Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Audio Ad Virus


(!)

Matimal's Avatar
Matimal Matimal is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2012
Location: Oregon
Experience: Beginner
24-Aug-2012, 11:11 PM #1
Audio Ad Virus
Every once in a while my audio mutes momentarily regardless of what I'm doing then comes back on and starts playing random audio ads. I thought I'd fixed the issue a couple of times, but it happened yet again today.

I've seen a few threads for this, but noticed I may have some specific steps to go through.

TSG SysInfo:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 64 bit
Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 6071 Mb
Graphics Card: NVIDIA GeForce GTX 560, 1023 Mb
Hard Drives: C: Total - 942867 MB, Free - 98497 MB; D: Total - 10898 MB, Free - 1586 MB; J: Total - 718349 MB, Free - 411275 MB;
Motherboard: MSI, IONA
Antivirus: Spyware Doctor with AntiVirus, Updated and Enabled

HJT Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:06:10 PM, on 8/24/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\hp\Button Manager\BM.exe
C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matimal\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_4EF26E408575E70D86EC92B55849BBE3] "C:\Users\Matimal\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Matimal\AppData\Local\Programs\Google\MusicManager\MusicManager.e xe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-166559911-887469763-4097606844-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-166559911-887469763-4097606844-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
O4 - Global Startup: HP Button Manager.lnk = C:\Program Files (x86)\hp\Button Manager\BM.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://renderer.mabinogi.nexon.com/r...12.04.25.0.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/def...jolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames...o.cab55579.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames...1.cab60096.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames...l.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor....cab102118.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab...i_4.4.26.0.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames...n.cab64162.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98797886-F77D-4825-822D-CB4167399B5C}: NameServer = 24.205.192.61,24.205.224.36
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firefox Service - Unknown owner - C:\Users\Matimal\AppData\Roaming\Mozilla\Firefox\Profiles\cw9m27lw.default\ extensions\startup.service@mozilla.com\svc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mongoose 2.8 - Unknown owner - C:\mongoose-2.8\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: TWEService - Unknown owner - C:\Users\Matimal\AppData\Local\JogoBox\JogoBoxService.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17403 bytes
CatByte's Avatar
Malware Removal Specialist with 3,885 posts.
 
Join Date: Feb 2009
25-Aug-2012, 06:14 PM #2
Please do the following:
  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
Matimal's Avatar
Matimal Matimal is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2012
Location: Oregon
Experience: Beginner
25-Aug-2012, 07:37 PM #3
Thanks for the quick response. TDSSKiller didn't seem to find anything I believe, so it was a bit different than the instructions given. It didn't show me anything that I could skip and it didn't get to a point where I could "Continue > Reboot Now". I grabbed the log files and rebooted anyway though.

aswMBR Log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-25 15:17:57
-----------------------------
15:17:57.239 OS Version: Windows x64 6.1.7600
15:17:57.239 Number of processors: 4 586 0x2502
15:17:57.240 ComputerName: MATIMEO UserName: Matimal
15:17:59.335 Initialize success
15:19:53.337 AVAST engine defs: 12082501
15:20:00.155 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:20:00.157 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
15:20:00.183 Disk 0 MBR read successfully
15:20:00.186 Disk 0 MBR scan
15:20:00.195 Disk 0 unknown MBR code
15:20:00.198 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:20:00.282 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942868 MB offset 206848
15:20:00.324 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10899 MB offset 1931200512
15:20:00.453 Disk 0 scanning C:\Windows\system32\drivers
15:20:20.359 Service scanning
15:20:50.827 Modules scanning
15:20:50.834 Disk 0 trace - called modules:
15:20:50.860 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys iaStor.sys
15:20:50.866 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006300060]
15:20:50.871 3 CLASSPNP.SYS[fffff88001ba043f] -> nt!IofCallDriver -> [0xfffffa800616ccf0]
15:20:50.875 5 PCTCore64.sys[fffff880014ab600] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005fba050]
15:20:52.837 AVAST engine scan C:\Windows
15:20:58.010 AVAST engine scan C:\Windows\system32
15:25:24.788 AVAST engine scan C:\Windows\system32\drivers
15:26:23.301 AVAST engine scan C:\Users\Matimal
15:52:18.743 Disk 0 MBR has been saved successfully to "C:\Users\Matimal\Desktop\MBR.dat"
15:52:18.751 The log file has been saved successfully to "C:\Users\Matimal\Desktop\aswMBR.txt"

TDSSKiller Log:

15:57:55.0402 5780 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:57:56.0026 5780 ============================================================
15:57:56.0026 5780 Current date / time: 2012/08/25 15:57:56.0026
15:57:56.0026 5780 SystemInfo:
15:57:56.0026 5780
15:57:56.0026 5780 OS Version: 6.1.7600 ServicePack: 0.0
15:57:56.0026 5780 Product type: Workstation
15:57:56.0026 5780 ComputerName: MATIMEO
15:57:56.0027 5780 UserName: Matimal
15:57:56.0027 5780 Windows directory: C:\Windows
15:57:56.0027 5780 System windows directory: C:\Windows
15:57:56.0027 5780 Running under WOW64
15:57:56.0027 5780 Processor architecture: Intel x64
15:57:56.0027 5780 Number of processors: 4
15:57:56.0027 5780 Page size: 0x1000
15:57:56.0027 5780 Boot type: Normal boot
15:57:56.0027 5780 ============================================================
15:57:56.0579 5780 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:57:56.0582 5780 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:57:56.0626 5780 ============================================================
15:57:56.0626 5780 \Device\Harddisk0\DR0:
15:57:56.0626 5780 MBR partitions:
15:57:56.0626 5780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:57:56.0627 5780 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7318A000
15:57:56.0627 5780 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x731BC800, BlocksNum 0x1549800
15:57:56.0627 5780 \Device\Harddisk1\DR1:
15:57:56.0627 5780 MBR partitions:
15:57:56.0627 5780 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3B9ACDF, BlocksNum 0x57B06CE0
15:57:56.0627 5780 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x5B6A2000, BlocksNum 0x19064000
15:57:56.0627 5780 ============================================================
15:57:56.0687 5780 C: <-> \Device\Harddisk0\DR0\Partition2
15:57:56.0736 5780 D: <-> \Device\Harddisk0\DR0\Partition3
15:57:56.0798 5780 J: <-> \Device\Harddisk1\DR1\Partition1
15:57:56.0817 5780 ============================================================
15:57:56.0817 5780 Initialize success
15:57:56.0817 5780 ============================================================
16:02:22.0136 12688 ============================================================
16:02:22.0137 12688 Scan started
16:02:22.0137 12688 Mode: Manual; TDLFS;
16:02:22.0137 12688 ============================================================
16:02:22.0402 12688 ================ Scan system memory ========================
16:02:22.0402 12688 System memory - ok
16:02:22.0403 12688 ================ Scan services =============================
16:02:22.0606 12688 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:02:22.0609 12688 1394ohci - ok
16:02:22.0726 12688 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:02:22.0728 12688 ACDaemon - ok
16:02:22.0749 12688 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
16:02:22.0753 12688 ACPI - ok
16:02:22.0776 12688 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
16:02:22.0777 12688 AcpiPmi - ok
16:02:22.0818 12688 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
16:02:22.0820 12688 adfs - ok
16:02:22.0984 12688 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:02:22.0985 12688 AdobeFlashPlayerUpdateSvc - ok
16:02:23.0013 12688 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:02:23.0018 12688 adp94xx - ok
16:02:23.0051 12688 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:02:23.0055 12688 adpahci - ok
16:02:23.0077 12688 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:02:23.0080 12688 adpu320 - ok
16:02:23.0118 12688 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:02:23.0120 12688 AeLookupSvc - ok
16:02:23.0172 12688 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
16:02:23.0177 12688 AFD - ok
16:02:23.0197 12688 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
16:02:23.0199 12688 agp440 - ok
16:02:23.0213 12688 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:02:23.0215 12688 ALG - ok
16:02:23.0218 12688 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
16:02:23.0220 12688 aliide - ok
16:02:23.0230 12688 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
16:02:23.0231 12688 amdide - ok
16:02:23.0260 12688 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:02:23.0262 12688 AmdK8 - ok
16:02:23.0276 12688 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:02:23.0277 12688 AmdPPM - ok
16:02:23.0311 12688 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:02:23.0313 12688 amdsata - ok
16:02:23.0335 12688 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:02:23.0337 12688 amdsbs - ok
16:02:23.0352 12688 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:02:23.0354 12688 amdxata - ok
16:02:23.0403 12688 [ 27466E519371C6FC3A39B1F7B8A297FC ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
16:02:23.0404 12688 androidusb - ok
16:02:23.0443 12688 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
16:02:23.0445 12688 AppID - ok
16:02:23.0454 12688 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:02:23.0456 12688 AppIDSvc - ok
16:02:23.0491 12688 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
16:02:23.0493 12688 Appinfo - ok
16:02:23.0516 12688 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:02:23.0518 12688 arc - ok
16:02:23.0522 12688 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:02:23.0524 12688 arcsas - ok
16:02:23.0549 12688 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
16:02:23.0551 12688 ArcSoftKsUFilter - ok
16:02:23.0723 12688 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:02:23.0725 12688 aspnet_state - ok
16:02:23.0744 12688 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:02:23.0745 12688 AsyncMac - ok
16:02:23.0762 12688 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
16:02:23.0763 12688 atapi - ok
16:02:23.0817 12688 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
16:02:23.0820 12688 atksgt - ok
16:02:23.0866 12688 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:02:23.0873 12688 AudioEndpointBuilder - ok
16:02:23.0882 12688 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:02:23.0886 12688 AudioSrv - ok
16:02:23.0911 12688 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:02:23.0913 12688 AxInstSV - ok
16:02:23.0928 12688 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:02:23.0933 12688 b06bdrv - ok
16:02:23.0967 12688 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:02:23.0971 12688 b57nd60a - ok
16:02:24.0061 12688 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
16:02:24.0063 12688 BBSvc - ok
16:02:24.0112 12688 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
16:02:24.0115 12688 BBUpdate - ok
16:02:24.0132 12688 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:02:24.0134 12688 BDESVC - ok
16:02:24.0146 12688 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:02:24.0148 12688 Beep - ok
16:02:24.0184 12688 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
16:02:24.0191 12688 BFE - ok
16:02:24.0255 12688 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
16:02:24.0263 12688 BITS - ok
16:02:24.0288 12688 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:02:24.0290 12688 blbdrive - ok
16:02:24.0373 12688 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
16:02:24.0377 12688 Bonjour Service - ok
16:02:24.0422 12688 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:02:24.0424 12688 bowser - ok
16:02:24.0439 12688 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:02:24.0441 12688 BrFiltLo - ok
16:02:24.0455 12688 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:02:24.0456 12688 BrFiltUp - ok
16:02:24.0496 12688 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
16:02:24.0498 12688 Browser - ok
16:02:24.0534 12688 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:02:24.0538 12688 Brserid - ok
16:02:24.0553 12688 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:02:24.0555 12688 BrSerWdm - ok
16:02:24.0568 12688 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:02:24.0569 12688 BrUsbMdm - ok
16:02:24.0573 12688 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:02:24.0574 12688 BrUsbSer - ok
16:02:24.0629 12688 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:02:24.0631 12688 BthEnum - ok
16:02:24.0648 12688 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:02:24.0650 12688 BTHMODEM - ok
16:02:24.0691 12688 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:02:24.0693 12688 BthPan - ok
16:02:24.0731 12688 [ A51FA9D0E85D5ADABEF72E67F386309C ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
16:02:24.0736 12688 BTHPORT - ok
16:02:24.0787 12688 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:02:24.0789 12688 bthserv - ok
16:02:24.0821 12688 [ F740B9A16B2C06700F2130E19986BF3B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
16:02:24.0823 12688 BTHUSB - ok
16:02:24.0863 12688 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:02:24.0865 12688 cdfs - ok
16:02:24.0905 12688 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:02:24.0908 12688 cdrom - ok
16:02:24.0931 12688 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
16:02:24.0933 12688 CertPropSvc - ok
16:02:24.0954 12688 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:02:24.0956 12688 circlass - ok
16:02:24.0977 12688 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:02:24.0980 12688 CLFS - ok
16:02:25.0078 12688 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:02:25.0080 12688 clr_optimization_v2.0.50727_32 - ok
16:02:25.0120 12688 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:02:25.0121 12688 clr_optimization_v2.0.50727_64 - ok
16:02:25.0225 12688 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:02:25.0227 12688 clr_optimization_v4.0.30319_32 - ok
16:02:25.0238 12688 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:02:25.0241 12688 clr_optimization_v4.0.30319_64 - ok
16:02:25.0257 12688 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:02:25.0259 12688 CmBatt - ok
16:02:25.0270 12688 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
16:02:25.0272 12688 cmdide - ok
16:02:25.0314 12688 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
16:02:25.0319 12688 CNG - ok
16:02:25.0345 12688 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:02:25.0346 12688 Compbatt - ok
16:02:25.0369 12688 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:02:25.0371 12688 CompositeBus - ok
16:02:25.0374 12688 COMSysApp - ok
16:02:25.0420 12688 [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
16:02:25.0421 12688 cpudrv64 - ok
16:02:25.0428 12688 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:02:25.0430 12688 crcdisk - ok
