Jump to content
aspalmacin

Wow.dll Load Error message at Startup

Recommended Posts

Last week my anti-virus program detected and deleted several viruses.  One of them had installed a "wow.dll" program in my local TEMP folder, which I quickly deleted from the TEMP folder.  Now I'm getting this error message at start-up:

 

-----------------

  "RunDLL:

  Error loading

  C:\Users\Alan\Appdata\Local\Temp\sctwxdu\sjnqebn\wow.dll

  The specified module could not be found."

-----------------

 

I've run full virus scans using Malwarebytes Anti-Malware and Microsoft Security Essentials.  I also ran Malwarebytes Anti-Rootkit and TDSSKiller w/the TDLFS option.  All now report no viruses found, however I'm now stuck with the above error message at startup.

 

There is probably some remnant of one of the viruses still hanging around and I'd like to get rid of it.

 

Can you help?

Share this post


Link to post
Share on other sites

Hello aspalmacin and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Share this post


Link to post
Share on other sites

OK, I ran DDS.COM.  here's the results:

-----------------------------------------------------

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16496
Run by Alan at 8:42:42 on 2013-07-20
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.8152.5580 [GMT -4:00]
.
AV: Bitdefender Antivirus *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
C:\Windows\SysWOW64\IgrsSvcs.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\locator.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
C:\Program Files (x86)\Password Safe\pwsafe.exe
C:\Program Files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Bitdefender\Bitdefender\downloader.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uLocal Page = C:\Windows\System32\blank.htm



mLocal Page = C:\Windows\SysWOW64\blank.htm



uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Shell = explorer.exe
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
TB: &Links: {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\SysWOW64\ieframe.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
uRun: [bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
uRun: [bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
mRun: [OnekeyDM] C:\Program Files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe
mRun: [EnergyUtility] "C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
mRun: [Energy Management] "C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
mRun: [MDS_Menu] "C:\Program Files (x86)\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\MediaShow" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
mRun: [Carbonite Backup] "C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe"
dRun: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
StartupFolder: C:\Users\Alan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PASSWO~1.LNK - C:\Program Files (x86)\Password Safe\pwsafe.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: ForceActiveDesktopOn = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:2
mPolicies-System: ConsentPromptBehaviorUser = dword:1
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:1
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:1
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\mswsock.dll
Trusted Zone: turbotax.com






TCP: NameServer = 205.152.144.23 205.152.37.23
TCP: Interfaces\{3F8B349B-E7CF-4307-ADED-98AAD9277419} : DHCPNameServer = 205.152.144.23 205.152.37.23
TCP: Interfaces\{4032DB1A-4CD2-4610-85AA-D244D040D95D} : DHCPNameServer = 205.152.144.23 205.152.37.23
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll
STS: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\System32\browseui.dll
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages =  msv1_0
LSA: Notification Packages =  scecli
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\browseui.dll

