Jump to content


Photo
- - - - -

*.exe is not a valid win32 application


  • This topic is locked This topic is locked
37 replies to this topic

#1 zingz

zingz

    New Member

  • Members
  • Pip
  • 24 posts

Posted 16 September 2012 - 08:32 PM

Suddenly I get this error on some system files such as sfc.exe. I will appreciate any help.

zingz


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:53:37 PM, on 9/16/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
D:\util\WizMouse\WizMouse.exe
D:\Util\DUMETE~1\DUMeter.exe
J:\Windows Files\Common FIles x86\Acronis\Schedule2\schedhlp.exe
D:\Util\ClipMate7\ClipMate7\ClipMate.exe
D:\Util\SuperFlexible\ExtremeSyncService.exe
D:\Util\Alcohol Soft\Alcohol 120\Alcohol.exe
D:\Util\advanded Call Center\acc.exe
D:\Util\OpenDNS\DNSCrypt\OpenDNSInterface.exe
D:\Util\PrettyRun\PrettyRun.exe
D:\Util\CaptureWiz\Pro\CaptureWiz.exe
D:\Util\AutoHotkey\AutoHotkey.exe
D:\Util\Hmonitor\hmonitor.exe
D:\Util\Kremlin\Kremlin Sentry.exe
D:\Util\sMaRTcaPs\SmartCaps.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
D:\Util\WinPatrol\WinPatrol.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
D:\Util\PhoneTray\PhoneTray.exe
D:\Util\Acronis\DriveMonitor\adm_tray.exe
D:\Util\Hard Drive Inspector\HDInspector.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
J:\Windows Files\Appllication Data\mjusbsp\magicJack.exe
D:\Util\Internet Download Manager\IDMan.exe
D:\Util\Internet Download Manager\IEMonitor.exe
D:\Util\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
D:\Util\Everything\Everything.exe
D:\Util\Canon\Solution Menu EX\CNSEMAIN.EXE
D:\Util\Canon\Solution Menu EX\CNSEUPDT.EXE
D:\Util\DiskCheckup\DiskCheckup.exe
D:\Util\Skype\Phone\Skype.exe
D:\Util\Nero\Nero 11\Nero Burning ROM\nero.exe
D:\Util\MagicISO\MagicISO.exe
D:\Util\VirtualCloneDrive\VCDPrefs.exe
D:\ThunderbirdPortable\App\Thunderbird\thunderbird.exe
C:\Users\robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robert\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Util\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Util\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Util\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [WinPatrol] D:\Util\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "J:\Windows Files\Common FIles x86\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [PhoneTray] D:\Util\PhoneTray\PhoneTray.exe
O4 - HKLM\..\Run: [adm_tray.exe] D:\Util\Acronis\DriveMonitor\adm_tray.exe
O4 - HKLM\..\Run: [HDInspector.exe] D:\Util\Hard Drive Inspector\HDInspector.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DesktopOK] "D:\Util\DesktopOK\DesktopOK_x64.exe" -bg -startup
O4 - HKCU\..\Run: [ClipMate7] D:\Util\ClipMate7\ClipMate7\ClipMate.exe
O4 - HKCU\..\Run: [DU Meter] D:\Util\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [ftweak_recyclebinex] "D:\Util\RecycleBinEx\RecycleBinEx.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ExtremeSync Background Scheduler] "D:\Util\SuperFlexible\ExtremeSyncService.exe" /TIMERASAPP /STARTUP
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Util\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Alcohol.exe Autorun] D:\Util\Alcohol Soft\Alcohol 120\Alcohol.exe /startup
O4 - HKCU\..\Run: [acc] D:\Util\ADVAND~1\acc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3870394034-3650906716-284889080-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3870394034-3650906716-284889080-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: AutorunsDisabled
O4 - Startup: CaptureWiz.lnk = D:\Util\CaptureWiz\Pro\CaptureWiz.exe
O4 - Startup: DiskCheckup.lnk = D:\Util\DiskCheckup\DiskCheckup.exe
O4 - Startup: Email and Password via Mouse Script.ahk
O4 - Startup: hmonitor.exe.lnk = D:\Util\Hmonitor\hmonitor.exe
O4 - Startup: Kremlin Sentry.lnk = D:\Util\Kremlin\Kremlin Sentry.exe
O4 - Startup: magicJackLoader.exe.lnk = F:\Windows Files\Appllication Data\mjusbsp\magicJackLoader.exe
O4 - Startup: sMaRTcaPs.lnk = D:\Util\sMaRTcaPs\SmartCaps.exe
O4 - User Startup: AutorunsDisabled
O4 - User Startup: CaptureWiz.lnk = D:\Util\CaptureWiz\Pro\CaptureWiz.exe
O4 - User Startup: DiskCheckup.lnk = D:\Util\DiskCheckup\DiskCheckup.exe
O4 - User Startup: Email and Password via Mouse Script.ahk
O4 - User Startup: hmonitor.exe.lnk = D:\Util\Hmonitor\hmonitor.exe
O4 - User Startup: Kremlin Sentry.lnk = D:\Util\Kremlin\Kremlin Sentry.exe
O4 - User Startup: magicJackLoader.exe.lnk = F:\Windows Files\Appllication Data\mjusbsp\magicJackLoader.exe
O4 - User Startup: sMaRTcaPs.lnk = D:\Util\sMaRTcaPs\SmartCaps.exe
O4 - Global Startup: OpenDNSCrypt.lnk = ?
O4 - Global Startup: PrettyRun.lnk = D:\Util\PrettyRun\PrettyRun.exe
O8 - Extra context menu item: Download all links with IDM - D:\Util\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Util\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Util\MICROS~1\Office12\EXCEL.EXE/3000
O10 - Broken Internet access because of LSP provider 'd:\util\bonjour\mdnsnsp.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://novastor.cleverreach.com
O15 - Trusted Zone: http://*.google-analytics.com
O15 - Trusted Zone: http://*.novastor.com
O15 - Trusted Zone: http://*.taobao.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9EB8CB5-2D58-4282-B993-DECE1BAC2F85}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6763B55-86AC-4D4B-9423-19EEE0617895}: NameServer = 127.0.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Util\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - J:\WINDOW~1\COMMON~2\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - J:\Windows Files\Common FIles x86\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - J:\Windows Files\Common FIles x86\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - J:\Windows Files\Common FIles x86\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - D:\Util\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Backup Client Agent Service - NovaStor Corporation - D:\Util\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe
O23 - Service: Bonjour Service - Unknown owner - D:\Util\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - D:\Util\Allway Sync\Bin\SyncService.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - D:\Util\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - D:\Util\BlueStacks\HD-LogRotatorService.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - J:\Windows Files\Common FIles x86\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - D:\Util\Creative\Shared Files\CTAudSvc.exe
O23 - Service: OpenDNSCrypt (DNSCrypt) - Unknown owner - D:\Util\OpenDNS\DNSCrypt\OpenDNSCryptService.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - D:\Util\DU Meter\DUMeterSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - D:\util\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: ExtremeSync Service (ExtremeSync_Service) - Super Flexible Software - D:\Util\SuperFlexible\ExtremeSyncService.exe
O23 - Service: Extreme VSS Service (ExtremeVSSService) - Super Flexible Software Ltd. & Co. KG - D:\Util\SuperFlexible\ExtremeVSS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - J:\Windows Files\Common FIles x86\AltrixSoft\HDDInfoService\HDDSvc.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Util\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - D:\Util\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Util\Mozilla Maintenance Service\maintenanceservice_tmp.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @D:\Util\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - D:\Util\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetTalkUsrLaunchService - Unknown owner - D:\Util\netTALK\nettalkl.exe
O23 - Service: NetTalkUsrService - Unknown owner - D:\Util\netTALK\nettalkd.exe
O23 - Service: NovaStor NovaBACKUP Backup/Copy Engine (nsService) - NovaStor - D:\Util\NovaStor\NovaStor NovaBACKUP\nsService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Acronis OS Selector activator (OS Selector) - Unknown owner - D:\Util\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - D:\Util\Macrium\Reflect\ReflectService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - D:\Util\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - D:\Util\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - J:\Windows Files\Common FIles x86\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\util\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 14952 bytes

Attached Files



#2 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 18 September 2012 - 07:40 AM

Hello ringz,

Be aware we do not use HijackThis as the initial report tool. Our forum uses DDS.

Please do the following:
1
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.
  • Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html

2
Disable CD-ROM Emulation Software:
Please download the following tool DeFogger to your desktop.
◦Double click DeFogger to run the tool.
◦The application window will appear
◦Click the Disable button to disable your CD Emulation drivers.
◦Click Yes to continue
◦A 'Finished!' message will appear
◦Click OK
◦DeFogger will now ask to reboot the machine - click OK
◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
◦Do not re-enable these drivers until otherwise instructed.

3
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 4
To show all files:
  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.
Step 5
Download DDS and save it to your desktop from http://download.blee...om/sUBs/dds.scr here
or http://download.blee...om/sUBs/dds.com or
http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.
Then double click dds.scr to run the tool.
DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.
Please Copy & Paste contents of the following logs in your next reply:
DDS.txt
Attach.txt


Do not attach any logs. Always Copy & Paste into main-body of reply.
If needed, put 1 log per reply.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#3 zingz

zingz

    New Member

  • Members
  • Pip
  • 24 posts

Posted 18 September 2012 - 08:16 AM

Thanks very much for your help, Maurice. I will go through the procedure and report the results.

Regards
zingz

#4 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 19 September 2012 - 08:30 AM

How is it going ?
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#5 zingz

zingz

    New Member

  • Members
  • Pip
  • 24 posts

Posted 21 September 2012 - 07:51 PM

Hi Maurice. I finally had time to get back to this thorny problem. I will paste the three logs below. Thanks again for your help.

