TechSpot

Win64/Patched.B.Gen trojan, maybe more

By Socie
Sep 1, 2012
  1. Please help, I have been trying to deal with this myself for two months now. Says it's deleted but it is not.

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.31.13
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Mark :: SOCIE [limited]
    Protection: Enabled
    9/1/2012 12:29:48 AM
    mbam-log-2012-09-01 (00-29-48).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218197
    Time elapsed: 5 minute(s), 58 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\Installer\{9fcc2808-15cf-4929-c6a8-311775864611}\U\800000cb.@ (RootKit.0Access.H) -> Quarantined and deleted successfully.
    (end)
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  3. Socie

    Socie TS Rookie Topic Starter Posts: 46

    I have tried running combofix.exe and iexplore.exe in regular and safe mode and I cannot get a report to show. It now tells me my recycle bin is corrupted on restart as well. Ideas?
     
  4. Socie

    Socie TS Rookie Topic Starter Posts: 46

    Never mind it's running right now, will post report when completed.
     
  5. Socie

    Socie TS Rookie Topic Starter Posts: 46

    "C:\Combo-Fix.txt"

    ComboFix 12-08-31.08 - Mark 09/01/2012 10:00:39.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4014.2596 [GMT -4:00]
    Running from: c:\users\Mark\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\data
    c:\data\c0ha^ie284_o\us_sres.data
    c:\program files (x86)\StartNow Toolbar
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
    c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
    c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
    c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
    c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
    c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
    c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
    c:\program files (x86)\StartNow Toolbar\Resources\update.xml
    c:\program files (x86)\StartNow Toolbar\uninstall.dat
    c:\windows\Installer\{9fcc2808-15cf-4929-c6a8-311775864611}\@
    c:\windows\Installer\{9fcc2808-15cf-4929-c6a8-311775864611}\U\00000001.@
    c:\windows\Installer\{9fcc2808-15cf-4929-c6a8-311775864611}\U\80000000.@
    c:\windows\Installer\{9fcc2808-15cf-4929-c6a8-311775864611}\U\800000cb.@
    .
    Infected copy of c:\windows\system32\Services.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_Updater Service for StartNow Toolbar
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-01 14:20 . 2012-09-01 14:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-01 04:08 . 2012-09-01 04:08 110080 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{F3D711FA-C72D-4688-95B3-C7A71DB2F1A0}\IconF7A21AF7.exe
    2012-09-01 04:08 . 2012-09-01 04:08 110080 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{F3D711FA-C72D-4688-95B3-C7A71DB2F1A0}\IconD7F16134.exe
    2012-09-01 04:08 . 2012-09-01 04:08 110080 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{F3D711FA-C72D-4688-95B3-C7A71DB2F1A0}\Icon5B4E0377.exe
    2012-09-01 04:07 . 2012-09-01 04:08 -------- d-----w- c:\windows\F3D711FAC72D468895B3C7A71DB2F1A0.TMP
    2012-08-06 14:49 . 2012-08-06 14:49 -------- d-----w- C:\ApolloDVD
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-17 00:12 . 2012-04-02 03:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-17 00:12 . 2011-07-15 00:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-16 23:42 . 2012-04-14 02:42 9232584 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-07-06 03:48 . 2012-07-06 03:34 29808 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2012-07-03 17:46 . 2011-12-26 19:09 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-14 04:43 . 2010-08-16 03:20 58957832 ----a-w- c:\windows\system32\MRT.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-10-10 19:51 3906656 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2010-10-10 19:51 3906656 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-29 02:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-10-10 3906656]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-10-10 3906656]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
    "{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll" [2012-02-06 2664864]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
    [HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer5"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    2;2 SampleCollector;VAIO Care Performance Service [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 250056]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
    R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-03-03 158720]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 29720]
    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-07-06 29808]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-20 115568]
    R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-16 1255736]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
    R4 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-08-13 49152]
    R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2011-08-03 400368]
    R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-03-19 93184]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-03-19 77312]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776]
    S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416]
    S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-18 334888]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-18 39464]
    S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 21072]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-03-18 86120]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-02-11 12032]
    S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-10-20 393216]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 00:12]
    .
    2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 13:50]
    .
    2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 13:50]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
    "combofix"="c:\combofix\CF22560.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/?fr=fptb-yie9/
    mStart Page = hxxp://www.bigseekpro.com/solidyoutube/{D5686C19-DD45-4D6A-AEE8-6B758E47F2E6}
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: cinemanow.com
    Trusted Zone: roxio.com
    Trusted Zone: roxionow.com
    Trusted Zone: sonic.com
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
    WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
    AddRemove-FlixsterCollections - c:\users\Mark\Desktop\Flixster Collections\Flixster Collections.exe
    AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
    AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe
    AddRemove-2501900588.ultraviolet.sonypictures.com - c:\program files (x86)\Microsoft Silverlight\4.1.10329.0\Silverlight.Configuration.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Sony\VAIO Care\VCSpt.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
    c:\windows\SysWOW64\DllHost.exe
    c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe
    c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe
    c:\program files\Sony\VAIO Care\listener.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-01 10:33:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-01 14:33
    .
    Pre-Run: 33,034,752,000 bytes free
    Post-Run: 33,016,475,648 bytes free
    .
    - - End Of File - - DEF31C64DC74EA6EDFEB2AE061283024
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Greetings

    Please download TDSSKiller from here and save it to your Desktop.
    • Doubleclick TDSSKiller.exe to run the tool
    • Click the Start Scan button
    • After the scan has finished, click the Close button
    • Click the Report button and copy/paste the contents of it into your next reply
    Note:It will also create a log in the C:\ directory.

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
     
  7. Socie

    Socie TS Rookie Topic Starter Posts: 46

    TDSSKiller.exe


    14:07:33.0959 1852 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48



    14:07:34.0396 1852 ============================================================



    14:07:34.0396 1852 Current date / time: 2012/09/01 14:07:34.0396



    14:07:34.0396 1852 SystemInfo:



    14:07:34.0396 1852



    14:07:34.0396 1852 OS Version: 6.1.7601 ServicePack: 1.0



    14:07:34.0396 1852 Product type: Workstation



    14:07:34.0396 1852 ComputerName: SOCIE



    14:07:34.0396 1852 UserName: Mark



    14:07:34.0396 1852 Windows directory: C:\Windows



    14:07:34.0396 1852 System windows directory: C:\Windows



    14:07:34.0396 1852 Running under WOW64



    14:07:34.0396 1852 Processor architecture: Intel x64



    14:07:34.0396 1852 Number of processors: 4



    14:07:34.0396 1852 Page size: 0x1000



    14:07:34.0396 1852 Boot type: Normal boot



    14:07:34.0396 1852 ============================================================



    14:07:34.0926 1852 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040



    14:07:34.0926 1852 ============================================================



    14:07:34.0926 1852 \Device\Harddisk0\DR0:



    14:07:34.0926 1852 MBR partitions:



    14:07:34.0926 1852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13DB000, BlocksNum 0x32000



    14:07:34.0926 1852 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x140D000, BlocksNum 0x38F78830



    14:07:34.0926 1852 ============================================================



    14:07:34.0973 1852 C: <-> \Device\Harddisk0\DR0\Partition2



    14:07:34.0973 1852 ============================================================



    14:07:34.0973 1852 Initialize success



    14:07:34.0973 1852 ============================================================



    14:07:50.0448 6140 ============================================================



    14:07:50.0448 6140 Scan started



    14:07:50.0448 6140 Mode: Manual;



    14:07:50.0448 6140 ============================================================



    14:07:51.0228 6140 ================ Scan system memory ========================



    14:07:51.0228 6140 System memory - ok



    14:07:51.0228 6140 ================ Scan services =============================



    14:07:51.0462 6140 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys



    14:07:51.0462 6140 1394ohci - ok



    14:07:51.0540 6140 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys



    14:07:51.0540 6140 61883 - ok



    14:07:51.0649 6140 [ 35F57598F0589FEB3C3ABC1621BF329F ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe



