Jump to content

*.exe is not a valid win32 application


zingz

Recommended Posts

Suddenly I get this error on some system files such as sfc.exe. I will appreciate any help.

zingz

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:53:37 PM, on 9/16/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

D:\util\WizMouse\WizMouse.exe

D:\Util\DUMETE~1\DUMeter.exe

J:\Windows Files\Common FIles x86\Acronis\Schedule2\schedhlp.exe

D:\Util\ClipMate7\ClipMate7\ClipMate.exe

D:\Util\SuperFlexible\ExtremeSyncService.exe

D:\Util\Alcohol Soft\Alcohol 120\Alcohol.exe

D:\Util\advanded Call Center\acc.exe

D:\Util\OpenDNS\DNSCrypt\OpenDNSInterface.exe

D:\Util\PrettyRun\PrettyRun.exe

D:\Util\CaptureWiz\Pro\CaptureWiz.exe

D:\Util\AutoHotkey\AutoHotkey.exe

D:\Util\Hmonitor\hmonitor.exe

D:\Util\Kremlin\Kremlin Sentry.exe

D:\Util\sMaRTcaPs\SmartCaps.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

D:\Util\WinPatrol\WinPatrol.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

D:\Util\PhoneTray\PhoneTray.exe

D:\Util\Acronis\DriveMonitor\adm_tray.exe

D:\Util\Hard Drive Inspector\HDInspector.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

J:\Windows Files\Appllication Data\mjusbsp\magicJack.exe

D:\Util\Internet Download Manager\IDMan.exe

D:\Util\Internet Download Manager\IEMonitor.exe

D:\Util\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe

D:\Util\Everything\Everything.exe

D:\Util\Canon\Solution Menu EX\CNSEMAIN.EXE

D:\Util\Canon\Solution Menu EX\CNSEUPDT.EXE

D:\Util\DiskCheckup\DiskCheckup.exe

D:\Util\Skype\Phone\Skype.exe

D:\Util\Nero\Nero 11\Nero Burning ROM\nero.exe

D:\Util\MagicISO\MagicISO.exe

D:\Util\VirtualCloneDrive\VCDPrefs.exe

D:\ThunderbirdPortable\App\Thunderbird\thunderbird.exe

C:\Users\robert\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robert\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robert\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robert\AppData\Local\Google\Chrome\Application\chrome.exe

D:\Util\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Util\Internet Download Manager\IDMIECC.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Util\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [WinPatrol] D:\Util\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "J:\Windows Files\Common FIles x86\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [PhoneTray] D:\Util\PhoneTray\PhoneTray.exe

O4 - HKLM\..\Run: [adm_tray.exe] D:\Util\Acronis\DriveMonitor\adm_tray.exe

O4 - HKLM\..\Run: [HDInspector.exe] D:\Util\Hard Drive Inspector\HDInspector.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DesktopOK] "D:\Util\DesktopOK\DesktopOK_x64.exe" -bg -startup

O4 - HKCU\..\Run: [ClipMate7] D:\Util\ClipMate7\ClipMate7\ClipMate.exe

O4 - HKCU\..\Run: [DU Meter] D:\Util\DU Meter\DUMeter.exe

O4 - HKCU\..\Run: [ftweak_recyclebinex] "D:\Util\RecycleBinEx\RecycleBinEx.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ExtremeSync Background Scheduler] "D:\Util\SuperFlexible\ExtremeSyncService.exe" /TIMERASAPP /STARTUP

O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Util\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

O4 - HKCU\..\Run: [Alcohol.exe Autorun] D:\Util\Alcohol Soft\Alcohol 120\Alcohol.exe /startup

O4 - HKCU\..\Run: [acc] D:\Util\ADVAND~1\acc.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-3870394034-3650906716-284889080-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-3870394034-3650906716-284889080-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: AutorunsDisabled

O4 - Startup: CaptureWiz.lnk = D:\Util\CaptureWiz\Pro\CaptureWiz.exe

O4 - Startup: DiskCheckup.lnk = D:\Util\DiskCheckup\DiskCheckup.exe

O4 - Startup: Email and Password via Mouse Script.ahk

O4 - Startup: hmonitor.exe.lnk = D:\Util\Hmonitor\hmonitor.exe

O4 - Startup: Kremlin Sentry.lnk = D:\Util\Kremlin\Kremlin Sentry.exe

O4 - Startup: magicJackLoader.exe.lnk = F:\Windows Files\Appllication Data\mjusbsp\magicJackLoader.exe

O4 - Startup: sMaRTcaPs.lnk = D:\Util\sMaRTcaPs\SmartCaps.exe

O4 - User Startup: AutorunsDisabled

O4 - User Startup: CaptureWiz.lnk = D:\Util\CaptureWiz\Pro\CaptureWiz.exe

O4 - User Startup: DiskCheckup.lnk = D:\Util\DiskCheckup\DiskCheckup.exe

O4 - User Startup: Email and Password via Mouse Script.ahk

O4 - User Startup: hmonitor.exe.lnk = D:\Util\Hmonitor\hmonitor.exe

O4 - User Startup: Kremlin Sentry.lnk = D:\Util\Kremlin\Kremlin Sentry.exe

O4 - User Startup: magicJackLoader.exe.lnk = F:\Windows Files\Appllication Data\mjusbsp\magicJackLoader.exe

O4 - User Startup: sMaRTcaPs.lnk = D:\Util\sMaRTcaPs\SmartCaps.exe

O4 - Global Startup: OpenDNSCrypt.lnk = ?

O4 - Global Startup: PrettyRun.lnk = D:\Util\PrettyRun\PrettyRun.exe

O8 - Extra context menu item: Download all links with IDM - D:\Util\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - D:\Util\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Util\MICROS~1\Office12\EXCEL.EXE/3000

O10 - Broken Internet access because of LSP provider 'd:\util\bonjour\mdnsnsp.dll' missing

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://*.alipay.com

O15 - Trusted Zone: http://*.alisoft.com

O15 - Trusted Zone: http://novastor.cleverreach.com

O15 - Trusted Zone: http://*.google-analytics.com

O15 - Trusted Zone: http://*.novastor.com

O15 - Trusted Zone: http://*.taobao.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{A9EB8CB5-2D58-4282-B993-DECE1BAC2F85}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{E6763B55-86AC-4D4B-9423-19EEE0617895}: NameServer = 127.0.0.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Util\MICROS~1\Office12\GRA32A~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - J:\WINDOW~1\COMMON~2\Skype\SKYPE4~1.DLL

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - J:\Windows Files\Common FIles x86\Acronis\Schedule2\schedul2.exe

O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - J:\Windows Files\Common FIles x86\Acronis\CDP\afcdpsrv.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - J:\Windows Files\Common FIles x86\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe

O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - D:\Util\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe

O23 - Service: Backup Client Agent Service - NovaStor Corporation - D:\Util\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe

O23 - Service: Bonjour Service - Unknown owner - D:\Util\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - D:\Util\Allway Sync\Bin\SyncService.exe

O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - D:\Util\BlueStacks\HD-Service.exe

O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - D:\Util\BlueStacks\HD-LogRotatorService.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - J:\Windows Files\Common FIles x86\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - D:\Util\Creative\Shared Files\CTAudSvc.exe

O23 - Service: OpenDNSCrypt (DNSCrypt) - Unknown owner - D:\Util\OpenDNS\DNSCrypt\OpenDNSCryptService.exe

O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - D:\Util\DU Meter\DUMeterSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - D:\util\ESET\ESET Smart Security\x86\ekrn.exe

O23 - Service: ExtremeSync Service (ExtremeSync_Service) - Super Flexible Software - D:\Util\SuperFlexible\ExtremeSyncService.exe

O23 - Service: Extreme VSS Service (ExtremeVSSService) - Super Flexible Software Ltd. & Co. KG - D:\Util\SuperFlexible\ExtremeVSS.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - J:\Windows Files\Common FIles x86\AltrixSoft\HDDInfoService\HDDSvc.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Util\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - D:\Util\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Util\Mozilla Maintenance Service\maintenanceservice_tmp.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @D:\Util\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - D:\Util\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NetTalkUsrLaunchService - Unknown owner - D:\Util\netTALK\nettalkl.exe

O23 - Service: NetTalkUsrService - Unknown owner - D:\Util\netTALK\nettalkd.exe

O23 - Service: NovaStor NovaBACKUP Backup/Copy Engine (nsService) - NovaStor - D:\Util\NovaStor\NovaStor NovaBACKUP\nsService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Acronis OS Selector activator (OS Selector) - Unknown owner - D:\Util\Acronis\DiskDirector\OSS\reinstall_svc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - D:\Util\Macrium\Reflect\ReflectService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - D:\Util\Soluto\SolutoService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - D:\Util\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - J:\Windows Files\Common FIles x86\Acronis\SyncAgent\syncagentsrv.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\util\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 14952 bytes

hijackthis.log

Link to post
Share on other sites

Hello ringz,

Be aware we do not use HijackThis as the initial report tool. Our forum uses DDS.

Please do the following:

1

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

2

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

◦Double click DeFogger to run the tool.

◦The application window will appear

◦Click the Disable button to disable your CD Emulation drivers.

◦Click Yes to continue

◦A 'Finished!' message will appear

◦Click OK

◦DeFogger will now ask to reboot the machine - click OK

◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

◦Do not re-enable these drivers until otherwise instructed.

3

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 4

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 5

Download DDS and save it to your desktop from http://download.bleepingcomputer.com/sUBs/dds.scr here

or http://download.bleepingcomputer.com/sUBs/dds.com or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:
DDS.txt
Attach.txt
Do not attach any logs. Always Copy & Paste into main-body of reply.
If needed, put 1 log per reply.
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Hi Maurice. I finally had time to get back to this thorny problem. I will paste the three logs below. Thanks again for your help.

Robert

Rkill 2.3.15 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/21/2012 07:39:21 PM in x64 mode.

Windows Version: Windows 7 Enterprise Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/21/2012 07:39:24 PM

Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by robert at 19:43:15 on 2012-09-21

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.16281.13999 [GMT -7:00]

.

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

D:\util\ESET2\ESET Smart Security\x86\ekrn.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Windows\system32\svchost.exe -k imgsvc

D:\Util\TuneUp\TuneUpUtilitiesService64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

D:\Util\TuneUp\TuneUpUtilitiesApp64.exe

D:\Util\WizMouse\WizMouse.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxpers.exe

D:\Util\ESET2\ESET Smart Security\egui.exe

D:\Util\DesktopOK\DesktopOK_x64.exe

D:\Util\CaptureWiz\Pro\CaptureWiz.exe

D:\Util\DiskCheckup\DiskCheckup.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

D:\Util\Kremlin\Kremlin Sentry.exe

D:\Util\WinPatrol\WinPatrol.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

D:\Util\sMaRTcaPs\SmartCaps.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

J:\Windows Files\Appllication Data\mjusbsp\magicJack.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

D:\ThunderbirdPortable\ThunderbirdPortable.exe

D:\ThunderbirdPortable\App\thunderbird\thunderbird.exe

C:\Windows\System32\Notepad.exe

C:\Windows\system32\svchost.exe -k SDRSVC

D:\util\Everything\Everything.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

D:\Util\totalcmd\TOTALCMD64.EXE

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File

Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File

HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooksURLSearchHooks: H - No File

SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File

Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File

Error: Key: software\microsoft\internet explorer\urlsearchhooks does not exist H - No File

SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File

Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File

Error: Key: .default\software\microsoft\internet explorer\urlsearchhooks does not exist H - No File

TB: SteelWerX Registry Console Tool 2.0 - No File

TB: Written by Bobbi Flekman 2006 © - No File

TB: Error: Key: software\microsoft\internet explorer\toolbar does not exist - No File

TB: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser - No File

TB: ITBar7Layout REG_BINARY 13000000000000000000000020000000100000001300000001000000000700005e010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 - No File

TB: ITBar7Height REG_DWORD 21 (0x15) - No File

EB: SteelWerX Registry Console Tool 2.0 - No File

EB: Written by Bobbi Flekman 2006 © - No File

EB: Error: Key: software\microsoft\internet explorer\explorer bars does not exist - No File

StartupFolder: J:\WINDOW~1\STARTM~1\Programs\Startup\CAPTUR~1.LNK - D:\Util\CaptureWiz\Pro\CaptureWiz.exe

StartupFolder: J:\WINDOW~1\STARTM~1\Programs\Startup\DISKCH~1.LNK - D:\Util\DiskCheckup\DiskCheckup.exe

StartupFolder: J:\Windows Files\Start Menu\Programs\Startup\Email and Password via Mouse Script.ahk

StartupFolder: J:\WINDOW~1\STARTM~1\Programs\Startup\HMONIT~1.LNK - D:\Util\Hmonitor\hmonitor.exe

StartupFolder: J:\WINDOW~1\STARTM~1\Programs\Startup\KREMLI~1.LNK - D:\Util\Kremlin\Kremlin Sentry.exe

StartupFolder: J:\WINDOW~1\STARTM~1\Programs\Startup\MAGICJ~1.LNK - F:\Windows Files\Appllication Data\mjusbsp\magicJackLoader.exe

StartupFolder: J:\WINDOW~1\STARTM~1\Programs\Startup\SMARTC~1.LNK - D:\Util\sMaRTcaPs\SmartCaps.exe

LSP: REGEDIT4

.

LSP: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\parameters\protocol_catalog9\catalog_entries]

LSP: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsock2\parameters\protocol_catalog9\catalog_entries\

LSP: m33,32,\mswsock2e,dll

LSP:

LSP: Ha1,92,e9,03,

LSP: 32,

LSP: "ProtocolName"="@%SystemRoot%\\System32\\wshtcpip.dll,-601

LSP: Ha1,92,ea,03,

LSP: f7,ff,

LSP: "ProtocolName"="@%SystemRoot%\\System32\\wshtcpip.dll,-60101"

LSP: Ha1,92,eb,03,

LSP: "ProtocolName"="@%SystemRoot%\\System32\\wshtcpip.dll,-60102"

LSP: l34,e4,ec,03,

LSP: "ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-601

LSP: l34,e4,ed,03,

LSP: "ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-60101"

LSP: l34,e4,ee,03,

LSP: "ProtocolName"="@%SystemRoot%\\System32\\wship6.dll,-60102"

LSP: 82,e6,9a,ef,03,

LSP: "ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-1

LSP: 82,e6,9a,f0,03,

LSP: "ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-101"

LSP: 82,e6,9a,f1,03,

LSP: "ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-102"

LSP: 82,e6,9a,f2,03,

LSP: "ProtocolName"="@%SystemRoot%\\System32\\wshqos.dll,-103"

LSP: 89,y2a,f3,03,

LSP: t

LSP: "ProtocolName"="MSAFD RfComm [bluetooth]"

SSODL: SteelWerX Registry Console Tool 2.0 - - No File

SSODL: Written by Bobbi Flekman 2006 © - - No File

SSODL: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload - - No File

STS: SteelWerX Registry Console Tool 2.0 - No File

STS: Written by Bobbi Flekman 2006 © - No File

STS: Error: Key: software\microsoft\windows\currentversion\explorer\sharedtaskscheduler does not exist - No File

SEH: SteelWerX Registry Console Tool 2.0 - No File

SEH: Written by Bobbi Flekman 2006 © - No File

SEH: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks - No File

TB-X64: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser - No File

TB-X64: ITBar7Layout REG_BINARY 13000000000000000000000020000000100000001300000001000000000700005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 - No File

TB-X64: ITBar7Height REG_DWORD 0x15 - No File

SSODL-X64: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ShellServiceObjectDelayLoad - - No File

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]

R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys --> C:\Windows\system32\DRIVERS\mv91cons.sys [?]

R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]

R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;D:\Util\ESET2\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-21 13336]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;D:\Util\TuneUp\TuneUpUtilitiesService64.exe [2011-10-12 2072896]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;D:\Util\TuneUp\TuneUpUtilitiesDriver64.sys [2011-9-22 11856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-9-21 1262400]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-21 250288]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-9-21 79360]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

.

=============== File Associations ===============

.

Application.Manifest=rundll32.exe dfshim.dll,ShOpenVerbApplication %1

Application.Reference=rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2

brmFile="PrintBrmUI.exe" /import /file:"%1"

CABFolder=%SystemRoot%\Explorer.exe /idlist,%I,%L

CaptureWiz.Media="D:\Util\CaptureWiz\Pro\CaptureWiz.exe" "%1"

CATFile=%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1

CERFile=%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCER %1

CertificateStoreFile=%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenSTR %1

certificate_wab_auto_file="%ProgramFiles%\Windows Mail\wab.exe" /certificate "%1"

CompressedFolder=%SystemRoot%\Explorer.exe /idlist,%I,%L

contact_wab_auto_file="%ProgramFiles%\Windows Mail\wab.exe" /contact "%1"

CRLFile=%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCRL %1

ctsu="C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe"

Diagnostic.Cabinet=%SystemRoot%\system32\msdt.exe /cab "%1"

Diagnostic.Config=%SystemRoot%\system32\msdt.exe /path "%1"

Diagnostic.Document=%SystemRoot%\system32\msdt.exe /path "%1"

Diagnostic.Perfmon.Config=%SystemRoot%\system32\perfmon /sys /load "%1"

Diagnostic.Perfmon.Document=%SystemRoot%\system32\perfmon /sys /open "%1"

Diagnostic.Resmon.Config=%SystemRoot%\system32\perfmon /res /load "%1"

docxfile="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

emffile="%systemroot%\system32\mspaint.exe" "%1"

evtfile=%SystemRoot%\system32\eventvwr.exe /l:"%1"

evtxfile=%SystemRoot%\system32\eventvwr.exe /l:"%1"

Explorer.AssocProtocol.search-ms=%SystemRoot%\Explorer.exe /separate,/idlist,%I,%L

FaxCover.Document=%systemroot%\system32\fxscover.exe "%1"

Folder=%SystemRoot%\Explorer.exe

FoxitReader.Document="D:\Util\foxit software\Foxit Reader\Foxit Reader.exe" "%1"

FoxitReader.FDFDoc="D:\Util\foxit software\Foxit Reader\Foxit Reader.exe" "%1"

ftp="C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1

giffile="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

group_wab_auto_file="%ProgramFiles%\Windows Mail\wab.exe" /Group "%1"

hlpfile=%SystemRoot%\winhlp32.exe %1

htafile=C:\Windows\SysWOW64\mshta.exe "%1" %*

htmlfile="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

http="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

https="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

icofile=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1

IE.AssocFile.HTM="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

IE.AssocFile.MHT="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

IE.AssocFile.PARTIAL="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

IE.AssocFile.SVG="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

IE.AssocFile.URL="C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l

IE.AssocFile.WEBSITE="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -w "%l" %*

IE.AssocFile.XHT="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

IE.FTP="C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1

IE.HTTP="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

IE.HTTPS="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

InternetShortcut="C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l

jntfile="%ProgramFiles%\Windows Journal\Journal.exe" "%1"

jpegfile=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1

jpsfile="C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NvStView.exe" "%1"

JSFile=C:\Windows\System32\WScript.exe "%1" %*

jtpfile="%ProgramFiles%\Windows Journal\Journal.exe" "%1"