Robert


Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 09/21/2012 07:39:21 PM in x64 mode.
Windows Version: Windows 7 Enterprise Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/21/2012 07:39:24 PM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by robert at 19:43:15 on 2012-09-21
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.16281.13999 [GMT -7:00]
.
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\util\ESET2\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
D:\Util\TuneUp\TuneUpUtilitiesService64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
D:\Util\TuneUp\TuneUpUtilitiesApp64.exe
D:\Util\WizMouse\WizMouse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
D:\Util\ESET2\ESET Smart Security\egui.exe
D:\Util\DesktopOK\DesktopOK_x64.exe
D:\Util\CaptureWiz\Pro\CaptureWiz.exe
D:\Util\DiskCheckup\DiskCheckup.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
D:\Util\Kremlin\Kremlin Sentry.exe
D:\Util\WinPatrol\WinPatrol.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
D:\Util\sMaRTcaPs\SmartCaps.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
J:\Windows Files\Appllication Data\mjusbsp\magicJack.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
D:\ThunderbirdPortable\ThunderbirdPortable.exe
D:\ThunderbirdPortable\App\thunderbird\thunderbird.exe
C:\Windows\System32\Notepad.exe
C:\Windows\system32\svchost.exe -k SDRSVC
D:\util\Everything\Everything.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Util\totalcmd\TOTALCMD64.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooksURLSearchHooks: H - No File
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
Error: Key: software\microsoft\internet explorer\urlsearchhooks does not exist H - No File
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
Error: Key: .default\software\microsoft\internet explorer\urlsearchhooks does not exist H - No File
TB: SteelWerX Registry Console Tool 2.0 - No File
TB: Written by Bobbi Flekman 2006 © - No File
TB: Error: Key: software\microsoft\internet explorer\toolbar does not exist - No File
TB: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser - No File
TB: ITBar7Layout REG_BINARY 13000000000000000000000020000000100000001300000001000000000700005e010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 - No File
TB: ITBar7Height REG_DWORD 21 (0x15) - No File
EB: SteelWerX Registry Console Tool 2.0 - No File
EB: Written by Bobbi Flekman 2006 © - No File
EB: Error: Key: software\microsoft\internet explorer\explorer bars does not exist - No File
StartupFolder: J:\WINDOW~1\STARTM~1\Programs\Startup\CAPTUR~1.LNK - D:\Util\CaptureWiz\Pro\CaptureWiz.exe
StartupFolder: J:\WINDOW~1\STARTM~1\Programs\Startup\DISKCH~1.LNK - D:\Util\DiskCheckup\DiskCheckup.exe
StartupFolder: J:\Windows Files\Start Menu\Programs\Startup\Email and Password via Mouse Script.ahk
StartupFolder: J:\WINDOW~1\STARTM~1\Programs\Startup\HMONIT~1.LNK - D:\Util\Hmonitor\hmonitor.exe
StartupFolder: J:\WINDOW~1\STARTM~1\Programs\Startup\KREMLI~1.LNK - D:\Util\Kremlin\Kremlin Sentry.exe
StartupFolder: J:\WINDOW~1\STARTM~1\Programs\Startup\MAGICJ~1.LNK - F:\Windows Files\Appllication Data\mjusbsp\magicJackLoader.exe
StartupFolder: J:\WINDOW~1\STARTM~1\Programs\Startup\SMARTC~1.LNK - D:\Util\sMaRTcaPs\SmartCaps.exe
LSP: REGEDIT4
.
LSP: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\parameters\protocol_catalog9\catalog_entries]
LSP: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\parameters\protocol_catalog9\catalog_entries\
LSP: m33,32,\mswsock2e,dll
LSP:
LSP: Ha1,92,e9,03,
LSP: 32,
LSP: "ProtocolName"="@%SystemRoot%\\System32\\wshtcpip.dll,-601
LSP: Ha1,92,ea,03,
LSP: f7,ff,
LSP: "ProtocolName"="@%SystemRoot%\\System32\\wshtcpip.dll,-60101"
LSP: Ha1,92,eb,03,
LSP: "ProtocolName"="@%SystemRoot%\\System32\\wshtcpip.dll,-60102"
LSP: l34,e4,ec,03,
LSP: "ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-601
LSP: l34,e4,ed,03,
LSP: "ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-60101"
LSP: l34,e4,ee,03,
LSP: "ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-60102"
LSP: 82,e6,9a,ef,03,
LSP: "ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-1
LSP: 82,e6,9a,f0,03,
LSP: "ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-101"
LSP: 82,e6,9a,f1,03,
LSP: "ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-102"
LSP: 82,e6,9a,f2,03,
LSP: "ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-103"
LSP: 89,y2a,f3,03,
LSP: t
LSP: "ProtocolName"="MSAFD RfComm [Bluetooth]"
SSODL: SteelWerX Registry Console Tool 2.0 - - No File
SSODL: Written by Bobbi Flekman 2006 © - - No File
SSODL: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload - - No File
STS: SteelWerX Registry Console Tool 2.0 - No File
STS: Written by Bobbi Flekman 2006 © - No File
STS: Error: Key: software\microsoft\windows\currentversion\explorer\sharedtaskscheduler does not exist - No File
SEH: SteelWerX Registry Console Tool 2.0 - No File
SEH: Written by Bobbi Flekman 2006 © - No File
SEH: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks - No File
TB-X64: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser - No File
TB-X64: ITBar7Layout REG_BINARY 13000000000000000000000020000000100000001300000001000000000700005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 - No File
TB-X64: ITBar7Height REG_DWORD 0x15 - No File
SSODL-X64: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ShellServiceObjectDelayLoad - - No File
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys --> C:\Windows\system32\DRIVERS\mv91cons.sys [?]
R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;D:\Util\ESET2\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-21 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;D:\Util\TuneUp\TuneUpUtilitiesService64.exe [2011-10-12 2072896]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;D:\Util\TuneUp\TuneUpUtilitiesDriver64.sys [2011-9-22 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-9-21 1262400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-21 250288]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-9-21 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
.
=============== File Associations ===============
.
Application.Manifest=rundll32.exe dfshim.dll,ShOpenVerbApplication %1
Application.Reference=rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
brmFile="PrintBrmUI.exe" /import /file:"%1"
CABFolder=%SystemRoot%\Explorer.exe /idlist,%I,%L
CaptureWiz.Media="D:\Util\CaptureWiz\Pro\CaptureWiz.exe" "%1"
CATFile=%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1
CERFile=%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCER %1
CertificateStoreFile=%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenSTR %1
certificate_wab_auto_file="%ProgramFiles%\Windows Mail\wab.exe" /certificate "%1"
CompressedFolder=%SystemRoot%\Explorer.exe /idlist,%I,%L
contact_wab_auto_file="%ProgramFiles%\Windows Mail\wab.exe" /contact "%1"
CRLFile=%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCRL %1
ctsu="C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe"
Diagnostic.Cabinet=%SystemRoot%\system32\msdt.exe /cab "%1"
Diagnostic.Config=%SystemRoot%\system32\msdt.exe /path "%1"
Diagnostic.Document=%SystemRoot%\system32\msdt.exe /path "%1"
Diagnostic.Perfmon.Config=%SystemRoot%\system32\perfmon /sys /load "%1"
Diagnostic.Perfmon.Document=%SystemRoot%\system32\perfmon /sys /open "%1"
Diagnostic.Resmon.Config=%SystemRoot%\system32\perfmon /res /load "%1"
docxfile="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
emffile="%systemroot%\system32\mspaint.exe" "%1"
evtfile=%SystemRoot%\system32\eventvwr.exe /l:"%1"
evtxfile=%SystemRoot%\system32\eventvwr.exe /l:"%1"
Explorer.AssocProtocol.search-ms=%SystemRoot%\Explorer.exe /separate,/idlist,%I,%L
FaxCover.Document=%systemroot%\system32\fxscover.exe "%1"
Folder=%SystemRoot%\Explorer.exe
FoxitReader.Document="D:\Util\foxit software\Foxit Reader\Foxit Reader.exe" "%1"
FoxitReader.FDFDoc="D:\Util\foxit software\Foxit Reader\Foxit Reader.exe" "%1"
ftp="C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
giffile="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
group_wab_auto_file="%ProgramFiles%\Windows Mail\wab.exe" /Group "%1"
hlpfile=%SystemRoot%\winhlp32.exe %1
htafile=C:\Windows\SysWOW64\mshta.exe "%1" %*
htmlfile="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
http="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
icofile=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
IE.AssocFile.HTM="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
IE.AssocFile.MHT="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
IE.AssocFile.PARTIAL="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
IE.AssocFile.SVG="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
IE.AssocFile.URL="C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
IE.AssocFile.WEBSITE="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -w "%l" %*
IE.AssocFile.XHT="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
IE.FTP="C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
IE.HTTP="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
IE.HTTPS="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
InternetShortcut="C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
jntfile="%ProgramFiles%\Windows Journal\Journal.exe" "%1"
jpegfile=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
jpsfile="C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NvStView.exe" "%1"
JSFile=C:\Windows\System32\WScript.exe "%1" %*
jtpfile="%ProgramFiles%\Windows Journal\Journal.exe" "%1"
LDAP="%ProgramFiles%\Windows Mail\wab.exe" "/ldap:%1"
MacromediaFlashPaper.MacromediaFlashPaper="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome "%1"
mhtmlfile="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
Microsoft.InformationCard=C:\Windows\System32\rundll32.exe C:\Windows\System32\infocardcpl.cpl,ImportInformationCard_RunDll %1
Microsoft.PowerShellConsole.1="C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -p "%1"
Microsoft.PowerShellData.1="C:\Windows\System32\notepad.exe" "%1"
Microsoft.PowerShellModule.1="C:\Windows\System32\notepad.exe" "%1"
Microsoft.PowerShellScript.1="C:\Windows\System32\notepad.exe" "%1"
Microsoft.System.Update.1="%systemroot%\system32\wusa.exe" "%1" %2 %3 %4 %5 %6 %7 %8 %9
Microsoft.Website="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -w "%l" %*
Microsoft.WindowsCardSpaceBackup=C:\Windows\System32\rundll32.exe C:\Windows\System32\infocardcpl.cpl,ImportInformationCard_RunDll %1
migfile="C:\Windows\System32\migwiz\migwiz.exe" /Restore "%1"
MMS="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" "%L"
mpofile="C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NvStView.exe" "%1"
mscfile=%SystemRoot%\system32\mmc.exe "%1" %*
MSDASC=Rundll32.exe "%CommonProgramFiles%\System\OLE DB\oledb32.dll",OpenDSLFile %1
Msi.Package="%SystemRoot%\System32\msiexec.exe" /i "%1" %*
Msi.Patch="%SystemRoot%\System32\msiexec.exe" /p "%1" %*
MSInfoFile=%SystemRoot%\system32\msinfo32.exe "%1"
MSSppLicenseFile="iexplore.exe" "%1"
MSSppPackageFile=rundll32.exe sppcc.dll, OpenPackage %1
msstylesfile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"
odtfile="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
opensearchdescription=%SystemRoot%\explorer.exe
P7RFile=%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenP7R %1
P7SFile=%SystemRoot%\system32\\rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1
Paint.Picture=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
pbkfile=%SystemRoot%\system32\rasphone.exe -f "%1"
PerfFile=%SystemRoot%\system32\mmc.exe %systemroot%\system32\perfmon.msc /F "%1"
PhotoViewer.FileAssoc.Bitmap=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
PhotoViewer.FileAssoc.JFIF=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
PhotoViewer.FileAssoc.Jpeg=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
PhotoViewer.FileAssoc.Png=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
PhotoViewer.FileAssoc.Tiff=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
PhotoViewer.FileAssoc.Wdp=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
pjpegfile=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
pngfile=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
pnsfile="C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NvStView.exe" "%1"
prffile="%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\msrating.dll",ClickedOnPRF %1
ratfile="%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\msrating.dll",ClickedOnRAT %1
RemoteAssistance.1="%systemRoot%\system32\msra.exe" -openfile "%1"
rlefile="%systemroot%\system32\mspaint.exe" "%1"
rlogin="C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l
rtffile="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
SavedDsQuery=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\dsquery.dll,OpenSavedDsQuery %1
scriptletfile="C:\Windows\system32\NOTEPAD.EXE" "%1"
search=%SystemRoot%\Explorer.exe /separate,/idlist,%I,%L
search-ms=%SystemRoot%\Explorer.exe /separate,/idlist,%I,%L
SPCFile=%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1
STLFile=%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCTL %1
svgfile="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
telnet="C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l
textfile="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
themefile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"
themepackfile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"
TIFImage.Document=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
tn3270="C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l
TuneUp.Boot.Screen="D:\Util\TuneUp\Styler.exe" "%1"
TuneUp.Icon.Package="D:\Util\TuneUp\Styler.exe" "%1"
TuneUp.Logo.Animation="D:\Util\TuneUp\Styler.exe" "%1"
TuneUp.Logon.Screen="D:\Util\TuneUp\Styler.exe" "%1"
TuneUp.Utilities.2012.Unlock.Code="D:\Util\TuneUp\Integrator.exe" /regcode "%1"
TuneUp.Visual.Style="D:\Util\TuneUp\Styler.exe" "%1"
vcard_wab_auto_file="%ProgramFiles%\Windows Mail\wab.exe" /vcard "%1"
wab_auto_file="%ProgramFiles%\Windows Mail\wab.exe" /Import "%1"
wbcatfile=%SystemRoot%\system32\sdclt.exe /restorepage
WCN.AutoPlayHandler=%systemroot%\system32\rundll32.exe %systemroot%\system32\wzcdlg.dll,ImportFlashProfile %L
wcxfile=rundll32.exe xwizards.dll,RunWizard /u {7940acf8-60ba-4213-a7c3-f3b400ee266d} /z%1
wdpfile=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
webpnpFile=%SystemRoot%\system32\wpnpinst.exe %1
Windows.CompositeFont="%WinDir%\System32\notepad.exe" "%1"
Windows.DVD.Maker="%ProgramFiles%\DVD Maker\DVDMaker.exe" "%1"
Windows.gadget=%ProgramFiles%\Windows Sidebar\Sidebar.exe
Windows.XamlDocument="C:\Windows\System32\PresentationHost.exe" "%1" %*
Windows.Xbap="C:\Windows\System32\PresentationHost.exe" "%1" %*
Windows.XPSReachViewer=%SystemRoot%\System32\xpsrchvw.exe "%1" %*
windowsmediacenterapp=C:\Windows\ehome\MediaCenterWebLauncher.exe -app "%1"
windowsmediacenterssl=C:\Windows\ehome\MediaCenterWebLauncher.exe -ssl "%1"
windowsmediacenterweb=C:\Windows\ehome\MediaCenterWebLauncher.exe -web "%1"
wmffile="%systemroot%\system32\mspaint.exe" "%1"
WMP.DVR-MSFile="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
WMP.WTVFile="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
WMP11.AssocFile.3G2="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
WMP11.AssocFile.3GP="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
WMP11.AssocFile.ADTS="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
WMP11.AssocFile.AIFF="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
WMP11.AssocFile.ASF="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:7 /Open "%L"
WMP11.AssocFile.ASX="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
WMP11.AssocFile.AU="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
WMP11.AssocFile.AVI="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:8 /Open "%L"
WMP11.AssocFile.CDA="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
WMP11.AssocFile.M2TS="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:12 /Open "%L"
WMP11.AssocFile.M3U="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
WMP11.AssocFile.M4A="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
WMP11.AssocFile.MIDI="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
WMP11.AssocFile.MOV="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
WMP11.AssocFile.MP3="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
WMP11.AssocFile.MP4="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
WMP11.AssocFile.MPEG="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"
WMP11.AssocFile.TTS="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:12 /Open "%L"
WMP11.AssocFile.WAV="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
WMP11.AssocFile.WAX="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
WMP11.AssocFile.wma="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:5 /Open "%L"
WMP11.AssocFile.WMD="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /WMPackage:"%L"
WMP11.AssocFile.WMS="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /layout:"%L"
WMP11.AssocFile.WMV="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:7 /Open "%L"
WMP11.AssocFile.WMZ="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /layout:"%L"
WMP11.AssocFile.WPL="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
WMP11.AssocFile.WVX="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
WMP11.AssocProtocol.MMS="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" "%L"
Wordpad.Document.1="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
WSFFile="%SystemRoot%\System32\WScript.exe" "%1" %*
WSHFile="%SystemRoot%\System32\WScript.exe" "%1" %*
xhtmlfile="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
xmlfile="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
xslfile="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
zapfile=%SystemRoot%\system32\NOTEPAD.EXE %1
.
Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'
.
.
Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'
.
.
Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'
.
.
Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'
.
.
Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'
.
.
Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'
.
.
Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'
.
.
Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'
.
.
Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'
.
.
Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'
.
.
Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'
.
.
Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'
.
.
Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'
.
.
Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'
.
.
Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'
.
.
Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'
.
.
Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'
.
.
Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'
.
.
Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'
.
.
Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'
.
.
Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'
.
.
Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'
.
.
Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'
.
.
Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'
.
.
Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'
.
.
Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'
.
.
Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'
.
.
Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'
.
.
Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'
.
.
Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'
.
.
Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'
.
.
Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'
.
.
Unknown Rootkey: 'ERROR: KEY: JSFFILE'
.
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
<NO NAME> REG_SZ batfile
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
<NO NAME> REG_SZ cmdfile
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
<NO NAME> REG_SZ comfile
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
<NO NAME> REG_SZ exefile
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
<NO NAME> REG_SZ scrfile
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
<NO NAME> REG_SZ regfile
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
<NO NAME> REG_SZ txtfile
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-09-21 19:09:25 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 19:43:50.59 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume7
Install Date: 9/21/2012 3:56:55 AM
System Uptime: 9/21/2012 3:22:26 PM (4 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8Z68 DELUXE
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 23.287 GiB free.
D: is FIXED (NTFS) - 349 GiB total, 207.623 GiB free.
E: is FIXED (NTFS) - 349 GiB total, 120.657 GiB free.
F: is FIXED (NTFS) - 100 GiB total, 88.961 GiB free.
G: is FIXED (NTFS) - 100 GiB total, 62.272 GiB free.
H: is FIXED (NTFS) - 98 GiB total, 70 GiB free.
I: is FIXED (NTFS) - 696 GiB total, 78.625 GiB free.
J: is FIXED (NTFS) - 701 GiB total, 239.961 GiB free.
K: is CDROM ()
L: is CDROM ()
M: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio Device
Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80860101&REV_1000\4&38A04C3F&0&0301
Manufacturer: Microsoft
Name: High Definition Audio Device
PNP Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80860101&REV_1000\4&38A04C3F&0&0301
Service: HdAudAddService
.
Class GUID:
Description: EPSON Scanner
Device ID: USB\VID_04B8&PID_0119\7&FBF8A8D&0&5
Manufacturer:
Name: EPSON Scanner
PNP Device ID: USB\VID_04B8&PID_0119\7&FBF8A8D&0&5
Service:
.
==== System Restore Points ===================
.
RP12: 9/21/2012 10:10:37 AM - Installed ESET Smart Security
RP13: 9/21/2012 10:40:58 AM - Installed Creative Audio Control Panel
RP14: 9/21/2012 10:41:19 AM - Installed Creative Software AutoUpdate
RP15: 9/21/2012 12:35:52 PM - Installed Windows 7 Manager
RP16: 9/21/2012 12:38:44 PM - Windows 7 Manager v4.1.4 System-Restore Point
RP17: 9/21/2012 3:07:28 PM - Removed TuneUp Utilities Language Pack (en-US)
RP18: 9/21/2012 3:09:25 PM - Installed TuneUp Utilities 2012
.
==== Installed Programs ======================
.
Written by Bobbi Flekman 2006 ©
.
==== Event Viewer Messages From Past Week ========
.
The service has not been started.
9/21/2012 4:21:24 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error:
9/21/2012 3:22:41 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel Security. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
9/21/2012 1:04:56 PM, Error: Service Control Manager [7023] - The Intel® Content Protection HECI Service service terminated with the following error:
%%-2147024890
.
==== End Of File ===========================

#6 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 22 September 2012 - 09:59 AM

Hello zingz,

As you should know, it is best to address issues in a timely manner. So try to do as much as possible without delay.
Do not do any websurfing, or anything online, other than going to this forum and the websites I send you to for the tools that we need.

I did not see the Checkup log from SecurityCheck tool:
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 2
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.
On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.
On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls


Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
Do not click any FIX button. We just need an initial report.

Step 3
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 4
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller
Do NOT click any FIX buttons !

Step 5

RE-Enable your antivirus program. Posted Image

Then copy/paste the following into your post (in order):
  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#7 zingz

zingz

    New Member

  • Members
  • Pip
  • 24 posts

Posted 22 September 2012 - 10:38 AM

Here are the logs you requested.


Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Smart Security 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
TuneUp Utilities 2012
AVG PC Tuneup
TuneUp Utilities Language Pack (en-US)
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````




Fix is greyed out in aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-22 10:25:10
-----------------------------
10:25:10.181 OS Version: Windows x64 6.1.7601 Service Pack 1
10:25:10.181 Number of processors: 8 586 0x2A07
10:25:10.182 ComputerName: ROBERTPC UserName: robert
10:25:10.329 Initialize success
10:26:42.076 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:26:42.079 Disk 0 Vendor: Size: 0MB BusType: 0
10:26:42.082 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
10:26:42.084 Disk 1 Vendor: Size: 0MB BusType: 0
10:26:42.087 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
10:26:42.090 Disk 2 Vendor: Size: 0MB BusType: 0
10:26:42.094 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-4
10:26:42.097 Disk 3 Vendor: Size: 0MB BusType: 0
10:26:42.101 Disk 4 \Device\Harddisk4\DR4 -> \Device\000000c1
10:26:42.104 Disk 4 Vendor: Size: 0MB BusType: 0
10:26:42.106 Disk 2 MBR read successfully
10:26:42.108 Disk 2 MBR scan
10:26:42.111 Disk 2 Windows 7 default MBR code
10:26:42.114 Disk 2 MBR hidden
10:26:42.117 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57240 MB offset 2048
10:26:42.121 Disk 2 scanning C:\Windows\system32\drivers
10:26:42.915 Service scanning
10:26:44.993 Modules scanning
10:26:45.001 Scan finished successfully
10:28:14.714 Disk 2 MBR has been saved successfully to "J:\Windows Files\Desktop\MBR.dat"
10:28:14.717 The log file has been saved successfully to "J:\Windows Files\Desktop\aswMBR.txt"