    14:07:51.0649 6140 ACDaemon - ok



    14:07:51.0727 6140 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys



    14:07:51.0727 6140 ACPI - ok



    14:07:51.0790 6140 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys



    14:07:51.0790 6140 AcpiPmi - ok



    14:07:51.0899 6140 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe



    14:07:51.0899 6140 AdobeARMservice - ok



    14:07:52.0117 6140 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe



    14:07:52.0117 6140 AdobeFlashPlayerUpdateSvc - ok



    14:07:52.0195 6140 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys



    14:07:52.0195 6140 adp94xx - ok



    14:07:52.0242 6140 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys



    14:07:52.0242 6140 adpahci - ok



    14:07:52.0242 6140 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys



    14:07:52.0242 6140 adpu320 - ok



    14:07:52.0273 6140 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll



    14:07:52.0273 6140 AeLookupSvc - ok



    14:07:52.0351 6140 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys



    14:07:52.0351 6140 AFD - ok



    14:07:52.0414 6140 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys



    14:07:52.0414 6140 agp440 - ok



    14:07:52.0476 6140 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe



    14:07:52.0476 6140 ALG - ok



    14:07:52.0538 6140 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys



    14:07:52.0538 6140 aliide - ok



    14:07:52.0585 6140 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys



    14:07:52.0585 6140 amdide - ok



    14:07:52.0648 6140 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys



    14:07:52.0648 6140 AmdK8 - ok



    14:07:52.0694 6140 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys



    14:07:52.0694 6140 AmdPPM - ok



    14:07:52.0741 6140 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys



    14:07:52.0741 6140 amdsata - ok



    14:07:52.0772 6140 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys



    14:07:52.0772 6140 amdsbs - ok



    14:07:52.0835 6140 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys



    14:07:52.0835 6140 amdxata - ok



    14:07:52.0928 6140 [ 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38 ] ApfiltrService C:\Windows\system32\drivers\Apfiltr.sys



    14:07:52.0928 6140 ApfiltrService - ok



    14:07:52.0991 6140 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys



    14:07:52.0991 6140 AppID - ok



    14:07:53.0022 6140 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll



    14:07:53.0022 6140 AppIDSvc - ok



    14:07:53.0069 6140 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll



    14:07:53.0069 6140 Appinfo - ok



    14:07:53.0178 6140 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe



    14:07:53.0178 6140 Apple Mobile Device - ok



    14:07:53.0272 6140 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys



    14:07:53.0287 6140 arc - ok



    14:07:53.0303 6140 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys



    14:07:53.0303 6140 arcsas - ok



    14:07:53.0350 6140 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys



    14:07:53.0350 6140 AsyncMac - ok



    14:07:53.0412 6140 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys



    14:07:53.0412 6140 atapi - ok



    14:07:53.0521 6140 [ 08BAAA2432E81031A6C3B11AD5A67E2B ] athr C:\Windows\system32\DRIVERS\athrx.sys



    14:07:53.0537 6140 athr - ok



    14:07:53.0630 6140 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll



    14:07:53.0630 6140 AudioEndpointBuilder - ok



    14:07:53.0662 6140 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll



    14:07:53.0662 6140 AudioSrv - ok



    14:07:53.0724 6140 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys



    14:07:53.0724 6140 Avc - ok



    14:07:53.0818 6140 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll



    14:07:53.0818 6140 AxInstSV - ok



    14:07:53.0896 6140 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys



    14:07:53.0896 6140 b06bdrv - ok



    14:07:53.0974 6140 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys



    14:07:53.0974 6140 b57nd60a - ok



    14:07:54.0083 6140 [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE



    14:07:54.0083 6140 BBSvc - ok



    14:07:54.0114 6140 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll



    14:07:54.0114 6140 BDESVC - ok



    14:07:54.0161 6140 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys



    14:07:54.0161 6140 Beep - ok



    14:07:54.0301 6140 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll



    14:07:54.0301 6140 BFE - ok



    14:07:54.0395 6140 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys



    14:07:54.0395 6140 blbdrive - ok



    14:07:54.0520 6140 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe



    14:07:54.0520 6140 Bonjour Service - ok



    14:07:54.0598 6140 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys



    14:07:54.0598 6140 bowser - ok



    14:07:54.0660 6140 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys



    14:07:54.0660 6140 BrFiltLo - ok



    14:07:54.0691 6140 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys



    14:07:54.0691 6140 BrFiltUp - ok



    14:07:54.0754 6140 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys



    14:07:54.0754 6140 BridgeMP - ok



    14:07:54.0816 6140 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll



    14:07:54.0816 6140 Browser - ok



    14:07:54.0832 6140 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys



    14:07:54.0847 6140 Brserid - ok



    14:07:54.0863 6140 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys



    14:07:54.0863 6140 BrSerWdm - ok



    14:07:54.0878 6140 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys



    14:07:54.0878 6140 BrUsbMdm - ok



    14:07:54.0910 6140 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys



    14:07:54.0910 6140 BrUsbSer - ok



    14:07:54.0972 6140 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys



    14:07:54.0972 6140 BthEnum - ok



    14:07:55.0003 6140 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys



    14:07:55.0003 6140 BTHMODEM - ok



    14:07:55.0019 6140 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys



    14:07:55.0019 6140 BthPan - ok



    14:07:55.0097 6140 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys



    14:07:55.0112 6140 BTHPORT - ok



    14:07:55.0159 6140 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll



    14:07:55.0159 6140 bthserv - ok



    14:07:55.0222 6140 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys



    14:07:55.0222 6140 BTHUSB - ok



    14:07:55.0300 6140 [ 71A07B6FC98030935E60EDBFFE9E9C85 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys



    14:07:55.0300 6140 btwampfl - ok



    14:07:55.0315 6140 [ BA5622F5544C6C445DFF1A05ACC8B19D ] btwaudio C:\Windows\system32\drivers\btwaudio.sys



    14:07:55.0315 6140 btwaudio - ok



    14:07:55.0393 6140 [ A11905D0F4BD34771F195217B6AA5AE0 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys



    14:07:55.0393 6140 btwavdt - ok



    14:07:55.0502 6140 [ 1AF4ADB12E5EC25041166DA38C3B42C9 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe



    14:07:55.0502 6140 btwdins - ok



    14:07:55.0565 6140 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys



    14:07:55.0565 6140 btwl2cap - ok



    14:07:55.0580 6140 [ BD776F32D64EC615BE4563DC2747224E ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys



    14:07:55.0580 6140 btwrchid - ok



    14:07:55.0799 6140 catchme - ok



    14:07:55.0830 6140 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys



    14:07:55.0830 6140 cdfs - ok



    14:07:55.0892 6140 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys



    14:07:55.0892 6140 cdrom - ok



    14:07:55.0970 6140 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll



    14:07:55.0970 6140 CertPropSvc - ok



    14:07:56.0017 6140 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys



    14:07:56.0017 6140 circlass - ok



    14:07:56.0080 6140 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys



    14:07:56.0095 6140 CLFS - ok



    14:07:56.0173 6140 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe



    14:07:56.0173 6140 clr_optimization_v2.0.50727_32 - ok



    14:07:56.0220 6140 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe



    14:07:56.0220 6140 clr_optimization_v2.0.50727_64 - ok



    14:07:56.0314 6140 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe



    14:07:56.0314 6140 clr_optimization_v4.0.30319_32 - ok



    14:07:56.0345 6140 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe



    14:07:56.0345 6140 clr_optimization_v4.0.30319_64 - ok



    14:07:56.0376 6140 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys



    14:07:56.0376 6140 CmBatt - ok



    14:07:56.0423 6140 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys



    14:07:56.0423 6140 cmdide - ok



    14:07:56.0470 6140 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys



    14:07:56.0485 6140 CNG - ok



    14:07:56.0548 6140 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys



    14:07:56.0548 6140 Compbatt - ok



    14:07:56.0610 6140 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys



    14:07:56.0610 6140 CompositeBus - ok



    14:07:56.0641 6140 COMSysApp - ok



    14:07:56.0672 6140 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys



    14:07:56.0672 6140 crcdisk - ok



    14:07:56.0719 6140 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll



    14:07:56.0719 6140 CryptSvc - ok



    14:07:56.0782 6140 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll



    14:07:56.0782 6140 DcomLaunch - ok



    14:07:56.0813 6140 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll



    14:07:56.0813 6140 defragsvc - ok



    14:07:56.0860 6140 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys



    14:07:56.0860 6140 DfsC - ok



    14:07:56.0938 6140 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll



    14:07:56.0953 6140 Dhcp - ok



    14:07:57.0000 6140 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys



    14:07:57.0000 6140 discache - ok



    14:07:57.0062 6140 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys



    14:07:57.0062 6140 Disk - ok



    14:07:57.0125 6140 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll



    14:07:57.0125 6140 Dnscache - ok



    14:07:57.0172 6140 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll



    14:07:57.0172 6140 dot3svc - ok



    14:07:57.0250 6140 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys



    14:07:57.0250 6140 Dot4 - ok



    14:07:57.0312 6140 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys



    14:07:57.0312 6140 Dot4Print - ok



    14:07:57.0328 6140 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys



    14:07:57.0328 6140 dot4usb - ok



    14:07:57.0374 6140 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll



    14:07:57.0374 6140 DPS - ok



    14:07:57.0437 6140 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys



    14:07:57.0437 6140 drmkaud - ok



    14:07:57.0484 6140 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys



    14:07:57.0499 6140 DXGKrnl - ok



    14:07:57.0593 6140 [ D00EAE9C735A7DEE8049E50D73D25434 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys



    14:07:57.0608 6140 eamonm - ok



    14:07:57.0624 6140 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll



    14:07:57.0624 6140 EapHost - ok



    14:07:57.0671 6140 [ 1D69A83033930C20583D608C622CA56B ] easytether C:\Windows\system32\DRIVERS\easytthr.sys



    14:07:57.0671 6140 easytether - ok



    14:07:57.0764 6140 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys



    14:07:57.0780 6140 ebdrv - ok



    14:07:57.0842 6140 efavdrv - ok



    14:07:57.0874 6140 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe



    14:07:57.0874 6140 EFS - ok



    14:07:57.0952 6140 [ E5EDDE3C8158DD0CBC5812F201DCDED0 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys



    14:07:57.0952 6140 ehdrv - ok



    14:07:58.0014 6140 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe



    14:07:58.0014 6140 ehRecvr - ok



    14:07:58.0061 6140 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe



    14:07:58.0061 6140 ehSched - ok



    14:07:58.0232 6140 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe



    14:07:58.0248 6140 ekrn - ok



    14:07:58.0310 6140 [ 9A47AC3DFCF81D30922CDAAF1C2D579F ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys



    14:07:58.0310 6140 ElbyCDIO - ok



    14:07:58.0342 6140 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys



    14:07:58.0342 6140 elxstor - ok



    14:07:58.0420 6140 [ 587F0F4145A1536A6E37EFD769B7665F ] epfw C:\Windows\system32\DRIVERS\epfw.sys



    14:07:58.0420 6140 epfw - ok



    14:07:58.0498 6140 [ D2F812358EE8EE23CBB5C4DAFFB5B819 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys



    14:07:58.0498 6140 EpfwLWF - ok



    14:07:58.0560 6140 [ 34BF55D69AB74D14C7E7A17259CB7DF8 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys



    14:07:58.0560 6140 epfwwfp - ok



    14:07:58.0591 6140 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys



    14:07:58.0591 6140 ErrDev - ok



    14:07:58.0732 6140 [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys



    14:07:58.0732 6140 esgiguard - ok



    14:07:58.0778 6140 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll



    14:07:58.0794 6140 EventSystem - ok



    14:07:58.0872 6140 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys



    14:07:58.0872 6140 exfat - ok



    14:07:58.0888 6140 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys



    14:07:58.0888 6140 fastfat - ok



    14:07:58.0950 6140 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe



    14:07:58.0950 6140 Fax - ok



    14:07:59.0012 6140 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys



    14:07:59.0012 6140 fdc - ok



    14:07:59.0059 6140 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll



    14:07:59.0075 6140 fdPHost - ok



    14:07:59.0090 6140 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll



    14:07:59.0090 6140 FDResPub - ok



    14:07:59.0106 6140 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys



    14:07:59.0106 6140 FileInfo - ok



    14:07:59.0122 6140 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys



    14:07:59.0122 6140 Filetrace - ok



    14:07:59.0137 6140 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys



    14:07:59.0137 6140 flpydisk - ok



    14:07:59.0184 6140 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys



    14:07:59.0184 6140 FltMgr - ok



    14:07:59.0246 6140 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll



    14:07:59.0262 6140 FontCache - ok



    14:07:59.0309 6140 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe



    14:07:59.0309 6140 FontCache3.0.0.0 - ok



    14:07:59.0340 6140 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys



    14:07:59.0340 6140 FsDepends - ok



    14:07:59.0434 6140 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys



    14:07:59.0434 6140 fssfltr - ok



    14:07:59.0590 6140 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe



    14:07:59.0590 6140 fsssvc - ok



    14:07:59.0621 6140 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys



    14:07:59.0621 6140 Fs_Rec - ok



    14:07:59.0699 6140 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys



    14:07:59.0699 6140 fvevol - ok



    14:07:59.0730 6140 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys



    14:07:59.0730 6140 gagp30kx - ok



    14:07:59.0792 6140 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys



    14:07:59.0792 6140 GEARAspiWDM - ok



    14:07:59.0851 6140 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll



    14:07:59.0856 6140 gpsvc - ok



    14:07:59.0938 6140 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe



    14:07:59.0941 6140 gupdate - ok



    14:07:59.0988 6140 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe



    14:07:59.0988 6140 gupdatem - ok



    14:08:00.0046 6140 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys



    14:08:00.0048 6140 hcw85cir - ok



    14:08:00.0123 6140 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys



    14:08:00.0126 6140 HdAudAddService - ok



    14:08:00.0311 6140 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys



    14:08:00.0313 6140 HDAudBus - ok



    14:08:00.0328 6140 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys



    14:08:00.0328 6140 HidBatt - ok



    14:08:00.0361 6140 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys



    14:08:00.0361 6140 HidBth - ok



    14:08:00.0391 6140 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys



    14:08:00.0391 6140 HidIr - ok



    14:08:00.0416 6140 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll



    14:08:00.0416 6140 hidserv - ok



    14:08:00.0467 6140 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys



    14:08:00.0482 6140 HidUsb - ok



    14:08:00.0529 6140 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll



    14:08:00.0529 6140 hkmsvc - ok



    14:08:00.0721 6140 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll



    14:08:00.0721 6140 HomeGroupListener - ok



    14:08:00.0753 6140 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll



    14:08:00.0768 6140 HomeGroupProvider - ok



    14:08:00.0924 6140 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll



    14:08:00.0924 6140 hpqcxs08 - ok



    14:08:00.0971 6140 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll



    14:08:00.0971 6140 hpqddsvc - ok



    14:08:01.0018 6140 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys



    14:08:01.0018 6140 HpSAMD - ok



    14:08:01.0111 6140 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL



    14:08:01.0127 6140 HPSLPSVC - ok



    14:08:01.0189 6140 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys



    14:08:01.0189 6140 HTTP - ok



    14:08:01.0221 6140 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys



    14:08:01.0221 6140 hwpolicy - ok



    14:08:01.0283 6140 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys



    14:08:01.0283 6140 i8042prt - ok



    14:08:01.0330 6140 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor C:\Windows\system32\drivers\iaStor.sys



    14:08:01.0330 6140 iaStor - ok



    14:08:01.0439 6140 [ CC800D2D9FD467542BAC7C186C4774AD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe



    14:08:01.0439 6140 IAStorDataMgrSvc - ok



    14:08:01.0501 6140 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys



    14:08:01.0501 6140 iaStorV - ok



    14:08:01.0579 6140 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe



    14:08:01.0579 6140 idsvc - ok



    14:08:01.0642 6140 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys



    14:08:01.0657 6140 iirsp - ok



    14:08:01.0735 6140 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll



    14:08:01.0735 6140 IKEEXT - ok



    14:08:01.0813 6140 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\Windows\system32\drivers\Impcd.sys



    14:08:01.0813 6140 Impcd - ok



    14:08:01.0938 6140 [ 2E3B99E8C23BE2BF32EBE1DB5261F275 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys



    14:08:01.0954 6140 IntcAzAudAddService - ok



    14:08:02.0016 6140 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys



    14:08:02.0016 6140 intelide - ok



    14:08:02.0079 6140 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys



    14:08:02.0079 6140 intelppm - ok



    14:08:02.0141 6140 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll



    14:08:02.0157 6140 IPBusEnum - ok



    14:08:02.0188 6140 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys



    14:08:02.0188 6140 IpFilterDriver - ok



    14:08:02.0281 6140 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll



    14:08:02.0281 6140 iphlpsvc - ok



    14:08:02.0328 6140 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys



    14:08:02.0328 6140 IPMIDRV - ok



    14:08:02.0625 6140 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys



    14:08:02.0625 6140 IPNAT - ok



    14:08:03.0061 6140 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe



    14:08:03.0061 6140 iPod Service - ok



    14:08:03.0124 6140 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys



    14:08:03.0124 6140 IRENUM - ok



    14:08:03.0155 6140 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys



    14:08:03.0155 6140 isapnp - ok



    14:08:03.0202 6140 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys



    14:08:03.0202 6140 iScsiPrt - ok



    14:08:03.0264 6140 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe



    14:08:03.0264 6140 IviRegMgr - ok



    14:08:03.0327 6140 [ 2F9F76349BB8C578873A58C840BA0589 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys



    14:08:03.0327 6140 ivusb - ok



    14:08:03.0373 6140 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys



    14:08:03.0373 6140 kbdclass - ok



    14:08:03.0436 6140 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys



    14:08:03.0436 6140 kbdhid - ok



    14:08:03.0451 6140 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe



    14:08:03.0467 6140 KeyIso - ok



    14:08:03.0514 6140 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys



    14:08:03.0514 6140 KSecDD - ok



    14:08:03.0529 6140 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys



    14:08:03.0529 6140 KSecPkg - ok



    14:08:03.0576 6140 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys



    14:08:03.0576 6140 ksthunk - ok



    14:08:03.0639 6140 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll



    14:08:03.0639 6140 KtmRm - ok



    14:08:03.0717 6140 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll



    14:08:03.0717 6140 LanmanServer - ok



    14:08:03.0763 6140 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll



    14:08:03.0779 6140 LanmanWorkstation - ok



    14:08:03.0826 6140 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys



    14:08:03.0826 6140 lltdio - ok



    14:08:03.0888 6140 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll



    14:08:03.0904 6140 lltdsvc - ok



    14:08:03.0919 6140 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll



    14:08:03.0919 6140 lmhosts - ok



    14:08:03.0982 6140 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys



    14:08:03.0982 6140 LSI_FC - ok



    14:08:04.0029 6140 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys



    14:08:04.0029 6140 LSI_SAS - ok



    14:08:04.0044 6140 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys



    14:08:04.0044 6140 LSI_SAS2 - ok



    14:08:04.0060 6140 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys



    14:08:04.0060 6140 LSI_SCSI - ok



    14:08:04.0122 6140 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys



    14:08:04.0122 6140 luafv - ok



    14:08:04.0185 6140 [ 51914228D4B9610FBA24F249C0FDD871 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys



    14:08:04.0185 6140 mbamchameleon - ok



    14:08:04.0263 6140 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys



    14:08:04.0263 6140 MBAMProtector - ok



    14:08:04.0387 6140 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe



    14:08:04.0387 6140 MBAMService - ok



    14:08:04.0434 6140 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll



    14:08:04.0434 6140 Mcx2Svc - ok



    14:08:04.0465 6140 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys



    14:08:04.0465 6140 megasas - ok



    14:08:04.0497 6140 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys



    14:08:04.0497 6140 MegaSR - ok



    14:08:04.0606 6140 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe



    14:08:04.0621 6140 Microsoft Office Groove Audit Service - ok



    14:08:04.0715 6140 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll



    14:08:04.0715 6140 MMCSS - ok



    14:08:04.0731 6140 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys



    14:08:04.0746 6140 Modem - ok



    14:08:04.0777 6140 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys



    14:08:04.0777 6140 monitor - ok



    14:08:04.0824 6140 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys



    14:08:04.0824 6140 mouclass - ok



    14:08:04.0871 6140 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys



    14:08:04.0871 6140 mouhid - ok



    14:08:04.0918 6140 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys



    14:08:04.0933 6140 mountmgr - ok



    14:08:04.0965 6140 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys



    14:08:04.0965 6140 mpio - ok



    14:08:04.0996 6140 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys



    14:08:04.0996 6140 mpsdrv - ok



    14:08:05.0105 6140 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll



    14:08:05.0105 6140 MpsSvc - ok



    14:08:05.0152 6140 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys



    14:08:05.0152 6140 MRxDAV - ok



    14:08:05.0183 6140 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys



    14:08:05.0183 6140 mrxsmb - ok



    14:08:05.0230 6140 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys



    14:08:05.0245 6140 mrxsmb10 - ok



    14:08:05.0261 6140 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys



    14:08:05.0261 6140 mrxsmb20 - ok



    14:08:05.0308 6140 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys



    14:08:05.0323 6140 msahci - ok



    14:08:05.0339 6140 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys



    14:08:05.0339 6140 msdsm - ok



    14:08:05.0355 6140 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe



    14:08:05.0355 6140 MSDTC - ok



    14:08:05.0417 6140 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys



    14:08:05.0417 6140 MSDV - ok
     
  8. Socie

    Socie TS Rookie Topic Starter Posts: 46

    TDSSKiller.exe continued

    14:08:05.0448 6140 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

    14:08:05.0448 6140 Msfs - ok

    14:08:05.0464 6140 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

    14:08:05.0464 6140 mshidkmdf - ok

    14:08:05.0511 6140 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

    14:08:05.0511 6140 msisadrv - ok

    14:08:05.0589 6140 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

    14:08:05.0589 6140 MSiSCSI - ok

    14:08:05.0604 6140 msiserver - ok

    14:08:05.0674 6140 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

    14:08:05.0674 6140 MSKSSRV - ok

    14:08:05.0699 6140 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

    14:08:05.0699 6140 MSPCLOCK - ok

    14:08:05.0714 6140 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

    14:08:05.0714 6140 MSPQM - ok

    14:08:05.0762 6140 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

    14:08:05.0764 6140 MsRPC - ok

    14:08:05.0812 6140 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

    14:08:05.0814 6140 mssmbios - ok

    14:08:05.0907 6140 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

    14:08:05.0909 6140 MSSQLServerADHelper100 - ok

    14:08:05.0954 6140 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

    14:08:05.0954 6140 MSTEE - ok

    14:08:05.0979 6140 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

    14:08:05.0979 6140 MTConfig - ok

    14:08:05.0994 6140 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

    14:08:05.0997 6140 Mup - ok

    14:08:06.0042 6140 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

    14:08:06.0047 6140 napagent - ok

    14:08:06.0102 6140 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

    14:08:06.0105 6140 NativeWifiP - ok

    14:08:06.0167 6140 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

    14:08:06.0172 6140 NDIS - ok

    14:08:06.0225 6140 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

    14:08:06.0225 6140 NdisCap - ok

    14:08:06.0256 6140 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

    14:08:06.0256 6140 NdisTapi - ok

    14:08:06.0334 6140 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

    14:08:06.0334 6140 Ndisuio - ok

    14:08:06.0381 6140 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

    14:08:06.0381 6140 NdisWan - ok

    14:08:06.0427 6140 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

    14:08:06.0427 6140 NDProxy - ok

    14:08:06.0490 6140 [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

    14:08:06.0505 6140 Net Driver HPZ12 - ok

    14:08:06.0552 6140 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

    14:08:06.0552 6140 NetBIOS - ok

    14:08:06.0615 6140 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

    14:08:06.0615 6140 NetBT - ok

    14:08:06.0646 6140 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

    14:08:06.0646 6140 Netlogon - ok

    14:08:06.0708 6140 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

    14:08:06.0724 6140 Netman - ok

    14:08:06.0724 6140 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

    14:08:06.0739 6140 netprofm - ok

    14:08:06.0771 6140 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

    14:08:06.0771 6140 NetTcpPortSharing - ok

    14:08:06.0786 6140 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

    14:08:06.0786 6140 nfrd960 - ok

    14:08:06.0849 6140 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

    14:08:06.0849 6140 NlaSvc - ok

    14:08:06.0895 6140 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

    14:08:06.0895 6140 Npfs - ok

    14:08:06.0911 6140 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

    14:08:06.0911 6140 nsi - ok

    14:08:06.0927 6140 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

    14:08:06.0927 6140 nsiproxy - ok

    14:08:07.0005 6140 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

    14:08:07.0020 6140 Ntfs - ok

    14:08:07.0051 6140 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

    14:08:07.0051 6140 Null - ok

    14:08:07.0129 6140 [ CDDD4478757288DF4BB1494BFD084259 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

