also @ TechSpot: Study suggests majority of Windows 8 users ignore Metro apps

Computer slow & non-responsive, fast64.dll?

Discussion in 'Virus and Malware Removal' started by Yogin, Oct 8, 2012.

Post New Reply
Page 2 of 4

  1. Yogin Newcomer, in training Posts: 56

    16:33:59.0956 4728 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:33:59.0972 4728 NetPipeActivator - ok
    16:33:59.0987 4728 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    16:34:00.0003 4728 netprofm - ok
    16:34:00.0018 4728 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:34:00.0018 4728 NetTcpActivator - ok
    16:34:00.0018 4728 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:34:00.0018 4728 NetTcpPortSharing - ok
    16:34:00.0050 4728 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    16:34:00.0050 4728 nfrd960 - ok
    16:34:00.0112 4728 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    16:34:00.0128 4728 NlaSvc - ok
    16:34:00.0143 4728 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    16:34:00.0159 4728 Npfs - ok
    16:34:00.0174 4728 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    16:34:00.0190 4728 nsi - ok
    16:34:00.0221 4728 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    16:34:00.0221 4728 nsiproxy - ok
    16:34:00.0393 4728 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    16:34:00.0424 4728 Ntfs - ok
    16:34:00.0440 4728 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    16:34:00.0440 4728 Null - ok
    16:34:00.0486 4728 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    16:34:00.0486 4728 nvraid - ok
    16:34:00.0502 4728 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    16:34:00.0502 4728 nvstor - ok
    16:34:00.0564 4728 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    16:34:00.0564 4728 nv_agp - ok
    16:34:00.0611 4728 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    16:34:00.0611 4728 ohci1394 - ok
    16:34:00.0611 4728 ossrv - ok
    16:34:00.0689 4728 [ 360CC26D92D05F2E174E8BB2E62E7FF6 ] OXYGEN C:\Windows\system32\DRIVERS\MAudioOxygen.sys
    16:34:00.0705 4728 OXYGEN - ok
    16:34:00.0830 4728 [ 78C1A5447E6179C45C33EFBEC8C9256C ] OxygenAudioDevMon C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
    16:34:00.0861 4728 OxygenAudioDevMon - ok
    16:34:00.0892 4728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    16:34:00.0892 4728 p2pimsvc - ok
    16:34:00.0923 4728 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    16:34:00.0939 4728 p2psvc - ok
    16:34:00.0954 4728 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    16:34:00.0970 4728 Parport - ok
    16:34:01.0017 4728 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    16:34:01.0017 4728 partmgr - ok
    16:34:01.0032 4728 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    16:34:01.0048 4728 PcaSvc - ok
    16:34:01.0095 4728 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    16:34:01.0110 4728 pci - ok
    16:34:01.0157 4728 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    16:34:01.0157 4728 pciide - ok
    16:34:01.0157 4728 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    16:34:01.0173 4728 pcmcia - ok
    16:34:01.0173 4728 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    16:34:01.0173 4728 pcw - ok
    16:34:01.0204 4728 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    16:34:01.0220 4728 PEAUTH - ok
    16:34:01.0266 4728 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    16:34:01.0329 4728 PeerDistSvc - ok
    16:34:01.0391 4728 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    16:34:01.0391 4728 PerfHost - ok
    16:34:01.0469 4728 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    16:34:01.0500 4728 pla - ok
    16:34:01.0578 4728 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    16:34:01.0594 4728 PlugPlay - ok
    16:34:01.0610 4728 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    16:34:01.0610 4728 PNRPAutoReg - ok
    16:34:01.0641 4728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    16:34:01.0641 4728 PNRPsvc - ok
    16:34:01.0688 4728 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    16:34:01.0703 4728 PolicyAgent - ok
    16:34:01.0719 4728 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    Yogin, Oct 8, 2012
    #21