10:30:11.0895 4896 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
10:30:13.0907 4896 ============================================================
10:30:13.0907 4896 Current date / time: 2012/09/22 10:30:13.0907
10:30:13.0907 4896 SystemInfo:
10:30:13.0907 4896
10:30:13.0907 4896 OS Version: 6.1.7601 ServicePack: 1.0
10:30:13.0907 4896 Product type: Workstation
10:30:13.0907 4896 ComputerName: ROBERTPC
10:30:13.0907 4896 UserName: robert
10:30:13.0907 4896 Windows directory: C:\Windows
10:30:13.0907 4896 System windows directory: C:\Windows
10:30:13.0907 4896 Running under WOW64
10:30:13.0907 4896 Processor architecture: Intel x64
10:30:13.0907 4896 Number of processors: 8
10:30:13.0907 4896 Page size: 0x1000
10:30:13.0907 4896 Boot type: Normal boot
10:30:13.0907 4896 ============================================================
10:30:14.0079 4896 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:30:14.0095 4896 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:30:14.0095 4896 Drive \Device\Harddisk2\DR2 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:30:14.0095 4896 Drive \Device\Harddisk3\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:30:14.0126 4896 ============================================================
10:30:14.0126 4896 \Device\Harddisk0\DR0:
10:30:14.0126 4896 MBR partitions:
10:30:14.0126 4896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2BAA48A2
10:30:14.0141 4896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2BAA4920, BlocksNum 0x2BAA09E1
10:30:14.0141 4896 \Device\Harddisk1\DR1:
10:30:14.0157 4896 MBR partitions:
10:30:14.0157 4896 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC7FFCA1
10:30:14.0157 4896 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC7FFD1F, BlocksNum 0xC8F71D1
10:30:14.0157 4896 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x190F6F2F, BlocksNum 0xC3363E1
10:30:14.0157 4896 \Device\Harddisk2\DR2:
10:30:14.0157 4896 MBR partitions:
10:30:14.0157 4896 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCC000
10:30:14.0157 4896 \Device\Harddisk3\DR3:
10:30:14.0157 4896 MBR partitions:
10:30:14.0157 4896 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x56FA5C13
10:30:14.0173 4896 \Device\Harddisk3\DR3\Partition2: MBR, Type 0x7, StartLBA 0x56FA5C91, BlocksNum 0x57AE0AB0
10:30:14.0173 4896 ============================================================
10:30:14.0173 4896 C: <-> \Device\Harddisk2\DR2\Partition1
10:30:14.0204 4896 E: <-> \Device\Harddisk0\DR0\Partition1
10:30:14.0251 4896 D: <-> \Device\Harddisk0\DR0\Partition2
10:30:14.0251 4896 F: <-> \Device\Harddisk1\DR1\Partition1
10:30:14.0329 4896 G: <-> \Device\Harddisk1\DR1\Partition2
10:30:14.0344 4896 H: <-> \Device\Harddisk1\DR1\Partition3
10:30:14.0375 4896 I: <-> \Device\Harddisk3\DR3\Partition1
10:30:14.0407 4896 J: <-> \Device\Harddisk3\DR3\Partition2
10:30:14.0407 4896 ============================================================
10:30:14.0407 4896 Initialize success
10:30:14.0407 4896 ============================================================
10:30:22.0738 7004 ============================================================
10:30:22.0738 7004 Scan started
10:30:22.0738 7004 Mode: Manual;
10:30:22.0738 7004 ============================================================
10:30:23.0019 7004 ================ Scan system memory ========================
10:30:23.0019 7004 System memory - ok
10:30:23.0019 7004 ================ Scan services =============================
10:30:23.0066 7004 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:30:23.0066 7004 1394ohci - ok
10:30:23.0081 7004 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:30:23.0081 7004 ACPI - ok
10:30:23.0081 7004 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:30:23.0081 7004 AcpiPmi - ok
10:30:23.0112 7004 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:30:23.0112 7004 AdobeFlashPlayerUpdateSvc - ok
10:30:23.0112 7004 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:30:23.0128 7004 adp94xx - ok
10:30:23.0128 7004 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:30:23.0144 7004 adpahci - ok
10:30:23.0144 7004 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:30:23.0144 7004 adpu320 - ok
10:30:23.0144 7004 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:30:23.0144 7004 AeLookupSvc - ok
10:30:23.0159 7004 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\Windows\system32\drivers\afd.sys
10:30:23.0159 7004 AFD - ok
10:30:23.0159 7004 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:30:23.0159 7004 agp440 - ok
10:30:23.0159 7004 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:30:23.0159 7004 ALG - ok
10:30:23.0159 7004 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:30:23.0159 7004 aliide - ok
10:30:23.0175 7004 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:30:23.0175 7004 amdide - ok
10:30:23.0175 7004 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:30:23.0175 7004 AmdK8 - ok
10:30:23.0175 7004 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:30:23.0175 7004 AmdPPM - ok
10:30:23.0175 7004 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:30:23.0175 7004 amdsata - ok
10:30:23.0175 7004 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:30:23.0190 7004 amdsbs - ok
10:30:23.0190 7004 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:30:23.0190 7004 amdxata - ok
10:30:23.0190 7004 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:30:23.0190 7004 AppID - ok
10:30:23.0190 7004 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:30:23.0190 7004 AppIDSvc - ok
10:30:23.0190 7004 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:30:23.0190 7004 Appinfo - ok
10:30:23.0206 7004 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:30:23.0206 7004 AppMgmt - ok
10:30:23.0206 7004 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
10:30:23.0206 7004 arc - ok
10:30:23.0206 7004 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:30:23.0206 7004 arcsas - ok
10:30:23.0206 7004 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:30:23.0206 7004 AsyncMac - ok
10:30:23.0206 7004 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:30:23.0206 7004 atapi - ok
10:30:23.0222 7004 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:30:23.0222 7004 AudioEndpointBuilder - ok
10:30:23.0237 7004 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:30:23.0237 7004 AudioSrv - ok
10:30:23.0237 7004 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:30:23.0237 7004 AxInstSV - ok
10:30:23.0253 7004 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:30:23.0253 7004 b06bdrv - ok
10:30:23.0253 7004 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:30:23.0253 7004 b57nd60a - ok
10:30:23.0268 7004 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:30:23.0268 7004 BDESVC - ok
10:30:23.0268 7004 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:30:23.0268 7004 Beep - ok
10:30:23.0268 7004 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:30:23.0284 7004 BFE - ok
10:30:23.0284 7004 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:30:23.0300 7004 BITS - ok
10:30:23.0300 7004 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:30:23.0300 7004 blbdrive - ok
10:30:23.0300 7004 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:30:23.0300 7004 bowser - ok
10:30:23.0315 7004 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:30:23.0315 7004 BrFiltLo - ok
10:30:23.0315 7004 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:30:23.0315 7004 BrFiltUp - ok
10:30:23.0315 7004 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:30:23.0315 7004 BridgeMP - ok
10:30:23.0315 7004 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
10:30:23.0315 7004 Browser - ok
10:30:23.0315 7004 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:30:23.0331 7004 Brserid - ok
10:30:23.0331 7004 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:30:23.0331 7004 BrSerWdm - ok
10:30:23.0331 7004 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:30:23.0331 7004 BrUsbMdm - ok
10:30:23.0331 7004 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:30:23.0331 7004 BrUsbSer - ok
10:30:23.0331 7004 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
10:30:23.0331 7004 BthEnum - ok
10:30:23.0331 7004 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:30:23.0346 7004 BTHMODEM - ok
10:30:23.0346 7004 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:30:23.0346 7004 BthPan - ok
10:30:23.0346 7004 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
10:30:23.0362 7004 BTHPORT - ok
10:30:23.0362 7004 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:30:23.0362 7004 bthserv - ok
10:30:23.0362 7004 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
10:30:23.0362 7004 BTHUSB - ok
10:30:23.0362 7004 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:30:23.0362 7004 cdfs - ok
10:30:23.0362 7004 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:30:23.0362 7004 cdrom - ok
10:30:23.0378 7004 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:30:23.0378 7004 CertPropSvc - ok
10:30:23.0378 7004 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
10:30:23.0378 7004 circlass - ok
10:30:23.0378 7004 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:30:23.0378 7004 CLFS - ok
10:30:23.0393 7004 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:30:23.0393 7004 clr_optimization_v2.0.50727_32 - ok
10:30:23.0393 7004 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:30:23.0393 7004 clr_optimization_v2.0.50727_64 - ok
10:30:23.0393 7004 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:30:23.0393 7004 clr_optimization_v4.0.30319_32 - ok
10:30:23.0409 7004 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:30:23.0409 7004 clr_optimization_v4.0.30319_64 - ok
10:30:23.0409 7004 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
10:30:23.0409 7004 CmBatt - ok
10:30:23.0409 7004 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:30:23.0409 7004 cmdide - ok
10:30:23.0409 7004 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
10:30:23.0424 7004 CNG - ok
10:30:23.0424 7004 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:30:23.0424 7004 Compbatt - ok
10:30:23.0424 7004 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:30:23.0424 7004 CompositeBus - ok
10:30:23.0424 7004 COMSysApp - ok
10:30:23.0424 7004 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
10:30:23.0424 7004 cphs - ok
10:30:23.0424 7004 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:30:23.0440 7004 crcdisk - ok
10:30:23.0440 7004 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
10:30:23.0440 7004 Creative Audio Engine Licensing Service - ok
10:30:23.0440 7004 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:30:23.0440 7004 CryptSvc - ok
10:30:23.0440 7004 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:30:23.0456 7004 CSC - ok
10:30:23.0456 7004 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:30:23.0456 7004 CscService - ok
10:30:23.0471 7004 [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
10:30:23.0471 7004 CT20XUT - ok
10:30:23.0471 7004 [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
10:30:23.0471 7004 CT20XUT.SYS - ok
10:30:23.0471 7004 [ EB3843A91A10150C9E05607CBCB44090 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
10:30:23.0471 7004 ctac32k - ok
10:30:23.0487 7004 [ BC06EFB59A2316537765462DFE40F764 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
10:30:23.0487 7004 ctaud2k - ok
10:30:23.0487 7004 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
10:30:23.0502 7004 CTAudSvcService - ok
10:30:23.0502 7004 [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
10:30:23.0518 7004 CTEXFIFX - ok
10:30:23.0534 7004 [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
10:30:23.0534 7004 CTEXFIFX.SYS - ok
10:30:23.0534 7004 [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
10:30:23.0534 7004 CTHWIUT - ok
10:30:23.0534 7004 [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
10:30:23.0534 7004 CTHWIUT.SYS - ok
10:30:23.0534 7004 [ EBC9548EF5838CB5AA8F18B3AC28AF12 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
10:30:23.0534 7004 ctprxy2k - ok
10:30:23.0549 7004 [ 459BEE1682121842285C162E2D98D81A ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
10:30:23.0549 7004 ctsfm2k - ok
10:30:23.0549 7004 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:30:23.0549 7004 DcomLaunch - ok
10:30:23.0565 7004 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:30:23.0565 7004 defragsvc - ok
10:30:23.0565 7004 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:30:23.0565 7004 DfsC - ok
10:30:23.0565 7004 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:30:23.0565 7004 Dhcp - ok
10:30:23.0580 7004 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:30:23.0580 7004 discache - ok
10:30:23.0580 7004 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
10:30:23.0580 7004 Disk - ok
10:30:23.0580 7004 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
10:30:23.0580 7004 dmvsc - ok
10:30:23.0580 7004 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:30:23.0580 7004 Dnscache - ok
10:30:23.0580 7004 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:30:23.0596 7004 dot3svc - ok
10:30:23.0596 7004 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:30:23.0596 7004 DPS - ok
10:30:23.0596 7004 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:30:23.0596 7004 drmkaud - ok
10:30:23.0612 7004 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:30:23.0612 7004 DXGKrnl - ok
10:30:23.0612 7004 [ 471612D324D8682B98B267BD091D2219 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
10:30:23.0612 7004 e1cexpress - ok
10:30:23.0612 7004 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
10:30:23.0627 7004 E1G60 - ok
10:30:23.0627 7004 [ 13533557D01B88C83110D5CF749F14D7 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
10:30:23.0627 7004 eamonm - ok
10:30:23.0627 7004 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:30:23.0627 7004 EapHost - ok
10:30:23.0658 7004 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
10:30:23.0674 7004 ebdrv - ok
10:30:23.0674 7004 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
10:30:23.0690 7004 EFS - ok
10:30:23.0690 7004 [ E097728129E7B79BF1089D7AEF42332B ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
10:30:23.0690 7004 ehdrv - ok
10:30:23.0690 7004 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:30:23.0690 7004 ehRecvr - ok
10:30:23.0705 7004 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:30:23.0705 7004 ehSched - ok
10:30:23.0799 7004 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn D:\util\ESET2\ESET Smart Security\x86\ekrn.exe
10:30:23.0799 7004 ekrn - ok
10:30:23.0814 7004 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:30:23.0814 7004 elxstor - ok
10:30:23.0830 7004 [ C26133B6165928FBD156C6FE570F9ED2 ] emupia C:\Windows\system32\drivers\emupia2k.sys
10:30:23.0830 7004 emupia - ok
10:30:23.0830 7004 [ 198C6FBC30BBD9632EA051203DCCF204 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
10:30:23.0830 7004 epfw - ok
10:30:23.0846 7004 [ 56DE463F517710A8AA44EEF82C35B3C9 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
10:30:23.0846 7004 EpfwLWF - ok
10:30:23.0846 7004 [ 710B0442BB2F99278D7B8E02A8849C11 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
10:30:23.0846 7004 epfwwfp - ok
10:30:23.0846 7004 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:30:23.0846 7004 ErrDev - ok
10:30:23.0861 7004 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:30:23.0861 7004 EventSystem - ok
10:30:23.0861 7004 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:30:23.0861 7004 exfat - ok
10:30:23.0861 7004 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:30:23.0861 7004 fastfat - ok
10:30:23.0877 7004 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:30:23.0877 7004 Fax - ok
10:30:23.0877 7004 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
10:30:23.0877 7004 fdc - ok
10:30:23.0892 7004 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:30:23.0892 7004 fdPHost - ok
10:30:23.0892 7004 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:30:23.0892 7004 FDResPub - ok
10:30:23.0892 7004 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:30:23.0892 7004 FileInfo - ok
10:30:23.0892 7004 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:30:23.0892 7004 Filetrace - ok
10:30:23.0892 7004 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:30:23.0892 7004 flpydisk - ok
10:30:23.0908 7004 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:30:23.0908 7004 FltMgr - ok
10:30:23.0924 7004 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:30:23.0924 7004 FontCache - ok
10:30:23.0924 7004 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:30:23.0924 7004 FontCache3.0.0.0 - ok
10:30:23.0939 7004 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:30:23.0939 7004 FsDepends - ok
10:30:23.0939 7004 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:30:23.0939 7004 Fs_Rec - ok
10:30:23.0939 7004 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:30:23.0939 7004 fvevol - ok
10:30:23.0939 7004 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:30:23.0939 7004 gagp30kx - ok
10:30:23.0955 7004 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:30:23.0955 7004 gpsvc - ok
10:30:23.0970 7004 [ A3F010D5DBFB589A3B3288C05C2EA3F9 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
10:30:23.0986 7004 ha20x2k - ok
10:30:23.0986 7004 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:30:23.0986 7004 hcw85cir - ok
10:30:23.0986 7004 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:30:23.0986 7004 HdAudAddService - ok
10:30:24.0002 7004 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:30:24.0002 7004 HDAudBus - ok
10:30:24.0002 7004 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:30:24.0002 7004 HidBatt - ok
10:30:24.0002 7004 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:30:24.0002 7004 HidBth - ok
10:30:24.0002 7004 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
10:30:24.0002 7004 HidIr - ok
10:30:24.0002 7004 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:30:24.0002 7004 hidserv - ok
10:30:24.0017 7004 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:30:24.0017 7004 HidUsb - ok
10:30:24.0017 7004 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:30:24.0017 7004 hkmsvc - ok
10:30:24.0017 7004 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:30:24.0017 7004 HomeGroupListener - ok
10:30:24.0033 7004 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:30:24.0033 7004 HomeGroupProvider - ok
10:30:24.0033 7004 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:30:24.0033 7004 HpSAMD - ok
10:30:24.0033 7004 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:30:24.0048 7004 HTTP - ok
10:30:24.0048 7004 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:30:24.0048 7004 hwpolicy - ok
10:30:24.0048 7004 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:30:24.0048 7004 i8042prt - ok
10:30:24.0064 7004 [ 8BB3D51678F405411CB209F350612185 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:30:24.0064 7004 iaStor - ok
10:30:24.0064 7004 [ 7384B2B486953A94377952726DF796DB ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
10:30:24.0064 7004 IAStorDataMgrSvc - ok
10:30:24.0080 7004 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:30:24.0080 7004 iaStorV - ok
10:30:24.0080 7004 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:30:24.0095 7004 idsvc - ok
10:30:24.0236 7004 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:30:24.0360 7004 igfx - ok
10:30:24.0360 7004 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:30:24.0360 7004 iirsp - ok
10:30:24.0376 7004 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:30:24.0376 7004 IKEEXT - ok
10:30:24.0392 7004 [ 7A3F838F2D7C8FD8E8CFF480384A798C ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
10:30:24.0392 7004 Intel® PROSet Monitoring Service - ok
10:30:24.0392 7004 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:30:24.0392 7004 intelide - ok
10:30:24.0392 7004 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:30:24.0392 7004 intelppm - ok
10:30:24.0392 7004 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:30:24.0392 7004 IPBusEnum - ok
10:30:24.0392 7004 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:30:24.0392 7004 IpFilterDriver - ok
10:30:24.0407 7004 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:30:24.0407 7004 iphlpsvc - ok
10:30:24.0407 7004 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:30:24.0407 7004 IPMIDRV - ok
10:30:24.0407 7004 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:30:24.0407 7004 IPNAT - ok
10:30:24.0407 7004 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:30:24.0407 7004 IRENUM - ok
10:30:24.0423 7004 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:30:24.0423 7004 isapnp - ok
10:30:24.0423 7004 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:30:24.0423 7004 iScsiPrt - ok
10:30:24.0423 7004 [ 79A55E8907F34AB569029505418C35EF ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
10:30:24.0423 7004 JRAID - ok
10:30:24.0423 7004 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:30:24.0423 7004 kbdclass - ok
10:30:24.0423 7004 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:30:24.0423 7004 kbdhid - ok
10:30:24.0423 7004 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
10:30:24.0423 7004 KeyIso - ok
10:30:24.0438 7004 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:30:24.0438 7004 KSecDD - ok
10:30:24.0438 7004 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:30:24.0438 7004 KSecPkg - ok
10:30:24.0438 7004 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:30:24.0438 7004 ksthunk - ok
10:30:24.0438 7004 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:30:24.0438 7004 KtmRm - ok
10:30:24.0454 7004 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:30:24.0454 7004 LanmanServer - ok
10:30:24.0454 7004 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:30:24.0454 7004 LanmanWorkstation - ok
10:30:24.0454 7004 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:30:24.0454 7004 lltdio - ok
10:30:24.0454 7004 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:30:24.0470 7004 lltdsvc - ok
10:30:24.0470 7004 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:30:24.0470 7004 lmhosts - ok
10:30:24.0470 7004 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:30:24.0470 7004 LSI_FC - ok
10:30:24.0470 7004 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:30:24.0470 7004 LSI_SAS - ok
10:30:24.0470 7004 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:30:24.0470 7004 LSI_SAS2 - ok
10:30:24.0470 7004 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:30:24.0485 7004 LSI_SCSI - ok
10:30:24.0485 7004 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:30:24.0485 7004 luafv - ok
10:30:24.0485 7004 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:30:24.0485 7004 MBAMProtector - ok
10:30:24.0485 7004 MBAMScheduler - ok
10:30:24.0485 7004 MBAMService - ok
10:30:24.0485 7004 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:30:24.0485 7004 Mcx2Svc - ok
10:30:24.0485 7004 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
10:30:24.0485 7004 megasas - ok
10:30:24.0501 7004 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:30:24.0501 7004 MegaSR - ok
10:30:24.0501 7004 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:30:24.0501 7004 MEIx64 - ok
10:30:24.0501 7004 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:30:24.0501 7004 MMCSS - ok
10:30:24.0501 7004 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:30:24.0501 7004 Modem - ok
10:30:24.0501 7004 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:30:24.0501 7004 monitor - ok
10:30:24.0501 7004 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:30:24.0501 7004 mouclass - ok
10:30:24.0516 7004 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:30:24.0516 7004 mouhid - ok
10:30:24.0516 7004 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:30:24.0516 7004 mountmgr - ok
10:30:24.0516 7004 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:30:24.0516 7004 mpio - ok
10:30:24.0516 7004 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:30:24.0516 7004 mpsdrv - ok
10:30:24.0532 7004 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:30:24.0532 7004 MpsSvc - ok
10:30:24.0532 7004 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:30:24.0532 7004 MRxDAV - ok
10:30:24.0532 7004 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:30:24.0532 7004 mrxsmb - ok
10:30:24.0548 7004 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:30:24.0548 7004 mrxsmb10 - ok
10:30:24.0548 7004 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:30:24.0548 7004 mrxsmb20 - ok
10:30:24.0548 7004 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:30:24.0548 7004 msahci - ok
10:30:24.0548 7004 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:30:24.0548 7004 msdsm - ok
10:30:24.0563 7004 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:30:24.0563 7004 MSDTC - ok
10:30:24.0563 7004 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:30:24.0563 7004 Msfs - ok
10:30:24.0563 7004 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:30:24.0563 7004 mshidkmdf - ok
10:30:24.0563 7004 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:30:24.0563 7004 msisadrv - ok
10:30:24.0563 7004 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:30:24.0563 7004 MSiSCSI - ok
10:30:24.0563 7004 msiserver - ok
10:30:24.0563 7004 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:30:24.0579 7004 MSKSSRV - ok
10:30:24.0579 7004 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:30:24.0579 7004 MSPCLOCK - ok
10:30:24.0579 7004 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:30:24.0579 7004 MSPQM - ok
10:30:24.0579 7004 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:30:24.0579 7004 MsRPC - ok
10:30:24.0579 7004 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:30:24.0579 7004 mssmbios - ok