LDAP="%ProgramFiles%\Windows Mail\wab.exe" "/ldap:%1"

MacromediaFlashPaper.MacromediaFlashPaper="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome "%1"

mhtmlfile="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

Microsoft.InformationCard=C:\Windows\System32\rundll32.exe C:\Windows\System32\infocardcpl.cpl,ImportInformationCard_RunDll %1

Microsoft.PowerShellConsole.1="C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -p "%1"

Microsoft.PowerShellData.1="C:\Windows\System32\notepad.exe" "%1"

Microsoft.PowerShellModule.1="C:\Windows\System32\notepad.exe" "%1"

Microsoft.PowerShellScript.1="C:\Windows\System32\notepad.exe" "%1"

Microsoft.System.Update.1="%systemroot%\system32\wusa.exe" "%1" %2 %3 %4 %5 %6 %7 %8 %9

Microsoft.Website="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -w "%l" %*

Microsoft.WindowsCardSpaceBackup=C:\Windows\System32\rundll32.exe C:\Windows\System32\infocardcpl.cpl,ImportInformationCard_RunDll %1

migfile="C:\Windows\System32\migwiz\migwiz.exe" /Restore "%1"

MMS="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" "%L"

mpofile="C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NvStView.exe" "%1"

mscfile=%SystemRoot%\system32\mmc.exe "%1" %*

MSDASC=Rundll32.exe "%CommonProgramFiles%\System\OLE DB\oledb32.dll",OpenDSLFile %1

Msi.Package="%SystemRoot%\System32\msiexec.exe" /i "%1" %*

Msi.Patch="%SystemRoot%\System32\msiexec.exe" /p "%1" %*

MSInfoFile=%SystemRoot%\system32\msinfo32.exe "%1"

MSSppLicenseFile="iexplore.exe" "%1"

MSSppPackageFile=rundll32.exe sppcc.dll, OpenPackage %1

msstylesfile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"

odtfile="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

opensearchdescription=%SystemRoot%\explorer.exe

P7RFile=%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenP7R %1

P7SFile=%SystemRoot%\system32\\rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1

Paint.Picture=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1

pbkfile=%SystemRoot%\system32\rasphone.exe -f "%1"

PerfFile=%SystemRoot%\system32\mmc.exe %systemroot%\system32\perfmon.msc /F "%1"

PhotoViewer.FileAssoc.Bitmap=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1

PhotoViewer.FileAssoc.JFIF=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1

PhotoViewer.FileAssoc.Jpeg=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1

PhotoViewer.FileAssoc.Png=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1

PhotoViewer.FileAssoc.Tiff=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1

PhotoViewer.FileAssoc.Wdp=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1

pjpegfile=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1

pngfile=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1

pnsfile="C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NvStView.exe" "%1"

prffile="%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\msrating.dll",ClickedOnPRF %1

ratfile="%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\msrating.dll",ClickedOnRAT %1

RemoteAssistance.1="%systemRoot%\system32\msra.exe" -openfile "%1"

rlefile="%systemroot%\system32\mspaint.exe" "%1"

rlogin="C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l

rtffile="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

SavedDsQuery=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\dsquery.dll,OpenSavedDsQuery %1

scriptletfile="C:\Windows\system32\NOTEPAD.EXE" "%1"

search=%SystemRoot%\Explorer.exe /separate,/idlist,%I,%L

search-ms=%SystemRoot%\Explorer.exe /separate,/idlist,%I,%L

SPCFile=%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1

STLFile=%SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCTL %1

svgfile="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

telnet="C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l

textfile="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

themefile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"

themepackfile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"

TIFImage.Document=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1

tn3270="C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l

TuneUp.Boot.Screen="D:\Util\TuneUp\Styler.exe" "%1"

TuneUp.Icon.Package="D:\Util\TuneUp\Styler.exe" "%1"

TuneUp.Logo.Animation="D:\Util\TuneUp\Styler.exe" "%1"

TuneUp.Logon.Screen="D:\Util\TuneUp\Styler.exe" "%1"

TuneUp.Utilities.2012.Unlock.Code="D:\Util\TuneUp\Integrator.exe" /regcode "%1"

TuneUp.Visual.Style="D:\Util\TuneUp\Styler.exe" "%1"

vcard_wab_auto_file="%ProgramFiles%\Windows Mail\wab.exe" /vcard "%1"

wab_auto_file="%ProgramFiles%\Windows Mail\wab.exe" /Import "%1"

wbcatfile=%SystemRoot%\system32\sdclt.exe /restorepage

WCN.AutoPlayHandler=%systemroot%\system32\rundll32.exe %systemroot%\system32\wzcdlg.dll,ImportFlashProfile %L

wcxfile=rundll32.exe xwizards.dll,RunWizard /u {7940acf8-60ba-4213-a7c3-f3b400ee266d} /z%1

wdpfile=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1

webpnpFile=%SystemRoot%\system32\wpnpinst.exe %1

Windows.CompositeFont="%WinDir%\System32\notepad.exe" "%1"

Windows.DVD.Maker="%ProgramFiles%\DVD Maker\DVDMaker.exe" "%1"

Windows.gadget=%ProgramFiles%\Windows Sidebar\Sidebar.exe

Windows.XamlDocument="C:\Windows\System32\PresentationHost.exe" "%1" %*

Windows.Xbap="C:\Windows\System32\PresentationHost.exe" "%1" %*

Windows.XPSReachViewer=%SystemRoot%\System32\xpsrchvw.exe "%1" %*

windowsmediacenterapp=C:\Windows\ehome\MediaCenterWebLauncher.exe -app "%1"

windowsmediacenterssl=C:\Windows\ehome\MediaCenterWebLauncher.exe -ssl "%1"

windowsmediacenterweb=C:\Windows\ehome\MediaCenterWebLauncher.exe -web "%1"

wmffile="%systemroot%\system32\mspaint.exe" "%1"

WMP.DVR-MSFile="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"

WMP.WTVFile="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"

WMP11.AssocFile.3G2="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"

WMP11.AssocFile.3GP="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"

WMP11.AssocFile.ADTS="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"

WMP11.AssocFile.AIFF="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"

WMP11.AssocFile.ASF="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:7 /Open "%L"

WMP11.AssocFile.ASX="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"

WMP11.AssocFile.AU="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"

WMP11.AssocFile.AVI="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:8 /Open "%L"

WMP11.AssocFile.CDA="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"

WMP11.AssocFile.M2TS="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:12 /Open "%L"

WMP11.AssocFile.M3U="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"

WMP11.AssocFile.M4A="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"

WMP11.AssocFile.MIDI="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"

WMP11.AssocFile.MOV="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"

WMP11.AssocFile.MP3="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"

WMP11.AssocFile.MP4="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"

WMP11.AssocFile.MPEG="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"

WMP11.AssocFile.TTS="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:12 /Open "%L"

WMP11.AssocFile.WAV="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"

WMP11.AssocFile.WAX="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"

WMP11.AssocFile.wma="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:5 /Open "%L"

WMP11.AssocFile.WMD="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /WMPackage:"%L"

WMP11.AssocFile.WMS="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /layout:"%L"

WMP11.AssocFile.WMV="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:7 /Open "%L"

WMP11.AssocFile.WMZ="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /layout:"%L"

WMP11.AssocFile.WPL="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"

WMP11.AssocFile.WVX="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"

WMP11.AssocProtocol.MMS="%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" "%L"

Wordpad.Document.1="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

WSFFile="%SystemRoot%\System32\WScript.exe" "%1" %*

WSHFile="%SystemRoot%\System32\WScript.exe" "%1" %*

xhtmlfile="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

xmlfile="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

xslfile="C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

zapfile=%SystemRoot%\system32\NOTEPAD.EXE %1

.

Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'

.

.

Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'

.

.

Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'

.

.

Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'

.

.

Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'

.

.

Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'

.

.

Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'

.

.

Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'

.

.

Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'

.

.

Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'

.

.

Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'

.

.

Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'

.

.

Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'

.

.

Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'

.

.

Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'

.

.

Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'

.

.

Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'

.

.

Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'

.

.

Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'

.

.

Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'

.

.

Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'

.

.

Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'

.

.

Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'

.

.

Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'

.

.

Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'

.

.

Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'

.

.

Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'

.

.

Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'

.

.

Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'

.

.

Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'

.

.

Unknown Rootkey: 'STEELWERX REGISTRY CONSOLE TOOL 2.0'

.

.

Unknown Rootkey: 'WRITTEN BY BOBBI FLEKMAN 2006 ©'

.

.

Unknown Rootkey: 'ERROR: KEY: JSFFILE'

.

.

SteelWerX Registry Console Tool 2.0

Written by Bobbi Flekman 2006 ©

.

<NO NAME> REG_SZ batfile

.

SteelWerX Registry Console Tool 2.0

Written by Bobbi Flekman 2006 ©

.

<NO NAME> REG_SZ cmdfile

.

SteelWerX Registry Console Tool 2.0

Written by Bobbi Flekman 2006 ©

.

<NO NAME> REG_SZ comfile

.

SteelWerX Registry Console Tool 2.0

Written by Bobbi Flekman 2006 ©

.

<NO NAME> REG_SZ exefile

.

SteelWerX Registry Console Tool 2.0

Written by Bobbi Flekman 2006 ©

.

<NO NAME> REG_SZ scrfile

.

SteelWerX Registry Console Tool 2.0

Written by Bobbi Flekman 2006 ©

.

<NO NAME> REG_SZ regfile

.

SteelWerX Registry Console Tool 2.0

Written by Bobbi Flekman 2006 ©

.

<NO NAME> REG_SZ txtfile

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2012-09-21 19:09:25 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

.

============= FINISH: 19:43:50.59 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Enterprise

Boot Device: \Device\HarddiskVolume7

Install Date: 9/21/2012 3:56:55 AM

System Uptime: 9/21/2012 3:22:26 PM (4 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P8Z68 DELUXE

Processor: Intel® Core i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 56 GiB total, 23.287 GiB free.

D: is FIXED (NTFS) - 349 GiB total, 207.623 GiB free.

E: is FIXED (NTFS) - 349 GiB total, 120.657 GiB free.

F: is FIXED (NTFS) - 100 GiB total, 88.961 GiB free.

G: is FIXED (NTFS) - 100 GiB total, 62.272 GiB free.

H: is FIXED (NTFS) - 98 GiB total, 70 GiB free.

I: is FIXED (NTFS) - 696 GiB total, 78.625 GiB free.

J: is FIXED (NTFS) - 701 GiB total, 239.961 GiB free.

K: is CDROM ()

L: is CDROM ()

M: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: High Definition Audio Device

Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80860101&REV_1000\4&38A04C3F&0&0301

Manufacturer: Microsoft

Name: High Definition Audio Device

PNP Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80860101&REV_1000\4&38A04C3F&0&0301

Service: HdAudAddService

.

Class GUID:

Description: EPSON Scanner

Device ID: USB\VID_04B8&PID_0119\7&FBF8A8D&0&5

Manufacturer:

Name: EPSON Scanner

PNP Device ID: USB\VID_04B8&PID_0119\7&FBF8A8D&0&5

Service:

.

==== System Restore Points ===================

.

RP12: 9/21/2012 10:10:37 AM - Installed ESET Smart Security

RP13: 9/21/2012 10:40:58 AM - Installed Creative Audio Control Panel

RP14: 9/21/2012 10:41:19 AM - Installed Creative Software AutoUpdate

RP15: 9/21/2012 12:35:52 PM - Installed Windows 7 Manager

RP16: 9/21/2012 12:38:44 PM - Windows 7 Manager v4.1.4 System-Restore Point

RP17: 9/21/2012 3:07:28 PM - Removed TuneUp Utilities Language Pack (en-US)

RP18: 9/21/2012 3:09:25 PM - Installed TuneUp Utilities 2012

.

==== Installed Programs ======================

.

Written by Bobbi Flekman 2006 ©

.

==== Event Viewer Messages From Past Week ========

.

The service has not been started.

9/21/2012 4:21:24 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error:

9/21/2012 3:22:41 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel Security. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.

9/21/2012 1:04:56 PM, Error: Service Control Manager [7023] - The Intel® Content Protection HECI Service service terminated with the following error:

%%-2147024890

.

==== End Of File ===========================

Link to post
Share on other sites

Hello zingz,

As you should know, it is best to address issues in a timely manner. So try to do as much as possible without delay.

Do not do any websurfing, or anything online, other than going to this forum and the websites I send you to for the tools that we need.

I did not see the Checkup log from SecurityCheck tool:

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Do not click any FIX button. We just need an initial report.

Step 3

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 4

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 5

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Here are the logs you requested.

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x86 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

ESET Smart Security 5.0

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

TuneUp Utilities 2012

AVG PC Tuneup

TuneUp Utilities Language Pack (en-US)

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

WinPatrol winpatrol.exe

ESET NOD32 Antivirus egui.exe

ESET NOD32 Antivirus ekrn.exe

WinPatrol WinPatrol.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

Fix is greyed out in aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-22 10:25:10

-----------------------------

10:25:10.181 OS Version: Windows x64 6.1.7601 Service Pack 1

10:25:10.181 Number of processors: 8 586 0x2A07

10:25:10.182 ComputerName: ROBERTPC UserName: robert

10:25:10.329 Initialize success

10:26:42.076 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

10:26:42.079 Disk 0 Vendor: Size: 0MB BusType: 0

10:26:42.082 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

10:26:42.084 Disk 1 Vendor: Size: 0MB BusType: 0

10:26:42.087 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3

10:26:42.090 Disk 2 Vendor: Size: 0MB BusType: 0

10:26:42.094 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-4

10:26:42.097 Disk 3 Vendor: Size: 0MB BusType: 0

10:26:42.101 Disk 4 \Device\Harddisk4\DR4 -> \Device\000000c1

10:26:42.104 Disk 4 Vendor: Size: 0MB BusType: 0

10:26:42.106 Disk 2 MBR read successfully

10:26:42.108 Disk 2 MBR scan

10:26:42.111 Disk 2 Windows 7 default MBR code

10:26:42.114 Disk 2 MBR hidden

10:26:42.117 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57240 MB offset 2048

10:26:42.121 Disk 2 scanning C:\Windows\system32\drivers

10:26:42.915 Service scanning

10:26:44.993 Modules scanning

10:26:45.001 Scan finished successfully

10:28:14.714 Disk 2 MBR has been saved successfully to "J:\Windows Files\Desktop\MBR.dat"

10:28:14.717 The log file has been saved successfully to "J:\Windows Files\Desktop\aswMBR.txt"

10:30:11.0895 4896 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

10:30:13.0907 4896 ============================================================

10:30:13.0907 4896 Current date / time: 2012/09/22 10:30:13.0907

10:30:13.0907 4896 SystemInfo:

10:30:13.0907 4896

10:30:13.0907 4896 OS Version: 6.1.7601 ServicePack: 1.0

10:30:13.0907 4896 Product type: Workstation

10:30:13.0907 4896 ComputerName: ROBERTPC

10:30:13.0907 4896 UserName: robert

10:30:13.0907 4896 Windows directory: C:\Windows

10:30:13.0907 4896 System windows directory: C:\Windows

10:30:13.0907 4896 Running under WOW64

10:30:13.0907 4896 Processor architecture: Intel x64

10:30:13.0907 4896 Number of processors: 8

10:30:13.0907 4896 Page size: 0x1000

10:30:13.0907 4896 Boot type: Normal boot

10:30:13.0907 4896 ============================================================

10:30:14.0079 4896 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:30:14.0095 4896 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:30:14.0095 4896 Drive \Device\Harddisk2\DR2 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:30:14.0095 4896 Drive \Device\Harddisk3\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:30:14.0126 4896 ============================================================

10:30:14.0126 4896 \Device\Harddisk0\DR0:

10:30:14.0126 4896 MBR partitions:

10:30:14.0126 4896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2BAA48A2

10:30:14.0141 4896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2BAA4920, BlocksNum 0x2BAA09E1

10:30:14.0141 4896 \Device\Harddisk1\DR1:

10:30:14.0157 4896 MBR partitions:

10:30:14.0157 4896 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC7FFCA1

10:30:14.0157 4896 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC7FFD1F, BlocksNum 0xC8F71D1

10:30:14.0157 4896 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x190F6F2F, BlocksNum 0xC3363E1

10:30:14.0157 4896 \Device\Harddisk2\DR2:

10:30:14.0157 4896 MBR partitions:

10:30:14.0157 4896 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCC000

10:30:14.0157 4896 \Device\Harddisk3\DR3:

10:30:14.0157 4896 MBR partitions:

10:30:14.0157 4896 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x56FA5C13

10:30:14.0173 4896 \Device\Harddisk3\DR3\Partition2: MBR, Type 0x7, StartLBA 0x56FA5C91, BlocksNum 0x57AE0AB0

10:30:14.0173 4896 ============================================================

10:30:14.0173 4896 C: <-> \Device\Harddisk2\DR2\Partition1

10:30:14.0204 4896 E: <-> \Device\Harddisk0\DR0\Partition1

10:30:14.0251 4896 D: <-> \Device\Harddisk0\DR0\Partition2

10:30:14.0251 4896 F: <-> \Device\Harddisk1\DR1\Partition1

10:30:14.0329 4896 G: <-> \Device\Harddisk1\DR1\Partition2

10:30:14.0344 4896 H: <-> \Device\Harddisk1\DR1\Partition3

10:30:14.0375 4896 I: <-> \Device\Harddisk3\DR3\Partition1

10:30:14.0407 4896 J: <-> \Device\Harddisk3\DR3\Partition2

10:30:14.0407 4896 ============================================================

10:30:14.0407 4896 Initialize success

10:30:14.0407 4896 ============================================================

10:30:22.0738 7004 ============================================================

10:30:22.0738 7004 Scan started

10:30:22.0738 7004 Mode: Manual;

10:30:22.0738 7004 ============================================================

10:30:23.0019 7004 ================ Scan system memory ========================

10:30:23.0019 7004 System memory - ok

10:30:23.0019 7004 ================ Scan services =============================

10:30:23.0066 7004 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

10:30:23.0066 7004 1394ohci - ok

10:30:23.0081 7004 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

10:30:23.0081 7004 ACPI - ok

10:30:23.0081 7004 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

10:30:23.0081 7004 AcpiPmi - ok

10:30:23.0112 7004 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

10:30:23.0112 7004 AdobeFlashPlayerUpdateSvc - ok

10:30:23.0112 7004 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

10:30:23.0128 7004 adp94xx - ok

10:30:23.0128 7004 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

10:30:23.0144 7004 adpahci - ok

10:30:23.0144 7004 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

10:30:23.0144 7004 adpu320 - ok

10:30:23.0144 7004 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

10:30:23.0144 7004 AeLookupSvc - ok

10:30:23.0159 7004 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\Windows\system32\drivers\afd.sys