    14:08:07.0129 6140 NVHDA - ok

    14:08:07.0410 6140 [ DB2BEE926E7DFC59896A2D6800EB13F7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

    14:08:07.0488 6140 nvlddmkm - ok

    14:08:07.0551 6140 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

    14:08:07.0551 6140 nvraid - ok

    14:08:07.0597 6140 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

    14:08:07.0597 6140 nvstor - ok

    14:08:07.0660 6140 [ 24AB15D09A13D5A40567211A1AB9B479 ] nvsvc C:\Windows\system32\nvvsvc.exe

    14:08:07.0675 6140 nvsvc - ok

    14:08:07.0707 6140 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

    14:08:07.0707 6140 nv_agp - ok

    14:08:07.0785 6140 [ 567E84848445135C0F4B8DE2D121EDB8 ] Oasis2Service C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe

    14:08:07.0785 6140 Oasis2Service - ok

    14:08:07.0863 6140 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

    14:08:07.0863 6140 odserv - ok

    14:08:07.0894 6140 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

    14:08:07.0909 6140 ohci1394 - ok

    14:08:07.0941 6140 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    14:08:07.0941 6140 ose - ok

    14:08:07.0987 6140 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

    14:08:07.0987 6140 p2pimsvc - ok

    14:08:08.0019 6140 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

    14:08:08.0019 6140 p2psvc - ok

    14:08:08.0034 6140 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

    14:08:08.0034 6140 Parport - ok

    14:08:08.0081 6140 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

    14:08:08.0081 6140 partmgr - ok

    14:08:08.0112 6140 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

    14:08:08.0112 6140 PcaSvc - ok

    14:08:08.0159 6140 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

    14:08:08.0159 6140 pci - ok

    14:08:08.0190 6140 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

    14:08:08.0190 6140 pciide - ok

    14:08:08.0221 6140 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

    14:08:08.0221 6140 pcmcia - ok

    14:08:08.0237 6140 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

    14:08:08.0237 6140 pcw - ok

    14:08:08.0253 6140 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

    14:08:08.0268 6140 PEAUTH - ok

    14:08:08.0362 6140 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

    14:08:08.0362 6140 PerfHost - ok

    14:08:08.0440 6140 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

    14:08:08.0440 6140 pla - ok

    14:08:08.0689 6140 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

    14:08:08.0689 6140 PlugPlay - ok

    14:08:08.0799 6140 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

    14:08:08.0799 6140 PMBDeviceInfoProvider - ok

    14:08:08.0877 6140 [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

    14:08:08.0877 6140 Pml Driver HPZ12 - ok

    14:08:08.0892 6140 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

    14:08:08.0892 6140 PNRPAutoReg - ok

    14:08:08.0908 6140 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

    14:08:08.0908 6140 PNRPsvc - ok

    14:08:08.0955 6140 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

    14:08:08.0970 6140 PolicyAgent - ok

    14:08:09.0001 6140 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

    14:08:09.0001 6140 Power - ok

    14:08:09.0064 6140 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

    14:08:09.0064 6140 PptpMiniport - ok

    14:08:09.0095 6140 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

    14:08:09.0095 6140 Processor - ok

    14:08:09.0126 6140 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

    14:08:09.0142 6140 ProfSvc - ok

    14:08:09.0142 6140 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

    14:08:09.0142 6140 ProtectedStorage - ok

    14:08:09.0220 6140 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

    14:08:09.0220 6140 Psched - ok

    14:08:09.0251 6140 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

    14:08:09.0251 6140 PSI_SVC_2 - ok

    14:08:09.0282 6140 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

    14:08:09.0282 6140 PxHlpa64 - ok

    14:08:09.0329 6140 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

    14:08:09.0345 6140 ql2300 - ok

    14:08:09.0376 6140 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

    14:08:09.0376 6140 ql40xx - ok

    14:08:09.0407 6140 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

    14:08:09.0407 6140 QWAVE - ok

    14:08:09.0423 6140 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

    14:08:09.0423 6140 QWAVEdrv - ok

    14:08:09.0454 6140 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

    14:08:09.0454 6140 RasAcd - ok

    14:08:09.0516 6140 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

    14:08:09.0516 6140 RasAgileVpn - ok

    14:08:09.0532 6140 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

    14:08:09.0547 6140 RasAuto - ok

    14:08:09.0579 6140 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

    14:08:09.0579 6140 Rasl2tp - ok

    14:08:09.0641 6140 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

    14:08:09.0657 6140 RasMan - ok

    14:08:09.0703 6140 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

    14:08:09.0703 6140 RasPppoe - ok

    14:08:09.0703 6140 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

    14:08:09.0719 6140 RasSstp - ok

    14:08:09.0766 6140 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

    14:08:09.0766 6140 rdbss - ok

    14:08:09.0781 6140 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

    14:08:09.0781 6140 rdpbus - ok

    14:08:09.0797 6140 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

    14:08:09.0797 6140 RDPCDD - ok

    14:08:09.0859 6140 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

    14:08:09.0859 6140 RDPENCDD - ok

    14:08:09.0875 6140 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

    14:08:09.0875 6140 RDPREFMP - ok

    14:08:09.0906 6140 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

    14:08:09.0906 6140 RDPWD - ok

    14:08:09.0969 6140 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

    14:08:09.0969 6140 rdyboost - ok

    14:08:10.0000 6140 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\Windows\system32\drivers\regi.sys

    14:08:10.0000 6140 regi - ok

    14:08:10.0062 6140 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

    14:08:10.0062 6140 RemoteAccess - ok

    14:08:10.0093 6140 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

    14:08:10.0093 6140 RemoteRegistry - ok

    14:08:10.0156 6140 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

    14:08:10.0156 6140 RFCOMM - ok

    14:08:10.0171 6140 [ 6DED176A14770339F1415CFDBCC9E07F ] rimspci C:\Windows\system32\drivers\rimssne64.sys

    14:08:10.0171 6140 rimspci - ok

    14:08:10.0218 6140 [ DDF5F666C2A5B3729E8BEA01FB999CC0 ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys

    14:08:10.0218 6140 risdsnpe - ok

    14:08:10.0327 6140 [ 6BFC6C564E75B1CCAA3D24342DC77C13 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

    14:08:10.0327 6140 RoxioNow Service - ok

    14:08:10.0359 6140 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

    14:08:10.0359 6140 RpcEptMapper - ok

    14:08:10.0374 6140 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

    14:08:10.0390 6140 RpcLocator - ok

    14:08:10.0437 6140 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

    14:08:10.0437 6140 RpcSs - ok

    14:08:10.0468 6140 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

    14:08:10.0468 6140 rspndr - ok

    14:08:10.0483 6140 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

    14:08:10.0483 6140 SamSs - ok

    14:08:10.0530 6140 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

    14:08:10.0530 6140 sbp2port - ok

    14:08:10.0827 6140 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

    14:08:10.0827 6140 SBSDWSCService - ok

    14:08:10.0858 6140 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

    14:08:10.0858 6140 SCardSvr - ok

    14:08:10.0905 6140 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

    14:08:10.0905 6140 scfilter - ok

    14:08:10.0967 6140 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

    14:08:10.0967 6140 Schedule - ok

    14:08:11.0014 6140 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

    14:08:11.0014 6140 SCPolicySvc - ok

    14:08:11.0076 6140 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys

    14:08:11.0076 6140 sdbus - ok

    14:08:11.0092 6140 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

    14:08:11.0092 6140 SDRSVC - ok

    14:08:11.0217 6140 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

    14:08:11.0217 6140 SeaPort - ok

    14:08:11.0263 6140 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

    14:08:11.0263 6140 secdrv - ok

    14:08:11.0295 6140 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

    14:08:11.0310 6140 seclogon - ok

    14:08:11.0357 6140 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

    14:08:11.0357 6140 SENS - ok

    14:08:11.0373 6140 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

    14:08:11.0373 6140 SensrSvc - ok

    14:08:11.0388 6140 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

    14:08:11.0388 6140 Serenum - ok

    14:08:11.0435 6140 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

    14:08:11.0435 6140 Serial - ok

    14:08:11.0482 6140 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

    14:08:11.0482 6140 sermouse - ok

    14:08:11.0544 6140 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

    14:08:11.0544 6140 SessionEnv - ok

    14:08:11.0607 6140 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\drivers\SFEP.sys