10:30:24.0579 7004 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:30:24.0579 7004 MSTEE - ok
10:30:24.0594 7004 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:30:24.0594 7004 MTConfig - ok
10:30:24.0594 7004 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:30:24.0594 7004 Mup - ok
10:30:24.0594 7004 [ BAA293F089077FE71F855BA5649648D9 ] mv91cons C:\Windows\system32\DRIVERS\mv91cons.sys
10:30:24.0594 7004 mv91cons - ok
10:30:24.0594 7004 [ A986DC81534582FA478C286E8F57A877 ] mvs91xx C:\Windows\system32\DRIVERS\mvs91xx.sys
10:30:24.0594 7004 mvs91xx - ok
10:30:24.0610 7004 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:30:24.0610 7004 napagent - ok
10:30:24.0610 7004 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:30:24.0610 7004 NativeWifiP - ok
10:30:24.0626 7004 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:30:24.0626 7004 NDIS - ok
10:30:24.0626 7004 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:30:24.0626 7004 NdisCap - ok
10:30:24.0641 7004 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:30:24.0641 7004 NdisTapi - ok
10:30:24.0641 7004 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:30:24.0641 7004 Ndisuio - ok
10:30:24.0641 7004 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:30:24.0641 7004 NdisWan - ok
10:30:24.0641 7004 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:30:24.0641 7004 NDProxy - ok
10:30:24.0641 7004 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:30:24.0641 7004 NetBIOS - ok
10:30:24.0641 7004 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:30:24.0657 7004 NetBT - ok
10:30:24.0657 7004 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
10:30:24.0657 7004 Netlogon - ok
10:30:24.0657 7004 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:30:24.0657 7004 Netman - ok
10:30:24.0672 7004 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:30:24.0672 7004 netprofm - ok
10:30:24.0672 7004 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:30:24.0672 7004 NetTcpPortSharing - ok
10:30:24.0672 7004 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:30:24.0672 7004 nfrd960 - ok
10:30:24.0672 7004 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:30:24.0672 7004 NlaSvc - ok
10:30:24.0688 7004 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:30:24.0688 7004 Npfs - ok
10:30:24.0688 7004 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:30:24.0688 7004 nsi - ok
10:30:24.0688 7004 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:30:24.0688 7004 nsiproxy - ok
10:30:24.0704 7004 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:30:24.0719 7004 Ntfs - ok
10:30:24.0719 7004 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:30:24.0719 7004 Null - ok
10:30:24.0719 7004 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
10:30:24.0719 7004 nusb3hub - ok
10:30:24.0719 7004 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:30:24.0719 7004 nusb3xhc - ok
10:30:24.0719 7004 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
10:30:24.0719 7004 NVHDA - ok
10:30:24.0875 7004 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:30:24.0922 7004 nvlddmkm - ok
10:30:24.0922 7004 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:30:24.0922 7004 nvraid - ok
10:30:24.0922 7004 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:30:24.0922 7004 nvstor - ok
10:30:24.0938 7004 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
10:30:24.0938 7004 nvsvc - ok
10:30:24.0953 7004 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:30:24.0969 7004 nvUpdatusService - ok
10:30:24.0969 7004 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:30:24.0969 7004 nv_agp - ok
10:30:24.0969 7004 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:30:24.0969 7004 ohci1394 - ok
10:30:24.0969 7004 [ 0E2DE427EBE106E7E5B52869D5C99F68 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
10:30:24.0969 7004 ossrv - ok
10:30:24.0969 7004 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:30:24.0984 7004 p2pimsvc - ok
10:30:24.0984 7004 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:30:24.0984 7004 p2psvc - ok
10:30:24.0984 7004 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
10:30:24.0984 7004 Parport - ok
10:30:25.0000 7004 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:30:25.0000 7004 partmgr - ok
10:30:25.0000 7004 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:30:25.0000 7004 PcaSvc - ok
10:30:25.0000 7004 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:30:25.0000 7004 pci - ok
10:30:25.0000 7004 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:30:25.0000 7004 pciide - ok
10:30:25.0016 7004 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:30:25.0016 7004 pcmcia - ok
10:30:25.0016 7004 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:30:25.0016 7004 pcw - ok
10:30:25.0016 7004 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:30:25.0031 7004 PEAUTH - ok
10:30:25.0031 7004 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:30:25.0047 7004 PeerDistSvc - ok
10:30:25.0047 7004 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:30:25.0047 7004 PerfHost - ok
10:30:25.0062 7004 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:30:25.0078 7004 pla - ok
10:30:25.0078 7004 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:30:25.0078 7004 PlugPlay - ok
10:30:25.0094 7004 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:30:25.0094 7004 PNRPAutoReg - ok
10:30:25.0094 7004 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:30:25.0094 7004 PNRPsvc - ok
10:30:25.0094 7004 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:30:25.0109 7004 PolicyAgent - ok
10:30:25.0109 7004 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:30:25.0109 7004 Power - ok
10:30:25.0109 7004 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:30:25.0109 7004 PptpMiniport - ok
10:30:25.0109 7004 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
10:30:25.0109 7004 Processor - ok
10:30:25.0125 7004 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
10:30:25.0125 7004 ProfSvc - ok
10:30:25.0125 7004 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
10:30:25.0125 7004 ProtectedStorage - ok
10:30:25.0125 7004 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:30:25.0125 7004 Psched - ok
10:30:25.0140 7004 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:30:25.0156 7004 ql2300 - ok
10:30:25.0156 7004 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:30:25.0156 7004 ql40xx - ok
10:30:25.0156 7004 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:30:25.0156 7004 QWAVE - ok
10:30:25.0156 7004 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:30:25.0156 7004 QWAVEdrv - ok
10:30:25.0172 7004 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:30:25.0172 7004 RasAcd - ok
10:30:25.0172 7004 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:30:25.0172 7004 RasAgileVpn - ok
10:30:25.0172 7004 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:30:25.0172 7004 RasAuto - ok
10:30:25.0172 7004 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:30:25.0172 7004 Rasl2tp - ok
10:30:25.0172 7004 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:30:25.0187 7004 RasMan - ok
10:30:25.0187 7004 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:30:25.0187 7004 RasPppoe - ok
10:30:25.0187 7004 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:30:25.0187 7004 RasSstp - ok
10:30:25.0187 7004 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:30:25.0187 7004 rdbss - ok
10:30:25.0187 7004 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:30:25.0187 7004 rdpbus - ok
10:30:25.0203 7004 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:30:25.0203 7004 RDPCDD - ok
10:30:25.0203 7004 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:30:25.0203 7004 RDPDR - ok
10:30:25.0203 7004 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:30:25.0203 7004 RDPENCDD - ok
10:30:25.0203 7004 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:30:25.0203 7004 RDPREFMP - ok
10:30:25.0203 7004 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:30:25.0203 7004 RdpVideoMiniport - ok
10:30:25.0218 7004 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:30:25.0218 7004 RDPWD - ok
10:30:25.0218 7004 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:30:25.0218 7004 rdyboost - ok
10:30:25.0218 7004 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:30:25.0218 7004 RemoteAccess - ok
10:30:25.0218 7004 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:30:25.0218 7004 RemoteRegistry - ok
10:30:25.0234 7004 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:30:25.0234 7004 RFCOMM - ok
10:30:25.0234 7004 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:30:25.0234 7004 RpcEptMapper - ok
10:30:25.0234 7004 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:30:25.0234 7004 RpcLocator - ok
10:30:25.0250 7004 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:30:25.0250 7004 RpcSs - ok
10:30:25.0250 7004 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:30:25.0250 7004 rspndr - ok
10:30:25.0250 7004 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:30:25.0250 7004 RTL8167 - ok
10:30:25.0250 7004 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:30:25.0250 7004 s3cap - ok
10:30:25.0265 7004 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
10:30:25.0265 7004 SamSs - ok
10:30:25.0265 7004 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:30:25.0265 7004 sbp2port - ok
10:30:25.0265 7004 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:30:25.0265 7004 SCardSvr - ok
10:30:25.0265 7004 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:30:25.0265 7004 scfilter - ok
10:30:25.0281 7004 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:30:25.0281 7004 Schedule - ok
10:30:25.0296 7004 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:30:25.0296 7004 SCPolicySvc - ok
10:30:25.0296 7004 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:30:25.0296 7004 SDRSVC - ok
10:30:25.0296 7004 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:30:25.0296 7004 secdrv - ok
10:30:25.0296 7004 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:30:25.0296 7004 seclogon - ok
10:30:25.0296 7004 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:30:25.0312 7004 SENS - ok
10:30:25.0312 7004 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:30:25.0312 7004 SensrSvc - ok
10:30:25.0312 7004 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:30:25.0312 7004 Serenum - ok
10:30:25.0312 7004 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:30:25.0312 7004 Serial - ok
10:30:25.0312 7004 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:30:25.0312 7004 sermouse - ok
10:30:25.0312 7004 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:30:25.0328 7004 SessionEnv - ok
10:30:25.0328 7004 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:30:25.0328 7004 sffdisk - ok
10:30:25.0328 7004 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:30:25.0328 7004 sffp_mmc - ok
10:30:25.0328 7004 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:30:25.0328 7004 sffp_sd - ok
10:30:25.0328 7004 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:30:25.0328 7004 sfloppy - ok
10:30:25.0328 7004 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:30:25.0328 7004 SharedAccess - ok
10:30:25.0343 7004 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:30:25.0343 7004 ShellHWDetection - ok
10:30:25.0343 7004 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:30:25.0343 7004 SiSRaid2 - ok
10:30:25.0343 7004 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:30:25.0343 7004 SiSRaid4 - ok
10:30:25.0343 7004 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:30:25.0343 7004 Smb - ok
10:30:25.0359 7004 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:30:25.0359 7004 SNMPTRAP - ok
10:30:25.0359 7004 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:30:25.0359 7004 spldr - ok
10:30:25.0359 7004 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
10:30:25.0359 7004 Spooler - ok
10:30:25.0406 7004 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:30:25.0421 7004 sppsvc - ok
10:30:25.0421 7004 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:30:25.0437 7004 sppuinotify - ok
10:30:25.0437 7004 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:30:25.0437 7004 srv - ok
10:30:25.0437 7004 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:30:25.0452 7004 srv2 - ok
10:30:25.0452 7004 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:30:25.0452 7004 srvnet - ok
10:30:25.0452 7004 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:30:25.0452 7004 SSDPSRV - ok
10:30:25.0452 7004 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:30:25.0452 7004 SstpSvc - ok
10:30:25.0468 7004 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:30:25.0468 7004 Stereo Service - ok
10:30:25.0468 7004 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:30:25.0468 7004 stexstor - ok
10:30:25.0468 7004 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:30:25.0484 7004 stisvc - ok
10:30:25.0484 7004 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:30:25.0484 7004 storflt - ok
10:30:25.0484 7004 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
10:30:25.0484 7004 StorSvc - ok
10:30:25.0484 7004 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:30:25.0484 7004 storvsc - ok
10:30:25.0484 7004 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:30:25.0484 7004 swenum - ok
10:30:25.0499 7004 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:30:25.0499 7004 swprv - ok
10:30:25.0499 7004 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys
10:30:25.0499 7004 Synth3dVsc - ok
10:30:25.0515 7004 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:30:25.0530 7004 SysMain - ok
10:30:25.0530 7004 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:30:25.0530 7004 TabletInputService - ok
10:30:25.0546 7004 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:30:25.0546 7004 TapiSrv - ok
10:30:25.0546 7004 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:30:25.0546 7004 TBS - ok
10:30:25.0562 7004 [ F0E98C00A09FDF791525829A1D14240F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:30:25.0577 7004 Tcpip - ok
10:30:25.0593 7004 [ F0E98C00A09FDF791525829A1D14240F ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:30:25.0608 7004 TCPIP6 - ok
10:30:25.0608 7004 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:30:25.0608 7004 tcpipreg - ok
10:30:25.0608 7004 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:30:25.0608 7004 TDPIPE - ok
10:30:25.0608 7004 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:30:25.0608 7004 TDTCP - ok
10:30:25.0608 7004 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:30:25.0608 7004 tdx - ok
10:30:25.0608 7004 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:30:25.0624 7004 TermDD - ok
10:30:25.0624 7004 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
10:30:25.0624 7004 terminpt - ok
10:30:25.0624 7004 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:30:25.0624 7004 TermService - ok
10:30:25.0640 7004 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:30:25.0640 7004 Themes - ok
10:30:25.0640 7004 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:30:25.0640 7004 THREADORDER - ok
10:30:25.0640 7004 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:30:25.0640 7004 TrkWks - ok
10:30:25.0640 7004 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:30:25.0640 7004 TrustedInstaller - ok
10:30:25.0640 7004 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:30:25.0655 7004 tssecsrv - ok
10:30:25.0655 7004 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:30:25.0655 7004 TsUsbFlt - ok
10:30:25.0655 7004 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:30:25.0655 7004 TsUsbGD - ok
10:30:25.0655 7004 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
10:30:25.0655 7004 tsusbhub - ok
10:30:25.0811 7004 [ 6F9C322B321116303B85A1FE9B75253C ] TuneUp.UtilitiesSvc D:\Util\TuneUp\TuneUpUtilitiesService64.exe
10:30:25.0827 7004 TuneUp.UtilitiesSvc - ok
10:30:25.0827 7004 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv D:\Util\TuneUp\TuneUpUtilitiesDriver64.sys
10:30:25.0827 7004 TuneUpUtilitiesDrv - ok
10:30:25.0827 7004 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:30:25.0827 7004 tunnel - ok
10:30:25.0842 7004 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:30:25.0842 7004 uagp35 - ok
10:30:25.0842 7004 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:30:25.0842 7004 udfs - ok
10:30:25.0842 7004 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:30:25.0842 7004 UI0Detect - ok
10:30:25.0842 7004 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:30:25.0858 7004 uliagpkx - ok
10:30:25.0858 7004 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:30:25.0858 7004 umbus - ok
10:30:25.0858 7004 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:30:25.0858 7004 UmPass - ok
10:30:25.0858 7004 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:30:25.0858 7004 UmRdpService - ok
10:30:25.0858 7004 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:30:25.0874 7004 upnphost - ok
10:30:25.0874 7004 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:30:25.0874 7004 usbaudio - ok
10:30:25.0874 7004 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:30:25.0874 7004 usbccgp - ok
10:30:25.0874 7004 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:30:25.0874 7004 usbcir - ok
10:30:25.0874 7004 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:30:25.0874 7004 usbehci - ok
10:30:25.0889 7004 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:30:25.0889 7004 usbhub - ok
10:30:25.0889 7004 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:30:25.0889 7004 usbohci - ok
10:30:25.0889 7004 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:30:25.0889 7004 usbprint - ok
10:30:25.0889 7004 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:30:25.0889 7004 usbscan - ok
10:30:25.0889 7004 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:30:25.0889 7004 USBSTOR - ok
10:30:25.0889 7004 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:30:25.0889 7004 usbuhci - ok
10:30:25.0905 7004 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:30:25.0905 7004 UxSms - ok
10:30:25.0905 7004 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
10:30:25.0905 7004 VaultSvc - ok
10:30:25.0905 7004 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:30:25.0905 7004 vdrvroot - ok
10:30:25.0905 7004 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:30:25.0920 7004 vds - ok
10:30:25.0920 7004 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:30:25.0920 7004 vga - ok
10:30:25.0920 7004 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:30:25.0920 7004 VgaSave - ok
10:30:25.0920 7004 VGPU - ok
10:30:25.0920 7004 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:30:25.0920 7004 vhdmp - ok
10:30:25.0920 7004 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:30:25.0920 7004 viaide - ok
10:30:25.0936 7004 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:30:25.0936 7004 vmbus - ok
10:30:25.0936 7004 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:30:25.0936 7004 VMBusHID - ok
10:30:25.0936 7004 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:30:25.0936 7004 volmgr - ok
10:30:25.0936 7004 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:30:25.0936 7004 volmgrx - ok
10:30:25.0952 7004 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:30:25.0952 7004 volsnap - ok
10:30:25.0952 7004 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:30:25.0952 7004 vsmraid - ok
10:30:25.0967 7004 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:30:25.0983 7004 VSS - ok
10:30:25.0983 7004 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:30:25.0983 7004 vwifibus - ok
10:30:25.0983 7004 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:30:25.0998 7004 W32Time - ok
10:30:25.0998 7004 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:30:25.0998 7004 WacomPen - ok
10:30:25.0998 7004 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:30:25.0998 7004 WANARP - ok
10:30:25.0998 7004 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:30:25.0998 7004 Wanarpv6 - ok
10:30:26.0014 7004 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:30:26.0030 7004 wbengine - ok
10:30:26.0030 7004 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:30:26.0030 7004 WbioSrvc - ok
10:30:26.0030 7004 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:30:26.0045 7004 wcncsvc - ok
10:30:26.0045 7004 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:30:26.0045 7004 WcsPlugInService - ok
10:30:26.0045 7004 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
10:30:26.0045 7004 Wd - ok
10:30:26.0045 7004 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:30:26.0061 7004 Wdf01000 - ok
10:30:26.0061 7004 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:30:26.0061 7004 WdiServiceHost - ok
10:30:26.0061 7004 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:30:26.0061 7004 WdiSystemHost - ok
10:30:26.0061 7004 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:30:26.0076 7004 WebClient - ok
10:30:26.0076 7004 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:30:26.0076 7004 Wecsvc - ok
10:30:26.0076 7004 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:30:26.0076 7004 wercplsupport - ok
10:30:26.0076 7004 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:30:26.0076 7004 WerSvc - ok
10:30:26.0076 7004 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:30:26.0076 7004 WfpLwf - ok
10:30:26.0092 7004 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:30:26.0092 7004 WIMMount - ok
10:30:26.0139 7004 [ CF318F60A84F15AF352439465A8D05F4 ] WinDefend D:\Util\Windows Defender\mpsvc.dll
10:30:26.0154 7004 WinDefend - ok
10:30:26.0154 7004 WinHttpAutoProxySvc - ok
10:30:26.0170 7004 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:30:26.0170 7004 Winmgmt - ok
10:30:26.0186 7004 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:30:26.0217 7004 WinRM - ok
10:30:26.0217 7004 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:30:26.0232 7004 Wlansvc - ok
10:30:26.0232 7004 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:30:26.0232 7004 WmiAcpi - ok
10:30:26.0232 7004 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:30:26.0232 7004 wmiApSrv - ok
10:30:26.0295 7004 [ A9F3BFC9345F49614D5859EC95B9E994 ] WMPNetworkSvc D:\Util\Windows Media Player\wmpnetwk.exe
10:30:26.0310 7004 WMPNetworkSvc - ok
10:30:26.0310 7004 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:30:26.0326 7004 WPCSvc - ok
10:30:26.0326 7004 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:30:26.0326 7004 WPDBusEnum - ok
10:30:26.0326 7004 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:30:26.0326 7004 ws2ifsl - ok
10:30:26.0326 7004 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:30:26.0326 7004 wscsvc - ok
10:30:26.0326 7004 WSearch - ok
10:30:26.0357 7004 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll
10:30:26.0373 7004 wuauserv - ok
10:30:26.0373 7004 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:30:26.0373 7004 WudfPf - ok
10:30:26.0388 7004 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:30:26.0388 7004 WUDFRd - ok
10:30:26.0388 7004 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:30:26.0388 7004 wudfsvc - ok
10:30:26.0388 7004 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:30:26.0388 7004 WwanSvc - ok
10:30:26.0404 7004 ================ Scan global ===============================
10:30:26.0404 7004 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:30:26.0404 7004 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:30:26.0404 7004 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:30:26.0404 7004 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:30:26.0420 7004 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:30:26.0420 7004 [Global] - ok
10:30:26.0420 7004 ================ Scan MBR ==================================
10:30:26.0435 7004 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:30:26.0466 7004 \Device\Harddisk0\DR0 - ok
10:30:26.0482 7004 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
10:30:26.0622 7004 \Device\Harddisk1\DR1 - ok
10:30:26.0622 7004 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
10:30:26.0732 7004 \Device\Harddisk2\DR2 - ok
10:30:26.0747 7004 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
10:30:26.0825 7004 \Device\Harddisk3\DR3 - ok
10:30:26.0825 7004 ================ Scan VBR ==================================
10:30:26.0825 7004 [ 3E3FB366C810D8527357B7862B148976 ] \Device\Harddisk0\DR0\Partition1
10:30:26.0825 7004 \Device\Harddisk0\DR0\Partition1 - ok
10:30:26.0841 7004 [ 9EF91FB6287B4B27497189864C9844E8 ] \Device\Harddisk0\DR0\Partition2
10:30:26.0841 7004 \Device\Harddisk0\DR0\Partition2 - ok
10:30:26.0841 7004 [ A084F48E61C2F3D6900D592A8291E7FF ] \Device\Harddisk1\DR1\Partition1
10:30:26.0841 7004 \Device\Harddisk1\DR1\Partition1 - ok
10:30:26.0856 7004 [ 620FBEF6C60B527E7AF25FDBB758B154 ] \Device\Harddisk1\DR1\Partition2
10:30:26.0856 7004 \Device\Harddisk1\DR1\Partition2 - ok
10:30:26.0856 7004 [ AE0DB6B22CC680DCDE4A83DE4C5EA9F3 ] \Device\Harddisk1\DR1\Partition3
10:30:26.0856 7004 \Device\Harddisk1\DR1\Partition3 - ok
10:30:26.0856 7004 [ 377E291051CEDC3970FE256F3A09F467 ] \Device\Harddisk2\DR2\Partition1
10:30:26.0856 7004 \Device\Harddisk2\DR2\Partition1 - ok
10:30:26.0856 7004 [ BA28396E0877F2F649772B059D5591BB ] \Device\Harddisk3\DR3\Partition1
10:30:26.0856 7004 \Device\Harddisk3\DR3\Partition1 - ok
10:30:26.0872 7004 [ 25CEC9702A240214DFEF4F7EC5555BCC ] \Device\Harddisk3\DR3\Partition2
10:30:26.0888 7004 \Device\Harddisk3\DR3\Partition2 - ok
10:30:26.0888 7004 ============================================================
10:30:26.0888 7004 Scan finished
10:30:26.0888 7004 ============================================================
10:30:26.0888 5656 Detected object count: 0
10:30:26.0888 5656 Actual detected object count: 0


RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : robert [Admin rights]
Mode : Scan -- Date : 09/22/2012 10:34:43

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] magicJack.exe -- J:\Windows Files\Appllication Data\mjusbsp\magicJack.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 18 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cdloader ("J:\Windows Files\Appllication Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1141580518-2314498541-1711201211-1000[...]\Run : cdloader ("J:\Windows Files\Appllication Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[Services][BLPATH] HKLM\[...]\ControlSet001\Services\MBAMScheduler ("\mbamscheduler.exe") -> FOUND
[Services][BLPATH] HKLM\[...]\ControlSet001\Services\MBAMService ("\mbamservice.exe") -> FOUND
[Services][BLPATH] HKLM\[...]\ControlSet002\Services\MBAMScheduler ("\mbamscheduler.exe") -> FOUND
[Services][BLPATH] HKLM\[...]\ControlSet002\Services\MBAMService ("\mbamservice.exe") -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 secure.tune-up.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3750330AS +++++
--- User ---
[MBR] 2e12d1aeb4bc52ffe2dcc4687d56da48
[BSP] d92268c0d81714cec0ead1bb40b4a063 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 357705 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 732580065 | Size: 357697 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3320620AS +++++
--- User ---
[MBR] 54e979af4e35517759db3c8041ab4cd0
[BSP] f4256a7715b85f59bd2c25aa80a51eaa : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 102399 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 209714463 | Size: 102894 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 420441903 | Size: 99948 Mo
3 - [XXXXXX] UNKNOWN (0xdf) [VISIBLE] Offset (sectors): 625137664 | Size: 2 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: OCZ-VERTEX2 +++++
--- User ---
[MBR] 5f88795659d9e94ab8a86330dc6af616
[BSP] 573e7fd742518bd894eeefd6ec784334 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 57240 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: ST31500341AS +++++
--- User ---
[MBR] 55525264c9e0867c3d264e8592dacc64
[BSP] 2fd5b4f32e44b54ae15096a767743a5e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 712523 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1459248210 | Size: 718273 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#8 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 22 September 2012 - 10:53 AM

Turn ON the Windows 7 User Account Control (where it is now is off and that is not a good spot to be)
See http://windows.micro...ontrol-settings
Set it to 1 or at most 2 notches just below "always notify".

Tell me if the "exe is not a valid win32 application" is still happening. :excl:

Step 2
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.
  • Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a new reply.

More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html

3
Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe
  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

4
Download Security Check by screen317 and save it to your Desktop: here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#9 zingz

zingz

    New Member

  • Members
  • Pip
  • 24 posts

Posted 22 September 2012 - 01:49 PM

Hello Maurice. I turned on UAC as you suggested. Following are the logs you requested.

Robert



RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : robert [Admin rights]
Mode : Scan -- Date : 09/22/2012 10:34:43

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] magicJack.exe -- J:\Windows Files\Appllication Data\mjusbsp\magicJack.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 18 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cdloader ("J:\Windows Files\Appllication Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1141580518-2314498541-1711201211-1000[...]\Run : cdloader ("J:\Windows Files\Appllication Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[Services][BLPATH] HKLM\[...]\ControlSet001\Services\MBAMScheduler ("\mbamscheduler.exe") -> FOUND
[Services][BLPATH] HKLM\[...]\ControlSet001\Services\MBAMService ("\mbamservice.exe") -> FOUND
[Services][BLPATH] HKLM\[...]\ControlSet002\Services\MBAMScheduler ("\mbamscheduler.exe") -> FOUND
[Services][BLPATH] HKLM\[...]\ControlSet002\Services\MBAMService ("\mbamservice.exe") -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 secure.tune-up.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3750330AS +++++
--- User ---
[MBR] 2e12d1aeb4bc52ffe2dcc4687d56da48
[BSP] d92268c0d81714cec0ead1bb40b4a063 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 357705 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 732580065 | Size: 357697 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3320620AS +++++
--- User ---
[MBR] 54e979af4e35517759db3c8041ab4cd0
[BSP] f4256a7715b85f59bd2c25aa80a51eaa : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 102399 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 209714463 | Size: 102894 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 420441903 | Size: 99948 Mo
3 - [XXXXXX] UNKNOWN (0xdf) [VISIBLE] Offset (sectors): 625137664 | Size: 2 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: OCZ-VERTEX2 +++++
--- User ---
[MBR] 5f88795659d9e94ab8a86330dc6af616
[BSP] 573e7fd742518bd894eeefd6ec784334 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 57240 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: ST31500341AS +++++
--- User ---
[MBR] 55525264c9e0867c3d264e8592dacc64
[BSP] 2fd5b4f32e44b54ae15096a767743a5e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 712523 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1459248210 | Size: 718273 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



OTL logfile created on: 9/22/2012 12:21:47 PM - Run 1
OTL by OldTimer - Version 3.2.65.1 Folder = J:\Windows Files\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.90 Gb Total Physical Memory | 14.29 Gb Available Physical Memory | 89.88% Memory free
23.71 Gb Paging File | 21.39 Gb Available in Paging File | 90.21% Paging File free
Paging file location(s): c:\pagefile.sys 8000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = D:\Util
Drive C: | 55.90 Gb Total Space | 23.36 Gb Free Space | 41.78% Space Free | Partition Type: NTFS
Drive D: | 349.31 Gb Total Space | 207.48 Gb Free Space | 59.40% Space Free | Partition Type: NTFS
Drive E: | 349.32 Gb Total Space | 120.66 Gb Free Space | 34.54% Space Free | Partition Type: NTFS
Drive F: | 100.00 Gb Total Space | 88.96 Gb Free Space | 88.96% Space Free | Partition Type: NTFS
Drive G: | 100.48 Gb Total Space | 62.27 Gb Free Space | 61.97% Space Free | Partition Type: NTFS
Drive H: | 97.61 Gb Total Space | 70.00 Gb Free Space | 71.72% Space Free | Partition Type: NTFS
Drive I: | 695.82 Gb Total Space | 78.61 Gb Free Space | 11.30% Space Free | Partition Type: NTFS
Drive J: | 701.44 Gb Total Space | 239.81 Gb Free Space | 34.19% Space Free | Partition Type: NTFS

Computer Name: ROBERTPC | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/22 12:20:35 | 000,600,576 | ---- | M] (OldTimer Tools) -- J:\Windows Files\Desktop\OTL.exe
PRC - [2012/09/12 03:28:03 | 000,388,576 | ---- | M] (Mozilla Corporation) -- D:\ThunderbirdPortable\App\Thunderbird\thunderbird.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/03/25 11:13:18 | 000,329,312 | ---- | M] (BillP Studios) -- D:\Util\WinPatrol\WinPatrol.exe
PRC - [2011/09/30 08:51:50 | 000,121,648 | ---- | M] () -- D:\Util\WizMouse\WizMouse.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- D:\Util\ESET2\ESET Smart Security\x86\ekrn.exe
PRC - [2011/09/15 08:52:22 | 000,610,160 | ---- | M] (PassMark ™ Software - www.passmark.com) -- D:\Util\DiskCheckup\DiskCheckup.exe
PRC - [2011/03/22 19:08:10 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/03/22 19:08:06 | 000,284,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/16 18:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/06/21 15:26:00 | 003,112,696 | ---- | M] (PixelMetrics) -- D:\Util\CaptureWiz\Pro\CaptureWiz.exe
PRC - [2010/05/05 19:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/05/05 19:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009/09/25 11:57:38 | 000,245,248 | ---- | M] () -- D:\Util\AutoHotkey\AutoHotkey.exe
PRC - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- D:\Util\Everything\Everything.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/05 15:22:20 | 002,178,048 | ---- | M] (Thornsoft Development, Inc.) -- D:\Util\ClipMate7\ClipMate7\ClipMate.exe
PRC - [2004/04/19 15:29:54 | 000,221,184 | ---- | M] (Mach5 Software) -- D:\Util\Kremlin\Kremlin Sentry.exe
PRC - [2001/09/07 17:06:54 | 000,060,416 | ---- | M] (Phoebus, LLC) -- D:\Util\sMaRTcaPs\SmartCaps.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/21 05:20:27 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\fe5aea8f938965fdc0c5022346a1ea6d\IAStorUtil.ni.dll
MOD - [2012/09/21 05:20:27 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9142b7e76d0824598e0dbaaab3d08f13\IAStorCommon.ni.dll
MOD - [2012/09/21 03:59:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2012/09/21 03:58:49 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2012/09/21 03:58:46 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2012/09/21 03:58:39 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2012/09/21 03:58:37 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2012/09/21 03:58:35 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2012/09/21 03:58:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2012/09/21 03:58:32 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2012/09/12 03:28:03 | 002,061,280 | ---- | M] () -- D:\ThunderbirdPortable\App\Thunderbird\mozjs.dll
MOD - [2012/09/12 03:28:03 | 000,157,664 | ---- | M] () -- D:\ThunderbirdPortable\App\Thunderbird\nsldap32v60.dll
MOD - [2012/09/12 03:28:03 | 000,021,984 | ---- | M] () -- D:\ThunderbirdPortable\App\Thunderbird\nsldappr32v60.dll
MOD - [2012/09/04 13:31:08 | 000,008,704 | ---- | M] () -- J:\Windows Files\Appllication Data\Thunderbird\Profiles\zqk08gp7.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
MOD - [2011/09/30 08:51:50 | 000,121,648 | ---- | M] () -- D:\Util\WizMouse\WizMouse.exe
MOD - [2011/04/14 18:01:33 | 000,548,854 | ---- | M] () -- D:\Util\WinPatrol\sqlite3.dll
MOD - [2010/09/16 04:22:36 | 000,054,784 | ---- | M] () -- D:\Util\sMaRTcaPs\SmartCapsHk.dll
MOD - [2010/05/05 19:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL
MOD - [2009/09/25 11:57:38 | 000,245,248 | ---- | M] () -- D:\Util\AutoHotkey\AutoHotkey.exe
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- D:\Util\Everything\Everything.exe
MOD - [2004/04/19 15:17:02 | 000,131,144 | ---- | M] () -- D:\Util\Kremlin\KremSDK.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/22 05:24:01 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Util\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/10/12 18:14:14 | 002,072,896 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Util\TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV:64bit: - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- D:\Util\ESET2\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/01/17 16:00:50 | 000,164,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/21 12:09:25 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/21 10:41:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/05/15 03:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/03/22 19:08:10 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/18 10:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/09/22 13:08:26 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Util\TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011/08/04 09:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/22 18:54:40 | 000,557,080 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/14 02:29:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/14 02:29:46 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 04:03:04 | 000,328,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/12/09 22:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/09 22:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/24 20:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/05/05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/05/05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/05/05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/05/05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/05/05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/05/05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/05/05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: J:\Windows Files\Appllication Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: J:\Windows Files\Appllication Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\util\ESET2\ESET Smart Security\Mozilla Thunderbird [2012/09/21 10:10:54 | 000,000,000 | ---D | M]