16:02:25.0473 12688 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:02:25.0475 12688 CryptSvc - ok
16:02:25.0557 12688 [ 87A70750325AFC300F0977DC3137A350 ] DCamUSBNovatek C:\Windows\system32\Drivers\nvtcam.sys
16:02:25.0613 12688 DCamUSBNovatek - ok
16:02:25.0670 12688 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:02:25.0676 12688 DcomLaunch - ok
16:02:25.0728 12688 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:02:25.0730 12688 defragsvc - ok
16:02:25.0823 12688 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
16:02:25.0825 12688 Desura Install Service - ok
16:02:25.0872 12688 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:02:25.0874 12688 DfsC - ok
16:02:25.0899 12688 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
16:02:25.0902 12688 Dhcp - ok
16:02:25.0950 12688 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:02:25.0951 12688 discache - ok
16:02:26.0000 12688 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:02:26.0002 12688 Disk - ok
16:02:26.0040 12688 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:02:26.0042 12688 Dnscache - ok
16:02:26.0078 12688 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
16:02:26.0081 12688 dot3svc - ok
16:02:26.0099 12688 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
16:02:26.0101 12688 DPS - ok
16:02:26.0160 12688 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:02:26.0161 12688 drmkaud - ok
16:02:26.0199 12688 [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:02:26.0203 12688 dtsoftbus01 - ok
16:02:26.0257 12688 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:02:26.0266 12688 DXGKrnl - ok
16:02:26.0312 12688 EagleX64 - ok
16:02:26.0329 12688 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:02:26.0332 12688 EapHost - ok
16:02:26.0399 12688 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:02:26.0463 12688 ebdrv - ok
16:02:26.0504 12688 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
16:02:26.0506 12688 EFS - ok
16:02:26.0602 12688 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:02:26.0609 12688 ehRecvr - ok
16:02:26.0657 12688 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:02:26.0659 12688 ehSched - ok
16:02:26.0686 12688 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:02:26.0691 12688 elxstor - ok
16:02:26.0739 12688 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
16:02:26.0740 12688 ErrDev - ok
16:02:26.0789 12688 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:02:26.0794 12688 EventSystem - ok
16:02:26.0839 12688 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:02:26.0842 12688 exfat - ok
16:02:26.0867 12688 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:02:26.0870 12688 fastfat - ok
16:02:26.0903 12688 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
16:02:26.0910 12688 Fax - ok
16:02:26.0940 12688 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:02:26.0941 12688 fdc - ok
16:02:26.0959 12688 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:02:26.0961 12688 fdPHost - ok
16:02:26.0968 12688 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:02:26.0970 12688 FDResPub - ok
16:02:26.0979 12688 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:02:26.0981 12688 FileInfo - ok
16:02:26.0992 12688 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:02:26.0994 12688 Filetrace - ok
16:02:27.0286 12688 [ C989E48F2EAD0CBD0AD5A9554528DE52 ] Firefox Service C:\Users\Matimal\AppData\Roaming\Mozilla\Firefox\Profiles\cw9m27lw.default\ extensions\startup.service@mozilla.com\svc.exe
16:02:27.0288 12688 Firefox Service - ok
16:02:27.0304 12688 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:02:27.0305 12688 flpydisk - ok
16:02:27.0323 12688 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:02:27.0327 12688 FltMgr - ok
16:02:27.0391 12688 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
16:02:27.0401 12688 FontCache - ok
16:02:27.0484 12688 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:02:27.0486 12688 FontCache3.0.0.0 - ok
16:02:27.0499 12688 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:02:27.0501 12688 FsDepends - ok
16:02:27.0521 12688 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:02:27.0523 12688 Fs_Rec - ok
16:02:27.0597 12688 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:02:27.0600 12688 fvevol - ok
16:02:27.0626 12688 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:02:27.0627 12688 gagp30kx - ok
16:02:27.0676 12688 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:02:27.0678 12688 GEARAspiWDM - ok
16:02:27.0731 12688 [ 65961D99898EB8B829D1BBD112C762C2 ] gogoTunnelDevice C:\Windows\system32\DRIVERS\gogotun.sys
16:02:27.0732 12688 gogoTunnelDevice - ok
16:02:27.0785 12688 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
16:02:27.0792 12688 gpsvc - ok
16:02:27.0929 12688 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:02:27.0931 12688 gupdate - ok
16:02:27.0950 12688 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:02:27.0951 12688 gupdatem - ok
16:02:28.0038 12688 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:02:28.0039 12688 gusvc - ok
16:02:28.0094 12688 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
16:02:28.0096 12688 hamachi - ok
16:02:28.0113 12688 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:02:28.0114 12688 hcw85cir - ok
16:02:28.0158 12688 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:02:28.0161 12688 HdAudAddService - ok
16:02:28.0195 12688 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:02:28.0197 12688 HDAudBus - ok
16:02:28.0213 12688 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:02:28.0214 12688 HECIx64 - ok
16:02:28.0231 12688 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:02:28.0232 12688 HidBatt - ok
16:02:28.0245 12688 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:02:28.0247 12688 HidBth - ok
16:02:28.0262 12688 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:02:28.0264 12688 HidIr - ok
16:02:28.0276 12688 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:02:28.0278 12688 hidserv - ok
16:02:28.0290 12688 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:02:28.0291 12688 HidUsb - ok
16:02:28.0335 12688 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:02:28.0338 12688 hkmsvc - ok
16:02:28.0384 12688 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:02:28.0388 12688 HomeGroupListener - ok
16:02:28.0431 12688 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:02:28.0434 12688 HomeGroupProvider - ok
16:02:28.0470 12688 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
16:02:28.0471 12688 HpSAMD - ok
16:02:28.0515 12688 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:02:28.0522 12688 HTTP - ok
16:02:28.0567 12688 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:02:28.0568 12688 hwpolicy - ok
16:02:28.0581 12688 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:02:28.0583 12688 i8042prt - ok
16:02:28.0618 12688 [ 631FA8935163B01FC0C02966CB3ADB92 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:02:28.0621 12688 iaStor - ok
16:02:28.0734 12688 [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:02:28.0736 12688 IAStorDataMgrSvc - ok
16:02:28.0776 12688 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:02:28.0781 12688 iaStorV - ok
16:02:28.0849 12688 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:02:28.0857 12688 idsvc - ok
16:02:29.0104 12688 [ 0D1B8C64BDF0E5CDC523A1409FFB5EF0 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:02:29.0310 12688 igfx - ok
16:02:29.0384 12688 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:02:29.0385 12688 iirsp - ok
16:02:29.0429 12688 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
16:02:29.0437 12688 IKEEXT - ok
16:02:29.0521 12688 [ 4FF8A2082D78255D2EB169F986BCC981 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
16:02:29.0524 12688 Impcd - ok
16:02:29.0608 12688 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:02:29.0664 12688 IntcAzAudAddService - ok
16:02:29.0710 12688 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
16:02:29.0711 12688 intelide - ok
16:02:29.0733 12688 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:02:29.0735 12688 intelppm - ok
16:02:29.0757 12688 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:02:29.0760 12688 IPBusEnum - ok
16:02:29.0793 12688 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:02:29.0795 12688 IpFilterDriver - ok
16:02:29.0819 12688 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:02:29.0825 12688 iphlpsvc - ok
16:02:29.0835 12688 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:02:29.0837 12688 IPMIDRV - ok
16:02:29.0855 12688 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:02:29.0857 12688 IPNAT - ok
16:02:29.0870 12688 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:02:29.0871 12688 IRENUM - ok
16:02:29.0888 12688 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
16:02:29.0889 12688 isapnp - ok
16:02:29.0909 12688 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:02:29.0913 12688 iScsiPrt - ok
16:02:29.0941 12688 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:02:29.0943 12688 kbdclass - ok
16:02:29.0958 12688 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:02:29.0960 12688 kbdhid - ok
16:02:29.0971 12688 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
16:02:29.0972 12688 KeyIso - ok
16:02:30.0011 12688 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:02:30.0013 12688 KSecDD - ok
16:02:30.0023 12688 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:02:30.0026 12688 KSecPkg - ok
16:02:30.0040 12688 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:02:30.0041 12688 ksthunk - ok
16:02:30.0081 12688 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:02:30.0086 12688 KtmRm - ok
16:02:30.0129 12688 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:02:30.0133 12688 LanmanServer - ok
16:02:30.0172 12688 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:02:30.0175 12688 LanmanWorkstation - ok
16:02:30.0264 12688 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:02:30.0266 12688 LightScribeService - ok
16:02:30.0337 12688 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
16:02:30.0338 12688 lirsgt - ok
16:02:30.0360 12688 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:02:30.0362 12688 lltdio - ok
16:02:30.0399 12688 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:02:30.0403 12688 lltdsvc - ok
16:02:30.0445 12688 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:02:30.0447 12688 lmhosts - ok
16:02:30.0482 12688 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:02:30.0484 12688 LSI_FC - ok