  2. Yogin Newcomer, in training Posts: 56

    16:34:01.0734 4728 Power - ok
    16:34:01.0781 4728 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    16:34:01.0781 4728 PptpMiniport - ok
    16:34:01.0812 4728 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    16:34:01.0812 4728 Processor - ok
    16:34:01.0859 4728 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    16:34:01.0875 4728 ProfSvc - ok
    16:34:01.0875 4728 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    16:34:01.0890 4728 ProtectedStorage - ok
    16:34:01.0906 4728 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    16:34:01.0906 4728 Psched - ok
    16:34:01.0937 4728 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    16:34:01.0968 4728 ql2300 - ok
    16:34:01.0984 4728 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    16:34:02.0000 4728 ql40xx - ok
    16:34:02.0031 4728 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    16:34:02.0046 4728 QWAVE - ok
    16:34:02.0046 4728 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    16:34:02.0046 4728 QWAVEdrv - ok
    16:34:02.0062 4728 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    16:34:02.0062 4728 RasAcd - ok
    16:34:02.0093 4728 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:34:02.0093 4728 RasAgileVpn - ok
    16:34:02.0109 4728 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    16:34:02.0109 4728 RasAuto - ok
    16:34:02.0124 4728 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:34:02.0124 4728 Rasl2tp - ok
    16:34:02.0171 4728 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    16:34:02.0187 4728 RasMan - ok
    16:34:02.0218 4728 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    16:34:02.0218 4728 RasPppoe - ok
    16:34:02.0218 4728 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    16:34:02.0234 4728 RasSstp - ok
    16:34:02.0280 4728 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    16:34:02.0280 4728 rdbss - ok
    16:34:02.0296 4728 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    16:34:02.0296 4728 rdpbus - ok
    16:34:02.0312 4728 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:34:02.0312 4728 RDPCDD - ok
    16:34:02.0374 4728 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    16:34:02.0374 4728 RDPDR - ok
    16:34:02.0390 4728 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    16:34:02.0390 4728 RDPENCDD - ok
    16:34:02.0390 4728 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    16:34:02.0390 4728 RDPREFMP - ok
    16:34:02.0483 4728 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    16:34:02.0483 4728 RdpVideoMiniport - ok
    16:34:02.0530 4728 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    16:34:02.0530 4728 RDPWD - ok
    16:34:02.0546 4728 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    16:34:02.0546 4728 rdyboost - ok
    16:34:02.0764 4728 [ 5F9AC3243C206EC95F32E4348AE67C13 ] RegFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
    16:34:02.0764 4728 RegFilter - ok
    16:34:02.0795 4728 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    16:34:02.0795 4728 RemoteAccess - ok
    16:34:02.0826 4728 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    16:34:02.0826 4728 RemoteRegistry - ok
    16:34:02.0842 4728 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    16:34:02.0842 4728 RpcEptMapper - ok
    16:34:02.0873 4728 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    16:34:02.0873 4728 RpcLocator - ok
    16:34:02.0936 4728 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    16:34:02.0936 4728 RpcSs - ok
    16:34:02.0951 4728 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    16:34:02.0967 4728 rspndr - ok
    16:34:03.0014 4728 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    16:34:03.0014 4728 s3cap - ok
    16:34:03.0029 4728 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    16:34:03.0029 4728 SamSs - ok
    16:34:03.0138 4728 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    Yogin, Oct 8, 2012
    #22

