38:20.0257 3468 SDRSVC - ok

17:38:20.0287 3468 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

17:38:20.0287 3468 secdrv - ok

17:38:20.0300 3468 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll

17:38:20.0302 3468 seclogon - ok

17:38:20.0318 3468 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

17:38:20.0320 3468 SENS - ok

17:38:20.0332 3468 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

17:38:20.0333 3468 SensrSvc - ok

17:38:20.0345 3468 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

17:38:20.0345 3468 Serenum - ok

17:38:20.0361 3468 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

17:38:20.0361 3468 Serial - ok

17:38:20.0377 3468 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

17:38:20.0377 3468 sermouse - ok

17:38:20.0389 3468 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll

17:38:20.0392 3468 SessionEnv - ok

17:38:20.0403 3468 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

17:38:20.0404 3468 sffdisk - ok

17:38:20.0415 3468 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

17:38:20.0415 3468 sffp_mmc - ok

17:38:20.0425 3468 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

17:38:20.0425 3468 sffp_sd - ok

17:38:20.0434 3468 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

17:38:20.0434 3468 sfloppy - ok

17:38:20.0474 3468 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

17:38:20.0488 3468 SharedAccess - ok

17:38:20.0521 3468 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll

17:38:20.0545 3468 ShellHWDetection - ok

17:38:20.0567 3468 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:38:20.0567 3468 SiSRaid2 - ok

17:38:20.0583 3468 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

17:38:20.0584 3468 SiSRaid4 - ok

17:38:20.0619 3468 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

17:38:20.0621 3468 SkypeUpdate - ok

17:38:20.0643 3468 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

17:38:20.0643 3468 Smb - ok

17:38:20.0671 3468 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

17:38:20.0673 3468 SNMPTRAP - ok

17:38:20.0689 3468 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

17:38:20.0690 3468 spldr - ok

17:38:20.0732 3468 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe

17:38:20.0748 3468 Spooler - ok

17:38:20.0828 3468 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe

17:38:20.0903 3468 sppsvc - ok

17:38:20.0921 3468 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

17:38:20.0924 3468 sppuinotify - ok

17:38:20.0985 3468 [ D519AD2DE7968CD2B47FEA807C5B29B2 ] sptd C:\Windows\System32\Drivers\sptd.sys

17:38:20.0985 3468 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: D519AD2DE7968CD2B47FEA807C5B29B2

17:38:20.0986 3468 sptd ( LockedFile.Multi.Generic ) - warning

17:38:20.0986 3468 sptd - detected LockedFile.Multi.Generic (1)

17:38:21.0033 3468 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys

17:38:21.0039 3468 srv - ok

17:38:21.0060 3468 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

17:38:21.0064 3468 srv2 - ok

17:38:21.0095 3468 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

17:38:21.0096 3468 srvnet - ok

17:38:21.0134 3468 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

17:38:21.0137 3468 SSDPSRV - ok

17:38:21.0149 3468 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

17:38:21.0151 3468 SstpSvc - ok

17:38:21.0174 3468 Steam Client Service - ok

17:38:21.0190 3468 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

17:38:21.0191 3468 stexstor - ok

17:38:21.0236 3468 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll

17:38:21.0252 3468 stisvc - ok

17:38:21.0286 3468 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys

17:38:21.0287 3468 storflt - ok

17:38:21.0304 3468 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys

17:38:21.0305 3468 storvsc - ok

17:38:21.0322 3468 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

17:38:21.0322 3468 swenum - ok

17:38:21.0347 3468 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

17:38:21.0362 3468 swprv - ok

17:38:21.0429 3468 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll

17:38:21.0471 3468 SysMain - ok

17:38:21.0488 3468 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll

17:38:21.0491 3468 TabletInputService - ok

17:38:21.0509 3468 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll

17:38:21.0525 3468 TapiSrv - ok

17:38:21.0533 3468 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

17:38:21.0535 3468 TBS - ok

17:38:21.0610 3468 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

17:38:21.0652 3468 Tcpip - ok

17:38:21.0707 3468 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

17:38:21.0715 3468 TCPIP6 - ok

17:38:21.0729 3468 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

17:38:21.0730 3468 tcpipreg - ok

17:38:21.0745 3468 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

17:38:21.0745 3468 TDPIPE - ok

17:38:21.0779 3468 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

17:38:21.0780 3468 TDTCP - ok

17:38:21.0799 3468 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys

17:38:21.0799 3468 tdx - ok

17:38:21.0811 3468 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

17:38:21.0811 3468 TermDD - ok

17:38:21.0848 3468 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll

17:38:21.0873 3468 TermService - ok

17:38:21.0890 3468 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

17:38:21.0892 3468 Themes - ok

17:38:21.0909 3468 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

17:38:21.0910 3468 THREADORDER - ok

17:38:21.0931 3468 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

17:38:21.0934 3468 TrkWks - ok

17:38:21.0976 3468 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

17:38:21.0979 3468 TrustedInstaller - ok

17:38:21.0995 3468 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

17:38:21.0995 3468 tssecsrv - ok

17:38:22.0020 3468 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

17:38:22.0020 3468 tunnel - ok

17:38:22.0032 3468 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

17:38:22.0032 3468 uagp35 - ok

17:38:22.0049 3468 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys

17:38:22.0052 3468 udfs - ok

17:38:22.0073 3468 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

17:38:22.0075 3468 UI0Detect - ok

17:38:22.0090 3468 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

17:38:22.0090 3468 uliagpkx - ok

17:38:22.0114 3468 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

17:38:22.0115 3468 umbus - ok

17:38:22.0126 3468 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

17:38:22.0126 3468 UmPass - ok

17:38:22.0159 3468 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll

17:38:22.0163 3468 UmRdpService - ok

17:38:22.0198 3468 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

17:38:22.0212 3468 upnphost - ok

17:38:22.0265 3468 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

17:38:22.0265 3468 USBAAPL64 - ok

17:38:22.0300 3468 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

17:38:22.0300 3468 usbaudio - ok

17:38:22.0330 3468 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

17:38:22.0331 3468 usbccgp - ok

17:38:22.0360 3468 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

17:38:22.0361 3468 usbcir - ok

17:38:22.0387 3468 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

17:38:22.0388 3468 usbehci - ok

17:38:22.0426 3468 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

17:38:22.0429 3468 usbhub - ok

17:38:22.0459 3468 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys

17:38:22.0459 3468 usbohci - ok

17:38:22.0492 3468 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

17:38:22.0492 3468 usbprint - ok

17:38:22.0528 3468 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

17:38:22.0529 3468 usbscan - ok

17:38:22.0562 3468 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:38:22.0562 3468 USBSTOR - ok