16:02:30.0497 12688 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:02:30.0499 12688 LSI_SAS - ok
16:02:30.0508 12688 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:02:30.0510 12688 LSI_SAS2 - ok
16:02:30.0525 12688 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:02:30.0527 12688 LSI_SCSI - ok
16:02:30.0544 12688 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:02:30.0546 12688 luafv - ok
16:02:30.0585 12688 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:02:30.0587 12688 Mcx2Svc - ok
16:02:30.0609 12688 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:02:30.0610 12688 megasas - ok
16:02:30.0626 12688 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:02:30.0630 12688 MegaSR - ok
16:02:30.0666 12688 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:02:30.0668 12688 MMCSS - ok
16:02:30.0679 12688 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:02:30.0681 12688 Modem - ok
16:02:30.0790 12688 [ 4635935FC972C582632BF45C26BFCB0E ] Mongoose 2.8 C:\mongoose-2.8\srvany.exe
16:02:30.0791 12688 Mongoose 2.8 - ok
16:02:30.0815 12688 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:02:30.0817 12688 monitor - ok
16:02:30.0838 12688 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:02:30.0840 12688 mouclass - ok
16:02:30.0869 12688 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:02:30.0871 12688 mouhid - ok
16:02:30.0886 12688 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:02:30.0888 12688 mountmgr - ok
16:02:30.0906 12688 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
16:02:30.0909 12688 mpio - ok
16:02:30.0924 12688 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:02:30.0926 12688 mpsdrv - ok
16:02:30.0945 12688 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:02:30.0954 12688 MpsSvc - ok
16:02:30.0978 12688 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:02:30.0980 12688 MRxDAV - ok
16:02:31.0019 12688 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:02:31.0022 12688 mrxsmb - ok
16:02:31.0058 12688 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:02:31.0062 12688 mrxsmb10 - ok
16:02:31.0099 12688 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:02:31.0102 12688 mrxsmb20 - ok
16:02:31.0136 12688 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
16:02:31.0138 12688 msahci - ok
16:02:31.0150 12688 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
16:02:31.0153 12688 msdsm - ok
16:02:31.0171 12688 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:02:31.0175 12688 MSDTC - ok
16:02:31.0187 12688 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:02:31.0189 12688 Msfs - ok
16:02:31.0195 12688 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:02:31.0197 12688 mshidkmdf - ok
16:02:31.0205 12688 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
16:02:31.0207 12688 msisadrv - ok
16:02:31.0250 12688 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:02:31.0252 12688 MSiSCSI - ok
16:02:31.0255 12688 msiserver - ok
16:02:31.0279 12688 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:02:31.0280 12688 MSKSSRV - ok
16:02:31.0318 12688 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:02:31.0319 12688 MSPCLOCK - ok
16:02:31.0328 12688 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:02:31.0330 12688 MSPQM - ok
16:02:31.0346 12688 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:02:31.0350 12688 MsRPC - ok
16:02:31.0378 12688 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:02:31.0380 12688 mssmbios - ok
16:02:31.0395 12688 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:02:31.0397 12688 MSTEE - ok
16:02:31.0400 12688 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:02:31.0401 12688 MTConfig - ok
16:02:31.0416 12688 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:02:31.0418 12688 Mup - ok
16:02:31.0453 12688 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
16:02:31.0459 12688 napagent - ok
16:02:31.0485 12688 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:02:31.0489 12688 NativeWifiP - ok
16:02:31.0529 12688 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
16:02:31.0537 12688 NDIS - ok
16:02:31.0582 12688 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:02:31.0584 12688 NdisCap - ok
16:02:31.0599 12688 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:02:31.0601 12688 NdisTapi - ok
16:02:31.0608 12688 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:02:31.0610 12688 Ndisuio - ok
16:02:31.0620 12688 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:02:31.0623 12688 NdisWan - ok
16:02:31.0659 12688 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:02:31.0661 12688 NDProxy - ok
16:02:31.0684 12688 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:02:31.0686 12688 NetBIOS - ok
16:02:31.0705 12688 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:02:31.0708 12688 NetBT - ok
16:02:31.0712 12688 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
16:02:31.0713 12688 Netlogon - ok
16:02:31.0752 12688 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:02:31.0757 12688 Netman - ok
16:02:31.0819 12688 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:02:31.0821 12688 NetMsmqActivator - ok
16:02:31.0840 12688 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:02:31.0841 12688 NetPipeActivator - ok
16:02:31.0859 12688 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:02:31.0864 12688 netprofm - ok
16:02:31.0918 12688 [ 883269C1CA478658F1334F3C39B0C7AC ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
16:02:31.0927 12688 netr28ux - ok
16:02:31.0967 12688 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:02:31.0968 12688 NetTcpActivator - ok
16:02:31.0972 12688 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:02:31.0973 12688 NetTcpPortSharing - ok
16:02:31.0997 12688 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:02:31.0999 12688 nfrd960 - ok
16:02:32.0019 12688 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:02:32.0023 12688 NlaSvc - ok
16:02:32.0027 12688 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:02:32.0028 12688 Npfs - ok
16:02:32.0065 12688 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:02:32.0067 12688 nsi - ok
16:02:32.0074 12688 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:02:32.0075 12688 nsiproxy - ok
16:02:32.0134 12688 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:02:32.0154 12688 Ntfs - ok
16:02:32.0162 12688 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:02:32.0164 12688 Null - ok
16:02:32.0203 12688 [ 5F1FF880ADACF7E0FF7C27BA188B05DA ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
16:02:32.0206 12688 NVHDA - ok
16:02:32.0478 12688 [ 39DEFE644321F9A4B7F527664F628DEA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:02:32.0707 12688 nvlddmkm - ok
16:02:32.0759 12688 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:02:32.0761 12688 nvraid - ok
16:02:32.0805 12688 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:02:32.0807 12688 nvstor - ok
16:02:32.0853 12688 [ A8BD627C6B78745CE8D591E9636E533F ] NVSvc C:\Windows\system32\nvvsvc.exe
16:02:32.0862 12688 NVSvc - ok
16:02:32.0989 12688 [ ABF9218BC7B87ED93C0B5DEAD9E2F7E9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:02:33.0001 12688 nvUpdatusService - ok
16:02:33.0027 12688 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
16:02:33.0029 12688 nv_agp - ok
16:02:33.0059 12688 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:02:33.0061 12688 ohci1394 - ok
16:02:33.0102 12688 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:02:33.0107 12688 p2pimsvc - ok
16:02:33.0154 12688 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:02:33.0160 12688 p2psvc - ok
16:02:33.0178 12688 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:02:33.0180 12688 Parport - ok
16:02:33.0221 12688 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:02:33.0223 12688 partmgr - ok
16:02:33.0231 12688 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:02:33.0235 12688 PcaSvc - ok
16:02:33.0289 12688 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
16:02:33.0306 12688 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
16:02:33.0309 12688 pci - ok
16:02:33.0325 12688 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
16:02:33.0326 12688 pciide - ok
16:02:33.0344 12688 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:02:33.0347 12688 pcmcia - ok
16:02:33.0379 12688 [ AEA68392399A11A8C4F9DB0FA47DC0DD ] PCTCore C:\Windows\system32\drivers\PCTCore64.sys
16:02:33.0382 12688 PCTCore - ok
16:02:33.0427 12688 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:02:33.0428 12688 pcw - ok
16:02:33.0448 12688 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:02:33.0455 12688 PEAUTH - ok
16:02:33.0552 12688 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:02:33.0554 12688 PerfHost - ok
16:02:33.0587 12688 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
16:02:33.0600 12688 pla - ok
16:02:33.0645 12688 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:02:33.0650 12688 PlugPlay - ok
16:02:33.0676 12688 PnkBstrA - ok
16:02:33.0686 12688 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:02:33.0688 12688 PNRPAutoReg - ok
16:02:33.0713 12688 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:02:33.0716 12688 PNRPsvc - ok
16:02:33.0759 12688 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:02:33.0764 12688 PolicyAgent - ok
16:02:33.0798 12688 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:02:33.0802 12688 Power - ok
16:02:33.0829 12688 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:02:33.0831 12688 PptpMiniport - ok
16:02:33.0850 12688 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:02:33.0852 12688 Processor - ok
16:02:33.0893 12688 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
16:02:33.0896 12688 ProfSvc - ok
16:02:33.0905 12688 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:02:33.0906 12688 ProtectedStorage - ok
16:02:33.0954 12688 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe
16:02:33.0957 12688 ProtexisLicensing - ok
16:02:33.0987 12688 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:02:33.0989 12688 Psched - ok
16:02:34.0042 12688 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:02:34.0055 12688 ql2300 - ok
16:02:34.0073 12688 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:02:34.0075 12688 ql40xx - ok
16:02:34.0124 12688 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:02:34.0128 12688 QWAVE - ok
16:02:34.0134 12688 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:02:34.0136 12688 QWAVEdrv - ok
16:02:34.0155 12688 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:02:34.0156 12688 RasAcd - ok