  3. Yogin Newcomer, in training Posts: 56

    16:34:03.0138 4728 SASDIFSV - ok
    16:34:03.0154 4728 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    16:34:03.0154 4728 SASKUTIL - ok
    16:34:03.0216 4728 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    16:34:03.0248 4728 sbp2port - ok
    16:34:03.0279 4728 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    16:34:03.0294 4728 SCardSvr - ok
    16:34:03.0341 4728 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    16:34:03.0341 4728 scfilter - ok
    16:34:03.0419 4728 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    16:34:03.0466 4728 Schedule - ok
    16:34:03.0482 4728 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    16:34:03.0482 4728 SCPolicySvc - ok
    16:34:03.0497 4728 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    16:34:03.0513 4728 SDRSVC - ok
    16:34:03.0528 4728 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    16:34:03.0544 4728 secdrv - ok
    16:34:03.0544 4728 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    16:34:03.0560 4728 seclogon - ok
    16:34:03.0575 4728 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    16:34:03.0591 4728 SENS - ok
    16:34:03.0606 4728 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    16:34:03.0606 4728 SensrSvc - ok
    16:34:03.0606 4728 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    16:34:03.0606 4728 Serenum - ok
    16:34:03.0622 4728 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    16:34:03.0622 4728 Serial - ok
    16:34:03.0669 4728 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    16:34:03.0669 4728 sermouse - ok
    16:34:03.0731 4728 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    16:34:03.0731 4728 SessionEnv - ok
    16:34:03.0778 4728 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    16:34:03.0794 4728 sffdisk - ok
    16:34:03.0794 4728 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    16:34:03.0809 4728 sffp_mmc - ok
    16:34:03.0809 4728 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    16:34:03.0809 4728 sffp_sd - ok
    16:34:03.0825 4728 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    16:34:03.0825 4728 sfloppy - ok
    16:34:03.0872 4728 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    16:34:03.0872 4728 SharedAccess - ok
    16:34:03.0950 4728 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    16:34:03.0950 4728 ShellHWDetection - ok
    16:34:03.0965 4728 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    16:34:03.0965 4728 SiSRaid2 - ok
    16:34:03.0965 4728 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    16:34:03.0981 4728 SiSRaid4 - ok
    16:34:04.0012 4728 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    16:34:04.0028 4728 SkypeUpdate - ok
    16:34:04.0090 4728 [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
    16:34:04.0090 4728 SmartDefragDriver - ok
    16:34:04.0106 4728 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    16:34:04.0106 4728 Smb - ok
    16:34:04.0121 4728 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    16:34:04.0137 4728 SNMPTRAP - ok
    16:34:04.0152 4728 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    16:34:04.0152 4728 spldr - ok
    16:34:04.0199 4728 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    16:34:04.0215 4728 Spooler - ok
    16:34:04.0324 4728 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    16:34:04.0402 4728 sppsvc - ok
    16:34:04.0418 4728 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    16:34:04.0433 4728 sppuinotify - ok
    16:34:04.0496 4728 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
    16:34:04.0496 4728 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
    16:34:04.0496 4728 sptd ( LockedFile.Multi.Generic ) - warning
    16:34:04.0496 4728 sptd - detected LockedFile.Multi.Generic (1)
    16:34:04.0542 4728 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    16:34:04.0558 4728 srv - ok
    16:34:04.0574 4728 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    Yogin, Oct 8, 2012
    #23

  4. Yogin Newcomer, in training Posts: 56

    16:34:04.0589 4728 srv2 - ok
    16:34:04.0605 4728 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    16:34:04.0620 4728 srvnet - ok
    16:34:04.0652 4728 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    16:34:04.0652 4728 SSDPSRV - ok
    16:34:04.0667 4728 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    16:34:04.0667 4728 SstpSvc - ok
    16:34:04.0745 4728 Steam Client Service - ok
    16:34:04.0761 4728 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    16:34:04.0761 4728 stexstor - ok
    16:34:04.0823 4728 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    16:34:04.0839 4728 stisvc - ok
    16:34:04.0886 4728 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    16:34:04.0886 4728 storflt - ok
    16:34:04.0932 4728 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    16:34:04.0932 4728 storvsc - ok
    16:34:04.0979 4728 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    16:34:04.0995 4728 swenum - ok
    16:34:05.0026 4728 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    16:34:05.0042 4728 swprv - ok
    16:34:05.0057 4728 Synth3dVsc - ok
    16:34:05.0135 4728 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    16:34:05.0182 4728 SysMain - ok
    16:34:05.0229 4728 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    16:34:05.0244 4728 TabletInputService - ok
    16:34:05.0291 4728 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    16:34:05.0291 4728 TapiSrv - ok
    16:34:05.0307 4728 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    16:34:05.0322 4728 TBS - ok
    16:34:05.0447 4728 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    16:34:05.0478 4728 Tcpip - ok
    16:34:05.0541 4728 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    16:34:05.0541 4728 TCPIP6 - ok
    16:34:05.0603 4728 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    16:34:05.0603 4728 tcpipreg - ok
    16:34:05.0634 4728 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    16:34:05.0634 4728 TDPIPE - ok
    16:34:05.0681 4728 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    16:34:05.0681 4728 TDTCP - ok
    16:34:05.0728 4728 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    16:34:05.0728 4728 tdx - ok
    16:34:05.0775 4728 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    16:34:05.0775 4728 TermDD - ok
    16:34:05.0822 4728 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    16:34:05.0837 4728 TermService - ok
    16:34:05.0868 4728 [ 9201BE2BAB8A9FF8E20D8439AE3BB04D ] Themes C:\Windows\system32\themeservice.dll
    16:34:05.0868 4728 Themes - ok
    16:34:05.0884 4728 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    16:34:05.0900 4728 THREADORDER - ok
    16:34:06.0009 4728 [ D7051B945C40D4BF3CB8EA5C9AB31E52 ] TipCtrl C:\Program Files (x86)\uTIPu\TipCtrl.exe
    16:34:06.0009 4728 TipCtrl - ok
    16:34:06.0024 4728 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    16:34:06.0040 4728 TrkWks - ok
    16:34:06.0102 4728 [ 9BF9E809FBB2D5D0403B32B15ABE5F30 ] TrojanKillerDriver C:\Windows\system32\DRIVERS\gtkdrv.sys
    16:34:06.0102 4728 TrojanKillerDriver - ok
    16:34:06.0165 4728 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    16:34:06.0180 4728 TrustedInstaller - ok
    16:34:06.0227 4728 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:34:06.0227 4728 tssecsrv - ok
    16:34:06.0258 4728 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    16:34:06.0258 4728 TsUsbFlt - ok
    16:34:06.0258 4728 tsusbhub - ok
    16:34:06.0305 4728 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    16:34:06.0321 4728 tunnel - ok
    16:34:06.0336 4728 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    16:34:06.0336 4728 uagp35 - ok
    16:34:06.0352 4728 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    16:34:06.0368 4728 udfs - ok
    16:34:06.0399 4728 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    16:34:06.0399 4728 UI0Detect - ok
    Yogin, Oct 8, 2012
    #24