[2012/08/15 22:35:26 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Extensions
[2012/08/15 22:35:26 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Extensions\prism@developer.mozilla.org
[2012/09/20 10:51:08 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions
[2012/07/20 23:18:18 | 000,000,000 | ---D | M] (All-in-One Gestures) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2012/09/02 08:38:38 | 000,000,000 | ---D | M] ("I Want This") -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\crossriderapp2258@crossrider.com
[2012/09/16 02:13:23 | 000,000,000 | ---D | M] ("Software Assist") -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\crossriderapp3026@crossrider.com
[2012/07/04 06:38:38 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\extensions
[2012/09/16 01:36:53 | 000,000,000 | ---D | M] (Claro Toolbar) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\ffxtlbr@claro.com
[2012/09/02 08:38:43 | 000,000,000 | ---D | M] ("Xmarks") -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\foxmarks@kei.com
[2012/08/04 22:42:22 | 000,000,000 | ---D | M] (Print pages to PDF) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\printPages2Pdf@reinhold.ripper
[2012/07/31 22:01:43 | 000,000,000 | ---D | M] (LastPass) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\support@lastpass.com
[2012/07/04 06:38:36 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\adblockplus\extensions
[2012/07/04 06:38:36 | 000,000,000 | ---D | M] (Funmoods.com) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\adblockplus\extensions\ffxtlbr@funmoods.com
[2012/07/04 06:38:37 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\bookmarkbackups\extensions
[2012/07/04 06:38:37 | 000,000,000 | ---D | M] (Funmoods.com) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\bookmarkbackups\extensions\ffxtlbr@funmoods.com
[2012/07/04 06:38:38 | 000,000,000 | ---D | M] (Funmoods.com) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com
[2012/07/04 06:38:39 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\jumpListCache\extensions
[2012/07/04 06:38:39 | 000,000,000 | ---D | M] (Funmoods.com) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\jumpListCache\extensions\ffxtlbr@funmoods.com
[2012/07/04 06:38:39 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\minidumps\extensions
[2012/07/04 06:38:39 | 000,000,000 | ---D | M] (Funmoods.com) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\minidumps\extensions\ffxtlbr@funmoods.com
[2012/09/06 06:14:13 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\rbird Profile 2\fqt5i4wd.Bob March 13\extensions
[2012/09/06 06:14:13 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\rbird Profile 2\fqt5i4wd.Bob March 13\extensions\staged
[2012/09/21 15:21:01 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\ruikie2r.default\extensions
[2012/07/04 06:38:41 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\startupCache\extensions
[2012/07/04 06:38:42 | 000,000,000 | ---D | M] (Funmoods.com) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\startupCache\extensions\ffxtlbr@funmoods.com
[2012/09/02 08:27:29 | 000,088,614 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\extension@ciuvo.com.xpi
[2012/07/20 23:25:31 | 000,174,207 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\info@priceblink.com.xpi
[2012/09/20 10:51:07 | 000,149,849 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\Noia4Options@ArisT2.xpi
[2012/09/02 08:38:43 | 000,113,112 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\nosquint@urandom.ca.xpi
[2012/09/16 02:13:23 | 000,159,657 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
[2012/08/04 22:42:22 | 000,087,157 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\printedit@DW-dev.xpi
[2012/07/20 23:05:56 | 000,277,771 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\shoppingassist@ookong.com.xpi
[2012/09/16 02:13:23 | 000,371,729 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\smarterwiki@wikiatic.com.xpi
[2012/07/20 23:24:20 | 000,087,148 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
[2012/07/20 23:10:19 | 000,372,140 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
[2012/07/31 22:01:43 | 000,375,811 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/07/31 21:48:26 | 000,741,958 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/16 01:41:01 | 001,073,809 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi
[2012/08/04 21:32:23 | 001,669,514 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}.xpi
[2012/09/20 10:51:08 | 001,544,034 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
[2012/09/06 06:14:12 | 000,000,000 | ---D | M] (No name found) -- D:\Util\Mozilla Firefox\extensions
[2011/10/03 06:41:43 | 000,000,000 | ---D | M] (DealPly) -- D:\Util\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/09/06 06:14:12 | 000,000,000 | ---D | M] (No name found) -- D:\Util\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2012/08/24 19:01:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- D:\Util\mozilla firefox\components\browsercomps.dll
[2012/09/06 06:14:02 | 000,006,522 | ---- | M] () -- D:\Util\mozilla firefox\searchplugins\babylon.xml
[2012/08/24 19:00:22 | 000,002,465 | ---- | M] () -- D:\Util\mozilla firefox\searchplugins\bing.xml
[2012/08/24 19:00:22 | 000,002,253 | ---- | M] () -- D:\Util\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\robert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Xmarks Bookmark Sync = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
CHR - Extension: Xmarks Bookmark Sync = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
CHR - Extension: Sexy Undo Close Tab = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg\7.2.3_0\
CHR - Extension: Bookmark Sentry = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.3_0\
CHR - Extension: YouTube = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Bouncy Mouse = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb\1.2.1_0\
CHR - Extension: Google Search = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Bubble Cupid = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\daaehkjmdmodknldpplikflminiicfal\1.0.0.1_0\
CHR - Extension: Chrome Notepad = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp\3.7_0\
CHR - Extension: Atomic Bookmarks = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\fkbecffhfgdpiigmkgljmfgnejmhfejh\0.3.7_0\
CHR - Extension: Print Selection = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk\0.5.3_0\
CHR - Extension: AdBlock = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: FlashBlock = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\
CHR - Extension: LastPass = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.12_0\
CHR - Extension: Classic = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: The Weather Channel for Chrome = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: Weather Window by WeatherBug = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\
CHR - Extension: Gestures for Chrome™ = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.12.1_0\
CHR - Extension: Google Voice (by Google) = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.8_0\
CHR - Extension: Poppit = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: FastestChrome - Browse Faster = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.8.3_0\
CHR - Extension: Barnyard Match = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\obbpofjmecckjelpfbpapjadpekijbhm\1.4.2.92_0\
CHR - Extension: Private Joe: Urban Warfare = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\ogmpedngmnolclkmlpcdgmfonlagkejp\1.4_0\
CHR - Extension: Psykopaint = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: https://www.amazon.c...shiptrack/view. = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\pilgiinkcfnbolaiiclncopgallfmobb\2012.9.21.55826_0\
CHR - Extension: Gmail = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/21 15:06:41 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 secure.tune-up.com
O4:64bit: - HKLM..\Run: [egui] D:\util\ESET2\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Everything] D:\util\Everything\Everything.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [WinPatrol] D:\Util\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [cdloader] J:\Windows Files\Appllication Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [ClipMate7] D:\Util\ClipMate7\ClipMate7\ClipMate.exe (Thornsoft Development, Inc.)
O4 - HKCU..\Run: [DesktopOK] D:\Util\DesktopOK\DesktopOK_x64.exe (Nenad Hrg SoftwareOK)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EA514A3-C4AD-45E0-B6EE-107199277174}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/22 12:20:40 | 000,600,576 | ---- | C] (OldTimer Tools) -- J:\Windows Files\Desktop\OTL.exe
[2012/09/22 10:33:45 | 000,000,000 | ---D | C] -- J:\Windows Files\Desktop\RK_Quarantine
[2012/09/22 10:30:07 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- J:\Windows Files\Desktop\tdsskiller (1).exe
[2012/09/22 10:24:38 | 004,731,392 | ---- | C] (AVAST Software) -- J:\Windows Files\Desktop\aswMBR (1).exe
[2012/09/22 07:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2012/09/21 20:47:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/21 20:45:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/21 20:44:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/21 20:44:23 | 004,754,243 | ---- | C] (Swearware) -- J:\Windows Files\Desktop\ComboFix.exe
[2012/09/21 20:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/21 20:32:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/21 20:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/21 20:21:47 | 000,000,000 | ---D | C] -- D:\Util\ATF Cleaner
[2012/09/21 15:25:27 | 000,000,000 | ---D | C] -- D:\Documents\UseNeXT
[2012/09/21 15:24:56 | 000,000,000 | ---D | C] -- J:\Windows Files\Common FIles x86\Intel Corporation
[2012/09/21 15:21:01 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\Intel Corporation
[2012/09/21 15:09:35 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012/09/21 15:09:35 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012/09/21 15:09:35 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012/09/21 15:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/09/21 15:09:27 | 000,000,000 | ---D | C] -- D:\Util\TuneUp
[2012/09/21 15:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/09/21 15:06:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/09/21 15:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup
[2012/09/21 13:05:17 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\magicJack
[2012/09/21 13:05:00 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\tjnet
[2012/09/21 13:05:00 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\Google
[2012/09/21 13:01:44 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\Apps
[2012/09/21 12:35:55 | 000,000,000 | ---D | C] -- D:\Util\Windows 7 Manager
[2012/09/21 12:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Manager
[2012/09/21 12:12:42 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\Google Chrome
[2012/09/21 12:09:25 | 000,696,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/21 12:09:25 | 000,073,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/21 12:09:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/09/21 12:09:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/09/21 10:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2012/09/21 10:40:55 | 000,107,008 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\cttele64.dll
[2012/09/21 10:40:55 | 000,102,400 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\cttele32.dll
[2012/09/21 10:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2012/09/21 10:40:53 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/09/21 10:40:53 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/09/21 10:40:53 | 000,123,480 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/09/21 10:40:53 | 000,109,144 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/09/21 10:40:42 | 000,012,288 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysNative\INRES.DLL
[2012/09/21 10:40:42 | 000,011,776 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysWow64\INRES.DLL
[2012/09/21 10:40:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data
[2012/09/21 10:40:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Data
[2012/09/21 10:40:33 | 022,691,984 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\AppSetup.exe
[2012/09/21 10:10:53 | 000,000,000 | ---D | C] -- D:\Util\ESET2
[2012/09/21 10:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/09/21 10:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/09/21 10:09:02 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/09/21 07:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AltrixSoft
[2012/09/21 06:20:00 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/09/21 06:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series
[2012/09/21 06:19:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/09/21 06:19:56 | 000,385,536 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMAT.DLL
[2012/09/21 06:19:51 | 000,373,248 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_ATL.dll
[2012/09/21 06:19:51 | 000,323,584 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_ATL.dll
[2012/09/21 06:19:51 | 000,302,080 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_ATC.dll
[2012/09/21 06:19:51 | 000,114,688 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_ATU.dll
[2012/09/21 06:19:51 | 000,112,128 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_ATI.dll
[2012/09/21 06:19:51 | 000,017,920 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNHMCA6.dll
[2012/09/21 06:19:51 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll
[2012/09/21 06:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/09/21 05:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
[2012/09/21 05:21:23 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Difxb2f9.rra
[2012/09/21 05:21:21 | 000,120,408 | ---- | C] (JMicron Technology Corp.) -- C:\Windows\SysNative\drivers\jraid.sys
[2012/09/21 05:21:20 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool
[2012/09/21 05:20:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/09/21 05:19:56 | 000,000,000 | ---D | C] -- C:\Intel
[2012/09/21 05:19:55 | 000,557,080 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2012/09/21 05:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/09/21 05:12:59 | 006,151,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/09/21 05:12:59 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/09/21 05:12:59 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/09/21 05:12:59 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/09/21 05:12:57 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/09/21 05:12:57 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/09/21 05:12:48 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/09/21 05:12:48 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/09/21 05:12:48 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/09/21 05:12:48 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/09/21 05:12:48 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/09/21 05:12:48 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/09/21 05:12:48 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/09/21 05:12:48 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/09/21 05:12:48 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/09/21 05:12:48 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/09/21 05:12:48 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/09/21 05:12:48 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/09/21 05:12:48 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/09/21 05:12:48 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/09/21 05:12:48 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/09/21 05:12:48 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/09/21 05:12:48 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/09/21 05:12:48 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/09/21 05:12:48 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/09/21 05:12:48 | 000,949,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/09/21 05:12:48 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/09/21 05:12:48 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/09/21 05:12:48 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/09/21 05:12:48 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/09/21 05:12:48 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/09/21 05:12:48 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/09/21 05:12:48 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/09/21 05:07:04 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll
[2012/09/21 05:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012/09/21 05:02:06 | 000,164,520 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\IPROSetMonitor.exe
[2012/09/21 05:02:01 | 000,316,104 | R--- | C] (Intel Corporation) -- C:\Windows\SysNative\PROUnstl.exe
[2012/09/21 05:01:28 | 000,328,368 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\e1c62x64.sys
[2012/09/21 05:01:28 | 000,068,264 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\e1cmsg.dll
[2012/09/21 05:01:28 | 000,036,472 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicCo36.dll
[2012/09/21 05:01:27 | 000,092,864 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicInstC.dll
[2012/09/21 05:00:23 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\Marvell
[2012/09/21 04:59:51 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Difx8c57.rra
[2012/09/21 04:43:41 | 000,000,000 | -HSD | C] -- C:\Boot
[2012/09/21 03:58:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/09/21 03:57:06 | 000,000,000 | R--D | C] -- C:\Users\robert\Searches
[2012/09/21 03:57:06 | 000,000,000 | R--D | C] -- J:\Windows Files\Start Menu\Programs\Administrative Tools
[2012/09/21 03:57:00 | 000,000,000 | R--D | C] -- C:\Users\robert\Contacts
[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- C:\Users\robert\Videos
[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- C:\Users\robert\Saved Games
[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- C:\Users\robert\Pictures
[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- J:\Windows Files\Start Menu\Programs\Maintenance
[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- C:\Users\robert\Links
[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- C:\Users\robert\Favorites
[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- C:\Users\robert\Downloads
[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- C:\Users\robert\Desktop
[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- J:\Windows Files\Start Menu\Programs\Accessories
[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\Templates
[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\Start Menu
[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\SendTo
[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\Recent
[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\PrintHood
[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\NetHood
[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\My Documents
[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\Local Settings
[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\Cookies
[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\Application Data
[2012/09/21 03:56:57 | 000,000,000 | -H-D | C] -- C:\Users\robert\AppData
[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2012/09/21 03:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/09/21 03:44:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/09/21 03:44:51 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012/09/21 03:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/09/21 03:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/09/20 08:17:39 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\Macrium
[2012/09/20 06:55:34 | 000,000,000 | ---D | C] -- D:\Util\eset
[2012/09/19 21:30:13 | 000,000,000 | ---D | C] -- D:\Util\Macrium
[2012/09/19 12:44:39 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\Installation
[2012/09/19 12:32:29 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\Macrium Reflect Professional
[2012/09/19 12:31:13 | 000,000,000 | ---D | C] -- D:\Util\Macrium Reflect Professional
[2012/09/19 11:44:47 | 000,000,000 | ---D | C] -- D:\Util\MozBackup
[2012/09/19 04:02:52 | 000,000,000 | ---D | C] -- D:\Util\System Mechanic Professional
[2012/09/19 04:02:52 | 000,000,000 | ---D | C] -- D:\Util\iolo
[2012/09/19 03:59:11 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\iolo
[2012/09/18 21:02:42 | 000,000,000 | ---D | C] -- D:\Util\DrivePurge
[2012/09/18 06:06:45 | 001,659,808 | ---- | C] (Bleeping Computer, LLC) -- J:\Windows Files\Desktop\iExplore.exe
[2012/09/18 06:05:25 | 000,000,000 | ---D | C] -- J:\Windows Files\Desktop\rkill
[2012/09/18 06:04:43 | 001,659,808 | ---- | C] (Bleeping Computer, LLC) -- J:\Windows Files\Desktop\rkill.scr
[2012/09/18 06:04:43 | 001,659,808 | ---- | C] (Bleeping Computer, LLC) -- J:\Windows Files\Desktop\rkill.com
[2012/09/18 06:02:25 | 000,607,260 | R--- | C] (Swearware) -- J:\Windows Files\Desktop\dds.scr
[2012/09/17 15:42:43 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\ActiveSMART 2.9
[2012/09/17 15:36:21 | 000,000,000 | ---D | C] -- D:\Util\LSoft Technologies Inc
[2012/09/17 12:58:21 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\WinRAR
[2012/09/17 09:32:19 | 000,000,000 | ---D | C] -- D:\Util\RealFlightG5
[2012/09/17 02:39:49 | 000,000,000 | ---D | C] -- J:\Windows Files\Common FIles x86\Symantec Shared
[2012/09/17 02:36:10 | 000,000,000 | ---D | C] -- D:\Util\NortonInstaller
[2012/09/17 02:30:29 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\QuickScan
[2012/09/16 19:18:05 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\ErrorTeck
[2012/09/16 19:18:01 | 000,000,000 | ---D | C] -- D:\Util\ErrorTeck
[2012/09/16 16:03:17 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\f-secure
[2012/09/16 12:02:57 | 000,000,000 | ---D | C] -- J:\Windows Files\Desktop\Aerifly 6
[2012/09/16 10:02:07 | 000,000,000 | ---D | C] -- D:\Documents\RealFlight 6
[2012/09/16 09:57:22 | 000,000,000 | ---D | C] -- D:\Util\Windows Journal
[2012/09/16 09:53:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- J:\Windows Files\Desktop\sfc.exe
[2012/09/16 07:08:31 | 000,000,000 | ---D | C] -- D:\Util\Ipacs
[2012/09/16 00:50:06 | 000,000,000 | ---D | C] -- D:\Util\Hard Drive Inspector
[2012/09/16 00:50:04 | 000,000,000 | ---D | C] -- J:\Windows Files\Common FIles x86\AltrixSoft
[2012/09/15 08:50:31 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/15 07:09:03 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\Kremlin 3.0
[2012/09/15 07:09:03 | 000,000,000 | ---D | C] -- D:\Util\Kremlin
[2012/09/14 17:17:37 | 000,000,000 | ---D | C] -- D:\Util\Vuze Remote Toolbar
[2012/09/14 17:17:37 | 000,000,000 | ---D | C] -- D:\Util\Application Updater
[2012/09/14 17:11:38 | 000,000,000 | ---D | C] -- D:\Documents\Vuze Downloads
[2012/09/14 17:01:15 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\Azureus