10:30:23.0159 7004 AFD - ok

10:30:23.0159 7004 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

10:30:23.0159 7004 agp440 - ok

10:30:23.0159 7004 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

10:30:23.0159 7004 ALG - ok

10:30:23.0159 7004 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

10:30:23.0159 7004 aliide - ok

10:30:23.0175 7004 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

10:30:23.0175 7004 amdide - ok

10:30:23.0175 7004 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

10:30:23.0175 7004 AmdK8 - ok

10:30:23.0175 7004 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

10:30:23.0175 7004 AmdPPM - ok

10:30:23.0175 7004 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

10:30:23.0175 7004 amdsata - ok

10:30:23.0175 7004 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

10:30:23.0190 7004 amdsbs - ok

10:30:23.0190 7004 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

10:30:23.0190 7004 amdxata - ok

10:30:23.0190 7004 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

10:30:23.0190 7004 AppID - ok

10:30:23.0190 7004 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

10:30:23.0190 7004 AppIDSvc - ok

10:30:23.0190 7004 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

10:30:23.0190 7004 Appinfo - ok

10:30:23.0206 7004 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

10:30:23.0206 7004 AppMgmt - ok

10:30:23.0206 7004 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

10:30:23.0206 7004 arc - ok

10:30:23.0206 7004 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

10:30:23.0206 7004 arcsas - ok

10:30:23.0206 7004 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

10:30:23.0206 7004 AsyncMac - ok

10:30:23.0206 7004 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

10:30:23.0206 7004 atapi - ok

10:30:23.0222 7004 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

10:30:23.0222 7004 AudioEndpointBuilder - ok

10:30:23.0237 7004 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

10:30:23.0237 7004 AudioSrv - ok

10:30:23.0237 7004 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

10:30:23.0237 7004 AxInstSV - ok

10:30:23.0253 7004 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

10:30:23.0253 7004 b06bdrv - ok

10:30:23.0253 7004 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

10:30:23.0253 7004 b57nd60a - ok

10:30:23.0268 7004 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

10:30:23.0268 7004 BDESVC - ok

10:30:23.0268 7004 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

10:30:23.0268 7004 Beep - ok

10:30:23.0268 7004 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

10:30:23.0284 7004 BFE - ok

10:30:23.0284 7004 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

10:30:23.0300 7004 BITS - ok

10:30:23.0300 7004 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

10:30:23.0300 7004 blbdrive - ok

10:30:23.0300 7004 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

10:30:23.0300 7004 bowser - ok

10:30:23.0315 7004 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

10:30:23.0315 7004 BrFiltLo - ok

10:30:23.0315 7004 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

10:30:23.0315 7004 BrFiltUp - ok

10:30:23.0315 7004 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

10:30:23.0315 7004 BridgeMP - ok

10:30:23.0315 7004 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll

10:30:23.0315 7004 Browser - ok

10:30:23.0315 7004 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

10:30:23.0331 7004 Brserid - ok

10:30:23.0331 7004 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

10:30:23.0331 7004 BrSerWdm - ok

10:30:23.0331 7004 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

10:30:23.0331 7004 BrUsbMdm - ok

10:30:23.0331 7004 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

10:30:23.0331 7004 BrUsbSer - ok

10:30:23.0331 7004 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys

10:30:23.0331 7004 BthEnum - ok

10:30:23.0331 7004 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

10:30:23.0346 7004 BTHMODEM - ok

10:30:23.0346 7004 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

10:30:23.0346 7004 BthPan - ok

10:30:23.0346 7004 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys

10:30:23.0362 7004 BTHPORT - ok

10:30:23.0362 7004 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

10:30:23.0362 7004 bthserv - ok

10:30:23.0362 7004 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys

10:30:23.0362 7004 BTHUSB - ok

10:30:23.0362 7004 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

10:30:23.0362 7004 cdfs - ok

10:30:23.0362 7004 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

10:30:23.0362 7004 cdrom - ok

10:30:23.0378 7004 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

10:30:23.0378 7004 CertPropSvc - ok

10:30:23.0378 7004 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

10:30:23.0378 7004 circlass - ok

10:30:23.0378 7004 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

10:30:23.0378 7004 CLFS - ok

10:30:23.0393 7004 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:30:23.0393 7004 clr_optimization_v2.0.50727_32 - ok

10:30:23.0393 7004 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:30:23.0393 7004 clr_optimization_v2.0.50727_64 - ok

10:30:23.0393 7004 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:30:23.0393 7004 clr_optimization_v4.0.30319_32 - ok

10:30:23.0409 7004 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:30:23.0409 7004 clr_optimization_v4.0.30319_64 - ok

10:30:23.0409 7004 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

10:30:23.0409 7004 CmBatt - ok

10:30:23.0409 7004 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

10:30:23.0409 7004 cmdide - ok

10:30:23.0409 7004 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys

10:30:23.0424 7004 CNG - ok

10:30:23.0424 7004 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

10:30:23.0424 7004 Compbatt - ok

10:30:23.0424 7004 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

10:30:23.0424 7004 CompositeBus - ok

10:30:23.0424 7004 COMSysApp - ok

10:30:23.0424 7004 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe

10:30:23.0424 7004 cphs - ok

10:30:23.0424 7004 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

10:30:23.0440 7004 crcdisk - ok

10:30:23.0440 7004 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

10:30:23.0440 7004 Creative Audio Engine Licensing Service - ok

10:30:23.0440 7004 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll

10:30:23.0440 7004 CryptSvc - ok

10:30:23.0440 7004 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

10:30:23.0456 7004 CSC - ok

10:30:23.0456 7004 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

10:30:23.0456 7004 CscService - ok

10:30:23.0471 7004 [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS

10:30:23.0471 7004 CT20XUT - ok

10:30:23.0471 7004 [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS

10:30:23.0471 7004 CT20XUT.SYS - ok

10:30:23.0471 7004 [ EB3843A91A10150C9E05607CBCB44090 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys

10:30:23.0471 7004 ctac32k - ok

10:30:23.0487 7004 [ BC06EFB59A2316537765462DFE40F764 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys

10:30:23.0487 7004 ctaud2k - ok

10:30:23.0487 7004 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

10:30:23.0502 7004 CTAudSvcService - ok

10:30:23.0502 7004 [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS

10:30:23.0518 7004 CTEXFIFX - ok

10:30:23.0534 7004 [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS

10:30:23.0534 7004 CTEXFIFX.SYS - ok

10:30:23.0534 7004 [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS

10:30:23.0534 7004 CTHWIUT - ok

10:30:23.0534 7004 [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS

10:30:23.0534 7004 CTHWIUT.SYS - ok

10:30:23.0534 7004 [ EBC9548EF5838CB5AA8F18B3AC28AF12 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys

10:30:23.0534 7004 ctprxy2k - ok

10:30:23.0549 7004 [ 459BEE1682121842285C162E2D98D81A ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys

10:30:23.0549 7004 ctsfm2k - ok

10:30:23.0549 7004 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

10:30:23.0549 7004 DcomLaunch - ok

10:30:23.0565 7004 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

10:30:23.0565 7004 defragsvc - ok

10:30:23.0565 7004 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

10:30:23.0565 7004 DfsC - ok

10:30:23.0565 7004 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

10:30:23.0565 7004 Dhcp - ok

10:30:23.0580 7004 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

10:30:23.0580 7004 discache - ok

10:30:23.0580 7004 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

10:30:23.0580 7004 Disk - ok

10:30:23.0580 7004 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys

10:30:23.0580 7004 dmvsc - ok

10:30:23.0580 7004 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

10:30:23.0580 7004 Dnscache - ok

10:30:23.0580 7004 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

10:30:23.0596 7004 dot3svc - ok

10:30:23.0596 7004 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

10:30:23.0596 7004 DPS - ok

10:30:23.0596 7004 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

10:30:23.0596 7004 drmkaud - ok

10:30:23.0612 7004 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

10:30:23.0612 7004 DXGKrnl - ok

10:30:23.0612 7004 [ 471612D324D8682B98B267BD091D2219 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys

10:30:23.0612 7004 e1cexpress - ok

10:30:23.0612 7004 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys

10:30:23.0627 7004 E1G60 - ok

10:30:23.0627 7004 [ 13533557D01B88C83110D5CF749F14D7 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys

10:30:23.0627 7004 eamonm - ok

10:30:23.0627 7004 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

10:30:23.0627 7004 EapHost - ok

10:30:23.0658 7004 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

10:30:23.0674 7004 ebdrv - ok

10:30:23.0674 7004 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe

10:30:23.0690 7004 EFS - ok

10:30:23.0690 7004 [ E097728129E7B79BF1089D7AEF42332B ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys

10:30:23.0690 7004 ehdrv - ok

10:30:23.0690 7004 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

10:30:23.0690 7004 ehRecvr - ok

10:30:23.0705 7004 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

10:30:23.0705 7004 ehSched - ok

10:30:23.0799 7004 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn D:\util\ESET2\ESET Smart Security\x86\ekrn.exe

10:30:23.0799 7004 ekrn - ok

10:30:23.0814 7004 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

10:30:23.0814 7004 elxstor - ok

10:30:23.0830 7004 [ C26133B6165928FBD156C6FE570F9ED2 ] emupia C:\Windows\system32\drivers\emupia2k.sys

10:30:23.0830 7004 emupia - ok

10:30:23.0830 7004 [ 198C6FBC30BBD9632EA051203DCCF204 ] epfw C:\Windows\system32\DRIVERS\epfw.sys

10:30:23.0830 7004 epfw - ok

10:30:23.0846 7004 [ 56DE463F517710A8AA44EEF82C35B3C9 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys

10:30:23.0846 7004 EpfwLWF - ok

10:30:23.0846 7004 [ 710B0442BB2F99278D7B8E02A8849C11 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys

10:30:23.0846 7004 epfwwfp - ok

10:30:23.0846 7004 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

10:30:23.0846 7004 ErrDev - ok

10:30:23.0861 7004 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

10:30:23.0861 7004 EventSystem - ok

10:30:23.0861 7004 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

10:30:23.0861 7004 exfat - ok

10:30:23.0861 7004 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

10:30:23.0861 7004 fastfat - ok

10:30:23.0877 7004 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

10:30:23.0877 7004 Fax - ok

10:30:23.0877 7004 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

10:30:23.0877 7004 fdc - ok

10:30:23.0892 7004 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

10:30:23.0892 7004 fdPHost - ok

10:30:23.0892 7004 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

10:30:23.0892 7004 FDResPub - ok

10:30:23.0892 7004 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

10:30:23.0892 7004 FileInfo - ok

10:30:23.0892 7004 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

10:30:23.0892 7004 Filetrace - ok

10:30:23.0892 7004 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

10:30:23.0892 7004 flpydisk - ok

10:30:23.0908 7004 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

10:30:23.0908 7004 FltMgr - ok

10:30:23.0924 7004 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

10:30:23.0924 7004 FontCache - ok

10:30:23.0924 7004 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:30:23.0924 7004 FontCache3.0.0.0 - ok

10:30:23.0939 7004 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

10:30:23.0939 7004 FsDepends - ok

10:30:23.0939 7004 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

10:30:23.0939 7004 Fs_Rec - ok

10:30:23.0939 7004 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

10:30:23.0939 7004 fvevol - ok

10:30:23.0939 7004 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

10:30:23.0939 7004 gagp30kx - ok

10:30:23.0955 7004 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

10:30:23.0955 7004 gpsvc - ok

10:30:23.0970 7004 [ A3F010D5DBFB589A3B3288C05C2EA3F9 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys

10:30:23.0986 7004 ha20x2k - ok

10:30:23.0986 7004 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

10:30:23.0986 7004 hcw85cir - ok

10:30:23.0986 7004 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

10:30:23.0986 7004 HdAudAddService - ok

10:30:24.0002 7004 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

10:30:24.0002 7004 HDAudBus - ok

10:30:24.0002 7004 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

10:30:24.0002 7004 HidBatt - ok

10:30:24.0002 7004 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

10:30:24.0002 7004 HidBth - ok

10:30:24.0002 7004 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

10:30:24.0002 7004 HidIr - ok

10:30:24.0002 7004 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

10:30:24.0002 7004 hidserv - ok

10:30:24.0017 7004 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

10:30:24.0017 7004 HidUsb - ok

10:30:24.0017 7004 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

10:30:24.0017 7004 hkmsvc - ok

10:30:24.0017 7004 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

10:30:24.0017 7004 HomeGroupListener - ok

10:30:24.0033 7004 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

10:30:24.0033 7004 HomeGroupProvider - ok

10:30:24.0033 7004 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

10:30:24.0033 7004 HpSAMD - ok

10:30:24.0033 7004 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

10:30:24.0048 7004 HTTP - ok

10:30:24.0048 7004 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

10:30:24.0048 7004 hwpolicy - ok

10:30:24.0048 7004 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

10:30:24.0048 7004 i8042prt - ok

10:30:24.0064 7004 [ 8BB3D51678F405411CB209F350612185 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

10:30:24.0064 7004 iaStor - ok

10:30:24.0064 7004 [ 7384B2B486953A94377952726DF796DB ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

10:30:24.0064 7004 IAStorDataMgrSvc - ok

10:30:24.0080 7004 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

10:30:24.0080 7004 iaStorV - ok

10:30:24.0080 7004 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:30:24.0095 7004 idsvc - ok

10:30:24.0236 7004 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

10:30:24.0360 7004 igfx - ok

10:30:24.0360 7004 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

10:30:24.0360 7004 iirsp - ok

10:30:24.0376 7004 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

10:30:24.0376 7004 IKEEXT - ok

10:30:24.0392 7004 [ 7A3F838F2D7C8FD8E8CFF480384A798C ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe

10:30:24.0392 7004 Intel® PROSet Monitoring Service - ok

10:30:24.0392 7004 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

10:30:24.0392 7004 intelide - ok

10:30:24.0392 7004 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

10:30:24.0392 7004 intelppm - ok

10:30:24.0392 7004 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

10:30:24.0392 7004 IPBusEnum - ok

10:30:24.0392 7004 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:30:24.0392 7004 IpFilterDriver - ok

10:30:24.0407 7004 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

10:30:24.0407 7004 iphlpsvc - ok

10:30:24.0407 7004 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

10:30:24.0407 7004 IPMIDRV - ok

10:30:24.0407 7004 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

10:30:24.0407 7004 IPNAT - ok

10:30:24.0407 7004 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

10:30:24.0407 7004 IRENUM - ok

10:30:24.0423 7004 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

10:30:24.0423 7004 isapnp - ok

10:30:24.0423 7004 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

10:30:24.0423 7004 iScsiPrt - ok

10:30:24.0423 7004 [ 79A55E8907F34AB569029505418C35EF ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

10:30:24.0423 7004 JRAID - ok

10:30:24.0423 7004 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

10:30:24.0423 7004 kbdclass - ok

10:30:24.0423 7004 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

10:30:24.0423 7004 kbdhid - ok

10:30:24.0423 7004 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe

10:30:24.0423 7004 KeyIso - ok

10:30:24.0438 7004 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

10:30:24.0438 7004 KSecDD - ok

10:30:24.0438 7004 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

10:30:24.0438 7004 KSecPkg - ok

10:30:24.0438 7004 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

10:30:24.0438 7004 ksthunk - ok

10:30:24.0438 7004 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

10:30:24.0438 7004 KtmRm - ok

10:30:24.0454 7004 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

10:30:24.0454 7004 LanmanServer - ok

10:30:24.0454 7004 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

10:30:24.0454 7004 LanmanWorkstation - ok

10:30:24.0454 7004 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

10:30:24.0454 7004 lltdio - ok

10:30:24.0454 7004 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

10:30:24.0470 7004 lltdsvc - ok

10:30:24.0470 7004 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

10:30:24.0470 7004 lmhosts - ok

10:30:24.0470 7004 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

10:30:24.0470 7004 LSI_FC - ok

10:30:24.0470 7004 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

10:30:24.0470 7004 LSI_SAS - ok

10:30:24.0470 7004 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

10:30:24.0470 7004 LSI_SAS2 - ok

10:30:24.0470 7004 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

10:30:24.0485 7004 LSI_SCSI - ok

10:30:24.0485 7004 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

10:30:24.0485 7004 luafv - ok

10:30:24.0485 7004 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

10:30:24.0485 7004 MBAMProtector - ok

10:30:24.0485 7004 MBAMScheduler - ok

10:30:24.0485 7004 MBAMService - ok

10:30:24.0485 7004 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

10:30:24.0485 7004 Mcx2Svc - ok

10:30:24.0485 7004 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

10:30:24.0485 7004 megasas - ok

10:30:24.0501 7004 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

10:30:24.0501 7004 MegaSR - ok

10:30:24.0501 7004 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

10:30:24.0501 7004 MEIx64 - ok

10:30:24.0501 7004 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

10:30:24.0501 7004 MMCSS - ok

10:30:24.0501 7004 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

10:30:24.0501 7004 Modem - ok

10:30:24.0501 7004 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

10:30:24.0501 7004 monitor - ok

10:30:24.0501 7004 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

10:30:24.0501 7004 mouclass - ok

10:30:24.0516 7004 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

10:30:24.0516 7004 mouhid - ok

10:30:24.0516 7004 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

10:30:24.0516 7004 mountmgr - ok

10:30:24.0516 7004 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

10:30:24.0516 7004 mpio - ok

10:30:24.0516 7004 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

10:30:24.0516 7004 mpsdrv - ok

10:30:24.0532 7004 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

10:30:24.0532 7004 MpsSvc - ok

10:30:24.0532 7004 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

10:30:24.0532 7004 MRxDAV - ok

10:30:24.0532 7004 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

10:30:24.0532 7004 mrxsmb - ok

10:30:24.0548 7004 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:30:24.0548 7004 mrxsmb10 - ok

10:30:24.0548 7004 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:30:24.0548 7004 mrxsmb20 - ok

10:30:24.0548 7004 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

10:30:24.0548 7004 msahci - ok

10:30:24.0548 7004 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

10:30:24.0548 7004 msdsm - ok

10:30:24.0563 7004 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

10:30:24.0563 7004 MSDTC - ok

10:30:24.0563 7004 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

10:30:24.0563 7004 Msfs - ok

10:30:24.0563 7004 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

10:30:24.0563 7004 mshidkmdf - ok

10:30:24.0563 7004 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

10:30:24.0563 7004 msisadrv - ok

10:30:24.0563 7004 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

10:30:24.0563 7004 MSiSCSI - ok

10:30:24.0563 7004 msiserver - ok

10:30:24.0563 7004 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

10:30:24.0579 7004 MSKSSRV - ok

10:30:24.0579 7004 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

10:30:24.0579 7004 MSPCLOCK - ok

10:30:24.0579 7004 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

10:30:24.0579 7004 MSPQM - ok

10:30:24.0579 7004 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

10:30:24.0579 7004 MsRPC - ok

10:30:24.0579 7004 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

10:30:24.0579 7004 mssmbios - ok

10:30:24.0579 7004 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

10:30:24.0579 7004 MSTEE - ok

10:30:24.0594 7004 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

10:30:24.0594 7004 MTConfig - ok

10:30:24.0594 7004 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

10:30:24.0594 7004 Mup - ok

10:30:24.0594 7004 [ BAA293F089077FE71F855BA5649648D9 ] mv91cons C:\Windows\system32\DRIVERS\mv91cons.sys

10:30:24.0594 7004 mv91cons - ok

10:30:24.0594 7004 [ A986DC81534582FA478C286E8F57A877 ] mvs91xx C:\Windows\system32\DRIVERS\mvs91xx.sys