  5. Yogin Newcomer, in training Posts: 56

    16:34:06.0414 4728 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    16:34:06.0414 4728 uliagpkx - ok
    16:34:06.0461 4728 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    16:34:06.0461 4728 umbus - ok
    16:34:06.0477 4728 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    16:34:06.0477 4728 UmPass - ok
    16:34:06.0524 4728 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    16:34:06.0539 4728 UmRdpService - ok
    16:34:06.0555 4728 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    16:34:06.0586 4728 upnphost - ok
    16:34:06.0586 4728 [ 241080F1B28E68F0D00F8F1066A3780D ] UrlFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
    16:34:06.0602 4728 UrlFilter - ok
    16:34:06.0648 4728 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    16:34:06.0648 4728 usbccgp - ok
    16:34:06.0695 4728 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    16:34:06.0695 4728 usbcir - ok
    16:34:06.0726 4728 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    16:34:06.0726 4728 usbehci - ok
    16:34:06.0742 4728 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    16:34:06.0742 4728 usbhub - ok
    16:34:06.0758 4728 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    16:34:06.0758 4728 usbohci - ok
    16:34:06.0789 4728 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    16:34:06.0789 4728 usbprint - ok
    16:34:06.0804 4728 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:34:06.0804 4728 USBSTOR - ok
    16:34:06.0820 4728 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    16:34:06.0820 4728 usbuhci - ok
    16:34:06.0882 4728 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    16:34:06.0882 4728 usbvideo - ok
    16:34:06.0914 4728 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    16:34:06.0914 4728 UxSms - ok
    16:34:06.0929 4728 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    16:34:06.0929 4728 VaultSvc - ok
    16:34:06.0976 4728 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    16:34:06.0976 4728 vdrvroot - ok
    16:34:07.0038 4728 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    16:34:07.0054 4728 vds - ok
    16:34:07.0070 4728 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    16:34:07.0070 4728 vga - ok
    16:34:07.0085 4728 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    16:34:07.0085 4728 VgaSave - ok
    16:34:07.0085 4728 VGPU - ok
    16:34:07.0148 4728 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    16:34:07.0148 4728 vhdmp - ok
    16:34:07.0194 4728 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    16:34:07.0194 4728 viaide - ok
    16:34:07.0241 4728 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    16:34:07.0241 4728 vmbus - ok
    16:34:07.0272 4728 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    16:34:07.0288 4728 VMBusHID - ok
    16:34:07.0335 4728 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    16:34:07.0335 4728 volmgr - ok
    16:34:07.0397 4728 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    16:34:07.0397 4728 volmgrx - ok
    16:34:07.0444 4728 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    16:34:07.0460 4728 volsnap - ok
    16:34:07.0475 4728 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    16:34:07.0475 4728 vsmraid - ok
    16:34:07.0553 4728 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    16:34:07.0600 4728 VSS - ok
    16:34:07.0616 4728 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    16:34:07.0616 4728 vwifibus - ok
    16:34:07.0631 4728 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    16:34:07.0647 4728 W32Time - ok
    16:34:07.0662 4728 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    16:34:07.0662 4728 WacomPen - ok
    16:34:07.0709 4728 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    16:34:07.0709 4728 WANARP - ok
    16:34:07.0709 4728 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    Yogin, Oct 8, 2012
    #25