16:02:34.0195 12688 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:02:34.0196 12688 RasAgileVpn - ok
16:02:34.0208 12688 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:02:34.0211 12688 RasAuto - ok
16:02:34.0219 12688 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:02:34.0222 12688 Rasl2tp - ok
16:02:34.0232 12688 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
16:02:34.0237 12688 RasMan - ok
16:02:34.0250 12688 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:02:34.0252 12688 RasPppoe - ok
16:02:34.0261 12688 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:02:34.0263 12688 RasSstp - ok
16:02:34.0276 12688 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:02:34.0280 12688 rdbss - ok
16:02:34.0296 12688 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:02:34.0297 12688 rdpbus - ok
16:02:34.0312 12688 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:02:34.0314 12688 RDPCDD - ok
16:02:34.0333 12688 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:02:34.0334 12688 RDPENCDD - ok
16:02:34.0347 12688 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:02:34.0349 12688 RDPREFMP - ok
16:02:34.0381 12688 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:02:34.0384 12688 RDPWD - ok
16:02:34.0411 12688 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:02:34.0414 12688 rdyboost - ok
16:02:34.0448 12688 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:02:34.0451 12688 RemoteAccess - ok
16:02:34.0465 12688 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:02:34.0468 12688 RemoteRegistry - ok
16:02:34.0522 12688 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:02:34.0525 12688 RFCOMM - ok
16:02:34.0538 12688 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
16:02:34.0539 12688 ROOTMODEM - ok
16:02:34.0585 12688 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:02:34.0587 12688 RpcEptMapper - ok
16:02:34.0605 12688 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:02:34.0607 12688 RpcLocator - ok
16:02:34.0637 12688 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
16:02:34.0641 12688 RpcSs - ok
16:02:34.0658 12688 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:02:34.0660 12688 rspndr - ok
16:02:34.0676 12688 rt70x64 - ok
16:02:34.0697 12688 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:02:34.0700 12688 RTL8167 - ok
16:02:34.0753 12688 SABKUTIL - ok
16:02:34.0772 12688 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
16:02:34.0773 12688 SamSs - ok
16:02:34.0786 12688 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
16:02:34.0788 12688 sbp2port - ok
16:02:34.0808 12688 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:02:34.0812 12688 SCardSvr - ok
16:02:34.0829 12688 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:02:34.0831 12688 scfilter - ok
16:02:34.0881 12688 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
16:02:34.0891 12688 Schedule - ok
16:02:34.0943 12688 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:02:34.0944 12688 SCPolicySvc - ok
16:02:35.0041 12688 [ 41EC8C98808422F8D33C32056E966448 ] sdAuxService C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
16:02:35.0044 12688 sdAuxService - ok
16:02:35.0070 12688 [ E4F354BA21B0638D1FC2D03F1FC82150 ] sdCoreService C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
16:02:35.0080 12688 sdCoreService - ok
16:02:35.0098 12688 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:02:35.0101 12688 SDRSVC - ok
16:02:35.0122 12688 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:02:35.0124 12688 secdrv - ok
16:02:35.0164 12688 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
16:02:35.0167 12688 seclogon - ok
16:02:35.0179 12688 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:02:35.0181 12688 SENS - ok
16:02:35.0201 12688 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:02:35.0203 12688 SensrSvc - ok
16:02:35.0214 12688 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:02:35.0215 12688 Serenum - ok
16:02:35.0228 12688 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:02:35.0230 12688 Serial - ok
16:02:35.0263 12688 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:02:35.0264 12688 sermouse - ok
16:02:35.0280 12688 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
16:02:35.0283 12688 SessionEnv - ok
16:02:35.0324 12688 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:02:35.0325 12688 sffdisk - ok
16:02:35.0341 12688 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:02:35.0342 12688 sffp_mmc - ok
16:02:35.0359 12688 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:02:35.0360 12688 sffp_sd - ok
16:02:35.0377 12688 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:02:35.0378 12688 sfloppy - ok
16:02:35.0419 12688 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:02:35.0423 12688 SharedAccess - ok
16:02:35.0481 12688 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:02:35.0486 12688 ShellHWDetection - ok
16:02:35.0509 12688 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:02:35.0511 12688 SiSRaid2 - ok
16:02:35.0526 12688 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:02:35.0529 12688 SiSRaid4 - ok
16:02:35.0593 12688 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:02:35.0596 12688 SkypeUpdate - ok
16:02:35.0617 12688 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:02:35.0619 12688 Smb - ok
16:02:35.0639 12688 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:02:35.0641 12688 SNMPTRAP - ok
16:02:35.0653 12688 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:02:35.0655 12688 spldr - ok
16:02:35.0690 12688 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
16:02:35.0697 12688 Spooler - ok
16:02:35.0754 12688 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
16:02:35.0821 12688 sppsvc - ok
16:02:35.0829 12688 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:02:35.0832 12688 sppuinotify - ok
16:02:35.0848 12688 sptd - ok
16:02:35.0885 12688 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:02:35.0890 12688 srv - ok
16:02:35.0900 12688 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:02:35.0904 12688 srv2 - ok
16:02:35.0935 12688 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:02:35.0938 12688 srvnet - ok
16:02:35.0989 12688 [ 7525E8CC3F60CCEF004BB8C3408B8AD4 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
16:02:35.0991 12688 ssadbus - ok
16:02:36.0033 12688 [ AF68680D623402194B32C3298C33B115 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
16:02:36.0035 12688 ssadmdfl - ok
16:02:36.0078 12688 [ 6179B45DC3B4DD5B6D57C1BD8278224D ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
16:02:36.0081 12688 ssadmdm - ok
16:02:36.0096 12688 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:02:36.0100 12688 SSDPSRV - ok
16:02:36.0103 12688 SSHDRV76 - ok
16:02:36.0110 12688 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:02:36.0113 12688 SstpSvc - ok
16:02:36.0187 12688 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
16:02:36.0191 12688 StarWindServiceAE - ok
16:02:36.0291 12688 Steam Client Service - ok
16:02:36.0309 12688 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:02:36.0311 12688 stexstor - ok
16:02:36.0358 12688 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
16:02:36.0374 12688 stisvc - ok
16:02:36.0400 12688 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:02:36.0401 12688 swenum - ok
16:02:36.0421 12688 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:02:36.0427 12688 swprv - ok
16:02:36.0489 12688 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
16:02:36.0519 12688 SysMain - ok
16:02:36.0529 12688 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:02:36.0532 12688 TabletInputService - ok
16:02:36.0551 12688 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
16:02:36.0556 12688 TapiSrv - ok
16:02:36.0569 12688 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:02:36.0573 12688 TBS - ok
16:02:36.0644 12688 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:02:36.0687 12688 Tcpip - ok
16:02:36.0715 12688 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:02:36.0723 12688 TCPIP6 - ok
16:02:36.0771 12688 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:02:36.0773 12688 tcpipreg - ok
16:02:36.0793 12688 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:02:36.0795 12688 TDPIPE - ok
16:02:36.0828 12688 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:02:36.0830 12688 TDTCP - ok
16:02:36.0855 12688 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:02:36.0857 12688 tdx - ok
16:02:36.0867 12688 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:02:36.0869 12688 TermDD - ok
16:02:36.0889 12688 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
16:02:36.0896 12688 TermService - ok
16:02:36.0926 12688 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:02:36.0929 12688 Themes - ok
16:02:36.0966 12688 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:02:36.0968 12688 THREADORDER - ok
16:02:36.0995 12688 [ 8021F63311797085949FA387F7C83583 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
16:02:36.0997 12688 tosporte - ok
16:02:37.0026 12688 [ 71BB669BFCADE1580FDCE010ABC76310 ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
16:02:37.0029 12688 tosrfbd - ok
16:02:37.0050 12688 [ 62512B5277D88600F8BD4B7AEC43569D ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
16:02:37.0051 12688 tosrfbnp - ok
16:02:37.0076 12688 [ C523A9186C39D65CC9ADEBB2E1B93CCD ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
16:02:37.0078 12688 Tosrfcom - ok
16:02:37.0101 12688 [ 451B8C1815C6CC39650AF916C2A382CD ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
16:02:37.0103 12688 Tosrfhid - ok
16:02:37.0121 12688 [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
16:02:37.0123 12688 tosrfnds - ok
16:02:37.0140 12688 [ 3979C8455B4BAAF64255FD9ACD3A5CDE ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
16:02:37.0142 12688 TosRfSnd - ok
16:02:37.0175 12688 [ 463785C39F247580E16DAEF760E7EA86 ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
16:02:37.0176 12688 Tosrfusb - ok
16:02:37.0192 12688 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:02:37.0195 12688 TrkWks - ok
16:02:37.0261 12688 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:02:37.0262 12688 TrustedInstaller - ok
16:02:37.0271 12688 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:02:37.0272 12688 tssecsrv - ok
16:02:37.0388 12688 [ 94950E272ACE7338C75F1FB2DA6756D5 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
16:02:37.0430 12688 TuneUp.UtilitiesSvc - ok
16:02:37.0486 12688 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
16:02:37.0487 12688 TuneUpUtilitiesDrv - ok