[2012/09/12 01:13:44 | 000,000,000 | ---D | C] -- D:\Util\advanded Call Center
[2012/09/11 18:31:29 | 000,000,000 | ---D | C] -- D:\Util\PhoneTray
[2012/09/10 21:42:52 | 000,000,000 | ---D | C] -- D:\Util\Call Soft Pro
[2012/09/10 14:00:25 | 000,000,000 | ---D | C] -- D:\Documents\Ashton Calendar.el4.Data
[2012/09/10 11:55:20 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\LaserSoft Imaging
[2012/09/10 11:50:57 | 000,000,000 | ---D | C] -- D:\Util\Vuze
[2012/09/09 22:08:09 | 000,000,000 | ---D | C] -- D:\Util\CouponAlert_2p Chrome Extension
[2012/09/09 17:01:58 | 000,000,000 | RH-D | C] -- J:\Windows Files\Appllication Data\SecuROM
[2012/09/08 12:13:16 | 000,000,000 | ---D | C] -- D:\Util\RealFlightG4
[2012/09/08 12:13:13 | 000,000,000 | ---D | C] -- D:\Documents\RealFlight G4
[2012/09/07 19:25:04 | 000,000,000 | ---D | C] -- J:\Windows Files\Desktop\Simulators
[2012/09/06 06:47:59 | 000,000,000 | ---D | C] -- D:\Util\Time Stopper
[2012/09/05 23:20:23 | 000,000,000 | ---D | C] -- D:\Util\RealFlightG3
[2012/09/04 21:18:13 | 000,000,000 | ---D | C] -- D:\Util\ClearViewRC
[2012/09/04 21:01:21 | 000,000,000 | ---D | C] -- D:\Util\Alcohol Soft
[2012/09/04 19:49:02 | 000,000,000 | ---D | C] -- D:\Documents\aerofly FS
[2012/09/04 18:24:52 | 000,000,000 | ---D | C] -- D:\Util\Aerofly FS
[2012/09/04 12:41:14 | 000,000,000 | ---D | C] -- D:\Util\Parallel Port Joystick
[2012/09/04 10:34:54 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\MagicDisc
[2012/09/04 10:22:48 | 000,000,000 | ---D | C] -- D:\Documents\Alcohol 52%
[2012/09/04 09:44:41 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\realXtend
[2012/08/31 04:48:25 | 000,000,000 | ---D | C] -- D:\Util\PhoenixRC 3
[2012/08/30 12:29:04 | 000,000,000 | ---D | C] -- D:\Util\SuperFlexible
[2012/08/29 21:49:16 | 000,000,000 | -H-D | C] -- D:\Documents\_SYNCAPP
[2012/08/28 12:06:50 | 000,000,000 | ---D | C] -- D:\Util\Soluto
[2012/08/28 11:56:56 | 000,000,000 | ---D | C] -- D:\Util\SDA
[2012/08/27 07:04:26 | 000,000,000 | ---D | C] -- D:\Documents\Flight Simulator Files
[2012/08/26 03:43:05 | 000,000,000 | ---D | C] -- D:\Util\MonitorDriver
[2012/08/25 20:09:56 | 000,000,000 | ---D | C] -- D:\Util\FMS
[2012/08/25 01:37:38 | 000,000,000 | ---D | C] -- D:\Util\Microsoft Application Compatibility Toolkit
[2012/08/23 16:42:17 | 000,000,000 | ---D | C] -- D:\Documents\OneNote Notebooks
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/22 12:21:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1141580518-2314498541-1711201211-1000UA.job
[2012/09/22 12:20:35 | 000,600,576 | ---- | M] (OldTimer Tools) -- J:\Windows Files\Desktop\OTL.exe
[2012/09/22 11:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/22 11:44:38 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000C-00000000-00000001-00001102-00000005-002C1102}.rfx
[2012/09/22 11:44:38 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000C-00000000-00000001-00001102-00000005-002C1102}.rfx
[2012/09/22 11:44:38 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000C-00000000-00000001-00001102-00000005-002C1102}.rfx
[2012/09/22 11:19:34 | 000,017,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 11:19:34 | 000,017,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 10:32:52 | 001,388,032 | ---- | M] () -- J:\Windows Files\Desktop\RogueKiller.exe
[2012/09/22 10:29:55 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- J:\Windows Files\Desktop\tdsskiller (1).exe
[2012/09/22 10:28:14 | 000,000,512 | ---- | M] () -- J:\Windows Files\Desktop\MBR.dat
[2012/09/22 10:24:32 | 004,731,392 | ---- | M] (AVAST Software) -- J:\Windows Files\Desktop\aswMBR (1).exe
[2012/09/22 10:20:38 | 000,881,724 | ---- | M] () -- J:\Windows Files\Desktop\SecurityCheck (1).exe
[2012/09/22 09:20:18 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/22 09:20:18 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/22 09:20:18 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/22 07:14:30 | 000,000,215 | ---- | M] () -- J:\Windows Files\Desktop\Amazon.com- Temperature Controlled Soldering Iron 50 Watt- Parts Express.url
[2012/09/22 06:31:47 | 000,000,185 | ---- | M] () -- J:\Windows Files\Desktop\Soldering Station Features Continuously Variable Power Between 5-40W,a 1.5mm Pointed Tip - Amazon.com.url
[2012/09/22 03:21:00 | 000,000,870 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1141580518-2314498541-1711201211-1000Core.job
[2012/09/21 21:34:39 | 000,007,548 | ---- | M] () -- D:\Documents\DesktopOK_2012-09-21_9-34-36 PM_3600x1200.dok
[2012/09/21 21:26:16 | 000,000,305 | ---- | M] () -- J:\Windows Files\Desktop\Unstoppable.url
[2012/09/21 21:19:26 | 000,001,148 | ---- | M] () -- J:\Windows Files\Desktop\magicJack.lnk
[2012/09/21 21:17:08 | 4214,075,390 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/21 20:44:17 | 004,754,243 | ---- | M] (Swearware) -- J:\Windows Files\Desktop\ComboFix.exe
[2012/09/21 20:35:38 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/21 20:22:00 | 000,001,206 | ---- | M] () -- J:\Windows Files\Desktop\ATF-Cleaner.exe.lnk
[2012/09/21 19:41:35 | 000,000,000 | ---- | M] () -- C:\Users\robert\defogger_reenable
[2012/09/21 15:09:34 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/09/21 15:01:16 | 000,000,751 | ---- | M] () -- J:\Windows Files\Desktop\AVG PC Tuneup.lnk
[2012/09/21 12:35:57 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Manager.lnk
[2012/09/21 12:35:57 | 000,001,649 | ---- | M] () -- C:\Users\Public\Desktop\1-Click Cleaner.lnk
[2012/09/21 12:09:25 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/21 12:09:25 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/21 10:40:53 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/09/21 10:40:53 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/09/21 10:40:53 | 000,123,480 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/09/21 10:40:53 | 000,109,144 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/09/21 10:40:52 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2012/09/21 06:25:55 | 000,000,124 | ---- | M] () -- D:\Documents\ax_files.xml
[2012/09/21 06:21:50 | 000,001,352 | ---- | M] () -- D:\Documents\AutoHotkey.ahk
[2012/09/21 06:19:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/09/21 05:47:30 | 000,000,763 | ---- | M] () -- J:\Windows Files\Start Menu\Programs\Startup\sMaRTcaPs.lnk
[2012/09/21 05:41:36 | 000,000,770 | ---- | M] () -- J:\Windows Files\Start Menu\Programs\Startup\Kremlin Sentry.lnk
[2012/09/21 05:39:37 | 000,001,158 | ---- | M] () -- J:\Windows Files\Start Menu\Programs\Startup\hmonitor.exe.lnk
[2012/09/21 05:38:14 | 000,000,887 | ---- | M] () -- J:\Windows Files\Start Menu\Programs\Startup\DiskCheckup.lnk
[2012/09/21 05:36:15 | 000,000,690 | ---- | M] () -- J:\Windows Files\Start Menu\Programs\Startup\CaptureWiz.lnk
[2012/09/21 05:07:04 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll
[2012/09/21 05:05:30 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012/09/21 04:56:10 | 000,035,491 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012/09/21 04:43:41 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/09/21 03:46:41 | 000,000,637 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/09/21 03:46:41 | 000,000,637 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/09/20 20:00:57 | 000,000,290 | ---- | M] () -- J:\Windows Files\Desktop\Apache FIles Vice.URL
[2012/09/19 21:30:13 | 000,003,073 | ---- | M] () -- J:\Windows Files\Desktop\Macrium Reflect.lnk
[2012/09/19 12:11:45 | 000,008,580 | ---- | M] () -- D:\Documents\DesktopOK_2012-09-19_2-11-43 PM_3600x1364.dok
[2012/09/19 11:45:50 | 105,711,015 | ---- | M] () -- D:\Documents\Thunderbird - 2012-09-19.pcv
[2012/09/19 08:26:44 | 000,008,694 | ---- | M] () -- D:\Documents\DesktopOK_2012-09-19_10-26-41 AM_3600x1364.dok
[2012/09/19 05:38:06 | 000,001,983 | ---- | M] () -- J:\Windows Files\Desktop\System Mechanic Professional.lnk
[2012/09/18 21:03:06 | 000,001,190 | ---- | M] () -- J:\Windows Files\Desktop\DrivePurge.exe.lnk
[2012/09/18 19:40:22 | 000,445,291 | ---- | M] () -- J:\Windows Files\Desktop\ENG_CD_1825136_A4.pdf
[2012/09/18 19:35:24 | 000,079,052 | ---- | M] () -- J:\Windows Files\Desktop\MS-100443.pdf
[2012/09/18 19:28:39 | 000,000,189 | ---- | M] () -- J:\Windows Files\Desktop\Micro Switch Toggle Switch SPST On-Off 10A-277VAC - 20A-115VAC 3-4HP - eBay.url
[2012/09/18 19:14:18 | 000,000,164 | ---- | M] () -- J:\Windows Files\Desktop\6 inch 150mm LCD Digital Vernier Caliper Microme-ter Guage - eBay.url
[2012/09/18 19:07:05 | 000,000,173 | ---- | M] () -- J:\Windows Files\Desktop\High-Accuracy 6- 150 mm Digital LCD CALIPER VERNIER GAUGE MICROMETER - eBay.url
[2012/09/18 17:10:57 | 000,000,157 | ---- | M] () -- J:\Windows Files\Desktop\WL Toys V929 Beetle 4CH Quadcopter Mini UFO RTF - eBay.url
[2012/09/18 15:24:05 | 000,000,153 | ---- | M] () -- J:\Windows Files\Desktop\F03334 WL V929 4CH 2.4GHz 3D Fly 4 Rotor RC Helicopter Ladybird Quadcopter BNF No transmitter(Bind with V911 TX) + Free shipping-in RC Helicopters from Toys & Hobbies on Aliexpress.com.url
[2012/09/18 10:00:40 | 000,000,132 | ---- | M] () -- J:\Windows Files\Appllication Data\Adobe PNG Format CS6 Prefs
[2012/09/18 06:06:40 | 001,659,808 | ---- | M] (Bleeping Computer, LLC) -- J:\Windows Files\Desktop\iExplore.exe
[2012/09/18 06:04:01 | 001,659,808 | ---- | M] (Bleeping Computer, LLC) -- J:\Windows Files\Desktop\rkill.scr
[2012/09/18 06:03:51 | 001,659,808 | ---- | M] (Bleeping Computer, LLC) -- J:\Windows Files\Desktop\rkill.com
[2012/09/18 06:01:44 | 000,607,260 | R--- | M] (Swearware) -- J:\Windows Files\Desktop\dds.scr
[2012/09/18 06:00:37 | 000,050,477 | ---- | M] () -- J:\Windows Files\Desktop\Defogger.exe
[2012/09/17 19:51:09 | 000,000,184 | ---- | M] () -- J:\Windows Files\Desktop\RealFlight G2 rc heli airplane simulator USB interlink controller by Futaba - eBay.url
[2012/09/17 15:42:43 | 000,000,837 | ---- | M] () -- J:\Windows Files\Desktop\ActiveSMART.lnk
[2012/09/17 14:25:27 | 000,009,012 | ---- | M] () -- D:\Documents\DesktopOK_2012-09-17_4-25-24 PM_3600x1364.dok
[2012/09/16 16:53:13 | 000,002,801 | ---- | M] () -- J:\Windows Files\Desktop\HiJackThis.lnk
[2012/09/16 00:45:44 | 000,000,763 | ---- | M] () -- J:\Windows Files\Desktop\PrettyRun.lnk
[2012/09/16 00:45:23 | 001,403,127 | ---- | M] () -- D:\Documents\Runner.zip
[2012/09/14 22:33:11 | 000,000,126 | ---- | M] () -- J:\Windows Files\Desktop\Camera China.url
[2012/09/14 04:08:32 | 000,000,115 | ---- | M] () -- J:\Windows Files\Desktop\2 Batteries eBay.url
[2012/09/12 20:01:03 | 000,000,126 | ---- | M] () -- J:\Windows Files\Desktop\2.5 to 3.5 China.url
[2012/09/12 19:59:08 | 000,000,127 | ---- | M] () -- J:\Windows Files\Desktop\2 S107 Batteries China.url
[2012/09/12 19:57:23 | 000,000,126 | ---- | M] () -- J:\Windows Files\Desktop\Modem China.url
[2012/09/12 04:54:33 | 000,000,183 | ---- | M] () -- J:\Windows Files\Desktop\Air Hogs Defender Micro R-C Remote Control Plane MINT ~ SUPER FAST SHIPPING ! - eBay.url
[2012/09/12 01:18:00 | 000,000,772 | ---- | M] () -- J:\Windows Files\Desktop\Advanced Call Center.lnk
[2012/09/11 16:57:44 | 000,000,102 | ---- | M] () -- J:\Windows Files\Desktop\real flight - eBay.url
[2012/09/10 22:45:12 | 000,001,839 | ---- | M] () -- J:\Windows Files\Desktop\Call Soft Pro.lnk
[2012/09/10 22:33:38 | 000,000,123 | ---- | M] () -- J:\Windows Files\Desktop\Gadgets Sporting Goods, Cell Phone Accessories items in bestservice store on eBay!.url
[2012/09/10 14:00:26 | 000,432,492 | ---- | M] () -- D:\Documents\Ashton Calendar.el4
[2012/09/09 09:35:24 | 000,000,321 | ---- | M] () -- J:\Windows Files\Desktop\Useful Flight Simulator Cable-USB Dongle 4 JR FUTABA Eflite DX6i DX7 Transmitter - eBay.url
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/07 09:15:07 | 000,689,161 | ---- | M] () -- D:\Documents\Glasses Prescription Bob Sept 2012_0001.jpg
[2012/09/05 17:10:27 | 000,000,087 | ---- | M] () -- J:\Windows Files\Desktop\Skin Retouching Photoshop Tutorial - YouTube.url
[2012/09/03 13:29:48 | 000,541,082 | ---- | M] () -- D:\Documents\Bank Data.jpg
[2012/09/02 19:54:30 | 000,005,489 | ---- | M] () -- J:\Windows Files\Desktop\190685812914_1.jpg
[2012/08/26 21:39:04 | 000,000,430 | ---- | M] () -- J:\Windows Files\Desktop\Desktop.lnk
[2012/08/26 03:44:42 | 000,000,000 | ---- | M] () -- D:\Documents\bob
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/22 10:32:57 | 001,388,032 | ---- | C] () -- J:\Windows Files\Desktop\RogueKiller.exe
[2012/09/22 10:28:14 | 000,000,512 | ---- | C] () -- J:\Windows Files\Desktop\MBR.dat
[2012/09/22 10:20:46 | 000,881,724 | ---- | C] () -- J:\Windows Files\Desktop\SecurityCheck (1).exe
[2012/09/22 07:27:02 | 000,000,573 | ---- | C] () -- J:\Windows Files\Start Menu\Programs\Startup\Email and Password Script.ahk
[2012/09/22 07:14:30 | 000,000,215 | ---- | C] () -- J:\Windows Files\Desktop\Amazon.com- Temperature Controlled Soldering Iron 50 Watt- Parts Express.url
[2012/09/22 06:31:47 | 000,000,185 | ---- | C] () -- J:\Windows Files\Desktop\Soldering Station Features Continuously Variable Power Between 5-40W,a 1.5mm Pointed Tip - Amazon.com.url
[2012/09/22 03:16:27 | 000,000,870 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1141580518-2314498541-1711201211-1000Core.job
[2012/09/21 21:34:39 | 000,007,548 | ---- | C] () -- D:\Documents\DesktopOK_2012-09-21_9-34-36 PM_3600x1200.dok
[2012/09/21 21:26:16 | 000,000,305 | ---- | C] () -- J:\Windows Files\Desktop\Unstoppable.url
[2012/09/21 20:32:28 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/21 20:22:00 | 000,001,206 | ---- | C] () -- J:\Windows Files\Desktop\ATF-Cleaner.exe.lnk
[2012/09/21 19:41:35 | 000,000,000 | ---- | C] () -- C:\Users\robert\defogger_reenable
[2012/09/21 15:09:34 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/09/21 15:09:34 | 000,000,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/09/21 15:01:16 | 000,000,751 | ---- | C] () -- J:\Windows Files\Desktop\AVG PC Tuneup.lnk
[2012/09/21 14:04:30 | 000,001,148 | ---- | C] () -- J:\Windows Files\Desktop\magicJack.lnk
[2012/09/21 13:28:41 | 000,001,830 | ---- | C] () -- J:\Windows Files\Desktop\Manan Fitting.lnk
[2012/09/21 13:03:53 | 000,061,256 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{0000000C-00000000-00000001-00001102-00000005-002C1102}.rfx
[2012/09/21 13:03:53 | 000,061,256 | ---- | C] () -- C:\Windows\SysNative\BMXState-{0000000C-00000000-00000001-00001102-00000005-002C1102}.rfx
[2012/09/21 13:03:53 | 000,000,788 | ---- | C] () -- C:\Windows\SysNative\DVCState-{0000000C-00000000-00000001-00001102-00000005-002C1102}.rfx
[2012/09/21 12:35:57 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Manager.lnk
[2012/09/21 12:35:57 | 000,001,649 | ---- | C] () -- C:\Users\Public\Desktop\1-Click Cleaner.lnk
[2012/09/21 12:11:58 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1141580518-2314498541-1711201211-1000UA.job
[2012/09/21 10:41:22 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2012/09/21 10:40:52 | 000,190,976 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2012/09/21 10:40:52 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/09/21 10:40:52 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2012/09/21 10:40:52 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/09/21 10:40:52 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2012/09/21 06:19:51 | 000,068,096 | ---- | C] () -- C:\Windows\SysWow64\CNC1754D.TBL
[2012/09/21 06:19:51 | 000,068,096 | ---- | C] () -- C:\Windows\SysNative\CNC1754D.TBL
[2012/09/21 06:19:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/09/21 05:45:02 | 000,001,154 | ---- | C] () -- J:\Windows Files\Start Menu\Programs\magicJack.lnk
[2012/09/21 05:36:09 | 000,000,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CaptureWiz.lnk
[2012/09/21 05:18:34 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/09/21 05:18:29 | 000,035,491 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/09/21 05:12:59 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/09/21 05:12:48 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/09/21 05:02:01 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din
[2012/09/21 05:01:28 | 000,003,114 | ---- | C] () -- C:\Windows\SysNative\e1c62x64.din
[2012/09/21 04:43:41 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012/09/21 04:43:41 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012/09/21 03:57:09 | 000,001,413 | ---- | C] () -- J:\Windows Files\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/09/21 03:57:07 | 000,001,447 | ---- | C] () -- J:\Windows Files\Start Menu\Programs\Internet Explorer.lnk
[2012/09/21 03:44:46 | 4214,075,390 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/20 20:00:57 | 000,000,290 | ---- | C] () -- J:\Windows Files\Desktop\Apache FIles Vice.URL
[2012/09/20 08:10:29 | 000,003,073 | ---- | C] () -- J:\Windows Files\Desktop\Macrium Reflect.lnk
[2012/09/19 12:11:45 | 000,008,580 | ---- | C] () -- D:\Documents\DesktopOK_2012-09-19_2-11-43 PM_3600x1364.dok
[2012/09/19 11:45:34 | 105,711,015 | ---- | C] () -- D:\Documents\Thunderbird - 2012-09-19.pcv
[2012/09/19 08:26:44 | 000,008,694 | ---- | C] () -- D:\Documents\DesktopOK_2012-09-19_10-26-41 AM_3600x1364.dok
[2012/09/19 04:03:04 | 000,001,983 | ---- | C] () -- J:\Windows Files\Desktop\System Mechanic Professional.lnk
[2012/09/18 21:03:06 | 000,001,190 | ---- | C] () -- J:\Windows Files\Desktop\DrivePurge.exe.lnk
[2012/09/18 19:40:21 | 000,445,291 | ---- | C] () -- J:\Windows Files\Desktop\ENG_CD_1825136_A4.pdf
[2012/09/18 19:35:24 | 000,079,052 | ---- | C] () -- J:\Windows Files\Desktop\MS-100443.pdf
[2012/09/18 19:28:39 | 000,000,189 | ---- | C] () -- J:\Windows Files\Desktop\Micro Switch Toggle Switch SPST On-Off 10A-277VAC - 20A-115VAC 3-4HP - eBay.url
[2012/09/18 19:14:18 | 000,000,164 | ---- | C] () -- J:\Windows Files\Desktop\6 inch 150mm LCD Digital Vernier Caliper Microme-ter Guage - eBay.url
[2012/09/18 19:07:05 | 000,000,173 | ---- | C] () -- J:\Windows Files\Desktop\High-Accuracy 6- 150 mm Digital LCD CALIPER VERNIER GAUGE MICROMETER - eBay.url
[2012/09/18 17:10:57 | 000,000,157 | ---- | C] () -- J:\Windows Files\Desktop\WL Toys V929 Beetle 4CH Quadcopter Mini UFO RTF - eBay.url
[2012/09/18 15:24:05 | 000,000,153 | ---- | C] () -- J:\Windows Files\Desktop\F03334 WL V929 4CH 2.4GHz 3D Fly 4 Rotor RC Helicopter Ladybird Quadcopter BNF No transmitter(Bind with V911 TX) + Free shipping-in RC Helicopters from Toys & Hobbies on Aliexpress.com.url
[2012/09/18 06:00:50 | 000,050,477 | ---- | C] () -- J:\Windows Files\Desktop\Defogger.exe
[2012/09/17 19:51:09 | 000,000,184 | ---- | C] () -- J:\Windows Files\Desktop\RealFlight G2 rc heli airplane simulator USB interlink controller by Futaba - eBay.url
[2012/09/17 15:42:43 | 000,000,837 | ---- | C] () -- J:\Windows Files\Desktop\ActiveSMART.lnk
[2012/09/17 14:25:27 | 000,009,012 | ---- | C] () -- D:\Documents\DesktopOK_2012-09-17_4-25-24 PM_3600x1364.dok
[2012/09/16 08:49:30 | 000,000,887 | ---- | C] () -- J:\Windows Files\Start Menu\Programs\Startup\DiskCheckup.lnk
[2012/09/16 00:45:19 | 001,403,127 | ---- | C] () -- D:\Documents\Runner.zip
[2012/09/15 07:09:04 | 000,000,770 | ---- | C] () -- J:\Windows Files\Start Menu\Programs\Startup\Kremlin Sentry.lnk
[2012/09/14 22:33:11 | 000,000,126 | ---- | C] () -- J:\Windows Files\Desktop\Camera China.url
[2012/09/14 04:08:32 | 000,000,115 | ---- | C] () -- J:\Windows Files\Desktop\2 Batteries eBay.url
[2012/09/12 20:01:03 | 000,000,126 | ---- | C] () -- J:\Windows Files\Desktop\2.5 to 3.5 China.url
[2012/09/12 19:59:08 | 000,000,127 | ---- | C] () -- J:\Windows Files\Desktop\2 S107 Batteries China.url
[2012/09/12 19:57:23 | 000,000,126 | ---- | C] () -- J:\Windows Files\Desktop\Modem China.url
[2012/09/12 04:54:33 | 000,000,183 | ---- | C] () -- J:\Windows Files\Desktop\Air Hogs Defender Micro R-C Remote Control Plane MINT ~ SUPER FAST SHIPPING ! - eBay.url
[2012/09/12 01:18:00 | 000,000,772 | ---- | C] () -- J:\Windows Files\Desktop\Advanced Call Center.lnk
[2012/09/11 16:57:44 | 000,000,102 | ---- | C] () -- J:\Windows Files\Desktop\real flight - eBay.url
[2012/09/10 22:45:12 | 000,001,839 | ---- | C] () -- J:\Windows Files\Desktop\Call Soft Pro.lnk
[2012/09/10 22:33:38 | 000,000,123 | ---- | C] () -- J:\Windows Files\Desktop\Gadgets Sporting Goods, Cell Phone Accessories items in bestservice store on eBay!.url
[2012/09/10 14:00:25 | 000,432,492 | ---- | C] () -- D:\Documents\Ashton Calendar.el4
[2012/09/09 09:35:24 | 000,000,321 | ---- | C] () -- J:\Windows Files\Desktop\Useful Flight Simulator Cable-USB Dongle 4 JR FUTABA Eflite DX6i DX7 Transmitter - eBay.url
[2012/09/09 05:00:32 | 000,689,161 | ---- | C] () -- D:\Documents\Glasses Prescription Bob Sept 2012_0001.jpg
[2012/09/05 17:10:27 | 000,000,087 | ---- | C] () -- J:\Windows Files\Desktop\Skin Retouching Photoshop Tutorial - YouTube.url
[2012/09/04 06:43:27 | 000,541,082 | ---- | C] () -- D:\Documents\Bank Data.jpg
[2012/09/02 19:54:46 | 000,005,489 | ---- | C] () -- J:\Windows Files\Desktop\190685812914_1.jpg
[2012/08/26 21:39:04 | 000,000,430 | ---- | C] () -- J:\Windows Files\Desktop\Desktop.lnk
[2012/08/26 03:44:42 | 000,000,000 | ---- | C] () -- D:\Documents\bob
[2012/08/13 06:36:01 | 000,000,132 | ---- | C] () -- J:\Windows Files\Appllication Data\Adobe GIF Format CS6 Prefs
[2012/07/13 00:57:51 | 000,000,132 | ---- | C] () -- J:\Windows Files\Appllication Data\Adobe PNG Format CS6 Prefs
[2012/06/20 11:25:07 | 000,000,431 | ---- | C] () -- J:\Windows Files\Appllication Data\Drives Monitor_Settings.ini
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 23:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/03/12 06:29:03 | 000,035,328 | ---- | C] () -- J:\Windows Files\Common FIles x86\GRTI.dll
[2012/03/03 19:55:13 | 000,000,384 | ---- | C] () -- J:\Windows Files\Appllication Data\editplus_u.ini
[2012/02/17 06:35:48 | 000,001,386 | ---- | C] () -- J:\Windows Files\Appllication Data\systemFP.$dk
[2012/02/16 23:16:33 | 000,000,990 | -HS- | C] () -- J:\Windows Files\Appllication Data\systemfl.$dk
[2012/01/01 20:29:36 | 000,000,412 | ---- | C] () -- J:\Windows Files\Appllication Data\All CPU Meter_Settings.ini
[2011/12/12 16:24:37 | 000,009,327 | ---- | C] () -- J:\Windows Files\Appllication Data\Comma Separated Values (Windows).EML
[2011/10/17 11:42:16 | 000,001,403 | ---- | C] () -- J:\Windows Files\Appllication Data\MQPreset.ini
[2011/10/17 11:42:16 | 000,000,272 | ---- | C] () -- J:\Windows Files\Appllication Data\Multique.ini
[2011/09/28 13:49:45 | 000,075,776 | ---- | C] () -- J:\Windows Files\Appllication Data\chrtmp
[2011/09/28 13:49:45 | 000,001,115 | ---- | C] () -- J:\Windows Files\Appllication Data\SAS7_000.DAT
[2011/09/28 13:49:45 | 000,000,294 | ---- | C] () -- J:\Windows Files\Appllication Data\InkSaveHook.ini
[2011/09/28 13:49:45 | 000,000,132 | ---- | C] () -- J:\Windows Files\Appllication Data\Adobe Targa Format CS5 Prefs
[2011/09/28 13:49:45 | 000,000,132 | ---- | C] () -- J:\Windows Files\Appllication Data\Adobe PNG Format CS5 Prefs
[2011/09/28 13:49:45 | 000,000,132 | ---- | C] () -- J:\Windows Files\Appllication Data\Adobe GIF Format CS5 Prefs
[2011/09/28 13:49:45 | 000,000,132 | ---- | C] () -- J:\Windows Files\Appllication Data\Adobe BMP Format CS5 Prefs
[2011/09/28 13:49:45 | 000,000,022 | -HS- | C] () -- J:\Windows Files\Appllication Data\Sys2662.Config.Repository.bin