  6. Yogin Newcomer, in training Posts: 56

    16:34:07.0709 4728 Wanarpv6 - ok
    16:34:07.0787 4728 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    16:34:07.0818 4728 WatAdminSvc - ok
    16:34:07.0896 4728 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    16:34:07.0928 4728 wbengine - ok
    16:34:07.0959 4728 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    16:34:07.0959 4728 WbioSrvc - ok
    16:34:08.0021 4728 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    16:34:08.0037 4728 wcncsvc - ok
    16:34:08.0037 4728 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    16:34:08.0052 4728 WcsPlugInService - ok
    16:34:08.0068 4728 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    16:34:08.0068 4728 Wd - ok
    16:34:08.0099 4728 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    16:34:08.0130 4728 Wdf01000 - ok
    16:34:08.0130 4728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    16:34:08.0146 4728 WdiServiceHost - ok
    16:34:08.0146 4728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    16:34:08.0146 4728 WdiSystemHost - ok
    16:34:08.0162 4728 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    16:34:08.0177 4728 WebClient - ok
    16:34:08.0208 4728 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    16:34:08.0224 4728 Wecsvc - ok
    16:34:08.0240 4728 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    16:34:08.0240 4728 wercplsupport - ok
    16:34:08.0255 4728 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    16:34:08.0286 4728 WerSvc - ok
    16:34:08.0349 4728 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    16:34:08.0427 4728 WfpLwf - ok
    16:34:08.0427 4728 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    16:34:08.0427 4728 WIMMount - ok
    16:34:08.0442 4728 WinDefend - ok
    16:34:08.0536 4728 [ 8258726D076C8FFF994F468712DDFBAB ] WindowBlinds C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
    16:34:08.0552 4728 WindowBlinds - ok
    16:34:08.0552 4728 WinHttpAutoProxySvc - ok
    16:34:08.0598 4728 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    16:34:08.0598 4728 Winmgmt - ok
    16:34:08.0692 4728 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
    16:34:08.0692 4728 WinRing0_1_2_0 - ok
    16:34:08.0770 4728 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    16:34:08.0832 4728 WinRM - ok
    16:34:08.0910 4728 Winstep Xtreme Service - ok
    16:34:08.0957 4728 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    16:34:08.0973 4728 Wlansvc - ok
    16:34:09.0129 4728 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:34:09.0176 4728 wlidsvc - ok
    16:34:09.0222 4728 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    16:34:09.0238 4728 WmiAcpi - ok
    16:34:09.0269 4728 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    16:34:09.0269 4728 wmiApSrv - ok
    16:34:09.0300 4728 WMPNetworkSvc - ok
    16:34:09.0316 4728 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    16:34:09.0332 4728 WPCSvc - ok
    16:34:09.0378 4728 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    16:34:09.0394 4728 WPDBusEnum - ok
    16:34:09.0410 4728 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    16:34:09.0410 4728 ws2ifsl - ok
    16:34:09.0425 4728 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    16:34:09.0441 4728 wscsvc - ok
    16:34:09.0441 4728 WSearch - ok
    16:34:09.0550 4728 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll
    16:34:09.0597 4728 wuauserv - ok
    16:34:09.0644 4728 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    16:34:09.0644 4728 WudfPf - ok
    16:34:09.0659 4728 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:34:09.0659 4728 WUDFRd - ok
    16:34:09.0675 4728 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    16:34:09.0675 4728 wudfsvc - ok
    16:34:09.0706 4728 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    16:34:09.0722 4728 WwanSvc - ok
    Yogin, Oct 8, 2012
    #26
     

  7. Yogin Newcomer, in training Posts: 56

    16:34:09.0831 4728 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    16:34:09.0831 4728 YahooAUService - ok
    16:34:09.0831 4728 ================ Scan global ===============================
    16:34:09.0878 4728 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    16:34:09.0924 4728 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    16:34:09.0940 4728 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    16:34:09.0971 4728 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    16:34:09.0987 4728 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    16:34:09.0987 4728 [Global] - ok
    16:34:09.0987 4728 ================ Scan MBR ==================================
    16:34:10.0002 4728 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    16:34:10.0330 4728 \Device\Harddisk0\DR0 - ok
    16:34:10.0330 4728 ================ Scan VBR ==================================
    16:34:10.0330 4728 [ A6F0C505584855FFEE8AFBF5CFE700D3 ] \Device\Harddisk0\DR0\Partition1
    16:34:10.0330 4728 \Device\Harddisk0\DR0\Partition1 - ok
    16:34:10.0361 4728 [ C3CBCEC1B0B2349404438FC6DCD5C4A6 ] \Device\Harddisk0\DR0\Partition2
    16:34:10.0361 4728 \Device\Harddisk0\DR0\Partition2 - ok
    16:34:10.0361 4728 ============================================================
    16:34:10.0361 4728 Scan finished
    16:34:10.0361 4728 ============================================================
    16:34:10.0361 2972 Detected object count: 1
    16:34:10.0361 2972 Actual detected object count: 1
    16:34:17.0007 2972 sptd ( LockedFile.Multi.Generic ) - skipped by user
    16:34:17.0007 2972 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    16:36:33.0070 1400 Deinitialize success
    Yogin, Oct 8, 2012
    #27