17:38:22.0594 3468 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

17:38:22.0594 3468 usbuhci - ok

17:38:22.0626 3468 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

17:38:22.0628 3468 usbvideo - ok

17:38:22.0643 3468 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

17:38:22.0645 3468 UxSms - ok

17:38:22.0653 3468 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe

17:38:22.0654 3468 VaultSvc - ok

17:38:22.0673 3468 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

17:38:22.0673 3468 vdrvroot - ok

17:38:22.0699 3468 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe

17:38:22.0716 3468 vds - ok

17:38:22.0732 3468 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

17:38:22.0733 3468 vga - ok

17:38:22.0740 3468 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

17:38:22.0740 3468 VgaSave - ok

17:38:22.0757 3468 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

17:38:22.0759 3468 vhdmp - ok

17:38:22.0768 3468 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys

17:38:22.0769 3468 viaide - ok

17:38:22.0795 3468 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys

17:38:22.0797 3468 vmbus - ok

17:38:22.0813 3468 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys

17:38:22.0814 3468 VMBusHID - ok

17:38:22.0827 3468 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

17:38:22.0827 3468 volmgr - ok

17:38:22.0846 3468 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

17:38:22.0849 3468 volmgrx - ok

17:38:22.0881 3468 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

17:38:22.0883 3468 volsnap - ok

17:38:22.0899 3468 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

17:38:22.0900 3468 vsmraid - ok

17:38:22.0953 3468 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe

17:38:22.0987 3468 VSS - ok

17:38:23.0000 3468 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

17:38:23.0001 3468 vwifibus - ok

17:38:23.0023 3468 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

17:38:23.0024 3468 vwififlt - ok

17:38:23.0055 3468 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

17:38:23.0055 3468 vwifimp - ok

17:38:23.0078 3468 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

17:38:23.0093 3468 W32Time - ok

17:38:23.0110 3468 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

17:38:23.0110 3468 WacomPen - ok

17:38:23.0140 3468 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

17:38:23.0141 3468 WANARP - ok

17:38:23.0154 3468 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

17:38:23.0155 3468 Wanarpv6 - ok

17:38:23.0199 3468 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

17:38:23.0232 3468 WatAdminSvc - ok

17:38:23.0284 3468 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe

17:38:23.0318 3468 wbengine - ok

17:38:23.0342 3468 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

17:38:23.0346 3468 WbioSrvc - ok

17:38:23.0390 3468 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll

17:38:23.0414 3468 wcncsvc - ok

17:38:23.0426 3468 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

17:38:23.0428 3468 WcsPlugInService - ok

17:38:23.0451 3468 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

17:38:23.0451 3468 Wd - ok

17:38:23.0477 3468 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

17:38:23.0494 3468 Wdf01000 - ok

17:38:23.0521 3468 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

17:38:23.0524 3468 WdiServiceHost - ok

17:38:23.0527 3468 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

17:38:23.0528 3468 WdiSystemHost - ok

17:38:23.0560 3468 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll

17:38:23.0564 3468 WebClient - ok

17:38:23.0579 3468 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

17:38:23.0583 3468 Wecsvc - ok

17:38:23.0599 3468 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

17:38:23.0602 3468 wercplsupport - ok

17:38:23.0628 3468 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

17:38:23.0630 3468 WerSvc - ok

17:38:23.0647 3468 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

17:38:23.0647 3468 WfpLwf - ok

17:38:23.0654 3468 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

17:38:23.0655 3468 WIMMount - ok

17:38:23.0669 3468 WinDefend - ok

17:38:23.0673 3468 WinHttpAutoProxySvc - ok

17:38:23.0723 3468 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

17:38:23.0726 3468 Winmgmt - ok

17:38:23.0790 3468 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll

17:38:23.0832 3468 WinRM - ok

17:38:23.0886 3468 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

17:38:23.0887 3468 WinUsb - ok

17:38:23.0927 3468 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

17:38:23.0950 3468 Wlansvc - ok

17:38:24.0090 3468 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:38:24.0140 3468 wlidsvc - ok

17:38:24.0158 3468 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

17:38:24.0158 3468 WmiAcpi - ok

17:38:24.0177 3468 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

17:38:24.0180 3468 wmiApSrv - ok

17:38:24.0195 3468 WMPNetworkSvc - ok

17:38:24.0210 3468 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

17:38:24.0212 3468 WPCSvc - ok

17:38:24.0224 3468 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

17:38:24.0227 3468 WPDBusEnum - ok

17:38:24.0246 3468 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

17:38:24.0246 3468 ws2ifsl - ok

17:38:24.0284 3468 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll

17:38:24.0287 3468 wscsvc - ok

17:38:24.0329 3468 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

17:38:24.0330 3468 WSDPrintDevice - ok

17:38:24.0353 3468 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys

17:38:24.0354 3468 WSDScan - ok

17:38:24.0356 3468 WSearch - ok

17:38:24.0440 3468 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

17:38:24.0491 3468 wuauserv - ok

17:38:24.0504 3468 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

17:38:24.0505 3468 WudfPf - ok

17:38:24.0534 3468 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

17:38:24.0535 3468 WUDFRd - ok

17:38:24.0552 3468 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll

17:38:24.0555 3468 wudfsvc - ok

17:38:24.0574 3468 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

17:38:24.0578 3468 WwanSvc - ok

17:38:24.0600 3468 ================ Scan global ===============================

17:38:24.0624 3468 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

17:38:24.0661 3468 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll

17:38:24.0669 3468 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll

17:38:24.0697 3468 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

17:38:24.0723 3468 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

17:38:24.0738 3468 [Global] - ok

17:38:24.0738 3468 ================ Scan MBR ==================================

17:38:24.0741 3468 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

17:38:24.0775 3468 \Device\Harddisk0\DR0 - ok

17:38:24.0783 3468 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1

17:38:25.0048 3468 \Device\Harddisk1\DR1 - ok

17:38:25.0048 3468 ================ Scan VBR ==================================

17:38:25.0050 3468 [ 22D3D39CE8F043F394FE21C6CCAE6C4B ] \Device\Harddisk0\DR0\Partition1