10:30:24.0594 7004 mvs91xx - ok

10:30:24.0610 7004 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

10:30:24.0610 7004 napagent - ok

10:30:24.0610 7004 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

10:30:24.0610 7004 NativeWifiP - ok

10:30:24.0626 7004 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

10:30:24.0626 7004 NDIS - ok

10:30:24.0626 7004 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

10:30:24.0626 7004 NdisCap - ok

10:30:24.0641 7004 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

10:30:24.0641 7004 NdisTapi - ok

10:30:24.0641 7004 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

10:30:24.0641 7004 Ndisuio - ok

10:30:24.0641 7004 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

10:30:24.0641 7004 NdisWan - ok

10:30:24.0641 7004 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

10:30:24.0641 7004 NDProxy - ok

10:30:24.0641 7004 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

10:30:24.0641 7004 NetBIOS - ok

10:30:24.0641 7004 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

10:30:24.0657 7004 NetBT - ok

10:30:24.0657 7004 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe

10:30:24.0657 7004 Netlogon - ok

10:30:24.0657 7004 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

10:30:24.0657 7004 Netman - ok

10:30:24.0672 7004 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

10:30:24.0672 7004 netprofm - ok

10:30:24.0672 7004 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:30:24.0672 7004 NetTcpPortSharing - ok

10:30:24.0672 7004 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

10:30:24.0672 7004 nfrd960 - ok

10:30:24.0672 7004 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

10:30:24.0672 7004 NlaSvc - ok

10:30:24.0688 7004 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

10:30:24.0688 7004 Npfs - ok

10:30:24.0688 7004 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

10:30:24.0688 7004 nsi - ok

10:30:24.0688 7004 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

10:30:24.0688 7004 nsiproxy - ok

10:30:24.0704 7004 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

10:30:24.0719 7004 Ntfs - ok

10:30:24.0719 7004 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

10:30:24.0719 7004 Null - ok

10:30:24.0719 7004 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys

10:30:24.0719 7004 nusb3hub - ok

10:30:24.0719 7004 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys

10:30:24.0719 7004 nusb3xhc - ok

10:30:24.0719 7004 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

10:30:24.0719 7004 NVHDA - ok

10:30:24.0875 7004 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

10:30:24.0922 7004 nvlddmkm - ok

10:30:24.0922 7004 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

10:30:24.0922 7004 nvraid - ok

10:30:24.0922 7004 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

10:30:24.0922 7004 nvstor - ok

10:30:24.0938 7004 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe

10:30:24.0938 7004 nvsvc - ok

10:30:24.0953 7004 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

10:30:24.0969 7004 nvUpdatusService - ok

10:30:24.0969 7004 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

10:30:24.0969 7004 nv_agp - ok

10:30:24.0969 7004 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

10:30:24.0969 7004 ohci1394 - ok

10:30:24.0969 7004 [ 0E2DE427EBE106E7E5B52869D5C99F68 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys

10:30:24.0969 7004 ossrv - ok

10:30:24.0969 7004 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

10:30:24.0984 7004 p2pimsvc - ok

10:30:24.0984 7004 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

10:30:24.0984 7004 p2psvc - ok

10:30:24.0984 7004 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

10:30:24.0984 7004 Parport - ok

10:30:25.0000 7004 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys

10:30:25.0000 7004 partmgr - ok

10:30:25.0000 7004 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

10:30:25.0000 7004 PcaSvc - ok

10:30:25.0000 7004 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

10:30:25.0000 7004 pci - ok

10:30:25.0000 7004 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

10:30:25.0000 7004 pciide - ok

10:30:25.0016 7004 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

10:30:25.0016 7004 pcmcia - ok

10:30:25.0016 7004 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

10:30:25.0016 7004 pcw - ok

10:30:25.0016 7004 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

10:30:25.0031 7004 PEAUTH - ok

10:30:25.0031 7004 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

10:30:25.0047 7004 PeerDistSvc - ok

10:30:25.0047 7004 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

10:30:25.0047 7004 PerfHost - ok

10:30:25.0062 7004 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

10:30:25.0078 7004 pla - ok

10:30:25.0078 7004 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

10:30:25.0078 7004 PlugPlay - ok

10:30:25.0094 7004 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

10:30:25.0094 7004 PNRPAutoReg - ok

10:30:25.0094 7004 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

10:30:25.0094 7004 PNRPsvc - ok

10:30:25.0094 7004 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

10:30:25.0109 7004 PolicyAgent - ok

10:30:25.0109 7004 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

10:30:25.0109 7004 Power - ok

10:30:25.0109 7004 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

10:30:25.0109 7004 PptpMiniport - ok

10:30:25.0109 7004 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

10:30:25.0109 7004 Processor - ok

10:30:25.0125 7004 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll

10:30:25.0125 7004 ProfSvc - ok

10:30:25.0125 7004 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe

10:30:25.0125 7004 ProtectedStorage - ok

10:30:25.0125 7004 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

10:30:25.0125 7004 Psched - ok

10:30:25.0140 7004 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

10:30:25.0156 7004 ql2300 - ok

10:30:25.0156 7004 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

10:30:25.0156 7004 ql40xx - ok

10:30:25.0156 7004 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

10:30:25.0156 7004 QWAVE - ok

10:30:25.0156 7004 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

10:30:25.0156 7004 QWAVEdrv - ok

10:30:25.0172 7004 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

10:30:25.0172 7004 RasAcd - ok

10:30:25.0172 7004 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

10:30:25.0172 7004 RasAgileVpn - ok

10:30:25.0172 7004 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

10:30:25.0172 7004 RasAuto - ok

10:30:25.0172 7004 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

10:30:25.0172 7004 Rasl2tp - ok

10:30:25.0172 7004 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

10:30:25.0187 7004 RasMan - ok

10:30:25.0187 7004 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

10:30:25.0187 7004 RasPppoe - ok

10:30:25.0187 7004 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

10:30:25.0187 7004 RasSstp - ok

10:30:25.0187 7004 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

10:30:25.0187 7004 rdbss - ok

10:30:25.0187 7004 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

10:30:25.0187 7004 rdpbus - ok

10:30:25.0203 7004 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

10:30:25.0203 7004 RDPCDD - ok

10:30:25.0203 7004 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

10:30:25.0203 7004 RDPDR - ok

10:30:25.0203 7004 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

10:30:25.0203 7004 RDPENCDD - ok

10:30:25.0203 7004 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

10:30:25.0203 7004 RDPREFMP - ok

10:30:25.0203 7004 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

10:30:25.0203 7004 RdpVideoMiniport - ok

10:30:25.0218 7004 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

10:30:25.0218 7004 RDPWD - ok

10:30:25.0218 7004 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

10:30:25.0218 7004 rdyboost - ok

10:30:25.0218 7004 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

10:30:25.0218 7004 RemoteAccess - ok

10:30:25.0218 7004 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

10:30:25.0218 7004 RemoteRegistry - ok

10:30:25.0234 7004 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

10:30:25.0234 7004 RFCOMM - ok

10:30:25.0234 7004 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

10:30:25.0234 7004 RpcEptMapper - ok

10:30:25.0234 7004 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

10:30:25.0234 7004 RpcLocator - ok

10:30:25.0250 7004 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

10:30:25.0250 7004 RpcSs - ok

10:30:25.0250 7004 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

10:30:25.0250 7004 rspndr - ok

10:30:25.0250 7004 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

10:30:25.0250 7004 RTL8167 - ok

10:30:25.0250 7004 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

10:30:25.0250 7004 s3cap - ok

10:30:25.0265 7004 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe

10:30:25.0265 7004 SamSs - ok

10:30:25.0265 7004 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

10:30:25.0265 7004 sbp2port - ok

10:30:25.0265 7004 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

10:30:25.0265 7004 SCardSvr - ok

10:30:25.0265 7004 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

10:30:25.0265 7004 scfilter - ok

10:30:25.0281 7004 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

10:30:25.0281 7004 Schedule - ok

10:30:25.0296 7004 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

10:30:25.0296 7004 SCPolicySvc - ok

10:30:25.0296 7004 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

10:30:25.0296 7004 SDRSVC - ok

10:30:25.0296 7004 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

10:30:25.0296 7004 secdrv - ok

10:30:25.0296 7004 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

10:30:25.0296 7004 seclogon - ok

10:30:25.0296 7004 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

10:30:25.0312 7004 SENS - ok

10:30:25.0312 7004 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

10:30:25.0312 7004 SensrSvc - ok

10:30:25.0312 7004 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

10:30:25.0312 7004 Serenum - ok

10:30:25.0312 7004 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

10:30:25.0312 7004 Serial - ok

10:30:25.0312 7004 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

10:30:25.0312 7004 sermouse - ok

10:30:25.0312 7004 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

10:30:25.0328 7004 SessionEnv - ok

10:30:25.0328 7004 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

10:30:25.0328 7004 sffdisk - ok

10:30:25.0328 7004 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

10:30:25.0328 7004 sffp_mmc - ok

10:30:25.0328 7004 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

10:30:25.0328 7004 sffp_sd - ok

10:30:25.0328 7004 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

10:30:25.0328 7004 sfloppy - ok

10:30:25.0328 7004 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

10:30:25.0328 7004 SharedAccess - ok

10:30:25.0343 7004 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

10:30:25.0343 7004 ShellHWDetection - ok

10:30:25.0343 7004 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

10:30:25.0343 7004 SiSRaid2 - ok

10:30:25.0343 7004 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

10:30:25.0343 7004 SiSRaid4 - ok

10:30:25.0343 7004 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

10:30:25.0343 7004 Smb - ok

10:30:25.0359 7004 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

10:30:25.0359 7004 SNMPTRAP - ok

10:30:25.0359 7004 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

10:30:25.0359 7004 spldr - ok

10:30:25.0359 7004 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe

10:30:25.0359 7004 Spooler - ok

10:30:25.0406 7004 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

10:30:25.0421 7004 sppsvc - ok

10:30:25.0421 7004 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

10:30:25.0437 7004 sppuinotify - ok

10:30:25.0437 7004 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

10:30:25.0437 7004 srv - ok

10:30:25.0437 7004 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

10:30:25.0452 7004 srv2 - ok

10:30:25.0452 7004 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

10:30:25.0452 7004 srvnet - ok

10:30:25.0452 7004 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

10:30:25.0452 7004 SSDPSRV - ok

10:30:25.0452 7004 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

10:30:25.0452 7004 SstpSvc - ok

10:30:25.0468 7004 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

10:30:25.0468 7004 Stereo Service - ok

10:30:25.0468 7004 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

10:30:25.0468 7004 stexstor - ok

10:30:25.0468 7004 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

10:30:25.0484 7004 stisvc - ok

10:30:25.0484 7004 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

10:30:25.0484 7004 storflt - ok

10:30:25.0484 7004 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll

10:30:25.0484 7004 StorSvc - ok

10:30:25.0484 7004 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

10:30:25.0484 7004 storvsc - ok

10:30:25.0484 7004 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

10:30:25.0484 7004 swenum - ok

10:30:25.0499 7004 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

10:30:25.0499 7004 swprv - ok

10:30:25.0499 7004 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys

10:30:25.0499 7004 Synth3dVsc - ok

10:30:25.0515 7004 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

10:30:25.0530 7004 SysMain - ok

10:30:25.0530 7004 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

10:30:25.0530 7004 TabletInputService - ok

10:30:25.0546 7004 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

10:30:25.0546 7004 TapiSrv - ok

10:30:25.0546 7004 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

10:30:25.0546 7004 TBS - ok

10:30:25.0562 7004 [ F0E98C00A09FDF791525829A1D14240F ] Tcpip C:\Windows\system32\drivers\tcpip.sys

10:30:25.0577 7004 Tcpip - ok

10:30:25.0593 7004 [ F0E98C00A09FDF791525829A1D14240F ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

10:30:25.0608 7004 TCPIP6 - ok

10:30:25.0608 7004 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

10:30:25.0608 7004 tcpipreg - ok

10:30:25.0608 7004 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

10:30:25.0608 7004 TDPIPE - ok

10:30:25.0608 7004 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

10:30:25.0608 7004 TDTCP - ok

10:30:25.0608 7004 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

10:30:25.0608 7004 tdx - ok

10:30:25.0608 7004 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

10:30:25.0624 7004 TermDD - ok

10:30:25.0624 7004 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys

10:30:25.0624 7004 terminpt - ok

10:30:25.0624 7004 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

10:30:25.0624 7004 TermService - ok

10:30:25.0640 7004 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

10:30:25.0640 7004 Themes - ok

10:30:25.0640 7004 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

10:30:25.0640 7004 THREADORDER - ok

10:30:25.0640 7004 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

10:30:25.0640 7004 TrkWks - ok

10:30:25.0640 7004 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

10:30:25.0640 7004 TrustedInstaller - ok

10:30:25.0640 7004 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

10:30:25.0655 7004 tssecsrv - ok

10:30:25.0655 7004 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

10:30:25.0655 7004 TsUsbFlt - ok

10:30:25.0655 7004 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

10:30:25.0655 7004 TsUsbGD - ok

10:30:25.0655 7004 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys

10:30:25.0655 7004 tsusbhub - ok

10:30:25.0811 7004 [ 6F9C322B321116303B85A1FE9B75253C ] TuneUp.UtilitiesSvc D:\Util\TuneUp\TuneUpUtilitiesService64.exe

10:30:25.0827 7004 TuneUp.UtilitiesSvc - ok

10:30:25.0827 7004 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv D:\Util\TuneUp\TuneUpUtilitiesDriver64.sys

10:30:25.0827 7004 TuneUpUtilitiesDrv - ok

10:30:25.0827 7004 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

10:30:25.0827 7004 tunnel - ok

10:30:25.0842 7004 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

10:30:25.0842 7004 uagp35 - ok

10:30:25.0842 7004 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

10:30:25.0842 7004 udfs - ok

10:30:25.0842 7004 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

10:30:25.0842 7004 UI0Detect - ok

10:30:25.0842 7004 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

10:30:25.0858 7004 uliagpkx - ok

10:30:25.0858 7004 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

10:30:25.0858 7004 umbus - ok

10:30:25.0858 7004 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

10:30:25.0858 7004 UmPass - ok

10:30:25.0858 7004 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

10:30:25.0858 7004 UmRdpService - ok

10:30:25.0858 7004 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

10:30:25.0874 7004 upnphost - ok

10:30:25.0874 7004 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

10:30:25.0874 7004 usbaudio - ok

10:30:25.0874 7004 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

10:30:25.0874 7004 usbccgp - ok

10:30:25.0874 7004 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

10:30:25.0874 7004 usbcir - ok

10:30:25.0874 7004 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

10:30:25.0874 7004 usbehci - ok

10:30:25.0889 7004 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

10:30:25.0889 7004 usbhub - ok

10:30:25.0889 7004 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

10:30:25.0889 7004 usbohci - ok

10:30:25.0889 7004 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

10:30:25.0889 7004 usbprint - ok

10:30:25.0889 7004 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

10:30:25.0889 7004 usbscan - ok

10:30:25.0889 7004 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:30:25.0889 7004 USBSTOR - ok

10:30:25.0889 7004 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

10:30:25.0889 7004 usbuhci - ok

10:30:25.0905 7004 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

10:30:25.0905 7004 UxSms - ok

10:30:25.0905 7004 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe

10:30:25.0905 7004 VaultSvc - ok

10:30:25.0905 7004 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

10:30:25.0905 7004 vdrvroot - ok

10:30:25.0905 7004 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

10:30:25.0920 7004 vds - ok

10:30:25.0920 7004 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

10:30:25.0920 7004 vga - ok

10:30:25.0920 7004 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

10:30:25.0920 7004 VgaSave - ok

10:30:25.0920 7004 VGPU - ok

10:30:25.0920 7004 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

10:30:25.0920 7004 vhdmp - ok

10:30:25.0920 7004 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

10:30:25.0920 7004 viaide - ok

10:30:25.0936 7004 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

10:30:25.0936 7004 vmbus - ok

10:30:25.0936 7004 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

10:30:25.0936 7004 VMBusHID - ok

10:30:25.0936 7004 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

10:30:25.0936 7004 volmgr - ok

10:30:25.0936 7004 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

10:30:25.0936 7004 volmgrx - ok

10:30:25.0952 7004 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

10:30:25.0952 7004 volsnap - ok

10:30:25.0952 7004 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

10:30:25.0952 7004 vsmraid - ok

10:30:25.0967 7004 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

10:30:25.0983 7004 VSS - ok

10:30:25.0983 7004 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

10:30:25.0983 7004 vwifibus - ok

10:30:25.0983 7004 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

10:30:25.0998 7004 W32Time - ok

10:30:25.0998 7004 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

10:30:25.0998 7004 WacomPen - ok

10:30:25.0998 7004 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

10:30:25.0998 7004 WANARP - ok

10:30:25.0998 7004 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

10:30:25.0998 7004 Wanarpv6 - ok

10:30:26.0014 7004 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

10:30:26.0030 7004 wbengine - ok

10:30:26.0030 7004 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

10:30:26.0030 7004 WbioSrvc - ok

10:30:26.0030 7004 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

10:30:26.0045 7004 wcncsvc - ok

10:30:26.0045 7004 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

10:30:26.0045 7004 WcsPlugInService - ok

10:30:26.0045 7004 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

10:30:26.0045 7004 Wd - ok

10:30:26.0045 7004 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

10:30:26.0061 7004 Wdf01000 - ok

10:30:26.0061 7004 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

10:30:26.0061 7004 WdiServiceHost - ok

10:30:26.0061 7004 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

10:30:26.0061 7004 WdiSystemHost - ok

10:30:26.0061 7004 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

10:30:26.0076 7004 WebClient - ok

10:30:26.0076 7004 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

10:30:26.0076 7004 Wecsvc - ok

10:30:26.0076 7004 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

10:30:26.0076 7004 wercplsupport - ok

10:30:26.0076 7004 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

10:30:26.0076 7004 WerSvc - ok

10:30:26.0076 7004 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

10:30:26.0076 7004 WfpLwf - ok

10:30:26.0092 7004 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

10:30:26.0092 7004 WIMMount - ok

10:30:26.0139 7004 [ CF318F60A84F15AF352439465A8D05F4 ] WinDefend D:\Util\Windows Defender\mpsvc.dll

10:30:26.0154 7004 WinDefend - ok

10:30:26.0154 7004 WinHttpAutoProxySvc - ok

10:30:26.0170 7004 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

10:30:26.0170 7004 Winmgmt - ok

10:30:26.0186 7004 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

10:30:26.0217 7004 WinRM - ok

10:30:26.0217 7004 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

10:30:26.0232 7004 Wlansvc - ok

10:30:26.0232 7004 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

10:30:26.0232 7004 WmiAcpi - ok

10:30:26.0232 7004 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

10:30:26.0232 7004 wmiApSrv - ok

10:30:26.0295 7004 [ A9F3BFC9345F49614D5859EC95B9E994 ] WMPNetworkSvc D:\Util\Windows Media Player\wmpnetwk.exe