  8. Yogin Newcomer, in training Posts: 56

    Rkreport 1 ~

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : living room [Admin rights]
    Mode : Scan -- Date : 10/08/2012 16:37:33

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [TASK][SUSP PATH] {87ABFD4B-12EA-4802-9B4F-F70FF23CCD93} : C:\Windows\system32\pcalua.exe -a "C:\Users\living room\Desktop\Windows_Theme_Installer\Windows Theme Installer\Windows Theme Installer v 1.1.exe" -d "C:\Users\living room\Desktop\Windows_Theme_Installer\Windows Theme Installer" -> FOUND
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3160815AS ATA Device +++++
    --- User ---
    [MBR] af8cfb67003cd45d7c2a3d377ecebefc
    [BSP] a222edccd51f98efadd9b1bc81cac7e7 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152485 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
    Yogin, Oct 8, 2012
    #28

  9. Yogin Newcomer, in training Posts: 56

    RKreport 2 ~

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : living room [Admin rights]
    Mode : Remove -- Date : 10/08/2012 16:38:27

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [TASK][SUSP PATH] {87ABFD4B-12EA-4802-9B4F-F70FF23CCD93} : C:\Windows\system32\pcalua.exe -a "C:\Users\living room\Desktop\Windows_Theme_Installer\Windows Theme Installer\Windows Theme Installer v 1.1.exe" -d "C:\Users\living room\Desktop\Windows_Theme_Installer\Windows Theme Installer" -> DELETED
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3160815AS ATA Device +++++
    --- User ---
    [MBR] af8cfb67003cd45d7c2a3d377ecebefc
    [BSP] a222edccd51f98efadd9b1bc81cac7e7 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152485 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
    Yogin, Oct 8, 2012
    #29

  10. Yogin Newcomer, in training Posts: 56

    aswMBR Report ~

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-08 16:39:50
    -----------------------------
    16:39:50.348 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:39:50.348 Number of processors: 2 586 0xF0B
    16:39:50.348 ComputerName: YOGI-PC UserName:
    16:39:50.754 Initialize success
    16:39:52.049 AVAST engine defs: 12100800
    16:40:00.644 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2
    16:40:00.644 Disk 0 Vendor: ST3160815AS 4.ADA Size: 152587MB BusType: 3
    16:40:00.722 Disk 0 MBR read successfully
    16:40:00.722 Disk 0 MBR scan
    16:40:00.722 Disk 0 Windows 7 default MBR code
    16:40:00.738 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    16:40:00.753 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152485 MB offset 206848
    16:40:00.769 Disk 0 scanning C:\Windows\system32\drivers
    16:40:25.823 Service scanning
    16:40:43.529 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    16:40:49.597 Modules scanning
    16:40:49.597 Disk 0 trace - called modules:
    16:40:49.613 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80018342c0]<<spbn.sys ataport.SYS intelide.sys
    16:40:49.613 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800278d060]
    16:40:49.628 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-2[0xfffffa8002682060]
    16:40:49.628 \Driver\atapi[0xfffffa8002639060] -> IRP_MJ_CREATE -> 0xfffffa80018342c0
    16:40:49.909 AVAST engine scan C:\Windows
    16:40:58.598 AVAST engine scan C:\Windows\system32
    16:43:22.290 AVAST engine scan C:\Windows\system32\drivers
    16:43:32.851 AVAST engine scan C:\Users\living room
    16:52:19.274 Disk 0 MBR has been saved successfully to "C:\Users\living room\Desktop\MBR.dat"
    16:52:19.274 The log file has been saved successfully to "C:\Users\living room\Desktop\aswMBR.txt"
    Yogin, Oct 8, 2012
    #30

  11. Broni Malware Annihilator Posts: 39,353   +175

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
    Broni, Oct 8, 2012
    #31

  12. Yogin Newcomer, in training Posts: 56

    YOU ARE FAST! will do, thanks again
    Yogin, Oct 8, 2012
    #32

  13. Broni Malware Annihilator Posts: 39,353   +175

    Hahaha...
    Broni, Oct 8, 2012
    #33

  14. Yogin Newcomer, in training Posts: 56

    Well, firefox will come here now.