17:38:25.0052 3468 \Device\Harddisk0\DR0\Partition1 - ok

17:38:25.0053 3468 [ 1FB4323C9D38A89B0FE04EAFC8C4AF5C ] \Device\Harddisk1\DR1\Partition1

17:38:25.0054 3468 \Device\Harddisk1\DR1\Partition1 - ok

17:38:25.0059 3468 [ 77468038EEBBBB5ECE1C884F74A45CDF ] \Device\Harddisk1\DR1\Partition2

17:38:25.0060 3468 \Device\Harddisk1\DR1\Partition2 - ok

17:38:25.0060 3468 ============================================================

17:38:25.0060 3468 Scan finished

17:38:25.0060 3468 ============================================================

17:38:25.0067 4408 Detected object count: 2

17:38:25.0067 4408 Actual detected object count: 2

17:39:27.0883 4408 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

17:39:27.0884 4408 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

17:39:27.0885 4408 sptd ( LockedFile.Multi.Generic ) - skipped by user

17:39:27.0885 4408 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Here's the last one Tigzy RK:

RogueKiller V8.1.1 [10/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Moo [Admin rights]

Mode : Scan -- Date : 10/04/2012 17:43:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800JB-00JJC0 ATA Device +++++

--- User ---

[MBR] d1e5abbad898fc347e1bd400c458c8e7

[bSP] 15add8d8089c380e71f5b4c0fc4d3e09 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1200JS-00MHB0 ATA Device +++++

--- User ---

[MBR] 554d894f260b81cd8b2ee8a2bbbdef02

[bSP] 4af521ee14765ce656920bd99007c1c3 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

There's 3 old version of Java runtime that need to be Uninstalled:

Java 6 Update 20

Java 6 Update 22

Java 6 Update 27

Older versions of Java pose a security risk.

And if you do not need Java for the programs that you use, keep Java off your system . There is a security concern about the newest versions as well.

See http://seclists.org/bugtraq/2012/Sep/109

and https://www.networkworld.com/community/blog/time-disable-java-again-1-billion-risk-newest-critical-java-bug

NO 'torrent apps/ peer-to-peer apps

Please remove Vuze & any other 'torrent and confirm doing that in your next reply :excl:

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

Also, I do not see an antivirus program installed. Please advise me IF one is installed.

IF one is not installed, the security of your operating system cannot be trusted.

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Two good antivirus programs free for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Link to post
Share on other sites

Let's have you do these next:

do this:

1. Open Internet Explorer.

2. Click "Tools," and then click "Internet Options."

3. Click "Connections," and then click "LAN Settings."

4. Make sure the check boxes for "Automatically detect settings" and "Use automatic configuration script" are not selected.

5. Make sure Proxy servers block is not selected (not checkmarked).

6. Apply changes & OK

Step 2

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

Double click DeFogger to run the tool.

The application window will appear

Click the Disable button to disable your CD Emulation drivers.

Click Yes to continue

A 'Finished!' message will appear

Click OK

DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Blankz13 only. If you are a casual viewer, do NOT try this on your system!

If you are not Blankz13 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

ComboFix 12-10-04.02 - Moo 10/06/2012 17:49:44.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6458 [GMT -4:00]

Running from: c:\users\Moo\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))

.

.

2012-10-06 21:58 . 2012-10-06 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-06 15:49 . 2012-08-30 04:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B183BE0-BB8B-46E4-9BC4-050FA2CEA409}\mpengine.dll

2012-10-05 15:42 . 2012-10-05 15:41 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AB04F3C-68CA-44E8-8ED1-77A69E4DCEB9}\gapaengine.dll

2012-10-05 15:42 . 2012-08-30 04:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-10-05 15:37 . 2012-10-05 15:37 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-10-05 15:36 . 2012-10-05 15:37 -------- d-----w- c:\program files\Microsoft Security Client

2012-10-05 15:36 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2012-10-05 06:15 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED977251-6C38-40A7-A31C-9A3543481081}\mpengine.dll

2012-10-04 21:21 . 2012-10-04 21:21 -------- d-----w- c:\program files (x86)\ERUNT

2012-10-04 06:29 . 2012-10-04 06:29 -------- d-----w- c:\users\Moo\AppData\Roaming\Malwarebytes

2012-10-04 06:28 . 2012-10-04 06:28 -------- d-----w- c:\programdata\Malwarebytes

2012-10-04 06:28 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-29 20:34 . 2012-10-04 06:34 -------- d-----w- c:\windows\AutoKMS

2012-09-29 20:25 . 2012-09-29 20:25 -------- d-----w- c:\windows\PCHEALTH

2012-09-29 20:23 . 2012-09-29 20:23 -------- d-----w- c:\program files\Microsoft Office

2012-09-29 20:23 . 2012-09-29 20:23 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2012-09-29 20:22 . 2012-09-29 20:22 -------- d-----r- C:\MSOCache

2012-09-28 20:40 . 2012-09-28 20:40 -------- d-----w- c:\programdata\ATI

2012-09-28 20:39 . 2012-09-28 20:39 0 ----a-w- c:\windows\ativpsrm.bin

2012-09-28 20:34 . 2012-09-28 20:34 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-09-28 20:34 . 2012-09-28 20:34 -------- d-----w- c:\program files\ATI

2012-09-28 20:34 . 2012-09-28 20:35 -------- d-----w- c:\program files\ATI Technologies

2012-09-28 20:33 . 2012-09-28 20:33 -------- d-----w- C:\AMD

2012-09-21 05:01 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-09-21 05:01 . 2012-09-21 05:01 -------- d-----w- c:\program files\iPod