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========


========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >



Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Smart Security 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
TuneUp Utilities 2012
AVG PC Tuneup
TuneUp Utilities Language Pack (en-US)
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````


I am trying hard to do everything correctly.

#10 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 22 September 2012 - 02:51 PM

rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a new reply.

2
  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.

    Put a check next to all of these and uncheck the rest: (if found)

    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1)

  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.
Re-Enable your antivirus when all done.

Edited by Maurice Naggar, 22 September 2012 - 02:52 PM.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#11 zingz

zingz

    New Member

  • Members
  • Pip
  • 24 posts

Posted 22 September 2012 - 08:59 PM

Under the Registry tab, none of the items you mention show up in the console so I am not able to delete them. I do see the following in the RKreport.txt file though:


[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Here is the RK report.txt file:


RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : robert [Admin rights]
Mode : Scan -- Date : 09/22/2012 20:52:50

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] magicJack.exe -- J:\Windows Files\Appllication Data\mjusbsp\magicJack.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 14 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cdloader ("J:\Windows Files\Appllication Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1141580518-2314498541-1711201211-1000[...]\Run : cdloader ("J:\Windows Files\Appllication Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[Services][BLPATH] HKLM\[...]\ControlSet001\Services\MBAMScheduler ("\mbamscheduler.exe") -> FOUND
[Services][BLPATH] HKLM\[...]\ControlSet001\Services\MBAMService ("\mbamservice.exe") -> FOUND
[Services][BLPATH] HKLM\[...]\ControlSet002\Services\MBAMScheduler ("\mbamscheduler.exe") -> FOUND
[Services][BLPATH] HKLM\[...]\ControlSet002\Services\MBAMService ("\mbamservice.exe") -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 secure.tune-up.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3750330AS +++++
--- User ---
[MBR] 2e12d1aeb4bc52ffe2dcc4687d56da48
[BSP] d92268c0d81714cec0ead1bb40b4a063 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 357705 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 732580065 | Size: 357697 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3320620AS +++++
--- User ---
[MBR] 54e979af4e35517759db3c8041ab4cd0
[BSP] f4256a7715b85f59bd2c25aa80a51eaa : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 102399 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 209714463 | Size: 102894 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 420441903 | Size: 99948 Mo
3 - [XXXXXX] UNKNOWN (0xdf) [VISIBLE] Offset (sectors): 625137664 | Size: 2 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: OCZ-VERTEX2 +++++
--- User ---
[MBR] 5f88795659d9e94ab8a86330dc6af616
[BSP] 573e7fd742518bd894eeefd6ec784334 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 57240 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: ST31500341AS +++++
--- User ---
[MBR] 55525264c9e0867c3d264e8592dacc64
[BSP] 2fd5b4f32e44b54ae15096a767743a5e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 712523 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1459248210 | Size: 718273 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

#12 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 September 2012 - 08:07 AM

Turn off your antivirus and also Winpatrol

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.
  • Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

:excl: When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply. :excl:

More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#13 zingz

zingz

    New Member

  • Members
  • Pip
  • 24 posts

Posted 23 September 2012 - 08:23 AM

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 09/23/2012 08:20:40 AM in x64 mode.
Windows Version: Windows 7 Enterprise Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

Program finished at: 09/23/2012 08:20:44 AM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)

#14 zingz

zingz

    New Member

  • Members
  • Pip
  • 24 posts

Posted 23 September 2012 - 08:25 AM

Maurice I tried SFC and it worked. Apparently the malware is gone. Can you tell me what it was? Thanks so much.

#15 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 September 2012 - 08:41 AM

I have not been able to pin any particular 'malware' as the one causing the issue.

I am glad that SFC works.
It is a very good investment to run a Full scan with MBAM. Please do so.

Save and close any work documents, close any apps that you started.

Temporarily turn off your antivirus.

Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Full Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the latest MBAM scan log for review.

Lastly, re-enable your antivirus program.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#16 zingz

zingz

    New Member

  • Members
  • Pip
  • 24 posts

Posted 23 September 2012 - 05:16 PM

Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.22.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
robert :: ROBERTPC [administrator]

Protection: Disabled

9/23/2012 2:39:55 PM
mbam-log-2012-09-23 (16-26-52).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1044251
Time elapsed: 1 hour(s), 45 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYBRYTE (PUP.PlayBryte) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> No action taken.
HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> No action taken.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|playbrytetoolbar_Playbryte (PUP.PlayBryte) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte|Publisher (PUP.PlayBryte) -> Data: Playbryte -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0

(end)

#17 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 September 2012 - 06:37 PM

Next, do the following:
Step 1
  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    *****************************************************************
    :processes
    killallprocesses

    :files
    recycler /alldrives

    :reg
    [-HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYBRYTE]
    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}]
    [-HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}]
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform]
    "playbrytetoolbar_Playbryte "=-

    :Commands
    [purity]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [EMPTYFLASH]
    [emptyjava]
    [Reboot]

    *****************************************************************
  • Return to OTL. Right click in the Posted Image window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Posted Image.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2
Download Dr.Web CureIt to the desktop.
  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Edited by Maurice Naggar, 23 September 2012 - 06:40 PM.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#18 zingz

zingz

    New Member

  • Members
  • Pip
  • 24 posts

Posted 23 September 2012 - 07:15 PM

I am unable to run drweb-cureit.exe. I get the error message that it is not a valid Win32 application.

#19 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 September 2012 - 07:19 PM

Run RKILL, then try just 1 more time to run DrWeb Cure-it
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Please download Rkill by Grinler and save it to your desktop.
  • Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.
:excl: When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply. :excl:
More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html


also copy & Paste the contents of the _OTL MovedFiles log for my review
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#20 zingz

zingz

    New Member

  • Members
  • Pip
  • 24 posts

Posted 24 September 2012 - 02:53 AM

The "not a valid Win32" error was caused by a corrupted download. I downloaded Dr Web again and had no trouble running it. However the UI has changed. I believe I accomplished what you advised.


All processes killed
========== PROCESSES ==========
========== FILES ==========
recycler not found in C:\
D:\RECYCLER\S-1-5-18 folder moved successfully.
D:\RECYCLER folder moved successfully.
recycler not found in E:\
recycler not found in F:\
recycler not found in G:\
recycler not found in H:\
recycler not found in I:\
recycler not found in J:\
recycler not found in N:\
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYBRYTE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte)\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\\playbrytetoolbar_Playbryte not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: robert
->Temporary Internet Files folder emptied: 3754906 bytes

User: UpdatusUser
->Temporary Internet Files folder emptied: 0 bytes

User: UpdatusUser.robertPC
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35496 bytes
Session Manager Temp folder emptied: 69398741 bytes
Session Manager Tmp folder emptied: 525 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 94224152 bytes

Total Files Cleaned = 160.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: robert

User: UpdatusUser

User: UpdatusUser.robertPC

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: robert

User: UpdatusUser

User: UpdatusUser.robertPC

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.65.1 log created on 09232012_192250

Files\Folders moved on Reboot...
f:\temp\FXSAPIDebugLogFile.txt moved successfully.
f:\temp\FXSTIFFDebugLogFile.txt moved successfully.
f:\temp\VGX903D.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users