10:30:26.0310 7004 WMPNetworkSvc - ok

10:30:26.0310 7004 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

10:30:26.0326 7004 WPCSvc - ok

10:30:26.0326 7004 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

10:30:26.0326 7004 WPDBusEnum - ok

10:30:26.0326 7004 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

10:30:26.0326 7004 ws2ifsl - ok

10:30:26.0326 7004 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

10:30:26.0326 7004 wscsvc - ok

10:30:26.0326 7004 WSearch - ok

10:30:26.0357 7004 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll

10:30:26.0373 7004 wuauserv - ok

10:30:26.0373 7004 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

10:30:26.0373 7004 WudfPf - ok

10:30:26.0388 7004 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

10:30:26.0388 7004 WUDFRd - ok

10:30:26.0388 7004 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

10:30:26.0388 7004 wudfsvc - ok

10:30:26.0388 7004 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

10:30:26.0388 7004 WwanSvc - ok

10:30:26.0404 7004 ================ Scan global ===============================

10:30:26.0404 7004 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

10:30:26.0404 7004 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

10:30:26.0404 7004 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

10:30:26.0404 7004 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

10:30:26.0420 7004 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

10:30:26.0420 7004 [Global] - ok

10:30:26.0420 7004 ================ Scan MBR ==================================

10:30:26.0435 7004 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

10:30:26.0466 7004 \Device\Harddisk0\DR0 - ok

10:30:26.0482 7004 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1

10:30:26.0622 7004 \Device\Harddisk1\DR1 - ok

10:30:26.0622 7004 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2

10:30:26.0732 7004 \Device\Harddisk2\DR2 - ok

10:30:26.0747 7004 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3

10:30:26.0825 7004 \Device\Harddisk3\DR3 - ok

10:30:26.0825 7004 ================ Scan VBR ==================================

10:30:26.0825 7004 [ 3E3FB366C810D8527357B7862B148976 ] \Device\Harddisk0\DR0\Partition1

10:30:26.0825 7004 \Device\Harddisk0\DR0\Partition1 - ok

10:30:26.0841 7004 [ 9EF91FB6287B4B27497189864C9844E8 ] \Device\Harddisk0\DR0\Partition2

10:30:26.0841 7004 \Device\Harddisk0\DR0\Partition2 - ok

10:30:26.0841 7004 [ A084F48E61C2F3D6900D592A8291E7FF ] \Device\Harddisk1\DR1\Partition1

10:30:26.0841 7004 \Device\Harddisk1\DR1\Partition1 - ok

10:30:26.0856 7004 [ 620FBEF6C60B527E7AF25FDBB758B154 ] \Device\Harddisk1\DR1\Partition2

10:30:26.0856 7004 \Device\Harddisk1\DR1\Partition2 - ok

10:30:26.0856 7004 [ AE0DB6B22CC680DCDE4A83DE4C5EA9F3 ] \Device\Harddisk1\DR1\Partition3

10:30:26.0856 7004 \Device\Harddisk1\DR1\Partition3 - ok

10:30:26.0856 7004 [ 377E291051CEDC3970FE256F3A09F467 ] \Device\Harddisk2\DR2\Partition1

10:30:26.0856 7004 \Device\Harddisk2\DR2\Partition1 - ok

10:30:26.0856 7004 [ BA28396E0877F2F649772B059D5591BB ] \Device\Harddisk3\DR3\Partition1

10:30:26.0856 7004 \Device\Harddisk3\DR3\Partition1 - ok

10:30:26.0872 7004 [ 25CEC9702A240214DFEF4F7EC5555BCC ] \Device\Harddisk3\DR3\Partition2

10:30:26.0888 7004 \Device\Harddisk3\DR3\Partition2 - ok

10:30:26.0888 7004 ============================================================

10:30:26.0888 7004 Scan finished

10:30:26.0888 7004 ============================================================

10:30:26.0888 5656 Detected object count: 0

10:30:26.0888 5656 Actual detected object count: 0

RogueKiller V8.0.4 [09/19/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : robert [Admin rights]

Mode : Scan -- Date : 09/22/2012 10:34:43

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] magicJack.exe -- J:\Windows Files\Appllication Data\mjusbsp\magicJack.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 18 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : cdloader ("J:\Windows Files\Appllication Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1141580518-2314498541-1711201211-1000[...]\Run : cdloader ("J:\Windows Files\Appllication Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

[services][bLPATH] HKLM\[...]\ControlSet001\Services\MBAMScheduler ("\mbamscheduler.exe") -> FOUND

[services][bLPATH] HKLM\[...]\ControlSet001\Services\MBAMService ("\mbamservice.exe") -> FOUND

[services][bLPATH] HKLM\[...]\ControlSet002\Services\MBAMScheduler ("\mbamscheduler.exe") -> FOUND

[services][bLPATH] HKLM\[...]\ControlSet002\Services\MBAMService ("\mbamservice.exe") -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 secure.tune-up.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3750330AS +++++

--- User ---

[MBR] 2e12d1aeb4bc52ffe2dcc4687d56da48

[bSP] d92268c0d81714cec0ead1bb40b4a063 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 357705 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 732580065 | Size: 357697 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST3320620AS +++++

--- User ---

[MBR] 54e979af4e35517759db3c8041ab4cd0

[bSP] f4256a7715b85f59bd2c25aa80a51eaa : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 102399 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 209714463 | Size: 102894 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 420441903 | Size: 99948 Mo

3 - [XXXXXX] UNKNOWN (0xdf) [VISIBLE] Offset (sectors): 625137664 | Size: 2 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: OCZ-VERTEX2 +++++

--- User ---

[MBR] 5f88795659d9e94ab8a86330dc6af616

[bSP] 573e7fd742518bd894eeefd6ec784334 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 57240 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive3: ST31500341AS +++++

--- User ---

[MBR] 55525264c9e0867c3d264e8592dacc64

[bSP] 2fd5b4f32e44b54ae15096a767743a5e : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 712523 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1459248210 | Size: 718273 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Turn ON the Windows 7 User Account Control (where it is now is off and that is not a good spot to be)

See http://windows.microsoft.com/en-US/windows7/What-are-User-Account-Control-settings

Set it to 1 or at most 2 notches just below "always notify".

Tell me if the "exe is not a valid win32 application" is still happening. :excl:

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a new reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

3

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

4

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Hello Maurice. I turned on UAC as you suggested. Following are the logs you requested.

Robert

RogueKiller V8.0.4 [09/19/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : robert [Admin rights]

Mode : Scan -- Date : 09/22/2012 10:34:43

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] magicJack.exe -- J:\Windows Files\Appllication Data\mjusbsp\magicJack.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 18 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : cdloader ("J:\Windows Files\Appllication Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1141580518-2314498541-1711201211-1000[...]\Run : cdloader ("J:\Windows Files\Appllication Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

[services][bLPATH] HKLM\[...]\ControlSet001\Services\MBAMScheduler ("\mbamscheduler.exe") -> FOUND

[services][bLPATH] HKLM\[...]\ControlSet001\Services\MBAMService ("\mbamservice.exe") -> FOUND

[services][bLPATH] HKLM\[...]\ControlSet002\Services\MBAMScheduler ("\mbamscheduler.exe") -> FOUND

[services][bLPATH] HKLM\[...]\ControlSet002\Services\MBAMService ("\mbamservice.exe") -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 secure.tune-up.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3750330AS +++++

--- User ---

[MBR] 2e12d1aeb4bc52ffe2dcc4687d56da48

[bSP] d92268c0d81714cec0ead1bb40b4a063 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 357705 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 732580065 | Size: 357697 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST3320620AS +++++

--- User ---

[MBR] 54e979af4e35517759db3c8041ab4cd0

[bSP] f4256a7715b85f59bd2c25aa80a51eaa : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 102399 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 209714463 | Size: 102894 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 420441903 | Size: 99948 Mo

3 - [XXXXXX] UNKNOWN (0xdf) [VISIBLE] Offset (sectors): 625137664 | Size: 2 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: OCZ-VERTEX2 +++++

--- User ---

[MBR] 5f88795659d9e94ab8a86330dc6af616

[bSP] 573e7fd742518bd894eeefd6ec784334 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 57240 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive3: ST31500341AS +++++

--- User ---

[MBR] 55525264c9e0867c3d264e8592dacc64

[bSP] 2fd5b4f32e44b54ae15096a767743a5e : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 712523 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1459248210 | Size: 718273 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

OTL logfile created on: 9/22/2012 12:21:47 PM - Run 1

OTL by OldTimer - Version 3.2.65.1 Folder = J:\Windows Files\Desktop

64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.90 Gb Total Physical Memory | 14.29 Gb Available Physical Memory | 89.88% Memory free

23.71 Gb Paging File | 21.39 Gb Available in Paging File | 90.21% Paging File free

Paging file location(s): c:\pagefile.sys 8000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = D:\Util

Drive C: | 55.90 Gb Total Space | 23.36 Gb Free Space | 41.78% Space Free | Partition Type: NTFS

Drive D: | 349.31 Gb Total Space | 207.48 Gb Free Space | 59.40% Space Free | Partition Type: NTFS

Drive E: | 349.32 Gb Total Space | 120.66 Gb Free Space | 34.54% Space Free | Partition Type: NTFS

Drive F: | 100.00 Gb Total Space | 88.96 Gb Free Space | 88.96% Space Free | Partition Type: NTFS

Drive G: | 100.48 Gb Total Space | 62.27 Gb Free Space | 61.97% Space Free | Partition Type: NTFS

Drive H: | 97.61 Gb Total Space | 70.00 Gb Free Space | 71.72% Space Free | Partition Type: NTFS

Drive I: | 695.82 Gb Total Space | 78.61 Gb Free Space | 11.30% Space Free | Partition Type: NTFS

Drive J: | 701.44 Gb Total Space | 239.81 Gb Free Space | 34.19% Space Free | Partition Type: NTFS

Computer Name: ROBERTPC | User Name: robert | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/22 12:20:35 | 000,600,576 | ---- | M] (OldTimer Tools) -- J:\Windows Files\Desktop\OTL.exe

PRC - [2012/09/12 03:28:03 | 000,388,576 | ---- | M] (Mozilla Corporation) -- D:\ThunderbirdPortable\App\Thunderbird\thunderbird.exe

PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/03/25 11:13:18 | 000,329,312 | ---- | M] (BillP Studios) -- D:\Util\WinPatrol\WinPatrol.exe

PRC - [2011/09/30 08:51:50 | 000,121,648 | ---- | M] () -- D:\Util\WizMouse\WizMouse.exe

PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- D:\Util\ESET2\ESET Smart Security\x86\ekrn.exe

PRC - [2011/09/15 08:52:22 | 000,610,160 | ---- | M] (PassMark Software - www.passmark.com) -- D:\Util\DiskCheckup\DiskCheckup.exe

PRC - [2011/03/22 19:08:10 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011/03/22 19:08:06 | 000,284,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/11/16 18:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/06/21 15:26:00 | 003,112,696 | ---- | M] (PixelMetrics) -- D:\Util\CaptureWiz\Pro\CaptureWiz.exe

PRC - [2010/05/05 19:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe

PRC - [2010/05/05 19:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe

PRC - [2009/09/25 11:57:38 | 000,245,248 | ---- | M] () -- D:\Util\AutoHotkey\AutoHotkey.exe

PRC - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- D:\Util\Everything\Everything.exe

PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

PRC - [2008/04/05 15:22:20 | 002,178,048 | ---- | M] (Thornsoft Development, Inc.) -- D:\Util\ClipMate7\ClipMate7\ClipMate.exe

PRC - [2004/04/19 15:29:54 | 000,221,184 | ---- | M] (Mach5 Software) -- D:\Util\Kremlin\Kremlin Sentry.exe

PRC - [2001/09/07 17:06:54 | 000,060,416 | ---- | M] (Phoebus, LLC) -- D:\Util\sMaRTcaPs\SmartCaps.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/21 05:20:27 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\fe5aea8f938965fdc0c5022346a1ea6d\IAStorUtil.ni.dll

MOD - [2012/09/21 05:20:27 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9142b7e76d0824598e0dbaaab3d08f13\IAStorCommon.ni.dll

MOD - [2012/09/21 03:59:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll

MOD - [2012/09/21 03:58:49 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll

MOD - [2012/09/21 03:58:46 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll

MOD - [2012/09/21 03:58:39 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll

MOD - [2012/09/21 03:58:37 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll

MOD - [2012/09/21 03:58:35 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll

MOD - [2012/09/21 03:58:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll

MOD - [2012/09/21 03:58:32 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll

MOD - [2012/09/12 03:28:03 | 002,061,280 | ---- | M] () -- D:\ThunderbirdPortable\App\Thunderbird\mozjs.dll

MOD - [2012/09/12 03:28:03 | 000,157,664 | ---- | M] () -- D:\ThunderbirdPortable\App\Thunderbird\nsldap32v60.dll

MOD - [2012/09/12 03:28:03 | 000,021,984 | ---- | M] () -- D:\ThunderbirdPortable\App\Thunderbird\nsldappr32v60.dll

MOD - [2012/09/04 13:31:08 | 000,008,704 | ---- | M] () -- J:\Windows Files\Appllication Data\Thunderbird\Profiles\zqk08gp7.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll

MOD - [2011/09/30 08:51:50 | 000,121,648 | ---- | M] () -- D:\Util\WizMouse\WizMouse.exe

MOD - [2011/04/14 18:01:33 | 000,548,854 | ---- | M] () -- D:\Util\WinPatrol\sqlite3.dll

MOD - [2010/09/16 04:22:36 | 000,054,784 | ---- | M] () -- D:\Util\sMaRTcaPs\SmartCapsHk.dll

MOD - [2010/05/05 19:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL

MOD - [2009/09/25 11:57:38 | 000,245,248 | ---- | M] () -- D:\Util\AutoHotkey\AutoHotkey.exe

MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL

MOD - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- D:\Util\Everything\Everything.exe

MOD - [2004/04/19 15:17:02 | 000,131,144 | ---- | M] () -- D:\Util\Kremlin\KremSDK.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/03/22 05:24:01 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Util\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2011/10/12 18:14:14 | 002,072,896 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Util\TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV:64bit: - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- D:\Util\ESET2\ESET Smart Security\x86\ekrn.exe -- (ekrn)

SRV:64bit: - [2011/01/17 16:00:50 | 000,164,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®

SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/09/21 12:09:25 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/09/21 10:41:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2012/05/15 03:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2011/03/22 19:08:10 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/04/18 10:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/09/22 13:08:26 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Util\TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)

DRV:64bit: - [2011/08/04 09:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)

DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)

DRV:64bit: - [2011/08/04 09:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)

DRV:64bit: - [2011/08/04 09:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)

DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/22 18:54:40 | 000,557,080 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/03/14 02:29:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)

DRV:64bit: - [2011/03/14 02:29:46 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/08 04:03:04 | 000,328,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)

DRV:64bit: - [2010/12/09 22:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/12/09 22:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/11/24 20:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)

DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010/11/20 20:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/05/05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)

DRV:64bit: - [2010/05/05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)

DRV:64bit: - [2010/05/05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV:64bit: - [2010/05/05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV:64bit: - [2010/05/05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)

DRV:64bit: - [2010/05/05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)

DRV:64bit: - [2010/05/05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)

DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)

DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)

DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)

DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: J:\Windows Files\Appllication Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: J:\Windows Files\Appllication Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\util\ESET2\ESET Smart Security\Mozilla Thunderbird [2012/09/21 10:10:54 | 000,000,000 | ---D | M]

[2012/08/15 22:35:26 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Extensions

[2012/08/15 22:35:26 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Extensions\prism@developer.mozilla.org

[2012/09/20 10:51:08 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions

[2012/07/20 23:18:18 | 000,000,000 | ---D | M] (All-in-One Gestures) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}

[2012/09/02 08:38:38 | 000,000,000 | ---D | M] ("I Want This") -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\crossriderapp2258@crossrider.com

[2012/09/16 02:13:23 | 000,000,000 | ---D | M] ("Software Assist") -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\crossriderapp3026@crossrider.com

[2012/07/04 06:38:38 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\extensions

[2012/09/16 01:36:53 | 000,000,000 | ---D | M] (Claro Toolbar) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\ffxtlbr@claro.com

[2012/09/02 08:38:43 | 000,000,000 | ---D | M] ("Xmarks") -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\foxmarks@kei.com

[2012/08/04 22:42:22 | 000,000,000 | ---D | M] (Print pages to PDF) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\printPages2Pdf@reinhold.ripper

[2012/07/31 22:01:43 | 000,000,000 | ---D | M] (LastPass) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\support@lastpass.com

[2012/07/04 06:38:36 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\adblockplus\extensions

[2012/07/04 06:38:36 | 000,000,000 | ---D | M] (Funmoods.com) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\adblockplus\extensions\ffxtlbr@funmoods.com

[2012/07/04 06:38:37 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\bookmarkbackups\extensions

[2012/07/04 06:38:37 | 000,000,000 | ---D | M] (Funmoods.com) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\bookmarkbackups\extensions\ffxtlbr@funmoods.com

[2012/07/04 06:38:38 | 000,000,000 | ---D | M] (Funmoods.com) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com

[2012/07/04 06:38:39 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\jumpListCache\extensions

[2012/07/04 06:38:39 | 000,000,000 | ---D | M] (Funmoods.com) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\jumpListCache\extensions\ffxtlbr@funmoods.com

[2012/07/04 06:38:39 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\minidumps\extensions

[2012/07/04 06:38:39 | 000,000,000 | ---D | M] (Funmoods.com) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\minidumps\extensions\ffxtlbr@funmoods.com

[2012/09/06 06:14:13 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\rbird Profile 2\fqt5i4wd.Bob March 13\extensions

[2012/09/06 06:14:13 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\rbird Profile 2\fqt5i4wd.Bob March 13\extensions\staged

[2012/09/21 15:21:01 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\ruikie2r.default\extensions

[2012/07/04 06:38:41 | 000,000,000 | ---D | M] (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\startupCache\extensions

[2012/07/04 06:38:42 | 000,000,000 | ---D | M] (Funmoods.com) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\startupCache\extensions\ffxtlbr@funmoods.com

[2012/09/02 08:27:29 | 000,088,614 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\extension@ciuvo.com.xpi

[2012/07/20 23:25:31 | 000,174,207 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\info@priceblink.com.xpi

[2012/09/20 10:51:07 | 000,149,849 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\Noia4Options@ArisT2.xpi

[2012/09/02 08:38:43 | 000,113,112 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\nosquint@urandom.ca.xpi

[2012/09/16 02:13:23 | 000,159,657 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\notreal.ccoptions@environmentalchemistry.com.xpi

[2012/08/04 22:42:22 | 000,087,157 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\printedit@DW-dev.xpi

[2012/07/20 23:05:56 | 000,277,771 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\shoppingassist@ookong.com.xpi

[2012/09/16 02:13:23 | 000,371,729 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\smarterwiki@wikiatic.com.xpi

[2012/07/20 23:24:20 | 000,087,148 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi

[2012/07/20 23:10:19 | 000,372,140 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi

[2012/07/31 22:01:43 | 000,375,811 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi

[2012/07/31 21:48:26 | 000,741,958 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012/09/16 01:41:01 | 001,073,809 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi

[2012/08/04 21:32:23 | 001,669,514 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}.xpi

[2012/09/20 10:51:08 | 001,544,034 | ---- | M] () (No name found) -- J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi

[2012/09/06 06:14:12 | 000,000,000 | ---D | M] (No name found) -- D:\Util\Mozilla Firefox\extensions

[2011/10/03 06:41:43 | 000,000,000 | ---D | M] (DealPly) -- D:\Util\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

[2012/09/06 06:14:12 | 000,000,000 | ---D | M] (No name found) -- D:\Util\Mozilla Firefox\extensions\ffxtlbr@babylon.com

[2012/08/24 19:01:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- D:\Util\mozilla firefox\components\browsercomps.dll

[2012/09/06 06:14:02 | 000,006,522 | ---- | M] () -- D:\Util\mozilla firefox\searchplugins\babylon.xml

[2012/08/24 19:00:22 | 000,002,465 | ---- | M] () -- D:\Util\mozilla firefox\searchplugins\bing.xml

[2012/08/24 19:00:22 | 000,002,253 | ---- | M] () -- D:\Util\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\robert\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Google Update (Enabled) = C:\Users\robert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: Xmarks Bookmark Sync = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\

CHR - Extension: Xmarks Bookmark Sync = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak

CHR - Extension: Sexy Undo Close Tab = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg\7.2.3_0\

CHR - Extension: Bookmark Sentry = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.3_0\

CHR - Extension: YouTube = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Bouncy Mouse = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb\1.2.1_0\

CHR - Extension: Google Search = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Bubble Cupid = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\daaehkjmdmodknldpplikflminiicfal\1.0.0.1_0\

CHR - Extension: Chrome Notepad = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp\3.7_0\

CHR - Extension: Atomic Bookmarks = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\fkbecffhfgdpiigmkgljmfgnejmhfejh\0.3.7_0\

CHR - Extension: Print Selection = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk\0.5.3_0\

CHR - Extension: AdBlock = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\

CHR - Extension: FlashBlock = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\

CHR - Extension: LastPass = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.12_0\

CHR - Extension: Classic = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\

CHR - Extension: The Weather Channel for Chrome = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\

CHR - Extension: Weather Window by WeatherBug = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\

CHR - Extension: Gestures for Chrome = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.12.1_0\

CHR - Extension: Google Voice (by Google) = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.8_0\

CHR - Extension: Poppit = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

CHR - Extension: FastestChrome - Browse Faster = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.8.3_0\

CHR - Extension: Barnyard Match = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\obbpofjmecckjelpfbpapjadpekijbhm\1.4.2.92_0\

CHR - Extension: Private Joe: Urban Warfare = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\ogmpedngmnolclkmlpcdgmfonlagkejp\1.4_0\

CHR - Extension: Psykopaint = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\

CHR - Extension: Psykopaint = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak

CHR - Extension: https://www.amazon.com/gp/css/shiptrack/view. = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\pilgiinkcfnbolaiiclncopgallfmobb\2012.9.21.55826_0\

CHR - Extension: Gmail = J:\Windows Files\Appllication Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/21 15:06:41 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 secure.tune-up.com

O4:64bit: - HKLM..\Run: [egui] D:\util\ESET2\ESET Smart Security\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Everything] D:\util\Everything\Everything.exe ()

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [WinPatrol] D:\Util\WinPatrol\winpatrol.exe (BillP Studios)

O4 - HKCU..\Run: [cdloader] J:\Windows Files\Appllication Data\mjusbsp\cdloader2.exe (magicJack L.P.)

O4 - HKCU..\Run: [ClipMate7] D:\Util\ClipMate7\ClipMate7\ClipMate.exe (Thornsoft Development, Inc.)

O4 - HKCU..\Run: [DesktopOK] D:\Util\DesktopOK\DesktopOK_x64.exe (Nenad Hrg SoftwareOK)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EA514A3-C4AD-45E0-B6EE-107199277174}: DhcpNameServer = 192.168.1.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/22 12:20:40 | 000,600,576 | ---- | C] (OldTimer Tools) -- J:\Windows Files\Desktop\OTL.exe

[2012/09/22 10:33:45 | 000,000,000 | ---D | C] -- J:\Windows Files\Desktop\RK_Quarantine

[2012/09/22 10:30:07 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- J:\Windows Files\Desktop\tdsskiller (1).exe

[2012/09/22 10:24:38 | 004,731,392 | ---- | C] (AVAST Software) -- J:\Windows Files\Desktop\aswMBR (1).exe

[2012/09/22 07:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey

[2012/09/21 20:47:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/09/21 20:45:00 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/09/21 20:44:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/09/21 20:44:23 | 004,754,243 | ---- | C] (Swearware) -- J:\Windows Files\Desktop\ComboFix.exe

[2012/09/21 20:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/09/21 20:32:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/09/21 20:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/09/21 20:21:47 | 000,000,000 | ---D | C] -- D:\Util\ATF Cleaner

[2012/09/21 15:25:27 | 000,000,000 | ---D | C] -- D:\Documents\UseNeXT

[2012/09/21 15:24:56 | 000,000,000 | ---D | C] -- J:\Windows Files\Common FIles x86\Intel Corporation

[2012/09/21 15:21:01 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\Intel Corporation

[2012/09/21 15:09:35 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe

[2012/09/21 15:09:35 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll

[2012/09/21 15:09:35 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[2012/09/21 15:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012

[2012/09/21 15:09:27 | 000,000,000 | ---D | C] -- D:\Util\TuneUp

[2012/09/21 15:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2012/09/21 15:06:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2012/09/21 15:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup

[2012/09/21 13:05:17 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\magicJack

[2012/09/21 13:05:00 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\tjnet

[2012/09/21 13:05:00 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\Google

[2012/09/21 13:01:44 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\Apps

[2012/09/21 12:35:55 | 000,000,000 | ---D | C] -- D:\Util\Windows 7 Manager

[2012/09/21 12:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Manager

[2012/09/21 12:12:42 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\Google Chrome

[2012/09/21 12:09:25 | 000,696,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/09/21 12:09:25 | 000,073,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/09/21 12:09:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed

[2012/09/21 12:09:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2012/09/21 10:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative

[2012/09/21 10:40:55 | 000,107,008 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\cttele64.dll

[2012/09/21 10:40:55 | 000,102,400 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\cttele32.dll

[2012/09/21 10:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative

[2012/09/21 10:40:53 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2012/09/21 10:40:53 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2012/09/21 10:40:53 | 000,123,480 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll

[2012/09/21 10:40:53 | 000,109,144 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll

[2012/09/21 10:40:42 | 000,012,288 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysNative\INRES.DLL

[2012/09/21 10:40:42 | 000,011,776 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysWow64\INRES.DLL

[2012/09/21 10:40:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data

[2012/09/21 10:40:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Data

[2012/09/21 10:40:33 | 022,691,984 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\AppSetup.exe

[2012/09/21 10:10:53 | 000,000,000 | ---D | C] -- D:\Util\ESET2

[2012/09/21 10:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET

[2012/09/21 10:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET

[2012/09/21 10:09:02 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2012/09/21 07:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AltrixSoft

[2012/09/21 06:20:00 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information

[2012/09/21 06:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series

[2012/09/21 06:19:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ

[2012/09/21 06:19:56 | 000,385,536 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMAT.DLL

[2012/09/21 06:19:51 | 000,373,248 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_ATL.dll

[2012/09/21 06:19:51 | 000,323,584 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_ATL.dll

[2012/09/21 06:19:51 | 000,302,080 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_ATC.dll

[2012/09/21 06:19:51 | 000,114,688 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_ATU.dll

[2012/09/21 06:19:51 | 000,112,128 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_ATI.dll

[2012/09/21 06:19:51 | 000,017,920 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNHMCA6.dll

[2012/09/21 06:19:51 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll

[2012/09/21 06:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2012/09/21 05:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack

[2012/09/21 05:21:23 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Difxb2f9.rra

[2012/09/21 05:21:21 | 000,120,408 | ---- | C] (JMicron Technology Corp.) -- C:\Windows\SysNative\drivers\jraid.sys

[2012/09/21 05:21:20 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool

[2012/09/21 05:20:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

[2012/09/21 05:19:56 | 000,000,000 | ---D | C] -- C:\Intel

[2012/09/21 05:19:55 | 000,557,080 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys

[2012/09/21 05:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2012/09/21 05:12:59 | 006,151,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2012/09/21 05:12:59 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2012/09/21 05:12:59 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2012/09/21 05:12:59 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll

[2012/09/21 05:12:57 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2012/09/21 05:12:57 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2012/09/21 05:12:48 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2012/09/21 05:12:48 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2012/09/21 05:12:48 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2012/09/21 05:12:48 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll

[2012/09/21 05:12:48 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2012/09/21 05:12:48 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2012/09/21 05:12:48 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2012/09/21 05:12:48 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2012/09/21 05:12:48 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2012/09/21 05:12:48 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2012/09/21 05:12:48 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2012/09/21 05:12:48 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll

[2012/09/21 05:12:48 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2012/09/21 05:12:48 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2012/09/21 05:12:48 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2012/09/21 05:12:48 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2012/09/21 05:12:48 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll

[2012/09/21 05:12:48 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll

[2012/09/21 05:12:48 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll

[2012/09/21 05:12:48 | 000,949,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll

[2012/09/21 05:12:48 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll

[2012/09/21 05:12:48 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll

[2012/09/21 05:12:48 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll

[2012/09/21 05:12:48 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll

[2012/09/21 05:12:48 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll

[2012/09/21 05:12:48 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys

[2012/09/21 05:12:48 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll

[2012/09/21 05:07:04 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll

[2012/09/21 05:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics

[2012/09/21 05:02:06 | 000,164,520 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\IPROSetMonitor.exe

[2012/09/21 05:02:01 | 000,316,104 | R--- | C] (Intel Corporation) -- C:\Windows\SysNative\PROUnstl.exe

[2012/09/21 05:01:28 | 000,328,368 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\e1c62x64.sys

[2012/09/21 05:01:28 | 000,068,264 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\e1cmsg.dll

[2012/09/21 05:01:28 | 000,036,472 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicCo36.dll

[2012/09/21 05:01:27 | 000,092,864 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicInstC.dll

[2012/09/21 05:00:23 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\Marvell

[2012/09/21 04:59:51 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Difx8c57.rra

[2012/09/21 04:43:41 | 000,000,000 | -HSD | C] -- C:\Boot

[2012/09/21 03:58:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2012/09/21 03:57:06 | 000,000,000 | R--D | C] -- C:\Users\robert\Searches

[2012/09/21 03:57:06 | 000,000,000 | R--D | C] -- J:\Windows Files\Start Menu\Programs\Administrative Tools

[2012/09/21 03:57:00 | 000,000,000 | R--D | C] -- C:\Users\robert\Contacts

[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- C:\Users\robert\Videos

[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- C:\Users\robert\Saved Games

[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- C:\Users\robert\Pictures

[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- J:\Windows Files\Start Menu\Programs\Maintenance

[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- C:\Users\robert\Links

[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- C:\Users\robert\Favorites

[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- C:\Users\robert\Downloads

[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- C:\Users\robert\Desktop

[2012/09/21 03:56:57 | 000,000,000 | R--D | C] -- J:\Windows Files\Start Menu\Programs\Accessories

[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\Templates

[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\Start Menu

[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\SendTo

[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\Recent

[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\PrintHood

[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\NetHood

[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\My Documents

[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\Local Settings

[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\Cookies

[2012/09/21 03:56:57 | 000,000,000 | -HSD | C] -- C:\Users\robert\Application Data

[2012/09/21 03:56:57 | 000,000,000 | -H-D | C] -- C:\Users\robert\AppData

[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates

[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu

[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\Recovery

[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos

[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures

[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music

[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites

[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings

[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents

[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop

[2012/09/21 03:56:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data

[2012/09/21 03:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/09/21 03:44:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2012/09/21 03:44:51 | 000,000,000 | ---D | C] -- C:\Windows\CSC

[2012/09/21 03:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2012/09/21 03:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2012/09/20 08:17:39 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\Macrium

[2012/09/20 06:55:34 | 000,000,000 | ---D | C] -- D:\Util\eset

[2012/09/19 21:30:13 | 000,000,000 | ---D | C] -- D:\Util\Macrium

[2012/09/19 12:44:39 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\Installation

[2012/09/19 12:32:29 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\Macrium Reflect Professional

[2012/09/19 12:31:13 | 000,000,000 | ---D | C] -- D:\Util\Macrium Reflect Professional

[2012/09/19 11:44:47 | 000,000,000 | ---D | C] -- D:\Util\MozBackup

[2012/09/19 04:02:52 | 000,000,000 | ---D | C] -- D:\Util\System Mechanic Professional

[2012/09/19 04:02:52 | 000,000,000 | ---D | C] -- D:\Util\iolo

[2012/09/19 03:59:11 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\iolo

[2012/09/18 21:02:42 | 000,000,000 | ---D | C] -- D:\Util\DrivePurge

[2012/09/18 06:06:45 | 001,659,808 | ---- | C] (Bleeping Computer, LLC) -- J:\Windows Files\Desktop\iExplore.exe

[2012/09/18 06:05:25 | 000,000,000 | ---D | C] -- J:\Windows Files\Desktop\rkill

[2012/09/18 06:04:43 | 001,659,808 | ---- | C] (Bleeping Computer, LLC) -- J:\Windows Files\Desktop\rkill.scr

[2012/09/18 06:04:43 | 001,659,808 | ---- | C] (Bleeping Computer, LLC) -- J:\Windows Files\Desktop\rkill.com

[2012/09/18 06:02:25 | 000,607,260 | R--- | C] (Swearware) -- J:\Windows Files\Desktop\dds.scr

[2012/09/17 15:42:43 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\ActiveSMART 2.9

[2012/09/17 15:36:21 | 000,000,000 | ---D | C] -- D:\Util\LSoft Technologies Inc

[2012/09/17 12:58:21 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\WinRAR

[2012/09/17 09:32:19 | 000,000,000 | ---D | C] -- D:\Util\RealFlightG5

[2012/09/17 02:39:49 | 000,000,000 | ---D | C] -- J:\Windows Files\Common FIles x86\Symantec Shared

[2012/09/17 02:36:10 | 000,000,000 | ---D | C] -- D:\Util\NortonInstaller

[2012/09/17 02:30:29 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\QuickScan

[2012/09/16 19:18:05 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\ErrorTeck

[2012/09/16 19:18:01 | 000,000,000 | ---D | C] -- D:\Util\ErrorTeck

[2012/09/16 16:03:17 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\f-secure

[2012/09/16 12:02:57 | 000,000,000 | ---D | C] -- J:\Windows Files\Desktop\Aerifly 6

[2012/09/16 10:02:07 | 000,000,000 | ---D | C] -- D:\Documents\RealFlight 6

[2012/09/16 09:57:22 | 000,000,000 | ---D | C] -- D:\Util\Windows Journal

[2012/09/16 09:53:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- J:\Windows Files\Desktop\sfc.exe

[2012/09/16 07:08:31 | 000,000,000 | ---D | C] -- D:\Util\Ipacs

[2012/09/16 00:50:06 | 000,000,000 | ---D | C] -- D:\Util\Hard Drive Inspector

[2012/09/16 00:50:04 | 000,000,000 | ---D | C] -- J:\Windows Files\Common FIles x86\AltrixSoft

[2012/09/15 08:50:31 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2012/09/15 07:09:03 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\Kremlin 3.0

[2012/09/15 07:09:03 | 000,000,000 | ---D | C] -- D:\Util\Kremlin

[2012/09/14 17:17:37 | 000,000,000 | ---D | C] -- D:\Util\Vuze Remote Toolbar

[2012/09/14 17:17:37 | 000,000,000 | ---D | C] -- D:\Util\Application Updater

[2012/09/14 17:11:38 | 000,000,000 | ---D | C] -- D:\Documents\Vuze Downloads

[2012/09/14 17:01:15 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\Azureus

[2012/09/12 01:13:44 | 000,000,000 | ---D | C] -- D:\Util\advanded Call Center

[2012/09/11 18:31:29 | 000,000,000 | ---D | C] -- D:\Util\PhoneTray

[2012/09/10 21:42:52 | 000,000,000 | ---D | C] -- D:\Util\Call Soft Pro

[2012/09/10 14:00:25 | 000,000,000 | ---D | C] -- D:\Documents\Ashton Calendar.el4.Data

[2012/09/10 11:55:20 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\LaserSoft Imaging

[2012/09/10 11:50:57 | 000,000,000 | ---D | C] -- D:\Util\Vuze

[2012/09/09 22:08:09 | 000,000,000 | ---D | C] -- D:\Util\CouponAlert_2p Chrome Extension

[2012/09/09 17:01:58 | 000,000,000 | RH-D | C] -- J:\Windows Files\Appllication Data\SecuROM

[2012/09/08 12:13:16 | 000,000,000 | ---D | C] -- D:\Util\RealFlightG4

[2012/09/08 12:13:13 | 000,000,000 | ---D | C] -- D:\Documents\RealFlight G4

[2012/09/07 19:25:04 | 000,000,000 | ---D | C] -- J:\Windows Files\Desktop\Simulators

[2012/09/06 06:47:59 | 000,000,000 | ---D | C] -- D:\Util\Time Stopper

[2012/09/05 23:20:23 | 000,000,000 | ---D | C] -- D:\Util\RealFlightG3

[2012/09/04 21:18:13 | 000,000,000 | ---D | C] -- D:\Util\ClearViewRC

[2012/09/04 21:01:21 | 000,000,000 | ---D | C] -- D:\Util\Alcohol Soft

[2012/09/04 19:49:02 | 000,000,000 | ---D | C] -- D:\Documents\aerofly FS

[2012/09/04 18:24:52 | 000,000,000 | ---D | C] -- D:\Util\Aerofly FS

[2012/09/04 12:41:14 | 000,000,000 | ---D | C] -- D:\Util\Parallel Port Joystick

[2012/09/04 10:34:54 | 000,000,000 | ---D | C] -- J:\Windows Files\Start Menu\Programs\MagicDisc

[2012/09/04 10:22:48 | 000,000,000 | ---D | C] -- D:\Documents\Alcohol 52%

[2012/09/04 09:44:41 | 000,000,000 | ---D | C] -- J:\Windows Files\Appllication Data\realXtend

[2012/08/31 04:48:25 | 000,000,000 | ---D | C] -- D:\Util\PhoenixRC 3

[2012/08/30 12:29:04 | 000,000,000 | ---D | C] -- D:\Util\SuperFlexible

[2012/08/29 21:49:16 | 000,000,000 | -H-D | C] -- D:\Documents\_SYNCAPP

[2012/08/28 12:06:50 | 000,000,000 | ---D | C] -- D:\Util\Soluto

[2012/08/28 11:56:56 | 000,000,000 | ---D | C] -- D:\Util\SDA

[2012/08/27 07:04:26 | 000,000,000 | ---D | C] -- D:\Documents\Flight Simulator Files