2012-09-21 05:01 . 2012-09-21 05:01 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-09-21 05:01 . 2012-09-21 05:01 -------- d-----w- c:\program files\iTunes

2012-09-21 05:01 . 2012-09-21 05:01 -------- d-----w- c:\program files (x86)\iTunes

2012-09-20 21:43 . 2012-09-20 21:43 -------- d-----w- c:\users\Moo\AppData\Local\Runic Games

2012-09-20 21:43 . 2012-09-20 21:43 -------- d-----w- c:\users\Public\Games

2012-09-19 07:00 . 2012-09-19 07:00 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-09-19 07:00 . 2012-09-19 07:00 -------- d-----r- c:\program files (x86)\Skype

2012-09-16 23:31 . 2012-09-22 03:21 -------- d-----w- c:\users\Moo\AppData\Roaming\Baidu

2012-09-16 23:31 . 2012-09-16 23:31 -------- d-----w- c:\programdata\Baidu

2012-09-16 23:31 . 2012-09-16 23:31 -------- d-----w- c:\program files (x86)\Baidu

2012-09-12 17:37 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-12 17:37 . 2012-08-02 17:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-10 05:21 . 2012-09-10 05:21 -------- d-----w- c:\users\Moo\AppData\Roaming\Nitro PDF

2012-09-10 05:20 . 2012-09-10 05:28 -------- d-----w- c:\users\Moo\AppData\Roaming\PrimoPDF

2012-09-10 05:20 . 2012-09-10 05:20 -------- d-----w- c:\programdata\Nitro PDF

2012-09-10 05:19 . 2012-09-10 05:19 -------- d-----w- c:\users\Moo\AppData\Roaming\OpenCandy

2012-09-10 05:19 . 2011-02-28 22:37 95008 ----a-w- c:\windows\system32\Primomonnt.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-30 03:16 . 2010-08-20 01:50 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-09-30 03:16 . 2010-08-20 01:49 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-09-30 03:12 . 2010-08-20 01:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-09-13 07:01 . 2010-08-11 07:00 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-31 02:03 . 2012-08-31 02:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-21 17:01 . 2011-04-03 05:27 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 17:01 . 2011-04-03 05:27 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll

2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll

2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-07-28 02:15 . 2012-07-28 02:15 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-07-28 02:13 . 2012-07-28 02:13 1100288 ----a-w- c:\windows\system32\aticfx64.dll

2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe

2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-07-28 02:07 . 2012-07-28 02:07 6430208 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-07-28 01:51 . 2012-07-28 01:51 7052288 ----a-w- c:\windows\system32\atidxx64.dll

2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:\windows\system32\atiumd6a.dll

2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:\windows\system32\aticaldd64.dll

2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:\windows\system32\atiumd64.dll

2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:\windows\system32\atiadlxx.dll

2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-07-28 01:13 . 2012-07-28 01:13 129536 ----a-w- c:\windows\system32\atiuxp64.dll

2012-07-28 01:13 . 2012-07-28 01:13 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:\windows\system32\atiu9p64.dll

2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-07-18 17:31 . 2012-08-15 17:10 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-07-09 17:42 . 2012-07-09 17:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-07-09 17:42 . 2012-07-09 17:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E74F179F-F6CC-4BE0-9638-DEA49583953F}]

2011-05-26 01:01 38672 ----a-w- c:\program files (x86)\NJStar Communicator\NJStarBHO32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-05-30 4331392]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-09-18 2969496]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"Octoshape Streaming Services"="c:\users\Moo\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

"Akamai NetSession Interface"="c:\users\Moo\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-01-07 296056]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 136176]

R2 MBAMService;MBAMService;f:\malware bytes\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 atillk64;atillk64;c:\users\Moo\Desktop\PC Tools\GPU-Z\ATIWinFlash\atillk64.sys [2006-07-19 14608]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 GPU-Z;GPU-Z;c:\users\Moo\AppData\Local\Temp\GPU-Z.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 136176]

R3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]

R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [2010-04-07 446304]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-13 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]

S2 MBAMScheduler;MBAMScheduler;f:\malware bytes\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-07-22 690472]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-13 05:31]

.

2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-13 05:31]

.

2012-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1453039646-1502433711-1700080470-1001Core.job

- c:\users\Moo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 05:31]

.

2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1453039646-1502433711-1700080470-1001UA.job

- c:\users\Moo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 05:31]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E74F179F-F6CC-4BE0-9638-DEA49583953F}]

2011-05-26 01:01 42768 ----a-w- c:\program files (x86)\NJStar Communicator\X64\NJStarBHO64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

IE: E&xport to Microsoft Excel - c:\micros~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\micros~1\Office14\ONBttnIE.dll/105

IE: QQ

LSP: c:\programdata\Baidu\BaiduPlayer\BdAccLSP(1.0.14.138).dll

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\users\Moo\AppData\Roaming\Mozilla\Firefox\Profiles\gyjzsbuj.default\

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-10-06 18:00:15

ComboFix-quarantined-files.txt 2012-10-06 22:00

ComboFix2.txt 2012-10-06 21:33

.

Pre-Run: 16,576,569,344 bytes free

Post-Run: 16,498,003,968 bytes free

.

- - End Of File - - 14579782440112FE46BA6EBBA881699C

Link to post
Share on other sites

Make sure Spybot's Tea Timer is NOT on.

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

If you did not intentionally install Baidu, then Uninstall it.

Same goes for OpenCandy. See http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware:Win32/OpenCandy

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

NEXT:

Download and SAVE & then run mbam-clean.exe from >> here <<

It will ask to restart your computer, please allow it to do so very important

After the computer restarts, temporarily disable your Anti-Virus

If you need how-to guidance, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Next Download & SAVE the latest version of Malwarebytes' Anti-Malware from >> here <<

Run the mbam-setup.

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version

Launch the program and set the Protection and Registration, if you have a license. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that Malwarebytes Anti-Malware is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications.

You may use the guides posted in the FAQ's >> here << or ask and we'll explain how to do it.

Re-enable the anti-virus application that you turned off before.