16:02:37.0538 12688 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:02:37.0540 12688 tunnel - ok
16:02:37.0656 12688 [ E0A9B5B92097211A57FD16D27F2B3750 ] TVersityMediaServer C:\ProgramData\TVersity\Media Server\MediaServer.exe
16:02:37.0665 12688 TVersityMediaServer - ok
16:02:37.0849 12688 [ 1ACB83178C587B78E7F1ED4C3884DC2F ] TWEService C:\Users\Matimal\AppData\Local\JogoBox\JogoBoxService.exe
16:02:37.0851 12688 TWEService - ok
16:02:37.0865 12688 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:02:37.0867 12688 uagp35 - ok
16:02:37.0962 12688 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
16:02:37.0964 12688 uCamMonitor - ok
16:02:37.0985 12688 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:02:37.0989 12688 udfs - ok
16:02:38.0059 12688 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:02:38.0062 12688 UI0Detect - ok
16:02:38.0073 12688 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
16:02:38.0076 12688 uliagpkx - ok
16:02:38.0096 12688 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:02:38.0098 12688 umbus - ok
16:02:38.0120 12688 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:02:38.0122 12688 UmPass - ok
16:02:38.0157 12688 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:02:38.0163 12688 upnphost - ok
16:02:38.0213 12688 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:02:38.0216 12688 usbaudio - ok
16:02:38.0255 12688 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:02:38.0257 12688 usbccgp - ok
16:02:38.0277 12688 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
16:02:38.0279 12688 usbcir - ok
16:02:38.0320 12688 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:02:38.0321 12688 usbehci - ok
16:02:38.0359 12688 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:02:38.0363 12688 usbhub - ok
16:02:38.0398 12688 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:02:38.0399 12688 usbohci - ok
16:02:38.0434 12688 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:02:38.0435 12688 usbprint - ok
16:02:38.0464 12688 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:02:38.0466 12688 usbscan - ok
16:02:38.0504 12688 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:02:38.0506 12688 USBSTOR - ok
16:02:38.0541 12688 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:02:38.0542 12688 usbuhci - ok
16:02:38.0551 12688 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:02:38.0553 12688 UxSms - ok
16:02:38.0604 12688 [ 1E3DF5736BEA0B3E7282EA171FA5656A ] UxTuneUp C:\Windows\System32\uxtuneup.dll
16:02:38.0606 12688 UxTuneUp - ok
16:02:38.0616 12688 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
16:02:38.0617 12688 VaultSvc - ok
16:02:38.0626 12688 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
16:02:38.0627 12688 vdrvroot - ok
16:02:38.0647 12688 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
16:02:38.0654 12688 vds - ok
16:02:38.0700 12688 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:02:38.0702 12688 vga - ok
16:02:38.0746 12688 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:02:38.0747 12688 VgaSave - ok
16:02:38.0769 12688 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
16:02:38.0772 12688 vhdmp - ok
16:02:38.0783 12688 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
16:02:38.0785 12688 viaide - ok
16:02:38.0796 12688 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
16:02:38.0798 12688 volmgr - ok
16:02:38.0819 12688 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:02:38.0823 12688 volmgrx - ok
16:02:38.0877 12688 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
16:02:38.0880 12688 volsnap - ok
16:02:38.0904 12688 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:02:38.0907 12688 vsmraid - ok
16:02:38.0939 12688 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
16:02:38.0959 12688 VSS - ok
16:02:38.0976 12688 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:02:38.0978 12688 vwifibus - ok
16:02:38.0989 12688 [ 6A3D66263414FF0D6FA754C646612F3F ] VWiFiFlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:02:38.0991 12688 VWiFiFlt - ok
16:02:39.0000 12688 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:02:39.0001 12688 vwifimp - ok
16:02:39.0074 12688 [ CE6C085771812D5EE863CC7EF93CAEF2 ] VX1000 C:\Windows\system32\DRIVERS\VX1000.sys
16:02:39.0115 12688 VX1000 - ok
16:02:39.0142 12688 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:02:39.0147 12688 W32Time - ok
16:02:39.0179 12688 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:02:39.0181 12688 WacomPen - ok
16:02:39.0203 12688 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:02:39.0205 12688 WANARP - ok
16:02:39.0208 12688 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:02:39.0209 12688 Wanarpv6 - ok
16:02:39.0280 12688 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:02:39.0291 12688 WatAdminSvc - ok
16:02:39.0328 12688 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
16:02:39.0351 12688 wbengine - ok
16:02:39.0364 12688 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:02:39.0368 12688 WbioSrvc - ok
16:02:39.0410 12688 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:02:39.0415 12688 wcncsvc - ok
16:02:39.0429 12688 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:02:39.0431 12688 WcsPlugInService - ok
16:02:39.0455 12688 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:02:39.0456 12688 Wd - ok
16:02:39.0479 12688 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:02:39.0486 12688 Wdf01000 - ok
16:02:39.0496 12688 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:02:39.0499 12688 WdiServiceHost - ok
16:02:39.0502 12688 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:02:39.0504 12688 WdiSystemHost - ok
16:02:39.0536 12688 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
16:02:39.0540 12688 WebClient - ok
16:02:39.0578 12688 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:02:39.0582 12688 Wecsvc - ok
16:02:39.0592 12688 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:02:39.0595 12688 wercplsupport - ok
16:02:39.0620 12688 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:02:39.0623 12688 WerSvc - ok
16:02:39.0633 12688 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:02:39.0634 12688 WfpLwf - ok
16:02:39.0660 12688 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:02:39.0661 12688 WIMMount - ok
16:02:39.0698 12688 WinDefend - ok
16:02:39.0703 12688 WinHttpAutoProxySvc - ok
16:02:39.0778 12688 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:02:39.0780 12688 Winmgmt - ok
16:02:39.0840 12688 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
16:02:39.0881 12688 WinRM - ok
16:02:39.0914 12688 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
16:02:39.0916 12688 WinUSB - ok
16:02:39.0968 12688 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:02:39.0977 12688 Wlansvc - ok
16:02:40.0122 12688 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:02:40.0163 12688 wlidsvc - ok
16:02:40.0180 12688 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:02:40.0180 12688 WmiAcpi - ok
16:02:40.0216 12688 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:02:40.0219 12688 wmiApSrv - ok
16:02:40.0222 12688 WMPNetworkSvc - ok
16:02:40.0311 12688 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
16:02:40.0317 12688 WMZuneComm - ok
16:02:40.0337 12688 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:02:40.0340 12688 WPCSvc - ok
16:02:40.0349 12688 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:02:40.0353 12688 WPDBusEnum - ok
16:02:40.0390 12688 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:02:40.0391 12688 ws2ifsl - ok
16:02:40.0436 12688 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
16:02:40.0439 12688 wscsvc - ok
16:02:40.0442 12688 WSearch - ok
16:02:40.0516 12688 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:02:40.0560 12688 wuauserv - ok
16:02:40.0604 12688 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:02:40.0606 12688 WudfPf - ok
16:02:40.0629 12688 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:02:40.0631 12688 WUDFRd - ok
16:02:40.0671 12688 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:02:40.0674 12688 wudfsvc - ok
16:02:40.0684 12688 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:02:40.0688 12688 WwanSvc - ok
16:02:40.0768 12688 X6va007 - ok
16:02:40.0851 12688 X6va008 - ok
16:02:41.0100 12688 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
16:02:41.0258 12688 ZuneNetworkSvc - ok
16:02:41.0323 12688 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
16:02:41.0328 12688 ZuneWlanCfgSvc - ok
16:02:41.0369 12688 ================ Scan global ===============================
16:02:41.0482 12688 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:02:41.0517 12688 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
16:02:41.0524 12688 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
16:02:41.0560 12688 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:02:41.0595 12688 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:02:41.0600 12688 [Global] - ok
16:02:41.0600 12688 ================ Scan MBR ==================================
16:02:41.0614 12688 [ 8F0884B98D721CFC70A1E8245216BEC0 ] \Device\Harddisk0\DR0
16:02:41.0878 12688 \Device\Harddisk0\DR0 - ok
16:02:41.0881 12688 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
16:02:41.0978 12688 \Device\Harddisk1\DR1 - ok
16:02:41.0978 12688 ================ Scan VBR ==================================
16:02:41.0980 12688 [ 0E20D54ECBFDBF0558405CCF50A5749D ] \Device\Harddisk0\DR0\Partition1
16:02:41.0981 12688 \Device\Harddisk0\DR0\Partition1 - ok
16:02:42.0002 12688 [ 6F6820CB7F41B970669E1CF24F95023E ] \Device\Harddisk0\DR0\Partition2
16:02:42.0004 12688 \Device\Harddisk0\DR0\Partition2 - ok
16:02:42.0044 12688 [ 57CEE1B13480A941D94716ACDA3030FC ] \Device\Harddisk0\DR0\Partition3
16:02:42.0046 12688 \Device\Harddisk0\DR0\Partition3 - ok
16:02:42.0049 12688 [ 34745F3BCD185B62B1626C3F03911B69 ] \Device\Harddisk1\DR1\Partition1
16:02:42.0051 12688 \Device\Harddisk1\DR1\Partition1 - ok
16:02:42.0054 12688 [ D0E65C4D7C5B0DEA5FCE68C05F483A6A ] \Device\Harddisk1\DR1\Partition2
16:02:42.0055 12688 \Device\Harddisk1\DR1\Partition2 - ok
16:02:42.0055 12688 ============================================================
16:02:42.0055 12688 Scan finished
16:02:42.0055 12688 ============================================================
16:02:42.0062 7396 Detected object count: 0
16:02:42.0062 7396 Actual detected object count: 0
16:04:47.0917 15316 Deinitialize success
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
CatByte's Avatar
Malware Removal Specialist with 3,885 posts.
 