x64-mLocal Page = C:\Windows\System32\blank.htm



x64-mWinlogon: Shell = explorer.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
x64-BHO: Bitdefender Wallet : {09F58E74-42B4-4D70-BA26-35FC954E7A17} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: ForceActiveDesktopOn = dword:0
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:2
x64-mPolicies-System: ConsentPromptBehaviorUser = dword:1
x64-mPolicies-System: EnableInstallerDetection = dword:1
x64-mPolicies-System: EnableLUA = dword:1
x64-mPolicies-System: EnableSecureUIAPaths = dword:1
x64-mPolicies-System: EnableVirtualization = dword:1
x64-mPolicies-System: PromptOnSecureDesktop = dword:1
x64-mPolicies-System: ValidateAdminCodeSignatures = dword:0
x64-mPolicies-System: dontdisplaylastusername = dword:0
x64-mPolicies-System: scforceoption = dword:0
x64-mPolicies-System: shutdownwithoutlogon = dword:1
x64-mPolicies-System: undockwithoutlogon = dword:1
x64-mPolicies-System: FilterAdministratorToken = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - <orphaned>
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll
x64-STS: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\System32\browseui.dll
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
x64-mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\browseui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ACPI;Microsoft ACPI Driver;C:\Windows\System32\drivers\acpi.sys [2010-1-10 325608]
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-7-16 718840]
R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2010-1-10 361448]
R0 Compbatt;Microsoft Composite Battery Driver;C:\Windows\System32\drivers\compbatt.sys [2006-11-2 23608]
R0 crcdisk;Crcdisk Filter Driver;C:\Windows\System32\drivers\crcdisk.sys [2006-11-2 27704]
R0 disk;Disk Driver;C:\Windows\System32\drivers\disk.sys [2010-1-10 67032]
R0 Ecache;ReadyBoost Caching Driver;C:\Windows\System32\drivers\ecache.sys [2010-1-10 155112]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2008-1-20 70200]
R0 FltMgr;FltMgr;C:\Windows\System32\drivers\fltMgr.sys [2010-1-10 275432]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-7-16 147232]
R0 iaStor;Intel AHCI Controller;C:\Windows\System32\drivers\iaStor.sys [2009-5-9 407576]
R0 KSecDD;KSecDD;C:\Windows\System32\drivers\ksecdd.sys [2012-7-11 516480]
R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\System32\drivers\LPCFilter.sys [2008-5-7 32040]
R0 MountMgr;Mount Point Manager;C:\Windows\System32\drivers\mountmgr.sys [2008-1-20 70200]
R0 msisadrv;ISA/EISA Class Driver;C:\Windows\System32\drivers\msisadrv.sys [2008-1-20 17976]
R0 Mup;Mup;C:\Windows\System32\drivers\mup.sys [2010-1-10 59880]
R0 NDIS;NDIS System Driver;C:\Windows\System32\drivers\ndis.sys [2010-1-10 738264]
R0 partmgr;Partition Manager;C:\Windows\System32\drivers\partmgr.sys [2012-5-10 72576]
R0 pci;PCI Bus Driver;C:\Windows\System32\drivers\pci.sys [2010-1-10 178664]
R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2010-1-10 19432]
R0 Tcpip;TCP/IP Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-6-12 1417576]
R0 trufos;trufos;C:\Windows\System32\drivers\trufos.sys [2013-7-16 383048]
R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2010-1-10 67048]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2010-1-10 408024]
R0 volsnap;Storage volumes;C:\Windows\System32\drivers\volsnap.sys [2012-12-12 267648]
R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\Windows\System32\drivers\Wdf01000.sys [2012-12-12 785512]
R1 AFD;Ancilliary Function Driver for Winsock;C:\Windows\System32\drivers\afd.sys [2012-2-15 404992]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2013-7-16 93600]
R1 bdftdif;bdftdif;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [2013-7-16 119888]
R1 cdrom;CD-ROM Driver;C:\Windows\System32\drivers\cdrom.sys [2010-1-10 79872]
R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2011-6-16 97792]
R1 funfrm;funfrm;C:\Windows\System32\drivers\funfrm.sys [2009-8-14 69136]
R1 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\Windows\System32\drivers\i8042prt.sys [2008-1-20 64000]
R1 kbdclass;Keyboard Class Driver;C:\Windows\System32\drivers\kbdclass.sys [2008-1-20 42040]
R1 kbdhid;Keyboard HID Driver;C:\Windows\System32\drivers\kbdhid.sys [2010-1-10 22528]
R1 mouclass;Mouse Class Driver;C:\Windows\System32\drivers\mouclass.sys [2008-1-20 39992]
R1 Msfs;Msfs;C:\Windows\System32\drivers\msfs.sys [2008-1-20 26112]
R1 NetBIOS;NetBIOS Interface;C:\Windows\System32\drivers\netbios.sys [2008-1-20 44544]
R1 netbt;NETBT;C:\Windows\System32\drivers\netbt.sys [2010-1-10 248320]
R1 Npfs;Npfs;C:\Windows\System32\drivers\npfs.sys [2010-1-10 44544]
R1 nsiproxy;NSI proxy service;C:\Windows\System32\drivers\nsiproxy.sys [2008-1-20 24064]
R1 Null;Null;C:\Windows\System32\drivers\null.sys [2006-11-2 6144]
R1 PSched;QoS Packet Scheduler;C:\Windows\System32\drivers\pacer.sys [2010-1-10 94208]
R1 RasAcd;Remote Access Auto Connection Driver;C:\Windows\System32\drivers\rasacd.sys [2008-1-20 14848]
R1 rdbss;Redirected Buffering Sub Sysytem;C:\Windows\System32\drivers\rdbss.sys [2010-1-10 287744]
R1 RDPCDD;RDPCDD;C:\Windows\System32\drivers\RDPCDD.sys [2008-1-20 7168]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2008-1-20 7168]
R1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2010-1-10 88064]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2010-1-10 94720]
R1 TermDD;Terminal Device Driver;C:\Windows\System32\drivers\termdd.sys [2010-1-10 62440]
R1 VgaSave;VgaSave;C:\Windows\System32\drivers\vga.sys [2008-1-20 28672]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2010-1-10 86528]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AeLookupSvc;Application Experience;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 Apple Mobile Device;Apple Mobile Device;C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-8-11 55184]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2008-1-20 27648]
R2 AudioSrv;Windows Audio;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2008-1-20 27648]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2008-1-20 27648]
R2 BITS;Background Intelligent Transfer Service;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 Browser;Computer Browser;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 CarboniteService;CarboniteService;C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe [2013-1-14 7559688]
R2 CryptSvc;Cryptographic Services;C:\Windows\System32\svchost.exe -k NetworkService [2008-1-20 27648]
R2 DcomLaunch;DCOM Server Process Launcher;C:\Windows\System32\svchost.exe -k DcomLaunch [2008-1-20 27648]
R2 DDNIMSGService;DDNIMSGService;C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2008-10-6 171872]
R2 DDNIService;DDNIService;C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe [2009-5-9 163680]
R2 Dhcp;DHCP Client;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2008-1-20 27648]
R2 Dnscache;DNS Client;C:\Windows\System32\svchost.exe -k NetworkService [2008-1-20 27648]
R2 dot3svc;Wired AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2008-1-20 27648]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2008-1-20 27648]
R2 EMDMgmt;ReadyBoost;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2008-1-20 27648]
R2 Eventlog;Windows Event Log;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2008-1-20 27648]
R2 EventSystem;COM+ Event System;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
R2 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k GPSvcGroup [2008-1-20 27648]
R2 hidserv;Human Interface Device Access;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2008-1-20 27648]
R2 IAANTMON;Intel® Matrix Storage Event Monitor;C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe [2009-5-9 354840]
R2 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2008-2-14 32768]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 IncSvc;Network Configuration;C:\Windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\Windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 IntuitUpdateService;Intuit Update Service;C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-9-29 13088]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2008-1-20 27648]
R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkService [2008-1-20 27648]
R2 LanmanServer;Server;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 LanmanWorkstation;Workstation;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2008-1-20 59392]
R2 lmhosts;TCP/IP NetBIOS Helper;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2008-1-20 27648]
R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2008-1-20 109568]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 418376]
R2 McciCMService;McciCMService;C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [2010-5-31 319488]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-5-31 517632]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2008-1-20 27648]
R2 msiserver;Windows Installer;C:\Windows\System32\msiexec /V --> C:\Windows\System32\msiexec  [?]
R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2008-1-20 27648]
R2 nsi;Network Store Interface Service;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
R2 ose;Office Source Engine;C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE [2006-10-26 145184]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2008-1-20 27648]
R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2006-11-2 712704]
R2 PlugPlay;Plug and Play;C:\Windows\System32\svchost.exe -k DcomLaunch [2008-1-20 27648]
R2 PolicyAgent;IPsec Policy Agent;C:\Windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2008-1-20 27648]
R2 ProfSvc;User Profile Service;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 RichVideo;Cyberlink RichVideo Service(CRVS);C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2009-5-9 244904]
R2 RpcLocator;Remote Procedure Call (RPC) Locator;C:\Windows\System32\Locator.exe [2006-11-2 8704]
R2 RpcSs;Remote Procedure Call (RPC);C:\Windows\System32\svchost.exe -k rpcss [2008-1-20 27648]
R2 rspndr;Link-Layer Topology Discovery Responder;C:\Windows\System32\drivers\rspndr.sys [2008-1-20 75776]
R2 SamSs;Security Accounts Manager;C:\Windows\System32\lsass.exe [2012-1-11 11264]
R2 Schedule;Task Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 secdrv;Security Driver;C:\Windows\System32\drivers\secdrv.sys [2006-11-2 23040]
R2 seclogon;Secondary Logon;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 SENS;System Event Notification Service;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 ShellHWDetection;Shell Hardware Detection;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 slsvc;Software Licensing;C:\Windows\System32\SLsvc.exe [2010-1-10 2582016]
R2 Spooler;Print Spooler;C:\Windows\System32\spoolsv.exe [2010-9-16 273920]
R2 SQLBrowser;SQL Server Browser;C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer;C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