Link to post
Share on other sites

Here is the file from AdwCleaner:

# AdwCleaner v2.004 - Logfile created 10/07/2012 at 11:26:57

# Updated 06/10/2012 by Xplode

# Operating system : Windows 7 Ultimate (64 bits)

# User : Moo - MOO-PC

# Boot Mode : Normal

# Running from : C:\Users\Moo\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility

Folder Found : C:\Users\Moo\AppData\LocalLow\boost_interprocess

Folder Found : C:\Users\Moo\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Found : HKLM\SOFTWARE\Classes\dnUpdate

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKU\S-1-5-21-1453039646-1502433711-1700080470-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default

File : C:\Users\Moo\AppData\Roaming\Mozilla\Firefox\Profiles\gyjzsbuj.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Moo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3620 octets] - [07/10/2012 11:26:57]

########## EOF - C:\AdwCleaner[R1].txt - [3680 octets] ##########

Link to post
Share on other sites

  • Close any open documents/programs & all internet browsers you have running.
  • Please start AdwCleaner
  • Click on Delete button.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  • Note: You can find the logfile at C:\AdwCleaner[s1]

Link to post
Share on other sites

# AdwCleaner v2.004 - Logfile created 10/08/2012 at 12:31:28

# Updated 06/10/2012 by Xplode

# Operating system : Windows 7 Ultimate (64 bits)

# User : Moo - MOO-PC

# Boot Mode : Normal

# Running from : C:\Users\Moo\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility

Folder Deleted : C:\Users\Moo\AppData\LocalLow\boost_interprocess

Folder Deleted : C:\Users\Moo\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default

File : C:\Users\Moo\AppData\Roaming\Mozilla\Firefox\Profiles\gyjzsbuj.default\prefs.js

C:\Users\Moo\AppData\Roaming\Mozilla\Firefox\Profiles\gyjzsbuj.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Moo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3741 octets] - [07/10/2012 11:26:57]

AdwCleaner[s1].txt - [3689 octets] - [08/10/2012 12:31:28]

########## EOF - C:\AdwCleaner[s1].txt - [3749 octets] ##########

Link to post
Share on other sites

Please copy/paste the lines in bold below to Notepad:

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset resetlog.log

shutdown -r -t 1

del %0

Save as flush.bat to your desktop.

Double-click flush.bat file to run it. Your computer will reboot.

Start MBAM.

Click the Update tab. Click on Check for Updates button.

Tell about the result,

also advise if MBAM is the Trial, or, if you have an MBAM license.

Link to post
Share on other sites

Create an mbam-check log:

Download mbam-check.exe from >> HERE << and save it to your desktop.

Double-click on mbam-check.exe to run it, it should then open a log file.

Please copy and paste the entire contents of the log into your next post, or, if you prefer, you may attach the CheckResults.txt file which should now be located on your desktop to your next post instead

Also,if you can, please also upload your 3 most recent Protection module logs:

In Windows XP, these logs are located in: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

In Win 7/Vista, these logs are located in: C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Link to post
Share on other sites

Here is the log from MBAM-check:

mbam-check result log version: 1.10.0.1000

Malwarebytes Version: REG_SZ 1.65.0.1400

Date Log Created: 10/09/12

Time Log Created: 17:14:55

64 bit Operating System

Product Name: REG_SZ Windows 7 Ultimate

Current Build Number: 7600

Current Version Number: 6.1

Current CSDVersion:

Proxy Status: No proxy is Set

Proxy Override:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\

ProxyOverride REG_SZ *.local;127.0.0.1:9421;<local>

LAN Settings:

=============

No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY

SystemPartition:

================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume2

Balloon Tips Status:

====================

Enabled

Time Format Settings:

=====================

Should be:

h:mm:ss tt

AM

PM

:

Currently:

REG_SZ h:mm:ss tt

REG_SZ AM

REG_SZ PM

REG_SZ :

Language and Regional Settings:

===============================

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:

====================================================

All Users Startup Folder Exists.

Current User's Startup Folder Exists.

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

TERMService:

==============

Type : 32

State : 1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE : 1077

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

TermService Start is set to: 3 (Manual Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):

=======================================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\Program Files (x86)\Steam\Steam.exeREG_SZ RUNASADMIN

F:\Games\Smite\HiRezGamesDiagAndSupport.exeREG_SZ VISTARTM

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\QQ\Bin\QQ.exe REG_SZ ELEVATECREATEPROCESS

C:\Program Files (x86)\Heroes of Newerth\hon.exeREG_SZ RUNASADMIN

C:\Program Files (x86)\Steam\Steam.exeREG_SZ #

C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark_1.9.1\FurMark.exeREG_SZ ELEVATECREATEPROCESS

MBAM Startup Entries:

=====================

Service and Driver Status:

==========================

MBAMProtector:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMService:

==============

Type : 16

State : 4 (The service is running.)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMProtector Registry Values:

==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector

Type REG_DWORD 2

Start REG_DWORD 3

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys

Group REG_SZ FSFilter Anti-Virus

DependOnService REG_MULTI_SZ FltMgr

WOW64 REG_DWORD 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances

DefaultInstance REG_SZ MBAMProtector Instance

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance

Altitude REG_SZ 328800

Flags REG_DWORD 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum

0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

MBAMService Registry Values:

============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService

Type REG_DWORD 16

Start REG_DWORD 2

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

DependOnService REG_MULTI_SZ MBAMProtector

WOW64 REG_DWORD 1

ObjectName REG_SZ LocalSystem

Description REG_SZ Malwarebytes Anti-Malware service

MBAM DLL's and Runtime Files:

=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid

(Default): REG_SZ vbAccelerator Grid Control

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid

(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid

(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid

(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid

(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ _ISubclass

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ __CTimer

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ CTimer

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ __vbalGrid

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ vbalGrid

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

MBAM Registry Settings and License Info:

========================================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware

advancedheuristics REG_DWORD 1

downloadprogram REG_DWORD 1

hidereg REG_DWORD 0

detectp2p REG_DWORD 0

detectpum REG_DWORD 1

detectpup REG_DWORD 2

updatewarn REG_DWORD 1

updatewarndays REG_DWORD 7

useproxy REG_DWORD 0

useauthentication REG_DWORD 0

contextmenu REG_DWORD 1

reportthreats REG_DWORD 1

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

startipdisabled REG_DWORD 0

silentipmode REG_DWORD 0

notifyinstallprogram REG_DWORD 1

trialpromptshown REG_DWORD 1

InstallPath REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

dbdate REG_SZ Mon, 01 Oct 2012 15:00:00 GMT

dbversion REG_SZ v2012.10.01.05

programversion REG_SZ 1.65.0.1400

trialended REG_DWORD 0

SchedulerQueue REG_MULTI_SZ 6148, 30254205, 208940320, 1, 23 | 30254639, 1198425825

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware (Trial)

TrialId There is data here but it is hidden.

HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

defaultscan REG_DWORD 0

terminateie REG_DWORD 0

Language REG_SZ English.lng

selectedrives REG_SZ C:\|F:\|

HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

defaultscan REG_DWORD 0

terminateie REG_DWORD 0

HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

defaultscan REG_DWORD 0

terminateie REG_DWORD 0

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

Inno Setup: Setup Version REG_SZ 5.4.3 (a)

Inno Setup: App Path REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

InstallLocation REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\

Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware

Inno Setup: User REG_SZ Moo

Inno Setup: Selected Tasks REG_SZ desktopicon

Inno Setup: Deselected Tasks REG_SZ quicklaunchicon

Inno Setup: Language REG_SZ English

DisplayName REG_SZ Malwarebytes Anti-Malware version 1.65.0.1400

DisplayIcon REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

UninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

QuietUninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" /SILENT

DisplayVersion REG_SZ 1.65.0.1400

Publisher REG_SZ Malwarebytes Corporation

URLInfoAbout REG_SZ http://www.malwarebytes.org

NoModify REG_DWORD 1

NoRepair REG_DWORD 1

InstallDate REG_SZ 20121007

MajorVersion REG_DWORD 1

MinorVersion REG_DWORD 65

EstimatedSize REG_DWORD 19772

Pending File Rename Operations:

================================

If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\

PendingFileRenameOperations REG_MULTI_SZ \??\C:\Windows\system32\spool\PRTPROCS\x64\1_CNMPDA9.DLL

Scheduler Queue:

================

Scheduled Item: Update Schedule Options: | Daily | Random

Start Time: 2012-10-07 11:15 Repeating Every: 1 Recover if missed by: 23

Context Menu Entries:

=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}

(Default): REG_SZ IMBAMShlExt

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID

(Default): REG_SZ MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

MBAM Drivers:

=============

C:\Windows\system32\drivers\mbam.sys File Size: 25928 BYTES FileVersion: 1.60.2.0

Required Dependencies:

======================

fltmgr:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

AttachWhenLoaded REG_DWORD 1

DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001

Group REG_SZ FSFilter Infrastructure

ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys

Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000

ErrorControl REG_DWORD 3

Start REG_DWORD 0

Tag REG_DWORD 1

Type REG_DWORD 2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

0 REG_SZ Root\LEGACY_FLTMGR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

C:\Windows\system32\drivers\fltmgr.sys File Size: 290368 BYTES FileVersion: 6.1.7600.16385

C:\Windows\SysWOW64\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34

C:\Windows\SysWOW64\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7600.16385

List of MBAM Related Directories:

=================================

C:\Program Files (x86)\Malwarebytes' Anti-Malware

changes.txt File Size: 2780 BYTES

license.txt File Size: 11141 BYTES

mbam.chm File Size: 582708 BYTES

mbam.dll File Size: 499784 BYTES FileVersion: 1.65.0.0

mbam.exe File Size: 981656 BYTES FileVersion: 1.62.0.140

mbamcore.dll File Size: 1089608 BYTES FileVersion: 1.62.0.0

mbamext.dll File Size: 95304 BYTES FileVersion: 1.61.0.0

mbamgui.exe File Size: 766536 BYTES FileVersion: 1.65.0.0

mbamnet.dll File Size: 2168392 BYTES FileVersion: 1.62.0.0

mbampt.exe File Size: 40008 BYTES FileVersion: 1.61.0.0

mbamscheduler.exe File Size: 399432 BYTES FileVersion: 1.65.0.0

mbamservice.exe File Size: 676936 BYTES FileVersion: 1.65.0.0

ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3

unins000.dat File Size: 15350 BYTES

unins000.exe File Size: 711240 BYTES FileVersion: 51.52.0.0

unins000.msg File Size: 10550 BYTES

vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon

chameleon.chm File Size: 186068 BYTES

firefox.com File Size: 218696 BYTES

firefox.exe File Size: 218696 BYTES

firefox.pif File Size: 218696 BYTES

firefox.scr File Size: 218696 BYTES

iexplore.exe File Size: 218696 BYTES

mbam-chameleon.com File Size: 218696 BYTES

mbam-chameleon.exe File Size: 218696 BYTES

mbam-chameleon.pif File Size: 218696 BYTES

mbam-chameleon.scr File Size: 218696 BYTES

mbam-killer.exe File Size: 896072 BYTES

rundll32.exe File Size: 218696 BYTES

svchost.exe File Size: 218696 BYTES

winlogon.exe File Size: 218696 BYTES

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages

arabic.lng File Size: 21110 BYTES

belarusian.lng File Size: 26026 BYTES

bosnian.lng File Size: 26236 BYTES

bulgarian.lng File Size: 26678 BYTES

catalan.lng File Size: 27226 BYTES

chineseSI.lng File Size: 10642 BYTES

chineseTR.lng File Size: 11588 BYTES

croatian.lng File Size: 25844 BYTES

czech.lng File Size: 23894 BYTES

danish.lng File Size: 25750 BYTES

dutch.lng File Size: 27282 BYTES

english.lng File Size: 23742 BYTES

estonian.lng File Size: 24112 BYTES

finnish.lng File Size: 24990 BYTES

french.lng File Size: 28790 BYTES

german.lng File Size: 28870 BYTES

greek.lng File Size: 28316 BYTES

hebrew.lng File Size: 18714 BYTES

hungarian.lng File Size: 27548 BYTES

italian.lng File Size: 27186 BYTES

japanese.lng File Size: 15814 BYTES

korean.lng File Size: 13710 BYTES

latvian.lng File Size: 26208 BYTES

lithuanian.lng File Size: 26920 BYTES

macedonian.lng File Size: 27830 BYTES

norwegian.lng File Size: 24216 BYTES

polish.lng File Size: 25726 BYTES

portugueseBR.lng File Size: 27720 BYTES

portuguesePT.lng File Size: 28056 BYTES

romanian.lng File Size: 27308 BYTES

russian.lng File Size: 26352 BYTES

serbian.lng File Size: 25970 BYTES

slovak.lng File Size: 24752 BYTES

slovenian.lng File Size: 23998 BYTES

spanish.lng File Size: 29010 BYTES

swedish.lng File Size: 25132 BYTES

thai.lng File Size: 25190 BYTES

turkish.lng File Size: 25046 BYTES

vietnamese.lng File Size: 28574 BYTES

C:\Users\Moo\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware

C:\Users\Moo\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

C:\Users\Moo\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware

rules.ref File Size: 7135009 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration

build.conf File Size: 140 BYTES

config.conf File Size: 3276 BYTES

custom.conf File Size: 20 BYTES

database.conf File Size: 432 BYTES

local.conf File Size: 630 BYTES

manifest.conf File Size: 545 BYTES

messaging.conf File Size: 20 BYTES

news.conf File Size: 405 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs

protection-log-2012-10-07.txt File Size: 11428 BYTES

protection-log-2012-10-08.txt File Size: 8790 BYTES

protection-log-2012-10-09.txt File Size: 834 BYTES

===============================================================

END OF FILE

Link to post
Share on other sites

2012-10-07:

2012/10/07 11:36:38 -0400 MOO-PC Moo MESSAGE Executing scheduled update: Daily

2012/10/07 11:36:38 -0400 MOO-PC Moo ERROR Scheduled update failed: Host not found failed with error code 0

2012/10/07 11:36:40 -0400 MOO-PC Moo MESSAGE Starting protection

2012/10/07 11:36:40 -0400 MOO-PC Moo MESSAGE Protection started successfully

2012/10/07 11:36:40 -0400 MOO-PC Moo MESSAGE Starting IP protection

2012/10/07 11:36:41 -0400 MOO-PC Moo MESSAGE IP Protection started successfully

2012/10/07 12:47:01 -0400 MOO-PC Moo MESSAGE Starting database refresh

2012/10/07 12:47:01 -0400 MOO-PC Moo MESSAGE Stopping IP protection

2012/10/07 12:47:01 -0400 MOO-PC Moo MESSAGE IP Protection stopped successfully

2012/10/07 12:47:03 -0400 MOO-PC Moo MESSAGE Database refreshed successfully

2012/10/07 12:47:03 -0400 MOO-PC Moo MESSAGE Starting IP protection

2012/10/07 12:47:04 -0400 MOO-PC Moo MESSAGE IP Protection started successfully

2012/10/07 16:09:52 -0400 MOO-PC Moo IP-BLOCK 217.23.13.82 (Type: outgoing, Port: 51421, Process: chrome.exe)

2012/10/07 16:09:52 -0400 MOO-PC Moo IP-BLOCK 217.23.13.82 (Type: outgoing, Port: 51422, Process: chrome.exe)

2012/10/07 21:14:12 -0400 MOO-PC Moo IP-BLOCK 79.142.79.108 (Type: outgoing, Port: 54127, Process: chrome.exe)

2012/10/07 21:14:12 -0400 MOO-PC Moo IP-BLOCK 79.142.79.109 (Type: outgoing, Port: 54128, Process: chrome.exe)

2012/10/07 21:16:44 -0400 MOO-PC Moo IP-BLOCK 79.142.79.108 (Type: outgoing, Port: 54241, Process: chrome.exe)

2012/10/07 21:16:44 -0400 MOO-PC Moo IP-BLOCK 79.142.79.108 (Type: outgoing, Port: 54242, Process: chrome.exe)

2012/10/07 21:16:44 -0400 MOO-PC Moo IP-BLOCK 79.142.79.109 (Type: outgoing, Port: 54243, Process: chrome.exe)

2012/10/07 21:16:44 -0400 MOO-PC Moo IP-BLOCK 79.142.79.109 (Type: outgoing, Port: 54246, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 54978, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 54983, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 54984, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 54985, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 54986, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 54987, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 54996, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 55003, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 55005, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 55006, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 55007, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 55008, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 55009, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 55010, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 55011, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 55012, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 55013, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 55014, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 55015, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 55016, Process: chrome.exe)

2012/10/07 21:28:21 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 55017, Process: chrome.exe)

2012/10/07 21:28:45 -0400 MOO-PC Moo IP-BLOCK 217.23.13.82 (Type: outgoing, Port: 55226, Process: chrome.exe)

2012/10/07 21:28:45 -0400 MOO-PC Moo IP-BLOCK 217.23.13.82 (Type: outgoing, Port: 55227, Process: chrome.exe)

2012/10/07 21:55:18 -0400 MOO-PC Moo IP-BLOCK 217.23.13.82 (Type: outgoing, Port: 55670, Process: chrome.exe)

2012/10/07 21:55:18 -0400 MOO-PC Moo IP-BLOCK 217.23.13.82 (Type: outgoing, Port: 55671, Process: chrome.exe)

2012/10/07 21:55:18 -0400 MOO-PC Moo IP-BLOCK 217.23.13.82 (Type: outgoing, Port: 55672, Process: chrome.exe)

2012/10/07 21:55:34 -0400 MOO-PC Moo IP-BLOCK 217.23.13.82 (Type: outgoing, Port: 55690, Process: chrome.exe)

2012/10/07 21:55:34 -0400 MOO-PC Moo IP-BLOCK 217.23.13.82 (Type: outgoing, Port: 55691, Process: chrome.exe)

2012/10/07 21:56:14 -0400 MOO-PC Moo IP-BLOCK 217.23.13.82 (Type: outgoing, Port: 55787, Process: chrome.exe)

2012/10/07 21:56:14 -0400 MOO-PC Moo IP-BLOCK 217.23.13.82 (Type: outgoing, Port: 55788, Process: chrome.exe)