    I ran combofix, seemed fine until restart.

    1st, after logon pc said " Failure Configuring Windows Updates... Reverting Changes. Do Not Turn Off Computer.

    it restarted again, combo fix made log I will post in a second. But trying to open any browser or the word doc I made of your instructions said invalid as scheduled for delete. So I did system restore & that is where I am at...

    Here is the combofix log ~

    ComboFix 12-10-08.03 - living room 10/08/2012 17:27:53.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2014.827 [GMT -5:00]
    Running from: c:\users\living room\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\living room\AppData\Local\TempDIR
    c:\users\living room\AppData\Roaming\Error.log
    c:\windows\SysWow64\ccrpTmr6.dll
    c:\windows\SysWow64\SET75E7.tmp
    c:\windows\SysWow64\SET7BD6.tmp
    c:\windows\SysWow64\SET7BF8.tmp
    c:\windows\SysWow64\SET7DA4.tmp
    c:\windows\SysWow64\SET9D4C.tmp
    c:\windows\SysWow64\SETA27C.tmp
    c:\windows\SysWow64\SETD5A9.tmp
    c:\windows\SysWow64\SETE4C0.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-08 19:38 . 2012-10-08 19:38 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-10-08 18:09 . 2012-10-08 18:09 -------- d-----w- c:\programdata\Yahoo! Companion
    2012-10-07 22:45 . 2012-10-07 22:45 -------- d-----w- c:\programdata\ATI
    2012-10-07 22:45 . 2012-10-07 22:45 -------- d-----w- c:\program files (x86)\AMD AVT
    2012-09-23 10:59 . 2012-10-06 10:11 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41F39C86-94F5-4D99-A7E9-DB5A5D595107}\offreg.dll
    2012-09-22 07:14 . 2012-09-19 05:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41F39C86-94F5-4D99-A7E9-DB5A5D595107}\mpengine.dll
    2012-09-20 18:37 . 2012-10-06 04:31 -------- d-----w- c:\program files (x86)\Analog Devices
    2012-09-20 18:37 . 2007-11-12 19:27 49152 ----a-w- c:\windows\SysWow64\DSndUp.exe
    2012-09-20 03:49 . 2012-10-06 04:38 -------- d-----w- c:\program files (x86)\Common Files\Steam
    2012-09-20 03:49 . 2012-10-08 19:05 -------- d-----w- c:\program files (x86)\Steam
    2012-09-20 03:00 . 2012-09-20 03:00 -------- d-----w- c:\program files (x86)\2K Games
    2012-09-18 02:11 . 2012-09-19 18:32 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
    2012-09-16 18:33 . 2012-09-16 18:33 289768 ----a-w- c:\windows\system32\javaws.exe
    2012-09-16 18:33 . 2012-09-16 18:33 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-09-16 18:33 . 2012-09-16 18:33 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-09-16 18:33 . 2012-09-16 18:33 188904 ----a-w- c:\windows\system32\java.exe
    2012-09-16 18:33 . 2012-09-16 18:33 -------- d-----w- c:\program files\Java
    2012-09-16 18:30 . 2012-09-16 18:33 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-09-16 18:30 . 2012-09-16 18:33 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-09-09 02:27 . 2012-09-09 02:27 -------- dc-h--w- c:\programdata\{3689B77C-90FA-4663-91AB-5AB34383CD81}
    2012-09-09 02:24 . 2012-09-09 02:24 -------- dc-h--w- c:\programdata\{24E3A4D8-9E57-4B19-9715-6E61513095D7}
    2012-09-09 02:23 . 2012-09-09 02:23 -------- dc-h--w- c:\programdata\{442B6EC3-77A0-4817-825F-67F47D7A2E54}
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-08 22:20 . 2012-07-18 18:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-08 22:20 . 2012-07-18 18:13 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-07 22:04 . 2011-12-12 18:14 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-29 01:24 . 2012-07-03 14:32 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-08-29 01:24 . 2011-11-30 13:13 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-07-28 03:47 . 2012-07-28 03:47 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-07-28 03:47 . 2012-07-28 03:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-07-28 03:47 . 2012-07-28 03:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-07-28 03:47 . 2012-07-28 03:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-07-28 03:47 . 2012-07-28 03:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-07-28 03:46 . 2012-07-28 03:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
    2012-07-28 03:46 . 2012-07-28 03:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-07-13 17:26 . 2012-07-13 17:26 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-07-13 17:26 . 2012-07-13 17:26 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-07-13 17:26 . 2012-07-13 17:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-07-13 17:25 . 2012-07-13 17:25 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-07-13 17:25 . 2012-07-13 17:25 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-07-13 17:25 . 2012-07-13 17:25 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
    @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
    [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
    2009-10-16 16:46 97072 ----a-w- c:\program files (x86)\Nero\Tools\InCD\NBHshx.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Wisdom-soft ScreenHunter 5.1 Free"="0" [X]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "Nexus"="c:\program files (x86)\Winstep\Nexus.exe" [2011-11-18 13599872]
    "SmartRAM"="c:\program files (x86)\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" [2012-07-31 428928]
    "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-09-20 1353080]
    "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-04-06 393216]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    "AsioReg"="CTASIO.DLL" [2002-07-19 106496]
    "KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
    "tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-06 296056]
    "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-20 363752]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "midi2"=KORGUM64.DRV
    "midi5"=KORGUM64.DRV
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
    R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
    S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2008-03-26 36432]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 22:20]
    .
    2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 07:06]
    .
    2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 07:06]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
    @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
    [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
    2009-10-16 16:46 110384 ----a-w- c:\program files\Nero\Tools\InCD\NBHshx.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
    "midi2"=KORGUM64.DRV
    "midi5"=KORGUM64.DRV
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
    IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
    TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
    FF - ProfilePath - c:\users\living room\AppData\Roaming\Mozilla\Firefox\Profiles\g7tbw4ca.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-dBpowerAMP Music Converter - c:\windows\system32\SpoonUninstall.exe
    AddRemove-Akamai - c:\users\living room\AppData\Local\Akamai\uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_6c825ce.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_6c825ce.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
    "ImagePath"="c:\program files (x86)\Winstep\WsxService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
    36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
    8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:3f,f8,86,8c,a7,06,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,c6,6f,a3,14,56,8a,4c,81,65,df,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,c6,6f,a3,14,56,8a,4c,81,65,df,\
    .
    [HKEY_USERS\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\0c\00\04\17+\1aß"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Nero\Tools\InCD\InCDSrv.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    c:\program files (x86)\M-Audio\Oxygen\AudioDevMon.exe
    c:\program files (x86)\Winstep\WsxService.exe
    c:\program files (x86)\IObit\Game Booster 3\gbtray.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-08 18:00:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-08 23:00
    .
    Pre-Run: 4,584,480,768 bytes free
    Post-Run: 4,407,377,920 bytes free
    .
    - - End Of File - - B611F280889A7CC7394FC3AC4041B496
    Yogin, Oct 8, 2012
    #34