R2 stisvc;Windows Image Acquisition (WIA);C:\Windows\System32\svchost.exe -k imgsvc [2008-1-20 27648]
R2 SysMain;Superfetch;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2008-1-20 27648]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2009-5-9 434176]
R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2008-1-20 27648]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2013-6-12 40448]
R2 TermService;Terminal Services;C:\Windows\System32\svchost.exe -k NetworkService [2008-1-20 27648]
R2 Themes;Themes;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 TrkWks;Distributed Link Tracking Client;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2008-1-20 27648]
R2 tvtumon;tvtumon;C:\Windows\System32\drivers\tvtumon.sys [2009-5-9 55360]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [2013-7-16 67320]
R2 upnphost;UPnP Device Host;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2008-1-20 27648]
R2 VSSERV;Bitdefender Virus Shield;C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [2013-7-16 1502080]
R2 W32Time;Windows Time;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
R2 WebClient;WebClient;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup [2008-1-20 27648]
R2 Winmgmt;Windows Management Instrumentation;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 Wlansvc;WLAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2008-1-20 27648]
R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2008-1-20 27648]
R2 wscsvc;Security Center;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2008-1-20 27648]
R2 WSearch;Windows Search;C:\Windows\System32\SearchIndexer.exe [2010-1-10 597504]
R2 wuauserv;Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 wudfsvc;Windows Driver Foundation - User-mode Driver Framework;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2008-1-20 27648]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2009-5-19 26128]
R3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-7-16 261056]
R3 bowser;Bowser;C:\Windows\System32\drivers\bowser.sys [2011-4-13 90624]
R3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2006-11-2 41984]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\Windows\System32\drivers\CmBatt.sys [2008-1-20 17792]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2013-5-14 901496]
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-5-9 68608]
R3 enecirhid;ENE CIR HID Receiver;C:\Windows\System32\drivers\enecirhid.sys [2009-5-9 14336]
R3 enecirhidma;ENE CIR HIDmini Filter;C:\Windows\System32\drivers\enecirhidma.sys [2009-5-9 6656]
R3 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver;C:\Windows\System32\drivers\GEARAspiWDM.sys [2012-10-24 33240]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\Windows\System32\drivers\hdaudbus.sys [2010-1-10 948736]
R3 HidIr;Microsoft Infrared HID Driver;C:\Windows\System32\drivers\hidir.sys [2008-1-20 25600]
R3 HidUsb;Microsoft HID Class Driver;C:\Windows\System32\drivers\hidusb.sys [2010-1-10 15872]
R3 HTTP;HTTP;C:\Windows\System32\drivers\http.sys [2010-3-10 620032]
R3 igfx;igfx;C:\Windows\System32\drivers\igdkmd64.sys [2009-8-14 10275296]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM);C:\Windows\System32\drivers\RTKVHD64.sys [2009-8-14 1733024]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-8-14 126464]
R3 intelppm;Intel Processor Driver;C:\Windows\System32\drivers\intelppm.sys [2008-1-20 48128]
R3 iScsiPrt;iScsiPort Driver;C:\Windows\System32\drivers\msiscsi.sys [2010-1-10 215528]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-2-12 384552]
R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2012-1-11 11264]
R3 ksthunk;Kernel Streaming Thunks;C:\Windows\System32\drivers\ksthunk.sys [2008-1-20 20864]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-7-10 25928]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2008-1-20 49152]
R3 mouhid;Mouse HID Driver;C:\Windows\System32\drivers\mouhid.sys [2006-11-2 19968]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2008-1-20 81408]
R3 MRxDAV;WebDav Client Redirector Driver;C:\Windows\System32\drivers\mrxdav.sys [2010-1-10 139264]
R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\Windows\System32\drivers\mrxsmb.sys [2011-6-16 135680]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2011-8-10 275456]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2011-6-16 107008]
R3 mssmbios;Microsoft System Management BIOS Driver;C:\Windows\System32\drivers\mssmbios.sys [2008-1-20 34872]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2010-1-10 187392]
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\Windows\System32\drivers\ndistapi.sys [2008-1-20 24064]
R3 Ndisuio;NDIS Usermode I/O Protocol;C:\Windows\System32\drivers\ndisuio.sys [2008-1-20 22016]
R3 NdisWan;Remote Access NDIS WAN Driver;C:\Windows\System32\drivers\ndiswan.sys [2010-1-10 169472]
R3 NDProxy;NDIS Proxy;C:\Windows\System32\drivers\ndproxy.sys [2008-1-20 59904]
R3 Netman;Network Connections;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2008-1-20 27648]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-8-14 4751360]
R3 Ntfs;Ntfs;C:\Windows\System32\drivers\ntfs.sys [2013-4-10 1513320]
R3 PptpMiniport;WAN Miniport (PPTP);C:\Windows\System32\drivers\raspptp.sys [2010-1-10 98816]
R3 Rasl2tp;WAN Miniport (L2TP);C:\Windows\System32\drivers\rasl2tp.sys [2010-1-10 124928]
R3 RasMan;Remote Access Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
R3 RasPppoe;Remote Access PPPOE Driver;C:\Windows\System32\drivers\raspppoe.sys [2010-1-10 50176]
R3 RasSstp;WAN Miniport (SSTP);C:\Windows\System32\drivers\rassstp.sys [2010-1-10 78336]
R3 RTSTOR;Realtek USB 2.0 Card Reader;C:\Windows\System32\drivers\RTSTOR64.sys [2009-5-9 68096]
R3 srv;srv;C:\Windows\System32\drivers\srv.sys [2011-4-13 450560]
R3 srv2;srv2;C:\Windows\System32\drivers\srv2.sys [2011-6-16 176128]
R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2011-6-16 145920]
R3 SSDPSRV;SSDP Discovery;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
R3 SstpSvc;Secure Socket Tunneling Protocol Service;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
R3 swenum;Software Bus Driver;C:\Windows\System32\drivers\swenum.sys [2006-11-2 13032]
R3 swprv;Microsoft Software Shadow Copy Provider;C:\Windows\System32\svchost.exe -k swprv [2008-1-20 27648]
R3 SynTP;Synaptics TouchPad Driver;C:\Windows\System32\drivers\SynTP.sys [2009-5-9 265776]
R3 TapiSrv;Telephony;C:\Windows\System32\svchost.exe -k NetworkService [2008-1-20 27648]
R3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2010-1-10 42496]
R3 tunmp;Microsoft Tun Miniport Adapter Driver;C:\Windows\System32\drivers\TUNMP.SYS [2008-1-20 18432]
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2010-4-15 29696]
R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2008-1-20 41984]
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\Windows\System32\drivers\usbccgp.sys [2008-1-20 95744]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\Windows\System32\drivers\usbehci.sys [2010-1-10 49664]
R3 usbhub;Microsoft USB Standard Hub Driver;C:\Windows\System32\drivers\usbhub.sys [2010-1-10 273920]
R3 usbsmi;Lenovo EasyCamera;C:\Windows\System32\drivers\SMIksdrv.sys [2009-8-14 183424]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\Windows\System32\drivers\usbuhci.sys [2008-1-20 29184]
R3 VSS;Volume Shadow Copy;C:\Windows\System32\VSSVC.exe [2010-1-10 1433600]
R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2008-1-20 27648]
R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
R3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\Windows\System32\drivers\WUDFPf.sys [2012-12-12 87040]
R4 cdfs;CD/DVD File System Reader;C:\Windows\System32\drivers\cdfs.sys [2008-1-20 90624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ehstart;Windows Media Center Service Launcher;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2008-1-20 27648]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-10 701512]
S2 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
S2 WinDefend;Windows Defender;C:\Windows\System32\svchost.exe -k secsvcs [2008-1-20 27648]
S3 agp440;Intel AGP Bus Filter;C:\Windows\System32\drivers\AGP440.sys [2006-11-2 64568]
S3 ALG;Application Layer Gateway Service;C:\Windows\System32\alg.exe [2008-1-20 80896]
S3 AsyncMac;RAS Asynchronous Media Driver;C:\Windows\System32\drivers\asyncmac.sys [2008-1-20 22016]
S3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-7-16 593144]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2008-1-20 214016]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2013-7-16 82384]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2006-11-2 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2006-11-2 8704]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\System32\drivers\BrUsbSer.sys [2006-11-2 14720]
S3 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
S3 COMSysApp;COM+ System Application;C:\Windows\System32\dllhost.exe [2006-11-2 8704]
S3 DFSR;DFS Replication;C:\Windows\System32\dfsr.exe [2010-1-10 3433472]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler;C:\Windows\System32\drivers\drmkaud.sys [2008-1-20 6144]
S3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;C:\Windows\System32\drivers\E1G6032E.sys [2008-1-20 146176]
S3 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2008-1-20 344064]
S3 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2008-1-20 153600]
S3 exfat;exFAT File System Driver;C:\Windows\System32\drivers\exfat.sys [2010-1-10 187904]
S3 fastfat;FAT12/16/32 File System Driver;C:\Windows\System32\drivers\fastfat.sys [2010-1-10 198144]
S3 Filetrace;FileTrace;C:\Windows\System32\drivers\filetrace.sys [2008-1-20 33280]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2010-1-10 42840]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\Windows\System32\drivers\GAGP30KX.SYS [2006-11-2 68152]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\HdAudio.sys [2006-11-2 273920]
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
S3 IDriverT;InstallDriver Table Manager;C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2010-1-10 857432]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2008-1-20 27648]
S3 IpFilterDriver;IP Traffic Filter Driver;C:\Windows\System32\drivers\ipfltdrv.sys [2010-1-10 67584]
S3 IPNAT;IP Network Address Translator;C:\Windows\System32\drivers\ipnat.sys [2008-1-20 115712]
S3 iPod Service;iPod Service;C:\Program Files\iPod\bin\iPodService.exe [2012-9-9 936848]
S3 IRENUM;IR Bus Enumerator;C:\Windows\System32\drivers\irenum.sys [2008-1-20 17408]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
S3 Modem;Modem;C:\Windows\System32\drivers\modem.sys [2008-1-20 40448]
S3 MSDTC;Distributed Transaction Coordinator;C:\Windows\System32\msdtc.exe [2008-1-20 106496]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\Windows\System32\drivers\mskssrv.sys [2008-1-20 11008]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\Windows\System32\drivers\mspclock.sys [2006-11-2 7040]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\Windows\System32\drivers\mspqm.sys [2006-11-2 6656]