Join Date: Feb 2009
25-Aug-2012, 07:44 PM #4
ok, please run the following:

Refer to the ComboFix User's Guide
  1. Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
Matimal's Avatar
Matimal Matimal is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2012
Location: Oregon
Experience: Beginner
25-Aug-2012, 08:32 PM #5
Combo Fix Log:

ComboFix 12-08-25.04 - Matimal 08/25/2012 16:57:21.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6071.4691 [GMT -7:00]
Running from: c:\users\Matimal\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120825164928.125599
c:\programdata\boost_interprocess\20120825164928.125599\9334581e-7251-4ef7-a8ec-5bfe8e89ff68
c:\programdata\boost_interprocess\20120825164928.125599\plex_frame_mutex
c:\windows\pthreadGC2.dll
c:\windows\SysWow64\SET5A3C.tmp
c:\windows\SysWow64\SET682F.tmp
c:\windows\SysWow64\SET9FF5.tmp
c:\windows\SysWow64\SETA202.tmp
c:\windows\SysWow64\SETA20B.tmp
c:\windows\SysWow64\SETD2CD.tmp
c:\windows\SysWow64\SETEAB4.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\XSxS
J:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-25 00:55 . 2012-08-25 00:55 -------- d-----w- c:\users\Matimal\AppData\Roaming\KeePass
2012-08-25 00:48 . 2012-08-25 00:48 -------- d-----w- c:\program files (x86)\KeePass Password Safe
2012-08-24 15:21 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F367BFF-B174-423B-8E19-CA8C4E8D00BF}\mpengine.dll
2012-08-19 08:29 . 2012-08-19 08:29 -------- d-----w- c:\users\Matimal\AppData\Local\Gas Powered Games
2012-08-17 09:18 . 2012-08-17 09:17 268784 ----a-w- c:\windows\system32\javaws.exe
2012-08-17 09:17 . 2012-08-17 09:17 189424 ----a-w- c:\windows\system32\javaw.exe
2012-08-17 09:17 . 2012-08-17 09:17 188912 ----a-w- c:\windows\system32\java.exe
2012-08-16 03:34 . 2012-08-16 03:34 -------- d-----w- c:\windows\2FDD750F49B740C19D5ED2955BC0E2D8.TMP
2012-08-15 14:10 . 2012-08-15 14:10 9826504 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-08-11 02:30 . 2012-08-11 02:41 -------- d-----w- c:\users\Matimal\AppData\Local\JogoBox
2012-08-09 13:01 . 2012-08-09 13:14 -------- d-----w- C:\ModMii
2012-08-05 21:30 . 2012-08-05 21:30 -------- d-----w- c:\program files\Bonjour
2012-08-05 21:30 . 2012-08-05 21:30 -------- d-----w- c:\program files (x86)\Bonjour
2012-08-04 20:50 . 2012-08-04 20:51 -------- d-----w- c:\program files\3079
2012-07-31 10:36 . 2012-07-31 10:56 -------- d-----w- C:\MGtools
2012-07-31 05:50 . 2012-07-31 05:50 -------- d-----w- c:\program files\HitmanPro
2012-07-31 05:49 . 2012-07-31 05:53 -------- d-----w- c:\programdata\HitmanPro
2012-07-31 05:26 . 2012-07-31 05:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-31 02:23 . 2012-07-31 02:23 -------- d-----w- c:\program files\CCleaner
2012-07-29 21:56 . 2012-07-29 21:56 -------- d-----w- C:\Projects
2012-07-29 21:56 . 2012-04-09 09:47 8192 ----a-w- C:\Lidgren.Network.Xna.dll
2012-07-29 21:56 . 2012-04-09 09:47 74240 ----a-w- C:\CraftStudioServer.exe
2012-07-29 21:56 . 2012-04-09 09:47 69120 ----a-w- C:\CraftStudioCommon.dll
2012-07-29 21:56 . 2012-04-09 09:47 22016 ----a-w- C:\NDesk.Options.dll
2012-07-29 21:56 . 2012-04-09 09:47 11264 ----a-w- C:\NuclearOT.dll
2012-07-29 21:46 . 2012-07-29 21:46 -------- d-----w- C:\pl-PL
2012-07-29 21:46 . 2012-07-29 21:46 -------- d-----w- C:\nl-NL
2012-07-29 21:46 . 2012-07-29 21:46 -------- d-----w- C:\fr
2012-07-29 21:46 . 2012-07-29 21:46 -------- d-----w- C:\es-ES
2012-07-29 21:46 . 2012-07-29 21:46 -------- d-----w- C:\de-DE
2012-07-27 02:32 . 2012-08-08 00:17 -------- d-----w- c:\program files (x86)\A Nation of Wind
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 09:17 . 2012-05-08 06:55 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-17 09:17 . 2010-06-25 11:18 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-16 03:22 . 2012-03-10 07:55 772592 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-16 03:22 . 2010-06-25 10:25 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-15 14:10 . 2012-04-09 17:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 14:10 . 2011-05-25 10:17 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 23:42 . 2011-09-30 02:06 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-13 23:42 . 2011-09-30 02:06 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-03 20:46 . 2010-06-05 05:12 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 03:37 . 2012-04-22 06:32 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-29 03:37 . 2012-04-22 06:32 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-29 03:37 . 2012-02-10 04:29 969064 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-06-29 03:37 . 2012-02-10 04:23 1758056 ----a-w- c:\windows\system32\nvdispco64.dll
2012-06-29 03:37 . 2012-02-10 03:56 14806376 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-06-29 03:37 . 2012-02-10 03:55 15290216 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-06-29 03:37 . 2012-02-10 03:55 2723688 ----a-w- c:\windows\system32\nvapi64.dll
2012-06-28 23:56 . 2012-02-10 04:31 2667062 ----a-w- c:\windows\system32\nvcoproc.bin
2012-06-28 23:55 . 2011-03-21 01:33 3266408 ----a-w- c:\windows\system32\nvsvc64.dll
2012-06-28 23:55 . 2011-03-21 01:33 6193000 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-28 23:55 . 2011-03-21 01:34 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-28 23:55 . 2011-03-21 01:34 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-28 23:55 . 2011-03-21 01:34 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-06-11 19:19 . 2012-03-11 09:11 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-06-11 19:19 . 2009-10-23 02:51 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-06-09 05:30 . 2012-07-11 18:20 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 12:21 . 2012-06-06 12:21 38912 ----a-w- C:\CraftStudioLauncher.exe
2012-06-06 12:16 . 2012-06-06 12:16 170496 ----a-w- C:\NuclearWinter.dll
2012-06-06 12:16 . 2012-06-06 12:16 119808 ----a-w- C:\Lidgren.Network.dll
2012-06-06 12:14 . 2012-06-06 12:14 16896 ----a-w- C:\CraftStudioMasterCommon.dll
2012-06-06 05:50 . 2012-07-11 18:20 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-11 18:20 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-11 18:20 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 18:20 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-09 01:11 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:11 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-09 01:11 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:11 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-09 01:11 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-09 01:11 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-09 01:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-09 01:11 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:38 . 2012-07-11 18:20 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-11 18:20 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-11 18:20 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-11 18:20 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-11 18:20 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-11 18:20 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-11 18:20 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-11 18:20 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-11 18:20 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 19:25 . 2010-01-16 04:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-29 20:43 . 2012-02-22 01:00 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2010-05-23 00:39 . 2010-05-23 00:39 480 ----a-w- c:\program files (x86)\0522201017394381.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Matimal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Matimal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Matimal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Matimal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2012-08-03 3066600]
"GoogleChromeAutoLaunch_4EF26E408575E70D86EC92B55849BBE3"="c:\users\Matimal \AppData\Local\Google\Chrome\Application\chrome.exe" [2012-08-17 1229848]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-14 880496]
"Desura"="c:\program files (x86)\Desura\desura.exe" [2011-11-22 2529096]
"MusicManager"="c:\users\Matimal\AppData\Local\Programs\Google\MusicManager \MusicManager.exe" [2012-08-16 7316480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-11 296056]
.
c:\users\Matimal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-6-20 46432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Button Manager.lnk - c:\program files (x86)\hp\Button Manager\BM.exe [2010-7-23 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitman pro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitman pro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ru n-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" /checkassoc
"ArcSoft Connection Service"=c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys [x]
R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [x]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Firefox Service;Firefox Service;c:\users\Matimal\AppData\Roaming\Mozilla\Firefox\Profiles\cw9m27lw. default\extensions\startup.service@mozilla.com\svc.exe [2011-03-10 83456]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-28 136176]
R2 Mongoose 2.8;Mongoose 2.8;c:\mongoose-2.8\srvany.exe [2009-05-25 8192]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R2 TWEService;TWEService;c:\users\Matimal\AppData\Local\JogoBox\JogoBoxService .exe [2012-07-24 149080]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-01-29 36256]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2011-11-22 131912]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gogoTunnelDevice;gogo6 Multi-Virtual Tunnel Adapter;c:\windows\system32\DRIVERS\gogotun.sys [2010-03-13 27648]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-28 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
R3 netr28ux;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\netr28ux.sys [2009-05-25 966144]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
R3 rt70x64;RT2500 USB Wireless LAN Driver for Vista;c:\windows\system32\DRIVERS\netr7064.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-01-29 125344]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-01-29 16800]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-01-29 159136]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-09 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 X6va007;X6va007;c:\users\Matimal\AppData\Local\Temp\0072568.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2009-11-09 218056]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-07 270912]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-14 249648]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-29 1258856]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\Drivers\nvtcam.sys [2010-07-14 2746624]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-05-21 188776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 14:10]
.
2012-08-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-09 11:03]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-28 07:34]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-28 07:34]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-166559911-887469763-4097606844-1000Core.job
- c:\users\Matimal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-26 15:40]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-166559911-887469763-4097606844-1000UA.job
- c:\users\Matimal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-26 15:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Matimal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Matimal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Matimal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Matimal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 22:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 22:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 22:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 22:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: Interfaces\{98797886-F77D-4825-822D-CB4167399B5C}: NameServer = 24.205.192.61,24.205.224.36
TCP: Interfaces\{AC4AD613-AB05-4B6F-A04A-C6B22A2C4650}: DhcpNameServer = 192.168.1.1 68.116.46.115 24.205.192.61
FF - ProfilePath - c:\users\Matimal\AppData\Roaming\Mozilla\Firefox\Profiles\cw9m27lw.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~2\UNWISE.EXE
AddRemove-UnityWebPlayer - c:\users\Matimal\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\Matimal\AppData\Local\Temp\0072568.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-166559911-887469763-4097606844-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-166559911-887469763-4097606844-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-166559911-887469763-4097606844-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-166559911-887469763-4097606844-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:7e,da,23,fe,d5,f8,e9,eb,5b,ad,e6,d3,8a,7d,2b,e2,a1,08,55,e5, 81,
dc,21,8e,79,e4,72,76,0c,25,30,97,a0,63,74,70,07,74,04,09,d4,0a,2d,66,c9,b3, \
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-25 17:25:30
ComboFix-quarantined-files.txt 2012-08-26 00:25
.
Pre-Run: 180,284,149,760 bytes free
Post-Run: 180,387,569,664 bytes free
.
- - End Of File - - C93C7B51EB7C2E347947ABEA08FBE745
CatByte's Avatar
Malware Removal Specialist with 3,885 posts.
 