  15. Yogin Newcomer, in training Posts: 56

    Do the rkill?
    Yogin, Oct 8, 2012
    #35

  16. Broni Malware Annihilator Posts: 39,353   +175

    Why didn't you read the rules I posted at the very beginning?
    Why didn't you read Combofix instructions carefully?
    I also said:
    Again Combofix instructions ask for rKill IF...

    Removing infection is not a child play and I also don't like my free time being wasted!

    If you're careless again this topic will be closed in no time.

    Which system restore point did you use?
    Broni, Oct 8, 2012
    #36

  17. Yogin Newcomer, in training Posts: 56

    Thanks & my apologies, The one I created earlier per instructions.
    Yogin, Oct 8, 2012
    #37

  18. Yogin Newcomer, in training Posts: 56

    As it restarted & said not able to update I figured something went wrong. So run combofix again as that is where pc is...?
    Yogin, Oct 8, 2012
    #38

  19. Yogin Newcomer, in training Posts: 56

    I will be donating as I appreciate the help :)
    Yogin, Oct 8, 2012
    #39

  20. Broni Malware Annihilator Posts: 39,353   +175

    Don't worry about updates or any other errors at this point.

    Re-run Combofix and post new log.
    Broni, Oct 8, 2012
    #40
Page 2 of 4

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.