S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2010-1-10 310760]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-5-27 29262680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\Windows\System32\drivers\mstee.sys [2008-1-20 7936]
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService [2008-1-20 27648]
S3 Netlogon;Netlogon;C:\Windows\System32\lsass.exe [2012-1-11 11264]
S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\Windows\System32\drivers\NV_AGP.SYS [2006-11-2 126520]
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2008-1-20 27648]
S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2008-1-20 27648]
S3 Parport;Parallel port driver;C:\Windows\System32\drivers\parport.sys [2006-11-2 96768]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2008-1-20 27648]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2008-1-20 27648]
S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2008-1-20 27648]
S3 ProtectedStorage;Protected Storage;C:\Windows\System32\lsass.exe [2012-1-11 11264]
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
S3 QWAVEdrv;QWAVE driver;C:\Windows\System32\drivers\qwavedrv.sys [2008-1-20 46592]
S3 RasAuto;Remote Access Auto Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
S3 RDPWD;RDP Winstation Driver;C:\Windows\System32\drivers\rdpwd.sys [2012-6-14 209920]
S3 RemoteRegistry;Remote Registry;C:\Windows\System32\svchost.exe -k regsvc [2008-1-20 27648]
S3 SCardSvr;Smart Card;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
S3 SDRSVC;Windows Backup;C:\Windows\System32\svchost.exe -k SDRSVC [2008-1-20 27648]
S3 Serenum;Serenum Filter Driver;C:\Windows\System32\drivers\serenum.sys [2006-11-2 23040]
S3 Serial;Serial Port Driver;C:\Windows\System32\drivers\serial.sys [2006-11-2 94208]
S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2006-11-2 14336]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\Windows\System32\drivers\sffp_sd.sys [2006-11-2 13824]
S3 SLUINotify;SL UI Notification Service;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
S3 SNMPTRAP;SNMP Trap;C:\Windows\System32\snmptrap.exe [2006-11-2 14336]
S3 Tcpip6;Microsoft IPv6 Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-6-12 1417576]
S3 TDPIPE;TDPIPE;C:\Windows\System32\drivers\tdpipe.sys [2008-1-20 16384]
S3 TDTCP;TDTCP;C:\Windows\System32\drivers\tdtcp.sys [2008-1-20 29696]
S3 THREADORDER;Thread Ordering Server;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2008-1-20 29184]
S3 uagp35;Microsoft AGPv3.5 Filter;C:\Windows\System32\drivers\UAGP35.SYS [2006-11-2 67128]
S3 UI0Detect;Interactive Services Detection;C:\Windows\System32\UI0Detect.exe [2008-1-20 40960]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2006-11-2 68152]
S3 usbaudio;USB Audio Driver (WDM);C:\Windows\System32\drivers\USBAUDIO.sys [2010-1-10 98944]
S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\System32\drivers\usbprint.sys [2008-1-20 24064]
S3 USBSTOR;USB Mass Storage Driver;C:\Windows\System32\drivers\USBSTOR.SYS [2010-1-10 77824]
S3 usbvideo;USB Video Device (WDM);C:\Windows\System32\drivers\usbvideo.sys [2008-1-20 168704]
S3 vds;Virtual Disk;C:\Windows\System32\vds.exe [2010-1-10 454656]
S3 vga;vga;C:\Windows\System32\drivers\vgapnp.sys [2008-1-20 29184]
S3 Wanarp;Remote Access IP ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2010-1-10 86528]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
S3 WcsPlugInService;Windows Color System;C:\Windows\System32\svchost.exe -k wcssvc [2008-1-20 27648]
S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k wdisvc [2008-1-20 27648]
S3 Wecsvc;Windows Event Collector;C:\Windows\System32\svchost.exe -k NetworkService [2008-1-20 27648]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
S3 WimFltr;WimFltr;C:\Windows\System32\drivers\WimFltr.sys [2009-5-9 151656]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService [2008-1-20 27648]
S3 winusb;WinUSB Service;C:\Windows\System32\drivers\winusb.sys [2010-1-10 36864]
S3 wmiApSrv;WMI Performance Adapter;C:\Windows\System32\wbem\WmiApSrv.exe [2010-1-10 209920]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service;C:\Program Files\Windows Media Player\wmpnetwk.exe [2008-1-20 1216000]
S3 WPCSvc;Parental Controls;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2008-1-20 27648]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
S3 WSVD;WSVD;C:\Windows\System32\drivers\WSVD.sys [2009-5-9 118768]
S3 WUDFRd;WUDFRd;C:\Windows\System32\drivers\WUDFRd.sys [2012-12-12 198656]
S4 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2006-11-2 486456]
S4 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2006-11-2 342584]
S4 adpu160m;adpu160m;C:\Windows\System32\drivers\adpu160m.sys [2006-11-2 126520]
S4 adpu320;adpu320;C:\Windows\System32\drivers\adpu320.sys [2006-11-2 185912]
S4 aic78xx;aic78xx;C:\Windows\System32\drivers\djsvs.sys [2006-11-2 88168]
S4 aliide;aliide;C:\Windows\System32\drivers\aliide.sys [2006-11-2 15976]
S4 amdide;amdide;C:\Windows\System32\drivers\amdide.sys [2006-11-2 15976]
S4 AmdK8;AMD K8 Processor Driver;C:\Windows\System32\drivers\amdk8.sys [2006-11-2 50688]
S4 arc;arc;C:\Windows\System32\drivers\arc.sys [2006-11-2 90680]
S4 arcsas;arcsas;C:\Windows\System32\drivers\arcsas.sys [2006-11-2 91192]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [2013-7-16 75584]
S4 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2008-1-21 55296]
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2006-11-2 86528]
S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2006-11-2 47104]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2006-11-2 14976]
S4 BTHMODEM;Bluetooth Serial Communications Driver;C:\Windows\System32\drivers\bthmodem.sys [2006-11-2 50688]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2010-1-10 66368]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-1-10 89920]
S4 cmdide;cmdide;C:\Windows\System32\drivers\cmdide.sys [2006-11-2 18024]
S4 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2006-11-2 397368]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\System32\drivers\errdev.sys [2008-1-21 8704]
S4 fdc;Floppy Disk Controller Driver;C:\Windows\System32\drivers\fdc.sys [2008-1-20 29696]
S4 flpydisk;Floppy Disk Driver;C:\Windows\System32\drivers\flpydisk.sys [2008-1-20 24576]
S4 HidBth;Microsoft Bluetooth HID Miniport;C:\Windows\System32\drivers\hidbth.sys [2006-11-2 34304]
S4 HpCISSs;HpCISSs;C:\Windows\System32\drivers\HpCISSs.sys [2006-11-2 47672]
S4 i2omp;i2omp;C:\Windows\System32\drivers\i2omp.sys [2006-11-2 35896]
S4 iaStorV;Intel RAID Controller Vista;C:\Windows\System32\drivers\iaStorV.sys [2006-11-2 290872]
S4 iirsp;iirsp;C:\Windows\System32\drivers\iirsp.sys [2006-11-2 44648]
S4 intelide;intelide;C:\Windows\System32\drivers\intelide.sys [2008-1-20 19512]
S4 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2006-11-2 76288]
S4 isapnp;PnP ISA/EISA Bus Driver;C:\Windows\System32\drivers\isapnp.sys [2006-11-2 23608]
S4 iteatapi;ITEATAPI_Service_Install;C:\Windows\System32\drivers\iteatapi.sys [2006-11-2 37480]
S4 iteraid;ITERAID_Service_Install;C:\Windows\System32\drivers\iteraid.sys [2006-11-2 37480]
S4 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2006-11-2 113720]
S4 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2006-11-2 105016]
S4 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2008-1-20 113720]
S4 Mcx2Svc;Windows Media Center Extender Service;C:\Windows\System32\svchost.exe -k LocalService [2008-1-20 27648]
S4 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2006-11-2 35896]
S4 MegaSR;MegaSR;C:\Windows\System32\drivers\MegaSR.sys [2008-1-20 438328]
S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\System32\drivers\mpio.sys [2006-11-2 128056]
S4 Mraid35x;Mraid35x;C:\Windows\System32\drivers\Mraid35x.sys [2006-11-2 39016]
S4 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2006-11-2 31288]
S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\System32\drivers\msdsm.sys [2006-11-2 113720]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper;C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-1-10 117592]
S4 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2006-11-2 51816]
S4 nvraid;NVIDIA nForce RAID Driver   ;C:\Windows\System32\drivers\nvraid.sys [2006-11-2 128056]
S4 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2006-11-2 54328]
S4 ohci1394;RICOH OHCI Compliant IEEE 1394 Host Controller;C:\Windows\System32\drivers\ohci1394.sys [2008-1-20 72192]
S4 pciide;pciide;C:\Windows\System32\drivers\pciide.sys [2006-11-2 13416]
S4 pcmcia;pcmcia;C:\Windows\System32\drivers\pcmcia.sys [2006-11-2 203368]
S4 Processor;Processor Driver;C:\Windows\System32\drivers\processr.sys [2006-11-2 47104]
S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\System32\drivers\ql2300.sys [2006-11-2 1221176]
S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\System32\drivers\ql40xx.sys [2006-11-2 124008]
S4 rdpdr;Terminal Server Device Redirector Driver;C:\Windows\System32\drivers\rdpdr.sys [2006-11-2 314368]
S4 RemoteAccess;Routing and Remote Access;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
S4 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\Windows\System32\drivers\sbp2port.sys [2006-11-2 90216]
S4 sdbus;sdbus;C:\Windows\System32\drivers\sdbus.sys [2008-1-20 111104]
S4 sermouse;Serial Mouse Driver;C:\Windows\System32\drivers\sermouse.sys [2008-1-20 26624]
S4 sffdisk;SFF Storage Class Driver;C:\Windows\System32\drivers\sffdisk.sys [2006-11-2 14848]
S4 sfloppy;High-Capacity Floppy Disk Drive;C:\Windows\System32\drivers\sfloppy.sys [2006-11-2 16384]
S4 SharedAccess;Internet Connection Sharing (ICS);C:\Windows\System32\svchost.exe -k netsvcs [2008-1-20 27648]
S4 SiSRaid2;SiSRaid2;C:\Windows\System32\drivers\sisraid2.sys [2006-11-2 45624]
S4 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2006-11-2 78392]
S4 Sym_hi;Sym_hi;C:\Windows\System32\drivers\sym_hi.sys [2006-11-2 44648]
S4 Sym_u3;Sym_u3;C:\Windows\System32\drivers\sym_u3.sys [2006-11-2 48232]
S4 Symc8xx;Symc8xx;C:\Windows\System32\drivers\symc8xx.sys [2006-11-2 49256]
S4 udfs;udfs;C:\Windows\System32\drivers\udfs.sys [2010-1-10 299008]
S4 uliahci;uliahci;C:\Windows\System32\drivers\uliahci.sys [2006-11-2 284728]
S4 UlSata;UlSata;C:\Windows\System32\drivers\ulsata.sys [2006-11-2 148072]
S4 ulsata2;ulsata2;C:\Windows\System32\drivers\ulsata2.sys [2006-11-2 174696]
S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2006-11-2 79360]
S4 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2006-11-2 24064]
S4 viaide;viaide;C:\Windows\System32\drivers\viaide.sys [2006-11-2 18024]
S4 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2006-11-2 149048]
S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2006-11-2 26624]
S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\System32\drivers\wd.sys [2006-11-2 24120]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\Windows\System32\drivers\wmiacpi.sys [2006-11-2 14336]