2012/10/07 21:56:14 -0400 MOO-PC Moo IP-BLOCK 217.23.13.82 (Type: outgoing, Port: 55789, Process: chrome.exe)

2012/10/07 21:56:14 -0400 MOO-PC Moo IP-BLOCK 217.23.13.82 (Type: outgoing, Port: 55790, Process: chrome.exe)

2012/10/07 21:56:14 -0400 MOO-PC Moo IP-BLOCK 217.23.13.82 (Type: outgoing, Port: 55791, Process: chrome.exe)

2012/10/07 22:19:19 -0400 MOO-PC Moo IP-BLOCK 217.23.13.82 (Type: outgoing, Port: 55974, Process: chrome.exe)

2012/10/07 22:19:19 -0400 MOO-PC Moo IP-BLOCK 217.23.13.82 (Type: outgoing, Port: 55975, Process: chrome.exe)

2012-10-08:

2012/10/08 01:53:12 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 59007, Process: chrome.exe)

2012/10/08 01:53:12 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 59008, Process: chrome.exe)

2012/10/08 01:53:12 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 59009, Process: chrome.exe)

2012/10/08 01:53:12 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 59010, Process: chrome.exe)

2012/10/08 01:53:12 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 59011, Process: chrome.exe)

2012/10/08 01:53:12 -0400 MOO-PC Moo IP-BLOCK 80.82.70.249 (Type: outgoing, Port: 59014, Process: chrome.exe)

2012/10/08 02:03:12 -0400 MOO-PC Moo IP-BLOCK 121.10.143.17 (Type: outgoing, Port: 59420, Process: chrome.exe)

2012/10/08 02:03:12 -0400 MOO-PC Moo IP-BLOCK 121.10.143.17 (Type: outgoing, Port: 59423, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.215.119 (Type: outgoing, Port: 60290, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.215.119 (Type: outgoing, Port: 60291, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.215.119 (Type: outgoing, Port: 60292, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.214.25 (Type: outgoing, Port: 60321, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.214.25 (Type: outgoing, Port: 60322, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.214.25 (Type: outgoing, Port: 60323, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.214.80 (Type: outgoing, Port: 60324, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.214.80 (Type: outgoing, Port: 60325, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.214.80 (Type: outgoing, Port: 60326, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.214.185 (Type: outgoing, Port: 60327, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.214.185 (Type: outgoing, Port: 60328, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.214.185 (Type: outgoing, Port: 60329, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.215.243 (Type: outgoing, Port: 60330, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.215.243 (Type: outgoing, Port: 60331, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.215.243 (Type: outgoing, Port: 60332, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.215.244 (Type: outgoing, Port: 60333, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.215.244 (Type: outgoing, Port: 60334, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.215.244 (Type: outgoing, Port: 60335, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.215.245 (Type: outgoing, Port: 60336, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.215.245 (Type: outgoing, Port: 60337, Process: chrome.exe)

2012/10/08 02:38:50 -0400 MOO-PC Moo IP-BLOCK 222.76.215.245 (Type: outgoing, Port: 60338, Process: chrome.exe)

2012/10/08 11:17:46 -0400 MOO-PC Moo MESSAGE Executing scheduled update: Daily

2012/10/08 11:17:47 -0400 MOO-PC Moo ERROR Scheduled update failed: Host not found failed with error code 0

2012/10/08 12:33:12 -0400 MOO-PC Moo MESSAGE Starting protection

2012/10/08 12:33:12 -0400 MOO-PC Moo MESSAGE Protection started successfully

2012/10/08 12:33:12 -0400 MOO-PC Moo MESSAGE Starting IP protection

2012/10/08 12:33:13 -0400 MOO-PC Moo MESSAGE IP Protection started successfully

2012/10/08 16:38:46 -0400 MOO-PC Moo MESSAGE Stopping protection

2012/10/08 16:38:46 -0400 MOO-PC Moo MESSAGE Protection stopped successfully

2012/10/08 16:38:46 -0400 MOO-PC Moo MESSAGE Stopping IP protection

2012/10/08 16:38:46 -0400 MOO-PC Moo MESSAGE IP Protection stopped successfully

2012/10/08 16:38:47 -0400 MOO-PC Moo MESSAGE Protection stopped

2012/10/08 16:45:40 -0400 MOO-PC Moo MESSAGE Starting protection

2012/10/08 16:45:40 -0400 MOO-PC Moo MESSAGE Protection started successfully

2012/10/08 16:45:40 -0400 MOO-PC Moo MESSAGE Starting IP protection

2012/10/08 16:45:42 -0400 MOO-PC Moo MESSAGE IP Protection started successfully

2012-10-09:

2012/10/09 04:20:20 -0400 MOO-PC Moo IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55693, Process: firefox.exe)

2012/10/09 04:20:20 -0400 MOO-PC Moo IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55694, Process: firefox.exe)

2012/10/09 11:03:46 -0400 MOO-PC Moo MESSAGE Executing scheduled update: Daily

2012/10/09 11:03:46 -0400 MOO-PC Moo ERROR Scheduled update failed: Host not found failed with error code 0

protection-log-2012-10-07.txt

protection-log-2012-10-08.txt

protection-log-2012-10-09.txt

Link to post
Share on other sites

Click Windows-key and type in CMD.EXE and when it shows on the menu right click over it and choose "Run as administrator"

Then type in or copy/paste the following and then press the Enter key on the keyboard.

sc config termservice start= demand

sc start termservice

NEXT

do this:

1. Open Internet Explorer.

2. Click "Tools," and then click "Internet Options."

3. Click "Connections," and then click "LAN Settings."

4. Make sure the check boxes for "Automatically detect settings" and "Use automatic configuration script" are not selected.

5. Make sure Proxy servers block is not selected (not checkmarked).

6. Apply changes & OK

Now, Logoff and Restart the system.

Once the system is loaded & ready, start MBAM, click the Update tab, and do an Update check.

Edited by Maurice Naggar
Link to post
Share on other sites

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following boxes:

  • Flush DNS
  • Reset IE Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

To be clear: You have the Trial set of MBAM, right ? or did you buy a license for MBAM ?

If you have an MBAM license, you have the oprion to contact the consumer help desk here.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.