    14:08:11.0607 6140 SFEP - ok

    14:08:11.0653 6140 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

    14:08:11.0653 6140 sffdisk - ok

    14:08:11.0669 6140 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

    14:08:11.0669 6140 sffp_mmc - ok

    14:08:11.0669 6140 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

    14:08:11.0669 6140 sffp_sd - ok

    14:08:11.0685 6140 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

    14:08:11.0685 6140 sfloppy - ok

    14:08:11.0778 6140 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

    14:08:11.0778 6140 SharedAccess - ok

    14:08:11.0825 6140 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

    14:08:11.0825 6140 ShellHWDetection - ok

    14:08:11.0856 6140 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

    14:08:11.0856 6140 SiSRaid2 - ok

    14:08:11.0903 6140 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

    14:08:11.0903 6140 SiSRaid4 - ok

    14:08:11.0950 6140 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

    14:08:11.0950 6140 Smb - ok

    14:08:11.0997 6140 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

    14:08:12.0012 6140 SNMPTRAP - ok

    14:08:12.0106 6140 [ C3E69DB0A4E59564230E053232F39AC7 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

    14:08:12.0106 6140 SOHCImp - ok

    14:08:12.0168 6140 [ 65CC4779A29C3E82B987BD4961790DFF ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

    14:08:12.0168 6140 SOHDms - ok

    14:08:12.0199 6140 [ F47D75CEE1844EEF4A9EA6EE768828FB ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

    14:08:12.0199 6140 SOHDs - ok

    14:08:12.0371 6140 [ B8047E776E50FC2384801083A77900E0 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

    14:08:12.0371 6140 SpfService - ok

    14:08:12.0402 6140 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

    14:08:12.0402 6140 spldr - ok

    14:08:12.0449 6140 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe

    14:08:12.0449 6140 Spooler - ok

    14:08:12.0574 6140 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

    14:08:12.0605 6140 sppsvc - ok

    14:08:12.0636 6140 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

    14:08:12.0636 6140 sppuinotify - ok

    14:08:12.0761 6140 [ 2ED464C8CBC399E69FBF776A8EBC3302 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

    14:08:12.0761 6140 SpyHunter 4 Service - ok

    14:08:12.0855 6140 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$DDNI C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE

    14:08:12.0855 6140 SQLAgent$DDNI - ok

    14:08:13.0073 6140 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

    14:08:13.0073 6140 SQLBrowser - ok

    14:08:13.0120 6140 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    14:08:13.0120 6140 SQLWriter - ok

    14:08:13.0167 6140 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

    14:08:13.0167 6140 srv - ok

    14:08:13.0213 6140 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

    14:08:13.0213 6140 srv2 - ok

    14:08:13.0260 6140 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

    14:08:13.0260 6140 srvnet - ok

    14:08:13.0323 6140 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

    14:08:13.0338 6140 SSDPSRV - ok

    14:08:13.0369 6140 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

    14:08:13.0369 6140 SstpSvc - ok

    14:08:13.0401 6140 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

    14:08:13.0401 6140 stexstor - ok

    14:08:13.0463 6140 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

    14:08:13.0463 6140 StillCam - ok

    14:08:13.0533 6140 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

    14:08:13.0543 6140 stisvc - ok

    14:08:13.0583 6140 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

    14:08:13.0583 6140 swenum - ok

    14:08:13.0613 6140 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

    14:08:13.0613 6140 swprv - ok

    14:08:13.0724 6140 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

    14:08:13.0740 6140 SysMain - ok

    14:08:13.0802 6140 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

    14:08:13.0802 6140 TabletInputService - ok

    14:08:13.0833 6140 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

    14:08:13.0849 6140 TapiSrv - ok

    14:08:13.0865 6140 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

    14:08:13.0865 6140 TBS - ok

    14:08:13.0974 6140 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

    14:08:13.0989 6140 Tcpip - ok

    14:08:14.0067 6140 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

    14:08:14.0083 6140 TCPIP6 - ok

    14:08:14.0136 6140 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

    14:08:14.0136 6140 tcpipreg - ok

    14:08:14.0171 6140 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

    14:08:14.0171 6140 TDPIPE - ok

    14:08:14.0211 6140 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

    14:08:14.0214 6140 TDTCP - ok

    14:08:14.0274 6140 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

    14:08:14.0274 6140 tdx - ok

    14:08:14.0326 6140 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

    14:08:14.0329 6140 TermDD - ok

    14:08:14.0379 6140 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

    14:08:14.0384 6140 TermService - ok

    14:08:14.0411 6140 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

    14:08:14.0414 6140 Themes - ok

    14:08:14.0431 6140 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

    14:08:14.0434 6140 THREADORDER - ok

    14:08:14.0459 6140 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

    14:08:14.0459 6140 TrkWks - ok

    14:08:14.0529 6140 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

    14:08:14.0529 6140 TrustedInstaller - ok

    14:08:14.0574 6140 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

    14:08:14.0576 6140 tssecsrv - ok

    14:08:14.0649 6140 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

    14:08:14.0649 6140 TsUsbFlt - ok

    14:08:14.0724 6140 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

    14:08:14.0724 6140 tunnel - ok

    14:08:14.0764 6140 [ 1A006963644C7FDE5BE60036F3A43E68 ] TVICHW32 C:\Windows\system32\DRIVERS\TVICHW32.SYS

    14:08:14.0766 6140 TVICHW32 - ok

    14:08:14.0806 6140 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

    14:08:14.0806 6140 uagp35 - ok

    14:08:14.0851 6140 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

    14:08:14.0854 6140 udfs - ok

    14:08:14.0884 6140 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

    14:08:14.0886 6140 UI0Detect - ok

    14:08:14.0934 6140 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

    14:08:14.0934 6140 uliagpkx - ok

    14:08:14.0979 6140 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

    14:08:14.0979 6140 umbus - ok

    14:08:15.0016 6140 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

    14:08:15.0016 6140 UmPass - ok

    14:08:15.0054 6140 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

    14:08:15.0056 6140 upnphost - ok

    14:08:15.0116 6140 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

    14:08:15.0116 6140 USBAAPL64 - ok

    14:08:15.0156 6140 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

    14:08:15.0159 6140 usbccgp - ok

    14:08:15.0199 6140 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

    14:08:15.0201 6140 usbcir - ok

    14:08:15.0239 6140 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

    14:08:15.0239 6140 usbehci - ok

    14:08:15.0289 6140 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

    14:08:15.0291 6140 usbhub - ok

    14:08:15.0326 6140 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

    14:08:15.0326 6140 usbohci - ok

    14:08:15.0384 6140 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

    14:08:15.0384 6140 usbprint - ok

    14:08:15.0419 6140 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

    14:08:15.0421 6140 USBSTOR - ok

    14:08:15.0444 6140 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

    14:08:15.0444 6140 usbuhci - ok

    14:08:15.0517 6140 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

    14:08:15.0517 6140 usbvideo - ok

    14:08:15.0559 6140 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

    14:08:15.0559 6140 UxSms - ok

    14:08:15.0635 6140 [ 8E68E4AA2D7ABBF7C9159D9D2A38AE0F ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

    14:08:15.0635 6140 VAIO Entertainment TV Device Arbitration Service - ok

    14:08:15.0729 6140 [ 218F78B39832A2A0761CE2422828A57C ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

    14:08:15.0729 6140 VAIO Event Service - ok

    14:08:15.0791 6140 [ 1CF1A4DD7A58C966C9014B83C7229CF3 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe

    14:08:15.0807 6140 VAIO Power Management - ok

    14:08:15.0822 6140 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

    14:08:15.0822 6140 VaultSvc - ok

    14:08:15.0932 6140 [ 6888526AEB8DDABDE6F778FD40FC0693 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