S4 ws2ifsl;Winsock IFS driver;C:\Windows\System32\drivers\ws2ifsl.sys [2008-1-20 20992]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: comfile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe" "%1"
ShellExec: iexplore.exe: open="C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
ShellExec: iTunes.exe: open="C:\Program Files (x86)\iTunes\iTunes.exe" /open "%L"
ShellExec: iTunes.exe: play="C:\Program Files (x86)\iTunes\iTunes.exe" /play "%L"
ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Gallery\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Gallery\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: SecureII.exe: open="F:\Secure II\Windows\SecureII.exe" "%1"
ShellExec: WinCal.exe: open="C:\Program Files (x86)\Windows Calendar\wincal.exe" "%1"
ShellExec: WINWORD.EXE: open="C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE" "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
.
=============== Created Last 60 ================
.
2013-07-16 18:48:59 593144 ----a-w- C:\Windows\System32\drivers\avckf.sys
2013-07-16 18:48:57 82384 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2013-07-16 18:48:57 718840 ----a-w- C:\Windows\System32\drivers\avc3.sys
2013-07-16 18:48:56 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2013-07-16 16:58:36 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2013-07-16 16:27:56 742812 ----a-w- C:\ProgramData\1373991319.bdinstall.bin
2013-07-16 16:18:07 -------- d-----w- C:\Users\Alan\AppData\Roaming\Bitdefender
2013-07-16 16:15:38 147232 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2013-07-16 16:15:38 -------- d-----w- C:\ProgramData\Bitdefender
2013-07-16 16:15:37 383048 ----a-w- C:\Windows\System32\drivers\trufos.sys
2013-07-16 16:06:29 224829 ----a-w- C:\ProgramData\1373990696.bdinstall.bin
2013-07-16 16:04:46 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2013-07-15 14:27:24 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-07-15 14:27:24 312232 ----a-w- C:\Windows\System32\javaws.exe
2013-07-15 14:27:24 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-07-15 14:27:13 189352 ----a-w- C:\Windows\System32\javaw.exe
2013-07-15 14:27:13 188840 ----a-w- C:\Windows\System32\java.exe
2013-07-15 14:27:13 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-15 14:26:57 -------- d-----w- C:\Program Files\Java
2013-07-15 14:13:16 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe
2013-07-15 14:13:16 -------- d-----w- C:\Program Files (x86)\Adobe
2013-07-15 11:51:59 -------- d-sh--w- C:\Config.Msi
2013-07-14 21:54:03 -------- d-----w- C:\Program Files (x86)\SweetIM
2013-07-12 20:50:53 2203874 ----a-w- C:\ProgramData\1373661729.bdinstall.bin
2013-07-12 20:49:37 -------- d-----w- C:\ProgramData\BDLogging
2013-07-12 20:49:30 511328 ----a-w- C:\Windows\capicom.dll
2013-07-12 20:49:29 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2013-07-12 20:43:52 -------- d-----w- C:\Users\Alan\AppData\Roaming\QuickScan
2013-07-12 20:42:28 -------- d-----w- C:\Program Files\Bitdefender
2013-07-12 20:38:15 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2013-07-10 22:13:38 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-10 17:38:09 -------- d-----w- C:\Windows\System32\MRT
2013-07-10 17:32:31 208216 ----a-w- C:\Windows\System32\drivers\00049528.sys
2013-07-10 15:38:09 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-07-10 15:38:09 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-07-10 15:38:09 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-10 15:38:09 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-10 15:38:09 149656 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-07-10 15:38:08 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-07-10 15:38:08 768512 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2013-07-10 15:38:08 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-10 15:38:08 182936 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-07-10 15:38:07 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-07-10 15:38:07 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-07-10 15:38:07 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-07-10 15:38:07 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-07-10 15:38:06 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-07-10 15:38:06 237056 ----a-w- C:\Windows\System32\url.dll
2013-07-10 15:38:06 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-07-10 15:38:06 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-10 15:38:06 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-10 15:38:05 763544 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2013-07-10 15:38:05 757400 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-07-10 15:38:05 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-07-10 15:38:05 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-10 15:38:05 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-10 15:38:04 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-07-10 15:38:04 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-07-10 15:38:03 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-07-10 15:38:03 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-07-10 15:38:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-10 15:38:03 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-10 15:38:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-10 15:38:02 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-07-10 15:38:02 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-10 15:38:02 548864 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2013-07-10 15:38:02 194560 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-07-10 15:38:02 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-10 15:38:02 141312 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll
2013-07-10 15:38:01 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-07-10 15:38:01 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2013-07-10 15:38:01 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-07-10 15:38:01 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-07-10 15:38:01 104448 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-07-10 15:38:00 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2013-07-10 15:38:00 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2013-07-10 15:37:59 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2013-07-10 15:37:59 12333568 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-07-10 15:37:56 17829376 ----a-w- C:\Windows\System32\mshtml.dll
2013-07-10 15:37:55 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-07-10 15:37:55 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-07-10 15:37:07 619008 ----a-w- C:\Windows\System32\qedit.dll
2013-07-10 15:37:06 505344 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-10 15:37:05 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-07-10 15:37:05 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-07-10 15:37:05 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-07-10 15:37:05 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-07-10 15:37:05 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-07-10 15:37:05 1556480 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-10 15:37:05 1149440 ----a-w- C:\Windows\System32\FntCache.dll
2013-07-10 15:37:05 1069056 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-10 15:37:04 834048 ----a-w- C:\Windows\System32\d2d1.dll
2013-07-10 15:37:04 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-07-10 15:37:04 287232 ----a-w- C:\Windows\System32\d3d10core.dll
2013-07-10 15:37:04 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-07-10 15:37:04 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-07-10 15:37:04 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-07-10 15:37:04 1268224 ----a-w- C:\Windows\System32\d3d10.dll
2013-07-10 15:37:04 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-07-10 15:37:04 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-07-10 15:36:50 1815552 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 15:36:50 1500672 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 15:36:49 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 15:36:49 1476608 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 15:36:49 1447936 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 15:36:42 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-10 15:36:41 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-10 15:36:40 2775040 ----a-w- C:\Windows\System32\win32k.sys
2013-06-12 15:39:13 812544 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-12 15:39:13 1078272 ----a-w- C:\Windows\System32\certutil.exe
2013-06-12 15:39:12 985600 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-12 15:39:12 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-12 15:39:12 50688 ----a-w- C:\Windows\System32\certenc.dll
2013-06-12 15:39:12 41984 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-06-12 15:39:12 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-12 15:39:12 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-12 15:39:12 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-12 15:39:12 1269248 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-12 15:38:58 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-12 15:38:57 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-12 15:37:49 686080 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 15:37:49 443904 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-12 15:37:49 37376 ----a-w- C:\Windows\SysWow64\printcom.dll
2013-06-12 15:37:44 1417576 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 15:37:43 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
.
==================== Find6M  ====================
.
2013-07-15 14:17:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-15 14:17:29 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-24 04:57:12 78277128 ----a-w- C:\Windows\System32\mrt.exe
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-15 14:17:12 901496 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-13 03:34:30 47104 ----a-w- C:\Windows\System32\cdd.dll
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-11 13:33:42 4691304 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-09 04:16:35 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-09 01:48:36 75264 ----a-w- C:\Windows\System32\smss.exe
2013-03-08 04:18:52 451072 ----a-w- C:\Windows\System32\winsrv.dll
2013-03-08 04:17:12 2425344 ----a-w- C:\Windows\System32\mstscax.dll
2013-03-08 03:52:22 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-03-03 19:13:14 1513320 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-02-12 02:18:19 19456 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2010-01-05 22:16:55 378 ----a-w- C:\Program Files (x86)\temp995.bat
.
============= FINISH:  8:44:13.25 ===============