[2012/08/26 03:43:05 | 000,000,000 | ---D | C] -- D:\Util\MonitorDriver

[2012/08/25 20:09:56 | 000,000,000 | ---D | C] -- D:\Util\FMS

[2012/08/25 01:37:38 | 000,000,000 | ---D | C] -- D:\Util\Microsoft Application Compatibility Toolkit

[2012/08/23 16:42:17 | 000,000,000 | ---D | C] -- D:\Documents\OneNote Notebooks

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/22 12:21:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1141580518-2314498541-1711201211-1000UA.job

[2012/09/22 12:20:35 | 000,600,576 | ---- | M] (OldTimer Tools) -- J:\Windows Files\Desktop\OTL.exe

[2012/09/22 11:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/09/22 11:44:38 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000C-00000000-00000001-00001102-00000005-002C1102}.rfx

[2012/09/22 11:44:38 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000C-00000000-00000001-00001102-00000005-002C1102}.rfx

[2012/09/22 11:44:38 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000C-00000000-00000001-00001102-00000005-002C1102}.rfx

[2012/09/22 11:19:34 | 000,017,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/22 11:19:34 | 000,017,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/22 10:32:52 | 001,388,032 | ---- | M] () -- J:\Windows Files\Desktop\RogueKiller.exe

[2012/09/22 10:29:55 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- J:\Windows Files\Desktop\tdsskiller (1).exe

[2012/09/22 10:28:14 | 000,000,512 | ---- | M] () -- J:\Windows Files\Desktop\MBR.dat

[2012/09/22 10:24:32 | 004,731,392 | ---- | M] (AVAST Software) -- J:\Windows Files\Desktop\aswMBR (1).exe

[2012/09/22 10:20:38 | 000,881,724 | ---- | M] () -- J:\Windows Files\Desktop\SecurityCheck (1).exe

[2012/09/22 09:20:18 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/09/22 09:20:18 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/09/22 09:20:18 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/09/22 07:14:30 | 000,000,215 | ---- | M] () -- J:\Windows Files\Desktop\Amazon.com- Temperature Controlled Soldering Iron 50 Watt- Parts Express.url

[2012/09/22 06:31:47 | 000,000,185 | ---- | M] () -- J:\Windows Files\Desktop\Soldering Station Features Continuously Variable Power Between 5-40W,a 1.5mm Pointed Tip - Amazon.com.url

[2012/09/22 03:21:00 | 000,000,870 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1141580518-2314498541-1711201211-1000Core.job

[2012/09/21 21:34:39 | 000,007,548 | ---- | M] () -- D:\Documents\DesktopOK_2012-09-21_9-34-36 PM_3600x1200.dok

[2012/09/21 21:26:16 | 000,000,305 | ---- | M] () -- J:\Windows Files\Desktop\Unstoppable.url

[2012/09/21 21:19:26 | 000,001,148 | ---- | M] () -- J:\Windows Files\Desktop\magicJack.lnk

[2012/09/21 21:17:08 | 4214,075,390 | -HS- | M] () -- C:\hiberfil.sys

[2012/09/21 20:44:17 | 004,754,243 | ---- | M] (Swearware) -- J:\Windows Files\Desktop\ComboFix.exe

[2012/09/21 20:35:38 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/21 20:22:00 | 000,001,206 | ---- | M] () -- J:\Windows Files\Desktop\ATF-Cleaner.exe.lnk

[2012/09/21 19:41:35 | 000,000,000 | ---- | M] () -- C:\Users\robert\defogger_reenable

[2012/09/21 15:09:34 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk

[2012/09/21 15:01:16 | 000,000,751 | ---- | M] () -- J:\Windows Files\Desktop\AVG PC Tuneup.lnk

[2012/09/21 12:35:57 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Manager.lnk

[2012/09/21 12:35:57 | 000,001,649 | ---- | M] () -- C:\Users\Public\Desktop\1-Click Cleaner.lnk

[2012/09/21 12:09:25 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/09/21 12:09:25 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/09/21 10:40:53 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2012/09/21 10:40:53 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2012/09/21 10:40:53 | 000,123,480 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll

[2012/09/21 10:40:53 | 000,109,144 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll

[2012/09/21 10:40:52 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc

[2012/09/21 06:25:55 | 000,000,124 | ---- | M] () -- D:\Documents\ax_files.xml

[2012/09/21 06:21:50 | 000,001,352 | ---- | M] () -- D:\Documents\AutoHotkey.ahk

[2012/09/21 06:19:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2012/09/21 05:47:30 | 000,000,763 | ---- | M] () -- J:\Windows Files\Start Menu\Programs\Startup\sMaRTcaPs.lnk

[2012/09/21 05:41:36 | 000,000,770 | ---- | M] () -- J:\Windows Files\Start Menu\Programs\Startup\Kremlin Sentry.lnk

[2012/09/21 05:39:37 | 000,001,158 | ---- | M] () -- J:\Windows Files\Start Menu\Programs\Startup\hmonitor.exe.lnk

[2012/09/21 05:38:14 | 000,000,887 | ---- | M] () -- J:\Windows Files\Start Menu\Programs\Startup\DiskCheckup.lnk

[2012/09/21 05:36:15 | 000,000,690 | ---- | M] () -- J:\Windows Files\Start Menu\Programs\Startup\CaptureWiz.lnk

[2012/09/21 05:07:04 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll

[2012/09/21 05:05:30 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini

[2012/09/21 04:56:10 | 000,035,491 | ---- | M] () -- C:\Windows\Ascd_tmp.ini

[2012/09/21 04:43:41 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2012/09/21 03:46:41 | 000,000,637 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2012/09/21 03:46:41 | 000,000,637 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2012/09/20 20:00:57 | 000,000,290 | ---- | M] () -- J:\Windows Files\Desktop\Apache FIles Vice.URL

[2012/09/19 21:30:13 | 000,003,073 | ---- | M] () -- J:\Windows Files\Desktop\Macrium Reflect.lnk

[2012/09/19 12:11:45 | 000,008,580 | ---- | M] () -- D:\Documents\DesktopOK_2012-09-19_2-11-43 PM_3600x1364.dok

[2012/09/19 11:45:50 | 105,711,015 | ---- | M] () -- D:\Documents\Thunderbird - 2012-09-19.pcv

[2012/09/19 08:26:44 | 000,008,694 | ---- | M] () -- D:\Documents\DesktopOK_2012-09-19_10-26-41 AM_3600x1364.dok

[2012/09/19 05:38:06 | 000,001,983 | ---- | M] () -- J:\Windows Files\Desktop\System Mechanic Professional.lnk

[2012/09/18 21:03:06 | 000,001,190 | ---- | M] () -- J:\Windows Files\Desktop\DrivePurge.exe.lnk

[2012/09/18 19:40:22 | 000,445,291 | ---- | M] () -- J:\Windows Files\Desktop\ENG_CD_1825136_A4.pdf

[2012/09/18 19:35:24 | 000,079,052 | ---- | M] () -- J:\Windows Files\Desktop\MS-100443.pdf

[2012/09/18 19:28:39 | 000,000,189 | ---- | M] () -- J:\Windows Files\Desktop\Micro Switch Toggle Switch SPST On-Off 10A-277VAC - 20A-115VAC 3-4HP - eBay.url

[2012/09/18 19:14:18 | 000,000,164 | ---- | M] () -- J:\Windows Files\Desktop\6 inch 150mm LCD Digital Vernier Caliper Microme-ter Guage - eBay.url

[2012/09/18 19:07:05 | 000,000,173 | ---- | M] () -- J:\Windows Files\Desktop\High-Accuracy 6- 150 mm Digital LCD CALIPER VERNIER GAUGE MICROMETER - eBay.url

[2012/09/18 17:10:57 | 000,000,157 | ---- | M] () -- J:\Windows Files\Desktop\WL Toys V929 Beetle 4CH Quadcopter Mini UFO RTF - eBay.url

[2012/09/18 15:24:05 | 000,000,153 | ---- | M] () -- J:\Windows Files\Desktop\F03334 WL V929 4CH 2.4GHz 3D Fly 4 Rotor RC Helicopter Ladybird Quadcopter BNF No transmitter(Bind with V911 TX) + Free shipping-in RC Helicopters from Toys & Hobbies on Aliexpress.com.url

[2012/09/18 10:00:40 | 000,000,132 | ---- | M] () -- J:\Windows Files\Appllication Data\Adobe PNG Format CS6 Prefs

[2012/09/18 06:06:40 | 001,659,808 | ---- | M] (Bleeping Computer, LLC) -- J:\Windows Files\Desktop\iExplore.exe

[2012/09/18 06:04:01 | 001,659,808 | ---- | M] (Bleeping Computer, LLC) -- J:\Windows Files\Desktop\rkill.scr

[2012/09/18 06:03:51 | 001,659,808 | ---- | M] (Bleeping Computer, LLC) -- J:\Windows Files\Desktop\rkill.com

[2012/09/18 06:01:44 | 000,607,260 | R--- | M] (Swearware) -- J:\Windows Files\Desktop\dds.scr

[2012/09/18 06:00:37 | 000,050,477 | ---- | M] () -- J:\Windows Files\Desktop\Defogger.exe

[2012/09/17 19:51:09 | 000,000,184 | ---- | M] () -- J:\Windows Files\Desktop\RealFlight G2 rc heli airplane simulator USB interlink controller by Futaba - eBay.url

[2012/09/17 15:42:43 | 000,000,837 | ---- | M] () -- J:\Windows Files\Desktop\ActiveSMART.lnk

[2012/09/17 14:25:27 | 000,009,012 | ---- | M] () -- D:\Documents\DesktopOK_2012-09-17_4-25-24 PM_3600x1364.dok

[2012/09/16 16:53:13 | 000,002,801 | ---- | M] () -- J:\Windows Files\Desktop\HiJackThis.lnk

[2012/09/16 00:45:44 | 000,000,763 | ---- | M] () -- J:\Windows Files\Desktop\PrettyRun.lnk

[2012/09/16 00:45:23 | 001,403,127 | ---- | M] () -- D:\Documents\Runner.zip

[2012/09/14 22:33:11 | 000,000,126 | ---- | M] () -- J:\Windows Files\Desktop\Camera China.url

[2012/09/14 04:08:32 | 000,000,115 | ---- | M] () -- J:\Windows Files\Desktop\2 Batteries eBay.url

[2012/09/12 20:01:03 | 000,000,126 | ---- | M] () -- J:\Windows Files\Desktop\2.5 to 3.5 China.url

[2012/09/12 19:59:08 | 000,000,127 | ---- | M] () -- J:\Windows Files\Desktop\2 S107 Batteries China.url

[2012/09/12 19:57:23 | 000,000,126 | ---- | M] () -- J:\Windows Files\Desktop\Modem China.url

[2012/09/12 04:54:33 | 000,000,183 | ---- | M] () -- J:\Windows Files\Desktop\Air Hogs Defender Micro R-C Remote Control Plane MINT ~ SUPER FAST SHIPPING ! - eBay.url

[2012/09/12 01:18:00 | 000,000,772 | ---- | M] () -- J:\Windows Files\Desktop\Advanced Call Center.lnk

[2012/09/11 16:57:44 | 000,000,102 | ---- | M] () -- J:\Windows Files\Desktop\real flight - eBay.url

[2012/09/10 22:45:12 | 000,001,839 | ---- | M] () -- J:\Windows Files\Desktop\Call Soft Pro.lnk

[2012/09/10 22:33:38 | 000,000,123 | ---- | M] () -- J:\Windows Files\Desktop\Gadgets Sporting Goods, Cell Phone Accessories items in bestservice store on eBay!.url

[2012/09/10 14:00:26 | 000,432,492 | ---- | M] () -- D:\Documents\Ashton Calendar.el4

[2012/09/09 09:35:24 | 000,000,321 | ---- | M] () -- J:\Windows Files\Desktop\Useful Flight Simulator Cable-USB Dongle 4 JR FUTABA Eflite DX6i DX7 Transmitter - eBay.url

[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/09/07 09:15:07 | 000,689,161 | ---- | M] () -- D:\Documents\Glasses Prescription Bob Sept 2012_0001.jpg

[2012/09/05 17:10:27 | 000,000,087 | ---- | M] () -- J:\Windows Files\Desktop\Skin Retouching Photoshop Tutorial - YouTube.url

[2012/09/03 13:29:48 | 000,541,082 | ---- | M] () -- D:\Documents\Bank Data.jpg

[2012/09/02 19:54:30 | 000,005,489 | ---- | M] () -- J:\Windows Files\Desktop\190685812914_1.jpg

[2012/08/26 21:39:04 | 000,000,430 | ---- | M] () -- J:\Windows Files\Desktop\Desktop.lnk

[2012/08/26 03:44:42 | 000,000,000 | ---- | M] () -- D:\Documents\bob

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/22 10:32:57 | 001,388,032 | ---- | C] () -- J:\Windows Files\Desktop\RogueKiller.exe

[2012/09/22 10:28:14 | 000,000,512 | ---- | C] () -- J:\Windows Files\Desktop\MBR.dat

[2012/09/22 10:20:46 | 000,881,724 | ---- | C] () -- J:\Windows Files\Desktop\SecurityCheck (1).exe

[2012/09/22 07:27:02 | 000,000,573 | ---- | C] () -- J:\Windows Files\Start Menu\Programs\Startup\Email and Password Script.ahk

[2012/09/22 07:14:30 | 000,000,215 | ---- | C] () -- J:\Windows Files\Desktop\Amazon.com- Temperature Controlled Soldering Iron 50 Watt- Parts Express.url

[2012/09/22 06:31:47 | 000,000,185 | ---- | C] () -- J:\Windows Files\Desktop\Soldering Station Features Continuously Variable Power Between 5-40W,a 1.5mm Pointed Tip - Amazon.com.url

[2012/09/22 03:16:27 | 000,000,870 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1141580518-2314498541-1711201211-1000Core.job

[2012/09/21 21:34:39 | 000,007,548 | ---- | C] () -- D:\Documents\DesktopOK_2012-09-21_9-34-36 PM_3600x1200.dok

[2012/09/21 21:26:16 | 000,000,305 | ---- | C] () -- J:\Windows Files\Desktop\Unstoppable.url

[2012/09/21 20:32:28 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/21 20:22:00 | 000,001,206 | ---- | C] () -- J:\Windows Files\Desktop\ATF-Cleaner.exe.lnk

[2012/09/21 19:41:35 | 000,000,000 | ---- | C] () -- C:\Users\robert\defogger_reenable

[2012/09/21 15:09:34 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk

[2012/09/21 15:09:34 | 000,000,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk

[2012/09/21 15:01:16 | 000,000,751 | ---- | C] () -- J:\Windows Files\Desktop\AVG PC Tuneup.lnk

[2012/09/21 14:04:30 | 000,001,148 | ---- | C] () -- J:\Windows Files\Desktop\magicJack.lnk

[2012/09/21 13:28:41 | 000,001,830 | ---- | C] () -- J:\Windows Files\Desktop\Manan Fitting.lnk

[2012/09/21 13:03:53 | 000,061,256 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{0000000C-00000000-00000001-00001102-00000005-002C1102}.rfx

[2012/09/21 13:03:53 | 000,061,256 | ---- | C] () -- C:\Windows\SysNative\BMXState-{0000000C-00000000-00000001-00001102-00000005-002C1102}.rfx

[2012/09/21 13:03:53 | 000,000,788 | ---- | C] () -- C:\Windows\SysNative\DVCState-{0000000C-00000000-00000001-00001102-00000005-002C1102}.rfx

[2012/09/21 12:35:57 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Manager.lnk

[2012/09/21 12:35:57 | 000,001,649 | ---- | C] () -- C:\Users\Public\Desktop\1-Click Cleaner.lnk

[2012/09/21 12:11:58 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1141580518-2314498541-1711201211-1000UA.job

[2012/09/21 10:41:22 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd

[2012/09/21 10:40:52 | 000,190,976 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL

[2012/09/21 10:40:52 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2012/09/21 10:40:52 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL

[2012/09/21 10:40:52 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2012/09/21 10:40:52 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc

[2012/09/21 06:19:51 | 000,068,096 | ---- | C] () -- C:\Windows\SysWow64\CNC1754D.TBL

[2012/09/21 06:19:51 | 000,068,096 | ---- | C] () -- C:\Windows\SysNative\CNC1754D.TBL

[2012/09/21 06:19:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2012/09/21 05:45:02 | 000,001,154 | ---- | C] () -- J:\Windows Files\Start Menu\Programs\magicJack.lnk

[2012/09/21 05:36:09 | 000,000,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CaptureWiz.lnk

[2012/09/21 05:18:34 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2012/09/21 05:18:29 | 000,035,491 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2012/09/21 05:12:59 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin

[2012/09/21 05:12:48 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb

[2012/09/21 05:02:01 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din

[2012/09/21 05:01:28 | 000,003,114 | ---- | C] () -- C:\Windows\SysNative\e1c62x64.din

[2012/09/21 04:43:41 | 000,383,786 | RHS- | C] () -- C:\bootmgr

[2012/09/21 04:43:41 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK

[2012/09/21 03:57:09 | 000,001,413 | ---- | C] () -- J:\Windows Files\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2012/09/21 03:57:07 | 000,001,447 | ---- | C] () -- J:\Windows Files\Start Menu\Programs\Internet Explorer.lnk

[2012/09/21 03:44:46 | 4214,075,390 | -HS- | C] () -- C:\hiberfil.sys

[2012/09/20 20:00:57 | 000,000,290 | ---- | C] () -- J:\Windows Files\Desktop\Apache FIles Vice.URL

[2012/09/20 08:10:29 | 000,003,073 | ---- | C] () -- J:\Windows Files\Desktop\Macrium Reflect.lnk

[2012/09/19 12:11:45 | 000,008,580 | ---- | C] () -- D:\Documents\DesktopOK_2012-09-19_2-11-43 PM_3600x1364.dok

[2012/09/19 11:45:34 | 105,711,015 | ---- | C] () -- D:\Documents\Thunderbird - 2012-09-19.pcv

[2012/09/19 08:26:44 | 000,008,694 | ---- | C] () -- D:\Documents\DesktopOK_2012-09-19_10-26-41 AM_3600x1364.dok

[2012/09/19 04:03:04 | 000,001,983 | ---- | C] () -- J:\Windows Files\Desktop\System Mechanic Professional.lnk

[2012/09/18 21:03:06 | 000,001,190 | ---- | C] () -- J:\Windows Files\Desktop\DrivePurge.exe.lnk

[2012/09/18 19:40:21 | 000,445,291 | ---- | C] () -- J:\Windows Files\Desktop\ENG_CD_1825136_A4.pdf

[2012/09/18 19:35:24 | 000,079,052 | ---- | C] () -- J:\Windows Files\Desktop\MS-100443.pdf

[2012/09/18 19:28:39 | 000,000,189 | ---- | C] () -- J:\Windows Files\Desktop\Micro Switch Toggle Switch SPST On-Off 10A-277VAC - 20A-115VAC 3-4HP - eBay.url