    14:08:15.0932 6140 VCFw - ok

    14:08:16.0010 6140 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys

    14:08:16.0010 6140 VClone - ok

    14:08:16.0056 6140 [ 10E212BFB7EAB152A64C1AAEC2F7F4E0 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

    14:08:16.0056 6140 VcmIAlzMgr - ok

    14:08:16.0072 6140 [ 7A88CFD3FE99F2C9B95A6E2A08B96E14 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

    14:08:16.0088 6140 VcmINSMgr - ok

    14:08:16.0103 6140 [ 8EFAACCC7BFA1E9031EFDFB01A1B0D69 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe

    14:08:16.0119 6140 VcmXmlIfHelper - ok

    14:08:16.0181 6140 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

    14:08:16.0181 6140 vdrvroot - ok

    14:08:16.0228 6140 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

    14:08:16.0228 6140 vds - ok

    14:08:16.0259 6140 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

    14:08:16.0259 6140 vga - ok

    14:08:16.0290 6140 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

    14:08:16.0290 6140 VgaSave - ok

    14:08:16.0353 6140 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

    14:08:16.0353 6140 vhdmp - ok

    14:08:16.0400 6140 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

    14:08:16.0400 6140 viaide - ok

    14:08:16.0415 6140 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

    14:08:16.0415 6140 volmgr - ok

    14:08:16.0493 6140 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

    14:08:16.0493 6140 volmgrx - ok

    14:08:16.0665 6140 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

    14:08:16.0665 6140 volsnap - ok

    14:08:16.0727 6140 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

    14:08:16.0727 6140 vsmraid - ok

    14:08:16.0790 6140 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

    14:08:16.0805 6140 VSS - ok

    14:08:16.0914 6140 [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

    14:08:16.0914 6140 VUAgent - ok

    14:08:16.0946 6140 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

    14:08:16.0946 6140 vwifibus - ok

    14:08:16.0992 6140 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

    14:08:16.0992 6140 vwififlt - ok

    14:08:17.0008 6140 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

    14:08:17.0008 6140 vwifimp - ok

    14:08:17.0086 6140 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

    14:08:17.0086 6140 W32Time - ok

    14:08:17.0117 6140 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

    14:08:17.0133 6140 WacomPen - ok

    14:08:17.0195 6140 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

    14:08:17.0195 6140 WANARP - ok

    14:08:17.0226 6140 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

    14:08:17.0226 6140 Wanarpv6 - ok

    14:08:17.0304 6140 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

    14:08:17.0304 6140 WatAdminSvc - ok

    14:08:17.0382 6140 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

    14:08:17.0398 6140 wbengine - ok

    14:08:17.0429 6140 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

    14:08:17.0429 6140 WbioSrvc - ok

    14:08:17.0476 6140 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

    14:08:17.0492 6140 wcncsvc - ok

    14:08:17.0507 6140 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

    14:08:17.0507 6140 WcsPlugInService - ok

    14:08:17.0523 6140 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

    14:08:17.0523 6140 Wd - ok

    14:08:17.0554 6140 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

    14:08:17.0570 6140 Wdf01000 - ok

    14:08:17.0601 6140 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

    14:08:17.0601 6140 WdiServiceHost - ok

    14:08:17.0601 6140 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

    14:08:17.0601 6140 WdiSystemHost - ok

    14:08:17.0648 6140 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

    14:08:17.0648 6140 WebClient - ok

    14:08:17.0663 6140 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

    14:08:17.0663 6140 Wecsvc - ok

    14:08:17.0679 6140 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

    14:08:17.0679 6140 wercplsupport - ok

    14:08:17.0741 6140 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

    14:08:17.0741 6140 WerSvc - ok

    14:08:17.0757 6140 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

    14:08:17.0772 6140 WfpLwf - ok

    14:08:17.0772 6140 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

    14:08:17.0772 6140 WIMMount - ok

    14:08:17.0850 6140 WinDefend - ok

    14:08:17.0850 6140 WinHttpAutoProxySvc - ok

    14:08:17.0913 6140 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

    14:08:17.0913 6140 Winmgmt - ok

    14:08:18.0131 6140 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

    14:08:18.0147 6140 WinRM - ok

    14:08:18.0225 6140 [ FE88B288356E7B47B74B13372ADD906D ] winusb C:\Windows\system32\DRIVERS\WinUsb.sys

    14:08:18.0225 6140 winusb - ok

    14:08:18.0287 6140 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

    14:08:18.0287 6140 Wlansvc - ok

    14:08:18.0365 6140 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

    14:08:18.0365 6140 wlcrasvc - ok

    14:08:18.0474 6140 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    14:08:18.0490 6140 wlidsvc - ok

    14:08:18.0552 6140 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

    14:08:18.0552 6140 WmiAcpi - ok

    14:08:18.0584 6140 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

    14:08:18.0584 6140 wmiApSrv - ok

    14:08:18.0615 6140 WMPNetworkSvc - ok

    14:08:18.0662 6140 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

    14:08:18.0662 6140 WPCSvc - ok

    14:08:18.0708 6140 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

    14:08:18.0708 6140 WPDBusEnum - ok

    14:08:18.0740 6140 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

    14:08:18.0740 6140 ws2ifsl - ok

    14:08:18.0818 6140 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

    14:08:18.0833 6140 wscsvc - ok

    14:08:18.0880 6140 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

    14:08:18.0880 6140 WSDPrintDevice - ok

    14:08:18.0896 6140 WSearch - ok

    14:08:19.0020 6140 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

    14:08:19.0036 6140 wuauserv - ok

    14:08:19.0052 6140 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

    14:08:19.0052 6140 WudfPf - ok

    14:08:19.0130 6140 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

    14:08:19.0130 6140 WUDFRd - ok

    14:08:19.0176 6140 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

    14:08:19.0176 6140 wudfsvc - ok

    14:08:19.0208 6140 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

    14:08:19.0208 6140 WwanSvc - ok

    14:08:19.0286 6140 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    14:08:19.0301 6140 YahooAUService - ok

    14:08:19.0364 6140 [ 6AFFD75C6807B3DD3AB018E27B88EF95 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

    14:08:19.0364 6140 yukonw7 - ok

    14:08:19.0395 6140 ================ Scan global ===============================

    14:08:19.0426 6140 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

    14:08:19.0473 6140 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

    14:08:19.0488 6140 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

    14:08:19.0504 6140 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

    14:08:19.0566 6140 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

    14:08:19.0566 6140 [Global] - ok

    14:08:19.0566 6140 ================ Scan MBR ==================================

    14:08:19.0582 6140 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

    14:08:19.0941 6140 \Device\Harddisk0\DR0 - ok

    14:08:19.0941 6140 ================ Scan VBR ==================================

    14:08:19.0941 6140 [ AE62FE291D93A39C4EA9A20A7F9E5AAD ] \Device\Harddisk0\DR0\Partition1

    14:08:19.0957 6140 \Device\Harddisk0\DR0\Partition1 - ok

    14:08:20.0003 6140 [ 9E76A0DDC126FE8DDED466D637FF4EB4 ] \Device\Harddisk0\DR0\Partition2

    14:08:20.0003 6140 \Device\Harddisk0\DR0\Partition2 - ok

    14:08:20.0003 6140 ============================================================

    14:08:20.0003 6140 Scan finished

    14:08:20.0003 6140 ============================================================

    14:08:20.0003 3960 Detected object count: 0

    14:08:20.0003 3960 Actual detected object count: 0
     
  9. Socie

    Socie TS Rookie Topic Starter Posts: 46

    aswMBR.exe


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-01 14:21:05
    -----------------------------
    14:21:05.193 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:21:05.193 Number of processors: 4 586 0x2502
    14:21:05.193 ComputerName: SOCIE UserName: Mark
    14:21:06.753 Initialize success
    14:21:37.065 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    14:21:37.081 Disk 0 Vendor: ST950032 0006 Size: 476940MB BusType: 3
    14:21:37.096 Disk 0 MBR read successfully
    14:21:37.096 Disk 0 MBR scan
    14:21:37.096 Disk 0 Windows 7 default MBR code
    14:21:37.112 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10165 MB offset 2048
    14:21:37.128 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 20819968
    14:21:37.143 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 466673 MB offset 21024768
    14:21:37.159 Disk 0 scanning C:\Windows\system32\drivers
    14:21:50.121 Service scanning
    14:22:16.089 Modules scanning
    14:22:16.089 Disk 0 trace - called modules:
    14:22:16.149 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    14:22:16.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006751060]
    14:22:16.359 3 CLASSPNP.SYS[fffff88001b6943f] -> nt!IofCallDriver -> [0xfffffa800470ee40]
    14:22:16.359 5 ACPI.sys[fffff88000f7c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004711050]
    14:22:16.369 Scan finished successfully
    14:23:03.209 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
    14:23:03.209 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR_log.txt"
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
     