 

 

Here's the ATTACH.TXT log:

--------------------------------------

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/14/2009 11:24:18 AM
System Uptime: 7/20/2013 8:36:45 AM (0 hours ago)
.
Motherboard: LENOVO |  | KIWB1
Processor: Pentium® Dual-Core CPU       T4200  @ 2.00GHz | U2E1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 253 GiB total, 148.154 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 28.448 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Bitdefender Internet Security
Broadcom Gigabit NetLink Controller
Business Contact Manager for Outlook 2007 SP1
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer Driver Add-On Module
Canon MP Navigator EX 3.1
Canon MX870 series MP Drivers
Canon MX870 series User Registration
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Carbonite
CCleaner
Defraggler
Dia (remove only)
DIBS
Dolby Control Center
DVDFab 8.2.2.6 (25/12/2012) Qt
EasyCapture
Energy Management
energyXT2.5
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
H&R Block Deluxe + Efile 2011
H&R Block Premium + Efile + State 2010
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Explorer (Enable DEP)
iTunes
Java 7 Update 25 (64-bit)
Java Auto Updater
Java 6 Update 30
LAME v3.98.3 for Audacity
Lenovo Desktop Navigator
Lenovo EasyCamera
Lenovo First Boot
Lenovo Idea Central
Lenovo Idea Notes
Lenovo OneKey Recovery
Lenovo ReadyComm 4.0
Lenovo System Repair - Windows Update Monitor
Malwarebytes Anti-Malware version 1.75.0.1300
MediaShow
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Automated Troubleshooting Services Shim
Microsoft Fix it Center
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 97, Professional Edition
Microsoft Office Small Business Connectivity Components
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Onekey Theater
Password Safe
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
Quicken 2008
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
SlideBar Driver
Synaptics Pointing Device Driver
TextMaker Viewer
TrueCrypt
Turbo Tax Audit Support Center 3.0
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Utility Common Driver
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Windows 7 Upgrade Advisor
Windows Driver Package - ENE (enecir) HIDClass  (11/19/2008 2.7.0.2)
Windows Driver Package - Lenovo (ACPIVPC) System  (10/15/2008 3.1.0.1)
Windows Live Toolbar
.
==== End Of File ===========================

 

Share this post


Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
In your next reply, post the following log files:
  • Malwarebytes' Anti-Malware log
  • RogueKiller log

Share this post


Link to post
Share on other sites

OK, Maniac, here's the two reports:

 

 

Malwarebytes Anti-Malware:

======================

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.20.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Alan :: ALAN-PC [administrator]

Protection: Disabled

7/20/2013 8:16:13 AM
mbam-log-2013-07-20 (08-16-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 242993
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

 

RogueKiller

=========

 

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Alan [Admin rights]
Mode : Scan -- Date : 07/20/2013 16:02:22
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 :  (C:\Users\Alan\AppData\Local\Temp\sctwxdu\sjnqebn\wow64.dll [-]) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Alan\AppData\Local\Temp\IHU15DB.tmp.exe [x][x] -> FOUND
[V2][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" - /silent $(Arg0) [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] 3a487f751b92f8dae5ae628fb3910df2
[bSP] f1089470007974b6228631e5109ca612 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 259023 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 530481341 | Size: 31111 Mo
2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 594198528 | Size: 15108 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07202013_160222.txt >>

 

 

Share this post


Link to post
Share on other sites

Step 1

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    2012081517h0349.png

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 2

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

In your next reply, post the following log files:

  • TDSSKiller log
  • ComboFix log

Share this post


Link to post
Share on other sites

How is this going so far?  Has anything popped up as the culprit?

 

I already have a copy of TDSSKiller installed on my laptop.  Can I use that one?

 

I'm about to start reading the ComboFix instructions.  It looks like a powerful and dangerous program, so I want to get it right.