[2012/09/18 19:14:18 | 000,000,164 | ---- | C] () -- J:\Windows Files\Desktop\6 inch 150mm LCD Digital Vernier Caliper Microme-ter Guage - eBay.url

[2012/09/18 19:07:05 | 000,000,173 | ---- | C] () -- J:\Windows Files\Desktop\High-Accuracy 6- 150 mm Digital LCD CALIPER VERNIER GAUGE MICROMETER - eBay.url

[2012/09/18 17:10:57 | 000,000,157 | ---- | C] () -- J:\Windows Files\Desktop\WL Toys V929 Beetle 4CH Quadcopter Mini UFO RTF - eBay.url

[2012/09/18 15:24:05 | 000,000,153 | ---- | C] () -- J:\Windows Files\Desktop\F03334 WL V929 4CH 2.4GHz 3D Fly 4 Rotor RC Helicopter Ladybird Quadcopter BNF No transmitter(Bind with V911 TX) + Free shipping-in RC Helicopters from Toys & Hobbies on Aliexpress.com.url

[2012/09/18 06:00:50 | 000,050,477 | ---- | C] () -- J:\Windows Files\Desktop\Defogger.exe

[2012/09/17 19:51:09 | 000,000,184 | ---- | C] () -- J:\Windows Files\Desktop\RealFlight G2 rc heli airplane simulator USB interlink controller by Futaba - eBay.url

[2012/09/17 15:42:43 | 000,000,837 | ---- | C] () -- J:\Windows Files\Desktop\ActiveSMART.lnk

[2012/09/17 14:25:27 | 000,009,012 | ---- | C] () -- D:\Documents\DesktopOK_2012-09-17_4-25-24 PM_3600x1364.dok

[2012/09/16 08:49:30 | 000,000,887 | ---- | C] () -- J:\Windows Files\Start Menu\Programs\Startup\DiskCheckup.lnk

[2012/09/16 00:45:19 | 001,403,127 | ---- | C] () -- D:\Documents\Runner.zip

[2012/09/15 07:09:04 | 000,000,770 | ---- | C] () -- J:\Windows Files\Start Menu\Programs\Startup\Kremlin Sentry.lnk

[2012/09/14 22:33:11 | 000,000,126 | ---- | C] () -- J:\Windows Files\Desktop\Camera China.url

[2012/09/14 04:08:32 | 000,000,115 | ---- | C] () -- J:\Windows Files\Desktop\2 Batteries eBay.url

[2012/09/12 20:01:03 | 000,000,126 | ---- | C] () -- J:\Windows Files\Desktop\2.5 to 3.5 China.url

[2012/09/12 19:59:08 | 000,000,127 | ---- | C] () -- J:\Windows Files\Desktop\2 S107 Batteries China.url

[2012/09/12 19:57:23 | 000,000,126 | ---- | C] () -- J:\Windows Files\Desktop\Modem China.url

[2012/09/12 04:54:33 | 000,000,183 | ---- | C] () -- J:\Windows Files\Desktop\Air Hogs Defender Micro R-C Remote Control Plane MINT ~ SUPER FAST SHIPPING ! - eBay.url

[2012/09/12 01:18:00 | 000,000,772 | ---- | C] () -- J:\Windows Files\Desktop\Advanced Call Center.lnk

[2012/09/11 16:57:44 | 000,000,102 | ---- | C] () -- J:\Windows Files\Desktop\real flight - eBay.url

[2012/09/10 22:45:12 | 000,001,839 | ---- | C] () -- J:\Windows Files\Desktop\Call Soft Pro.lnk

[2012/09/10 22:33:38 | 000,000,123 | ---- | C] () -- J:\Windows Files\Desktop\Gadgets Sporting Goods, Cell Phone Accessories items in bestservice store on eBay!.url

[2012/09/10 14:00:25 | 000,432,492 | ---- | C] () -- D:\Documents\Ashton Calendar.el4

[2012/09/09 09:35:24 | 000,000,321 | ---- | C] () -- J:\Windows Files\Desktop\Useful Flight Simulator Cable-USB Dongle 4 JR FUTABA Eflite DX6i DX7 Transmitter - eBay.url

[2012/09/09 05:00:32 | 000,689,161 | ---- | C] () -- D:\Documents\Glasses Prescription Bob Sept 2012_0001.jpg

[2012/09/05 17:10:27 | 000,000,087 | ---- | C] () -- J:\Windows Files\Desktop\Skin Retouching Photoshop Tutorial - YouTube.url

[2012/09/04 06:43:27 | 000,541,082 | ---- | C] () -- D:\Documents\Bank Data.jpg

[2012/09/02 19:54:46 | 000,005,489 | ---- | C] () -- J:\Windows Files\Desktop\190685812914_1.jpg

[2012/08/26 21:39:04 | 000,000,430 | ---- | C] () -- J:\Windows Files\Desktop\Desktop.lnk

[2012/08/26 03:44:42 | 000,000,000 | ---- | C] () -- D:\Documents\bob

[2012/08/13 06:36:01 | 000,000,132 | ---- | C] () -- J:\Windows Files\Appllication Data\Adobe GIF Format CS6 Prefs

[2012/07/13 00:57:51 | 000,000,132 | ---- | C] () -- J:\Windows Files\Appllication Data\Adobe PNG Format CS6 Prefs

[2012/06/20 11:25:07 | 000,000,431 | ---- | C] () -- J:\Windows Files\Appllication Data\Drives Monitor_Settings.ini

[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2012/03/19 23:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2012/03/12 06:29:03 | 000,035,328 | ---- | C] () -- J:\Windows Files\Common FIles x86\GRTI.dll

[2012/03/03 19:55:13 | 000,000,384 | ---- | C] () -- J:\Windows Files\Appllication Data\editplus_u.ini

[2012/02/17 06:35:48 | 000,001,386 | ---- | C] () -- J:\Windows Files\Appllication Data\systemFP.$dk

[2012/02/16 23:16:33 | 000,000,990 | -HS- | C] () -- J:\Windows Files\Appllication Data\systemfl.$dk

[2012/01/01 20:29:36 | 000,000,412 | ---- | C] () -- J:\Windows Files\Appllication Data\All CPU Meter_Settings.ini

[2011/12/12 16:24:37 | 000,009,327 | ---- | C] () -- J:\Windows Files\Appllication Data\Comma Separated Values (Windows).EML

[2011/10/17 11:42:16 | 000,001,403 | ---- | C] () -- J:\Windows Files\Appllication Data\MQPreset.ini

[2011/10/17 11:42:16 | 000,000,272 | ---- | C] () -- J:\Windows Files\Appllication Data\Multique.ini

[2011/09/28 13:49:45 | 000,075,776 | ---- | C] () -- J:\Windows Files\Appllication Data\chrtmp

[2011/09/28 13:49:45 | 000,001,115 | ---- | C] () -- J:\Windows Files\Appllication Data\SAS7_000.DAT

[2011/09/28 13:49:45 | 000,000,294 | ---- | C] () -- J:\Windows Files\Appllication Data\InkSaveHook.ini

[2011/09/28 13:49:45 | 000,000,132 | ---- | C] () -- J:\Windows Files\Appllication Data\Adobe Targa Format CS5 Prefs

[2011/09/28 13:49:45 | 000,000,132 | ---- | C] () -- J:\Windows Files\Appllication Data\Adobe PNG Format CS5 Prefs

[2011/09/28 13:49:45 | 000,000,132 | ---- | C] () -- J:\Windows Files\Appllication Data\Adobe GIF Format CS5 Prefs

[2011/09/28 13:49:45 | 000,000,132 | ---- | C] () -- J:\Windows Files\Appllication Data\Adobe BMP Format CS5 Prefs

[2011/09/28 13:49:45 | 000,000,022 | -HS- | C] () -- J:\Windows Files\Appllication Data\Sys2662.Config.Repository.bin

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x86 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

ESET Smart Security 5.0

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

TuneUp Utilities 2012

AVG PC Tuneup

TuneUp Utilities Language Pack (en-US)

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

WinPatrol winpatrol.exe

ESET NOD32 Antivirus egui.exe

ESET NOD32 Antivirus ekrn.exe

WinPatrol WinPatrol.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

I am trying hard to do everything correctly.

Link to post
Share on other sites

rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a new reply.

2

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Put a check next to all of these and uncheck the rest: (if found)
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1)
  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Re-Enable your antivirus when all done.

Edited by Maurice Naggar
Link to post
Share on other sites

Under the Registry tab, none of the items you mention show up in the console so I am not able to delete them. I do see the following in the RKreport.txt file though:

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Here is the RK report.txt file:

RogueKiller V8.0.4 [09/19/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : robert [Admin rights]

Mode : Scan -- Date : 09/22/2012 20:52:50

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] magicJack.exe -- J:\Windows Files\Appllication Data\mjusbsp\magicJack.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 14 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : cdloader ("J:\Windows Files\Appllication Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1141580518-2314498541-1711201211-1000[...]\Run : cdloader ("J:\Windows Files\Appllication Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

[services][bLPATH] HKLM\[...]\ControlSet001\Services\MBAMScheduler ("\mbamscheduler.exe") -> FOUND

[services][bLPATH] HKLM\[...]\ControlSet001\Services\MBAMService ("\mbamservice.exe") -> FOUND

[services][bLPATH] HKLM\[...]\ControlSet002\Services\MBAMScheduler ("\mbamscheduler.exe") -> FOUND

[services][bLPATH] HKLM\[...]\ControlSet002\Services\MBAMService ("\mbamservice.exe") -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 secure.tune-up.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3750330AS +++++

--- User ---

[MBR] 2e12d1aeb4bc52ffe2dcc4687d56da48

[bSP] d92268c0d81714cec0ead1bb40b4a063 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 357705 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 732580065 | Size: 357697 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST3320620AS +++++

--- User ---

[MBR] 54e979af4e35517759db3c8041ab4cd0

[bSP] f4256a7715b85f59bd2c25aa80a51eaa : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 102399 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 209714463 | Size: 102894 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 420441903 | Size: 99948 Mo

3 - [XXXXXX] UNKNOWN (0xdf) [VISIBLE] Offset (sectors): 625137664 | Size: 2 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: OCZ-VERTEX2 +++++

--- User ---

[MBR] 5f88795659d9e94ab8a86330dc6af616

[bSP] 573e7fd742518bd894eeefd6ec784334 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 57240 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive3: ST31500341AS +++++

--- User ---

[MBR] 55525264c9e0867c3d264e8592dacc64

[bSP] 2fd5b4f32e44b54ae15096a767743a5e : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 712523 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1459248210 | Size: 718273 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

Link to post
Share on other sites

Turn off your antivirus and also Winpatrol

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

:excl: When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply. :excl:

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Link to post
Share on other sites

Rkill 2.4.3 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/23/2012 08:20:40 AM in x64 mode.

Windows Version: Windows 7 Enterprise Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

Program finished at: 09/23/2012 08:20:44 AM

Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)

Link to post
Share on other sites

I have not been able to pin any particular 'malware' as the one causing the issue.

I am glad that SFC works.

It is a very good investment to run a Full scan with MBAM. Please do so.

Save and close any work documents, close any apps that you started.

Temporarily turn off your antivirus.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the latest MBAM scan log for review.

Lastly, re-enable your antivirus program.

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.22.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

robert :: ROBERTPC [administrator]

Protection: Disabled

9/23/2012 2:39:55 PM

mbam-log-2012-09-23 (16-26-52).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 1044251

Time elapsed: 1 hour(s), 45 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 3

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYBRYTE (PUP.PlayBryte) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> No action taken.

HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> No action taken.

Registry Values Detected: 2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|playbrytetoolbar_Playbryte (PUP.PlayBryte) -> Data: -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte|Publisher (PUP.PlayBryte) -> Data: Playbryte -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(end)

Link to post
Share on other sites

Next, do the following:

Step 1

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    recycler /alldrives
    :reg
    [-HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYBRYTE]
    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}]
    [-HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}]
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform]
    "playbrytetoolbar_Playbryte "=-
    :Commands
    [purity]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [EMPTYFLASH]
    [emptyjava]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Edited by Maurice Naggar
Link to post
Share on other sites

Run RKILL, then try just 1 more time to run DrWeb Cure-it

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

:excl: When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply. :excl:

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

also copy & Paste the contents of the _OTL MovedFiles log for my review

Link to post
Share on other sites

The "not a valid Win32" error was caused by a corrupted download. I downloaded Dr Web again and had no trouble running it. However the UI has changed. I believe I accomplished what you advised.

All processes killed

========== PROCESSES ==========

========== FILES ==========

recycler not found in C:\

D:\RECYCLER\S-1-5-18 folder moved successfully.

D:\RECYCLER folder moved successfully.

recycler not found in E:\

recycler not found in F:\

recycler not found in G:\

recycler not found in H:\

recycler not found in I:\

recycler not found in J:\

recycler not found in N:\

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYBRYTE\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}\ not found.

Registry key HKEY_CLASSES_ROOT\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte)\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\\playbrytetoolbar_Playbryte not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: robert

->Temporary Internet Files folder emptied: 3754906 bytes

User: UpdatusUser

->Temporary Internet Files folder emptied: 0 bytes

User: UpdatusUser.robertPC

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 35496 bytes

Session Manager Temp folder emptied: 69398741 bytes

Session Manager Tmp folder emptied: 525 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 94224152 bytes

Total Files Cleaned = 160.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: robert

User: UpdatusUser

User: UpdatusUser.robertPC

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: robert

User: UpdatusUser

User: UpdatusUser.robertPC

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.65.1 log created on 09232012_192250

Files\Folders moved on Reboot...

f:\temp\FXSAPIDebugLogFile.txt moved successfully.

f:\temp\FXSTIFFDebugLogFile.txt moved successfully.

f:\temp\VGX903D.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

The "not a valid Win32" error was caused by a corrupted download. I downloaded Dr Web again and had no trouble running it. However the UI has changed. I believe I accomplished what you advised.

All processes killed

========== PROCESSES ==========

========== FILES ==========

recycler not found in C:\

D:\RECYCLER\S-1-5-18 folder moved successfully.

D:\RECYCLER folder moved successfully.

recycler not found in E:\

recycler not found in F:\

recycler not found in G:\

recycler not found in H:\

recycler not found in I:\

recycler not found in J:\

recycler not found in N:\

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYBRYTE\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}\ not found.

Registry key HKEY_CLASSES_ROOT\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte)\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\\playbrytetoolbar_Playbryte not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: robert

->Temporary Internet Files folder emptied: 3754906 bytes

User: UpdatusUser

->Temporary Internet Files folder emptied: 0 bytes

User: UpdatusUser.robertPC

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 35496 bytes

Session Manager Temp folder emptied: 69398741 bytes

Session Manager Tmp folder emptied: 525 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 94224152 bytes

Total Files Cleaned = 160.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: robert

User: UpdatusUser

User: UpdatusUser.robertPC

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: robert

User: UpdatusUser

User: UpdatusUser.robertPC

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.65.1 log created on 09232012_192250

Files\Folders moved on Reboot...

f:\temp\FXSAPIDebugLogFile.txt moved successfully.

f:\temp\FXSTIFFDebugLogFile.txt moved successfully.

f:\temp\VGX903D.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

If that log is 150 MB, obviously that is super huge. You sure it is not 150 KB ?

Is it possible to just get the "totals" summary from the end?

In any event, I suggest an online scan at ESET:

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:

{Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}

  • Press the ESET Online scanner" button
  • Check the I accept the terms box. Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Un-check the Remove found threats option.
  • Checkmark Scan Archives option.
  • Click on Advanced Settings and checkmark the following
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology
    click Scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/...c4.php?page=faq[*]Use of Internet Explorer for the online scan is preferred. If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

After the scan is done, re-enable your antivirus program.

Reply with copy of the Eset scan log.

Step 2

Save and close any work documents, close any apps that you started.

Temporarily turn off your antivirus.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the latest MBAM scan log for review.

Lastly, re-enable your antivirus program.

Link to post
Share on other sites

The file is definitely 150 MB, Maurice. The scan took over 6 hours. I have a lot of stuff on my computer. Following is the summary you requested.

-----------------------------------------------------------------------------

Scan statistics

-----------------------------------------------------------------------------

Scanned: 1396225

Infected: 8

Modifications: 0

Suspicious: 0

Adware: 20

Dialers: 0

Jokes: 0

Riskware: 3

Hacktools: 6

Cured: 0

Deleted: 7

Renamed: 0

Moved: 1

Ignored: 0

Scan speed: 28 Kb/s

Scan time: 6:12:51

-----------------------------------------------------------------------------

D:\Config.Msi\4d9bda.rbf - moved

D:\Util\AudioConverter\AudioConverter.exe - moved

D:\Util\Dll-Files.com Fixer\CleanSchedule.exe - moved

D:\Util\Dll-Files.com Fixer\DLLFixer.exe - moved

D:\Util\nirsoft_package_1.11.09\NirSoft\livecontactsview.exe - moved

D:\Util\nirsoft_package_1.11.09\NirSoft\lsasecretsdump.exe - moved

D:\Util\nirsoft_package_1.11.09\NirSoft\mzcv.exe - moved

D:\Util\nirsoft_package_1.11.09\NirSoft\routerpassview.exe - moved

D:\Util\nirsoft_package_1.11.09\NirSoft\smsniff.exe - moved

I:\Downloads\Brothersoft_downloader_For_ClearView_RC_Flight_Simulator.exe - moved

I:\Downloads\Usenext\wizard\SlySoft AnyDVD HD v7.0.4.0 Final Multilanguage Win\Fox Killer v8.exe - moved

J:\Burn\Hosts File Editor hosts-setup_exe.exe - moved

J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\adblockplus\extensions\ffxtlbr@funmoods.com\install.rdf - moved

J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\adblockplus\extensions\ffxtlbr@funmoods.com\content\funmoods.xul - moved

J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\bookmarkbackups\extensions\ffxtlbr@funmoods.com\install.rdf - moved

J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\bookmarkbackups\extensions\ffxtlbr@funmoods.com\content\funmoods.xul - moved

J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\install.rdf - moved

J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\funmoods.xul - moved

J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\jumpListCache\extensions\ffxtlbr@funmoods.com\install.rdf - moved

J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\jumpListCache\extensions\ffxtlbr@funmoods.com\content\funmoods.xul - moved

J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\minidumps\extensions\ffxtlbr@funmoods.com\install.rdf - moved

J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\minidumps\extensions\ffxtlbr@funmoods.com\content\funmoods.xul - moved

J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\startupCache\extensions\ffxtlbr@funmoods.com\install.rdf - moved

J:\Windows Files\Appllication Data\Mozilla\Firefox\Profiles\startupCache\extensions\ffxtlbr@funmoods.com\content\funmoods.xul - moved

=============================================================================

Total session statistics

=============================================================================

Scanned: 1441716

Infected: 8

Modifications: 0

Suspicious: 0

Adware: 20

Dialers: 0

Jokes: 0

Riskware: 3

Hacktools: 6

Cured: 0

Deleted: 7

Renamed: 0

Moved: 25

Ignored: 0

Scan speed: 124 Kb/s

Scan time: 6:13:43

=============================================================================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.