  11. Socie

    Socie TS Rookie Topic Starter Posts: 46

    # AdwCleaner v2.000 - Logfile created 09/02/2012 at 13:24:01
    # Updated 30/08/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Mark - SOCIE
    # Boot Mode : Normal
    # Running from : C:\Users\Mark\Desktop\adwcleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Found : C:\Program Files (x86)\Ask.com
    Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\Program Files (x86)\ConduitEngine
    Folder Found : C:\Program Files (x86)\Vuze_Remote
    Folder Found : C:\Program Files (x86)\Vuze_Remote
    Folder Found : C:\ProgramData\Partner
    Folder Found : C:\Users\Mark\AppData\Local\Conduit
    Folder Found : C:\Users\Mark\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Mark\AppData\LocalLow\ConduitEngine
    Folder Found : C:\Users\Mark\AppData\LocalLow\PriceGong
    Folder Found : C:\Users\Mark\AppData\LocalLow\Toolbar4
    Folder Found : C:\Users\Mark\AppData\LocalLow\Vuze_Remote
    Folder Found : C:\Users\Mark\AppData\LocalLow\Vuze_Remote
    Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    ***** [Registry] *****
    Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
    Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
    Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\Toolbar
    Key Found : HKCU\Software\AppDataLow\Software\Vuze_Remote
    Key Found : HKCU\Software\AppDataLow\Toolbar
    Key Found : HKCU\Software\Ask&Record
    Key Found : HKCU\Software\Ask.com
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
    Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Found : HKLM\SOFTWARE\Classes\dnUpdate
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\conduitEngine
    Key Found : HKLM\Software\conduitEngine
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2258C2B9-2D4E-41E3-88C9-763758FC7CDE}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Found : HKLM\Software\Vuze_Remote
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2258C2B9-2D4E-41E3-88C9-763758FC7CDE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28B07F2F-C704-4F50-99E3-0F79DCE5DFF0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D60E004E-295D-4A18-829F-278B62DE41D8}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
    Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKU\S-1-5-21-1748554814-3344152778-3157743107-1005\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/solidyoutube/{D5686C19-DD45-4D6A-AEE8-6B758E47F2E6}
    -\\ Google Chrome v [Unable to get version]
    File : C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [16515 octets] - [02/09/2012 13:24:01]
    ########## EOF - C:\AdwCleaner[R1].txt - [16576 octets] ##########
     
  12. Socie

    Socie TS Rookie Topic Starter Posts: 46

    My computer froze about 80% through ESET online scan, it had found 4 threats. When I restatred my computer and ran ESET again it found nothing.

    I do have quarantined files though from ESET they are:

    c:Qoobox\Quarantine/C\Windows\Installer\(9fcc2808-15cf-4929-c6a8-311775864611)\u\800000cb.@.vir
    c:Qoobox\Quarantine/C\Windows\system32\services.exe.vir
    c:Qoobox\Quarantine/C\Windows\Installer\(9fcc2808-15cf-4929-c6a8-311775864611)\u\80000000.@.vir
    Program Files (x86)Vize\.Install4j\i4j_extf_325p83tv.dll
     
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Remove the Adware.
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    Please post the log.

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  14. Socie

    Socie TS Rookie Topic Starter Posts: 46

    # AdwCleaner v2.000 - Logfile created 09/03/2012 at 09:11:06
    # Updated 30/08/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Mark - SOCIE
    # Boot Mode : Normal
    # Running from : C:\Users\Mark\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Deleted : C:\Program Files (x86)\Ask.com
    Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\ConduitEngine
    Folder Deleted : C:\Program Files (x86)\Vuze_Remote
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\Users\Mark\AppData\Local\Conduit
    Folder Deleted : C:\Users\Mark\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Mark\AppData\LocalLow\ConduitEngine
    Folder Deleted : C:\Users\Mark\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Mark\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\Mark\AppData\LocalLow\Vuze_Remote
    Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Ask&Record
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\conduitEngine
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2258C2B9-2D4E-41E3-88C9-763758FC7CDE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\Software\Vuze_Remote
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2258C2B9-2D4E-41E3-88C9-763758FC7CDE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28B07F2F-C704-4F50-99E3-0F79DCE5DFF0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D60E004E-295D-4A18-829F-278B62DE41D8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/solidyoutube/{D5686C19-DD45-4D6A-AEE8-6B758E47F2E6} --> hxxp://www.google.com
    -\\ Google Chrome v [Unable to get version]
    File : C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [16594 octets] - [02/09/2012 13:24:01]
    AdwCleaner[R2].txt - [16655 octets] - [02/09/2012 16:48:31]
    AdwCleaner[R3].txt - [16716 octets] - [02/09/2012 16:55:01]
    AdwCleaner[S2].txt - [16575 octets] - [03/09/2012 09:11:06]
    ########## EOF - C:\AdwCleaner[S2].txt - [16636 octets] ##########
     
  15. Socie

    Socie TS Rookie Topic Starter Posts: 46

    The only other issues I have been having is that my computer is slow, but I think that has to do with my hard drive being nearly full. I now I have more than one antivirus installed as well. I have tried to delete the others without success, not sure of if was because of the viruses or not. I am using ESET smart security 5. I also have malwarebytes and a spyhunter installed, not sure if they are issues or not.

    Thanks for all your help so far, I really appreciate it.
     
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    SpyHunter will definitely be an issue with ESET SS. As for Malwarebytes' Anti-Malware, do you have the professional version installed? Or is it just the free version.

    You're welcome for the help, as always.
     
  17. Socie

    Socie TS Rookie Topic Starter Posts: 46

    Paid version for spyhunter, free version for malware, I ordered new ram yesterday to help with how slow my pc is also.

    So are the viruses gone?

    ESET still will not update tells me there is an error.
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
     
  19. Socie

    Socie TS Rookie Topic Starter Posts: 46

    ESET runs and finds no threats
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Tell me in your next reply, if you have completed these tasks:
    • Cleaned System Restore
    • Ran OTC
    • Ran CCleaner
    • Ran Security Check
    Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
     
  21. Socie

    Socie TS Rookie Topic Starter Posts: 46

    Completed these tasks:
    • Cleaned System Restore
    • Ran OTC
    • Ran CCleaner
    • Ran Security Check
    I am still having issues with eset smart security 5 updating, I think it may be corrupted or something, wondering if I should delete and download again?

    Log for security check:

    Results of screen317's Security Check version 0.99.50
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Trend Micro Titanium
    ESET Smart Security 5.2
    Antivirus out of date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.62.0.1300
    TuneUp Companion 2.4.6.4
    Java(TM) 6 Update 24
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader X (10.1.4)
    ````````Process Check: objlist.exe by Laurent````````
    ESET NOD32 Antivirus egui.exe
    ESET NOD32 Antivirus ekrn.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Spybot Teatimer.exe is disabled!
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Adobe Flash Player Update!

    Please download the newest version of Adobe Flash Player from Adobe.com

    Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.



    Update Java

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

    Any other questions before I mark this topic solved?
     
  23. Socie

    Socie TS Rookie Topic Starter Posts: 46

    The only other question I have is how can I get ride of the other anti viruses I have and how can I get eset smart security 5 to update?
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Please go to Start > Control Panel > Add or Remove Programs (Programs and Features in Vista, Programs in 7) and remove the following (if present):

    • Spybot Search & Destroy
    • Trend Micro Titanium


    All I can say for ESET's product is to see this page: http://kb.eset.com/esetkb/index?page=content&id=SOLN2850

    This solves most update issues.
     
  25. Socie

    Socie TS Rookie Topic Starter Posts: 46

    I fixed eset, I needed to manually remove it and reinstall. Trend Micro will not go away however, I try going through the control panel and is says it is remving it and that I need to restart but it is still there. I am also now having some admin problems, I have some corrupted files that I am trying to delete off my desktop and it will not let me remove them telling me I do not have permission. Thanks.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...