Share this post


Link to post
Share on other sites

I just clicked on my Google icon and instead of going to Google, I wound up at the Bing search screen, overlaid with a pop-up saying "Repair Your PC - OK?".  I didn't click on it and just exited the Bing screen.  I clicked on Google again and this time the Google search screen came up. 

 

Is this related to my virus(es)?

Share this post


Link to post
Share on other sites

I tried to post the TDSSKiller log output but got the message "TOO LONG TO POST".   I forgot to disable one of my anti-virus programs that got started at startup.  I'll try again, with the anti-virus program running.  However, the end of log from the first run is below.  Don't know if this helps or not...

 

09:18:06.0747 3796  Scan finished
09:18:06.0747 3796  ============================================================
09:18:06.0763 3724  Detected object count: 8
09:18:06.0763 3724  Actual detected object count: 8
09:18:26.0481 3724  DDNIMSGService ( UnsignedFile.Multi.Generic ) - skipped by user
09:18:26.0481 3724  DDNIMSGService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:18:26.0481 3724  DDNIService ( UnsignedFile.Multi.Generic ) - skipped by user
09:18:26.0481 3724  DDNIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:18:26.0481 3724  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:18:26.0481 3724  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:18:26.0481 3724  IGRS ( UnsignedFile.Multi.Generic ) - skipped by user
09:18:26.0481 3724  IGRS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:18:26.0481 3724  McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
09:18:26.0481 3724  McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:18:26.0497 3724  McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
09:18:26.0497 3724  McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:18:26.0497 3724  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
09:18:26.0497 3724  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:18:26.0497 3724  System_Repair_UpdateMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
09:18:26.0497 3724  System_Repair_UpdateMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:21:38.0405 3408  Deinitialize success
 

Share this post


Link to post
Share on other sites

Let's try again.

You couldn't use your copy. Please manually delete it and follow my instructions from the beginning.

Share this post


Link to post
Share on other sites

OK, ran TDSSKiller again, this time without an anti-virus program running.  The log file is even longer then it was before; it's now 544KB.  Still getting the POST TOO LONG message.  What do you want me to do?

 

Share this post


Link to post
Share on other sites

Post the end of the log file like your previous log from TDSSKiller.

Share this post


Link to post
Share on other sites

OK, here's the tail-end of the latest TDSSKiller log.

 

.

.

.

09:54:04.0593 3664  ============================================================
09:54:04.0593 3664  Scan finished
09:54:04.0593 3664  ============================================================
09:54:04.0593 4416  Detected object count: 8
09:54:04.0593 4416  Actual detected object count: 8
09:54:17.0743 4416  DDNIMSGService ( UnsignedFile.Multi.Generic ) - skipped by user
09:54:17.0743 4416  DDNIMSGService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:54:17.0743 4416  DDNIService ( UnsignedFile.Multi.Generic ) - skipped by user
09:54:17.0743 4416  DDNIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:54:17.0743 4416  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:54:17.0743 4416  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:54:17.0743 4416  IGRS ( UnsignedFile.Multi.Generic ) - skipped by user
09:54:17.0743 4416  IGRS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:54:17.0759 4416  McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
09:54:17.0759 4416  McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:54:17.0759 4416  McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
09:54:17.0759 4416  McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:54:17.0759 4416  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
09:54:17.0759 4416  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:54:17.0759 4416  System_Repair_UpdateMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
09:54:17.0759 4416  System_Repair_UpdateMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:54:55.0714 2256  Deinitialize success

Share this post


Link to post
Share on other sites

Here's an extract from the TDSSKiller log related to the 8 entries...

 

=============

09:53:23.0206 3664  [ 696C496DDAB0A608D02894E9D4F62980 ] DDNIMSGService  C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
09:53:23.0237 3664  DDNIMSGService ( UnsignedFile.Multi.Generic ) - warning
09:53:23.0237 3664  DDNIMSGService - detected UnsignedFile.Multi.Generic (1)

09:53:23.0299 3664  [ A767A85632556477021D43259397B21A ] DDNIService     C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe
09:53:23.0331 3664  DDNIService ( UnsignedFile.Multi.Generic ) - warning
09:53:23.0331 3664  DDNIService - detected UnsignedFile.Multi.Generic (1)

 

09:53:27.0839 3664  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:53:27.0855 3664  IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:53:27.0855 3664  IDriverT - detected UnsignedFile.Multi.Generic (1)

 

09:53:28.0619 3664  [ 19A31DCA2F502D778C9A2B09B863412D ] IGRS            C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
09:53:28.0635 3664  IGRS ( UnsignedFile.Multi.Generic ) - warning
09:53:28.0635 3664  IGRS - detected UnsignedFile.Multi.Generic (1)

 

09:53:31.0817 3664  [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService   C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
09:53:31.0848 3664  McciCMService ( UnsignedFile.Multi.Generic ) - warning
09:53:31.0848 3664  McciCMService - detected UnsignedFile.Multi.Generic (1)

09:53:31.0895 3664  [ 859E5A32485178DAECA06B52E2BB44B2 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe
09:53:31.0911 3664  McciCMService64 ( UnsignedFile.Multi.Generic ) - warning
09:53:31.0911 3664  McciCMService64 - detected UnsignedFile.Multi.Generic (1)

 

09:53:39.0726 3664  [ D1F1D0EE50F8C070A612796676971699 ] RichVideo       C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
09:53:39.0757 3664  RichVideo ( UnsignedFile.Multi.Generic ) - warning
09:53:39.0757 3664  RichVideo - detected UnsignedFile.Multi.Generic (1)

 

09:53:43.0704 3664  [ 2C9C64661493F9FC79C913A894BD9732 ] System_Repair_UpdateMonitor C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
09:53:43.0735 3664  System_Repair_UpdateMonitor ( UnsignedFile.Multi.Generic ) - warning
09:53:43.0735 3664  System_Repair_UpdateMonitor - detected UnsignedFile.Multi.Generic (1)

==============

Share this post


Link to post
Share on other sites

OK, ComboFix finished.  The log is below.   I won't uninstall ComboFix until you tell me to. 

 

Note that ComboFix didn't run exactly as the how-to-use-combofix dewscribed it.  I saw no attempt to save the registry, no check for a recovery console, no change in clock setting and no disconnect from the internet.  BHowever, it went through all 50 stages and logged the result.  Do you think this was a valid run?

 

 

ComboFix Log

===========

 