Join Date: Feb 2009
25-Aug-2012, 08:41 PM #6
Please do the following:
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
Matimal's Avatar
Matimal Matimal is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2012
Location: Oregon
Experience: Beginner
26-Aug-2012, 02:11 AM #7
MBAM Log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.25.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Matimal :: MATIMEO [administrator]

8/25/2012 5:55:18 PM
mbam-log-2012-08-25 (17-55-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238897
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET Log:

C:\MGtools\Process.exe Win32/PrcView application
CatByte's Avatar
Malware Removal Specialist with 3,885 posts.
 
Join Date: Feb 2009
26-Aug-2012, 08:54 AM #8
please run the following:
  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List installed programs.

    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.


NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT

Please advise how the computer is running now and if there are any outstanding issues
Matimal's Avatar
Matimal Matimal is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2012
Location: Oregon
Experience: Beginner
26-Aug-2012, 07:04 PM #9
MiniToolBox Log:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Matimal (administrator) on 26-08-2012 at 15:48:34
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
7-Zip 4.65
A Nation of Wind version 1.2 (Version: 1.2)
A Nation of Wind version 1.3 (Version: 1.3)
A Nation of Wind version 1.4 (Version: 1.4)
A Nation of Wind version Beta 1.0 (Version: Beta 1.0)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe CSI CS4 (Version: 1)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Reader 9.5.1 (Version: 9.5.1)
Adobe Setup (Version: 2.0)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Alien Breed: Impact
Alien Swarm
Amazon MP3 Downloader 1.0.9
Android SDK Tools (Version: 1.14)
ANNO 2070 (Version: 1.0.0.0)
Any Audio Converter 3.0.7
Any Video Converter 3.1.8
Apple Application Support (Version: 2.1.5)
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.11.116)
ArcSoft ShowBiz (Version: 3.5.0.64)
ArcSoft WebCam Companion 3 (Version: 3.0.41.373)
Arx Fatalis
ASIO4ALL (Version: 2.10)
Assassin's Creed Brotherhood
Assassin's Creed II
Assassin's Creed Revelations
Audacity 1.3.12 (Unicode)
Audiosurf (Version: 1.00.0000)
AviSynth 2.5
Aztaka
Bandisoft MPEG-1 Decoder
Battlelog Web Plugins (Version: 0.80.0)
Battleship - Fleet Command (remove only)
Bing Bar (Version: 7.0.850.0)
Binverse
Blacklight: Retribution
Blast Miner
Bonjour (Version: 2.0.4.0)
BrickForce 1.4.40 (Version: 1.4.40)
Buccaneer: The Pursuit of Infamy
CCleaner (Version: 3.21)
CDisplay 1.8
CL-Eye Driver (Version: 4.0.2.1017)
ClaDun x2 Demo
Cobalt
Code Hero (Version: 0.192)
Company of Heroes
CraftStudio (Version: 0.3.3.0)
Crusader No Remorse
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.41.3.0173)
Dead Space™ 2 (Version: 1.0.941.0)
Deus Ex
Die by the Sword with Limb from Limb Expansion
Dino D-Day
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
DivXLand Media Subtitler
Dr Lynch Grave Secrets
Dropbox (Version: 1.4.7)
Dual-Core Optimizer (Version: 1.1.4.0169)
Dungeon Crawl Stone Soup (Version: 0.9.1)
E.Y.E: Divine Cybermancy
Electric Sheep 2.7b28 (Version: 2.7b28)
End of Nations (Version: 1)
End of Nations Beta (Version: 1.0.0.0)
English Country Tune Demo version 1.0 Demo (Version: 1.0 Demo)
ESET Online Scanner v3
ESN Sonar (Version: 0.70.0)
Evernote v. 4.5.3 (Version: 4.5.3.6131)
EVGA Precision 2.0.2 (Version: 2.0.2)
Fallout Collection
FFmpeg for Audacity on Windows
FL Studio 10
FlashDevelop 3.0.6 (Version: 3.0.6-RTM)
Foldit
From Dust (Version: 1.0.0)
Frozen Synapse
GIF Viewer 3.3 (Version: 3.3)
GIMP 2.6.9 (Version: 2.6.9)
Google Chrome (Version: 21.0.1180.83)
Google Drive (Version: 1.3.3209.2688)
Google Earth Plug-in (Version: 6.1.0.5001)
Google SketchUp 8 (Version: 3.0.4811)
Google Talk Plugin (Version: 3.3.2.8436)
Google Update Helper (Version: 1.3.21.115)
Google Updater (Version: 2.4.2432.1652)
GrabIt 1.7.2 Beta 4 (build 997)
Grand Theft Auto IV (Version: 1.0.0011.131)
Grand Theft Auto IV (Version: 1.0.0013.131)
HandBrake 0.9.6 (Version: 0.9.6)
HP Button Manager (Version: 1.00.0000)
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP Odometer (Version: 2.10.0000)
HP Remote Solution (Version: 1.1.11.0)
HP Setup (Version: 1.2.3560.3170)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.002.006.003)
HP Webcam User's Guide
IDroo 1.0.0.154 (Version: 1.0.0.154)
IL Download Manager
ImgBurn (Version: 2.5.5.0)
Insanely Twisted Shadow Planet
Intel(R) Processor Graphics (Version: 8.15.10.2509)
Intel(R) Rapid Storage Technology (Version: 0.0.0.0000)
Intrusion 2 version 1 (Version: 1)
IrfanView (remove only)
IsoBuster 2.8.5 (Version: 2.8.5)
Java Auto Updater (Version: 2.1.6.0)
Java(TM) 6 Update 25 (Version: 6.0.250)
Java(TM) 6 Update 30 (Version: 6.0.300)
Java(TM) 7 Update 5 (64-bit) (Version: 7.0.50)
Java(TM) 7 Update 5 (Version: 7.0.50)
Java(TM) SE Development Kit 7 Update 3 (Version: 1.7.0.30)
JavaFX 2.0.3 (Version: 2.0.3)
JavaFX 2.0.3 SDK (Version: 2.0.3)
JogoBox (Version: 1)
Junk Mail filter update (Version: 15.4.3502.0922)
KAG 0.88A
KeePass Password Safe 1.23 (Version: 1.23)
Kingdoms of Amalur Reckoning
Krater
League of Legends (Version: 1.3)
Legend of Grimrock
Lemma (Version: 0.0.1.0)
LightScribe System Software (Version: 1.18.8.1)
Mabinogi
Machinarium (Version: 23.10.09)
magicBlock
Magicka
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Web Publishing Wizard 1.52
Microsoft Works (Version: 9.7.0621)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mightier
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Music Manager
Nexon Game Manager
Nintendo_History_ScreenSaver
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 304.79 (Version: 304.79)
NVIDIA Graphics Driver 304.79 (Version: 304.79)
NVIDIA HD Audio Driver 1.3.17.0 (Version: 1.3.17.0)
NVIDIA Install Application (Version: 2.1002.78.480)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.10.8)
Oil Rush version 1.00 (Version: 1.00)
OnLive
OpenAL
Origin (Version: 8.5.0.4554)
Outerra - Anteworld - Outerra Anteworld Demo (Version: "0.7.11-3083")
Overgrowth (remove only)
OwlboyDemo
Paint.NET v3.5.10 (Version: 3.60.0)
Pando Media Booster (Version: 2.3.5.2)
Path of Exile (Version: 0.9.9.16760)
PCSX2 - Playstation 2 Emulator
Penumbra Overture (Version: 1.1)
PFPortChecker 1.0.32 (Version: 1.0.32)
Picasa 3 (Version: 3.8)
Pirate Galaxy (Version: 1000187.0.0.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Plex (Version: 0.9.502)
Plex Media Server (Version: 0.9.607)
Portal 2
Portal 2 Publishing Tool
Portforward Static IP Address 1.0.45 (Version: 1.0.45)
PrintMaster 16 (Version: 16.00.0000)
Proteus 0.1 (Version: 0.1)
PunkBuster Services (Version: 0.990)
Quick Memory Editor 5.5
QuickTime (Version: 7.69.80.9)
RaidCall (Version: 6.0.8-1.0.552.46)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
Realtek High Definition Audio Driver (Version: 6.0.1.6196)
RealUpgrade 1.1 (Version: 1.1.0)
Recovery Manager (Version: 5.5.2216)
redist (Version: 1.0.0.0)
RescueTime 2.5.1
Resource Hacker Version 3.5.2
Revenge of the Titans HIB (remove only)
SABnzbd (remove only)
Saira 1.1.1
SAMSUNG Android USB Modem Software
Saturn Valley Online Alpha
Seesmic Look (Version: 0.9.1.59)
Sideload Wonder Machine (Version: 1.2)
Simple Port Forwarding (Version: 3.0.16)
Skype Click to Call (Version: 6.2.10687)
Skype™ 5.10 (Version: 5.10.116)
Smart File Advisor 1.1.1 (Version: 1.1.1)
Songbird 1.9.3 (Build 1959)
Spotify (Version: 0.8.4.107.g4fa0003f)
Spriter version r1A (preview) (Version: r1A (preview))
Spriter version r1b (Version: r1b)
Spyware Doctor 7.0 (Version: 7.0)
Stalker Complete 2009 v1.4.4
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM) (Version: 1.00.0000)
Starcraft
StarCraft II (Version: 1.4.3.21029)
Steam (Version: 1.0.0.0)
Stencyl (Version: 1.1.1)
StencylWorks (Version: 1.0.0)
Suite Shared Configuration CS4 (Version: 1.0)
Superbrothers: Sword & Sworcery EP
Supreme Commander
Supreme Commander: Forged Alliance
Syndicate
System Requirements Lab CYRI (Version: 4.5.1.0)
System Requirements Lab for Intel (Version: 4.1.66.0)
System Shock2
SysTools ZIP Repair
TeamSpeak 3 Client
Terraria
Tiny and Big - Grandpa's Leftovers
Titan Quest (Version: 1.00.0000)
Treasure Seekers Visions Of Gold
Trillian
Trine 2
TuneUp Companion 1.9.0 (Version: 1.9.0)
TuneUp Utilities 2011 (Version: 10.0.3000.101)
TuneUp Utilities Language Pack (en-US) (Version: 10.0.3000.101)
TVersity Codec Pack 1.4 (Version: 1.4)
TVersity Media Server 1.9.3 (Version: 1.9.3)
TweetDeck (Version: 0.33.2)
Unity (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Uplay (Version: 2.0)
Vessel
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
VLC media player 2.0.2 (Version: 2.0.2)
VobSub v2.23 (Remove Only)
Voxatron 0.1.4 (Version: 0.1.4)
Wanderlust: Rebirth
WARP (Version: 1.0.0.0)
WBFS Manager 3.0 (Version: 3.0)
Winamp (Version: 5.601 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
WinRAR 4.11 (64-bit) (Version: 4.11.0)
YaCy
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

**** End of log ****

FSS Log:

Farbar Service Scanner Version: 06-08-2012
Ran by Matimal (administrator) on 26-08-2012 at 15:58:59
Running from "C:\Users\Matimal\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-14 21:25] - [2011-12-27 20:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-11 19:37] - [2012-03-30 04:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 17:09] - [2009-07-13 18:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 16:36] - [2009-07-13 18:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-12 19:33] - [2012-04-23 22:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

As soon as I used the computer today the audio ad started up again. It was an odd coincidence for sure because the issue is definitely not consistent. It's the first time I'd heard it sense we started these steps.
CatByte's Avatar
Malware Removal Specialist with 3,885 posts.
 
Join Date: Feb 2009
26-Aug-2012, 07:34 PM #10
does it occur in all browsers or just when you use Chrome?

does it occur only when you visit certain websites?

I suspect it may be an add-on in chrome
Matimal's Avatar
Matimal Matimal is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2012
Location: Oregon
Experience: Beginner
26-Aug-2012, 07:47 PM #11
It occurs regardless of what I'm doing on my computer. Though I am generally using Chrome at most times of the day and I never use other web browsers, but even after exiting all my running applications it keeps playing the audio ads.

I haven't noticed any consistency in my browsing causing the issue to occur. Earlier when the ad started I was simply checking my email.

I just looked through my most recently added extensions and removed any that were potentially added around the time I started experiencing the issue.
CatByte's Avatar
Malware Removal Specialist with 3,885 posts.
 
Join Date: Feb 2009
26-Aug-2012, 07:50 PM #12
ok, it appears that the machine is clear of any malware

let me know if removing the chrome add-on(s) makes a difference
Matimal's Avatar
Matimal Matimal is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2012
Location: Oregon
Experience: Beginner
26-Aug-2012, 07:54 PM #13
I will do that and thank you for the help so far. Just for your information I've been having this issue for I'd say a little over a week or so and it can be days before I hear the audio ads again. If this thread closes do I PM you or something?
CatByte's Avatar
Malware Removal Specialist with 3,885 posts.
 
Join Date: Feb 2009
26-Aug-2012, 07:55 PM #14
one other program to try

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete


  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
Matimal's Avatar
Matimal Matimal is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2012
Location: Oregon
Experience: Beginner
27-Aug-2012, 02:16 AM #15
AdwCleaner Log:

# AdwCleaner v1.801 - Logfile created 08/26/2012 at 22:59:57
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Matimal - MATIMEO
# Boot Mode : Normal
# Running from : C:\Users\Matimal\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Matimal\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Matimal\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Trymedia

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AutocompleteProBHO
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GamesBarSetup
[x64] Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
ads, audio, virus

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