ComboFix 13-07-20.03 - Alan 07/21/2013  14:29:35.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.8152.6212 [GMT -4:00]
Running from: c:\users\Alan\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Antispyware *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1373661729.bdinstall.bin
c:\programdata\1373990696.bdinstall.bin
c:\programdata\1373991319.bdinstall.bin
c:\users\Alan\Documents\~WRL0003.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-21 to 2013-07-21  )))))))))))))))))))))))))))))))
.
.
2013-07-21 19:13 . 2013-07-21 19:13 -------- d-----w- c:\users\Martha\AppData\Local\temp
2013-07-21 19:13 . 2013-07-21 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-16 18:48 . 2013-07-16 18:48 593144 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-07-16 18:48 . 2013-07-16 18:48 82384 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-07-16 18:48 . 2013-07-16 18:48 718840 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-07-16 18:48 . 2013-07-16 18:48 261056 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-07-16 16:58 . 2013-07-16 16:58 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-07-16 16:18 . 2013-07-16 16:18 -------- d-----w- c:\users\Alan\AppData\Roaming\Bitdefender
2013-07-16 16:15 . 2013-07-16 16:27 -------- d-----w- c:\programdata\Bitdefender
2013-07-16 16:15 . 2012-10-04 18:30 147232 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-07-16 16:15 . 2013-01-28 19:57 383048 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-07-16 16:04 . 2013-07-16 16:04 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2013-07-15 14:27 . 2013-07-15 14:27 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-15 14:27 . 2013-07-15 14:27 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-15 14:27 . 2013-07-15 14:27 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-15 14:27 . 2013-07-15 14:27 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-15 14:27 . 2013-07-15 14:27 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-15 14:27 . 2013-07-15 14:27 188840 ----a-w- c:\windows\system32\java.exe
2013-07-15 14:26 . 2013-07-15 14:26 -------- d-----w- c:\program files\Java
2013-07-15 14:13 . 2013-07-15 14:13 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-07-14 21:54 . 2013-07-14 21:54 -------- d-----w- c:\program files (x86)\SweetIM
2013-07-12 20:49 . 2013-07-12 20:49 -------- d-----w- c:\programdata\BDLogging
2013-07-12 20:49 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
2013-07-12 20:49 . 2009-07-14 20:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-07-12 20:43 . 2013-07-12 20:43 -------- d-----w- c:\users\Alan\AppData\Roaming\QuickScan
2013-07-12 20:42 . 2013-07-16 18:38 -------- d-----w- c:\program files\Bitdefender
2013-07-12 20:38 . 2013-07-16 16:15 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-07-10 22:13 . 2013-07-19 11:50 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-10 17:38 . 2013-07-10 17:40 -------- d-----w- c:\windows\system32\MRT
2013-07-10 17:32 . 2013-07-10 17:32 208216 ----a-w- c:\windows\system32\drivers\00049528.sys
2013-07-10 15:37 . 2013-05-29 05:39 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-07-10 15:36 . 2013-04-09 04:08 1815552 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 15:36 . 2013-04-09 04:07 1500672 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 15:36 . 2013-04-09 04:07 1447936 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 15:36 . 2013-04-09 04:07 1476608 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 15:36 . 2013-04-09 03:51 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 15:36 . 2013-05-08 04:04 1548288 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 15:36 . 2013-05-08 04:18 1706496 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 15:36 . 2013-06-04 02:03 2775040 ----a-w- c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-15 14:17 . 2012-04-12 15:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-15 14:17 . 2011-09-25 16:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-24 04:57 . 2006-11-02 12:35 78277128 ----a-w- c:\windows\system32\mrt.exe
2013-05-08 04:14 . 2013-06-12 15:37 1417576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-08 02:27 . 2013-06-12 15:37 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-05-02 15:29 . 2009-10-03 13:26 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-02 04:16 . 2013-06-12 15:37 686080 ----a-w- c:\windows\system32\win32spl.dll
2013-05-02 04:04 . 2013-06-12 15:37 443904 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-05-02 04:03 . 2013-06-12 15:37 37376 ----a-w- c:\windows\SysWow64\printcom.dll
2013-04-24 04:09 . 2013-06-12 15:39 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2013-04-24 04:09 . 2013-06-12 15:39 132096 ----a-w- c:\windows\system32\cryptnet.dll
2013-04-24 04:09 . 2013-06-12 15:39 1269248 ----a-w- c:\windows\system32\crypt32.dll
2013-04-24 04:09 . 2013-06-12 15:39 50688 ----a-w- c:\windows\system32\certenc.dll
2013-04-24 04:00 . 2013-06-12 15:39 985600 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-04-24 04:00 . 2013-06-12 15:39 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-04-24 04:00 . 2013-06-12 15:39 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-04-24 04:00 . 2013-06-12 15:39 41984 ----a-w- c:\windows\SysWow64\certenc.dll
2013-04-24 02:10 . 2013-06-12 15:39 1078272 ----a-w- c:\windows\system32\certutil.exe
2013-04-24 01:46 . 2013-06-12 15:39 812544 ----a-w- c:\windows\SysWow64\certutil.exe
2010-01-05 22:16 . 2010-01-05 22:16 378 ----a-w- c:\program files (x86)\temp995.bat
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-01-14 21:12 1020424 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-01-14 21:12 1020424 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-01-14 21:12 1020424 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-06-19 520496]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-06-21 971136]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2013-06-19 609576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OnekeyDM"="c:\program files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe" [2008-12-23 471552]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-07-16 5603656]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-07-13 8853320]
"MDS_Menu"="c:\program files (x86)\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-01-14 1065480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-06-19 520496]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-06-21 971136]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2013-06-19 609576]
.
c:\users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Password Safe.lnk - c:\program files (x86)\Password Safe\pwsafe.exe -s [2010-2-14 2465792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ    IncSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
c:\windows\Tasks\User_Feed_Synchronization-{BE97B6EA-D0D4-490F-9947-964A4DECF45A}.job
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-01-14 21:01 1292808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-01-14 21:01 1292808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-01-14 21:01 1292808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-24 1713448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-16 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-16 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-16 202264]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-10 7212576]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-10 1833504]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2013-07-16 1716832]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Windows Live Search - c:\program files (x86)\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\accounts
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 205.152.144.23 205.152.37.23
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-14391135.sys
SafeBoot-19491965.sys
SafeBoot-22796396.sys
SafeBoot-97964107.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"=hex:51,66,7a,6c,4c,1d,38,12,c3,1e,be,
   b9,74,87,79,0f,d2,d7,27,f5,b1,a1,11,c4
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"=hex:51,66,7a,6c,4c,1d,38,12,c3,1e,ae,
   b9,74,87,79,0f,d2,d7,27,f5,b1,a1,11,c4
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}"=hex:51,66,7a,6c,4c,1d,3b,1b,64,37,6d,
   54,75,5c,8a,34,aa,62,82,42,ba,d5,f4,71
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f4,0f,09,7e,98,ff,cc,01
.
Completion time: 2013-07-21  15:15:03
ComboFix-quarantined-files.txt  2013-07-21 19:15
.
Pre-Run: 160,900,825,088 bytes free
Post-Run: 160,787,775,488 bytes free
.
- - End Of File - - DEF3581A19E9DE9229D360E15E06B590
CFEC0BC28E237AB24B54AEBEB03049FB
 

Share this post


Link to post
Share on other sites

OK, I've done two cold starts and the "wow.dll" message has NOT appeared at startup.  Does this mean this exercise is over or do you want me to run additional scans/inspections?

Share this post


Link to post
Share on other sites

It is fine. :)

One last scan:

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Share this post


Link to post
Share on other sites

ESET finished and quarantined two threats:

 

======================================

C:\Users\Alan\Downloads\disk-defrag-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Users\Alan\Downloads\UltraFileSearch\cbsidlm-tr1_13-UltraFileSearch-SEO-75090727.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined

======================================

 

 

What next?

 

 

 

Share this post


Link to post
Share on other sites

The "wow.dll" message is gone, so that is good.  You've done a good job, in spite of having to carry me around as your inexperienced "helper."

 

How dangerous were the viruses found by ComboFix and ESET?

 

Is there any way I can check from time to time to see if everything is gone?  Although I'll continue to use them, my trust in Malwarebytes and Bitdefender is a bit shaken as they obviously missed the threats, during their full scans, that were found by ComboFix and ESET.

Share this post


Link to post
Share on other sites

Oh, can I uninstall ComboFix and the virus tools I downloaded to my desktop? 

 

I think I might keep TDSSKiller around just in case I need it in the future...

Share this post


Link to post
Share on other sites

Problems actually come from something that you have downloaded.

C:\Users\Alan\Downloads\disk-defrag-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Users\Alan\Downloads\UltraFileSearch\cbsidlm-tr1_13-UltraFileSearch-SEO-75090727.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined

You should be more careful.

Is there any way I can check from time to time to see if everything is gone?

You could use ESET Online Scanner, Malwarebytes' Anti-Malware, your antivirus software. You should take some preventions. I suggest you this guide:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Some links for security software here:

http://users.telenet.be/bluepatchy/miekiemoes/Links.html

Please clean your tools with this one:

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Safe surfing! :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.