Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Malware Infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Malware Infection

Unread postby Cas34 » April 22nd, 2012, 2:01 pm

Hi again,

First I would like to appologise for missing the first reply I received in my previous thread:

viewtopic.php?f=12&t=59473

As advised in that thread I have copied both DDS logs below:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27
Run by Computa at 18:52:56 on 2012-04-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4094.2402 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\a-squared Free\a2service.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
C:\Windows\DAODx.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\Computa\AppData\Local\Apps\2.0\YCM3B03Q.QRL\T27JK5PO.0E1\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
E:\Key Pass\KeePass.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Sandboxie\SandboxieCrypto.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Computa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Computa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DIARYM~2.LNK - E:\Programs\Application\Files\TestMasterDiary.exe
StartupFolder: C:\Users\Computa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DIARYM~1.LNK - C:\Users\Computa\AppData\Roaming\Microsoft\Installer\{F6FAAF2F-3DAD-4BCA-9F0B-08271A13DE6F}\_CDE5361904BA7B121B3A6F.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A3E7D795-95FF-418A-B054-7B8AB5451598} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun-x64: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Computa\AppData\Roaming\Mozilla\Firefox\Profiles\v51wapug.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m ... g+Lucky&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 a2free;a-squared Free Service;C:\Program Files (x86)\a-squared Free\a2service.exe [2010-7-27 1872320]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-7-27 96896]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-27 1153368]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-7-4 139880]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-1-30 103992]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-1-30 123960]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-21 20:42:46 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03299DE4-1421-4F7D-9EA4-D479EDA9A255}\mpengine.dll
2012-04-04 21:18:23 -------- d-----w- C:\Users\Computa\AppData\Roaming\Dev-Cpp
2012-04-04 21:02:35 -------- d-----w- C:\Program Files (x86)\Dev-Cpp
2012-04-03 12:06:49 -------- d-----w- C:\Users\Computa\AppData\Local\PerfWatson
2012-04-03 12:04:36 2470080 ----a-w- C:\ProgramData\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-04-03 12:00:16 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-04-03 12:00:14 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-03 11:56:11 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2012-04-03 11:55:53 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-04-03 11:55:52 -------- d-----w- C:\Program Files\Microsoft
2012-04-03 11:55:36 -------- d-----w- C:\Program Files\IIS
2012-04-03 11:55:35 -------- d-----w- C:\Program Files (x86)\IIS
2012-04-03 11:54:36 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-04-03 11:45:57 -------- d-----w- C:\Windows\SysWow64\1033
2012-04-03 11:45:41 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-04-03 11:45:41 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-04-03 11:34:49 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 11.0
2012-04-03 11:34:37 -------- d-----w- C:\Windows\System32\1033
2012-04-03 11:33:41 -------- d-----w- C:\ProgramData\Package Cache
2012-04-03 10:26:26 -------- d-----w- C:\Users\Computa\AppData\Roaming\codeblocks
2012-04-03 09:58:37 98304 ----a-r- C:\Users\Computa\AppData\Roaming\Microsoft\Installer\{2E295B5B-1AD4-4D36-97C2-A316084722CF}\python_icon.exe
2012-04-03 09:58:27 -------- d-----w- C:\Python27
.
==================== Find3M ====================
.
2012-02-26 19:47:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-14 02:43:06 275024 ----a-w- C:\Windows\SysWow64\vsjitdebugger.exe
2012-02-14 02:43:06 219200 ----a-w- C:\Windows\SysWow64\VSPerf110.dll
2012-02-14 02:43:06 175176 ----a-w- C:\Windows\SysWow64\VSCover110.dll
2012-02-13 23:30:56 252480 ----a-w- C:\Windows\System32\VSPerf110.dll
2012-02-13 23:30:56 190024 ----a-w- C:\Windows\System32\VSCover110.dll
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-30 17:59:44 860760 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2012-01-30 17:59:44 505432 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2012-01-30 17:59:44 27736 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2012-01-30 17:44:38 857176 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2012-01-30 17:44:38 621656 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
2012-01-30 17:44:38 29784 ----a-w- C:\Windows\System32\aspnet_counters.dll
.
============= FINISH: 18:53:32.90 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 27/07/2010 22:37:29
System Uptime: 22/04/2012 18:39:41 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A87TD EVO
Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 78 GiB total, 10.137 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 35.81 GiB free.
E: is FIXED (NTFS) - 814 GiB total, 742.559 GiB free.
F: is CDROM (CDFS)
G: is FIXED (NTFS) - 466 GiB total, 387.751 GiB free.
H: is FIXED (NTFS) - 932 GiB total, 255.287 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\FFFFFFFFFFFFFFFF00
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\FFFFFFFFFFFFFFFF00
Service:
.
==== System Restore Points ===================
.
RP439: 21/04/2012 21:42:26 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
a-squared Free 4.5
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help English
Curse Client
Dev-C++
DivX Setup
Driving Test Master
EPU
erLT
ERUNT 1.1j
Exact Audio Copy 0.99pb5
Express Gate
foobar2000 v1.0.3
Football Manager 2009
HydraVision
Java Auto Updater
Java(TM) 6 Update 27
Logitech SetPoint
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Beta Multi-Targeting Pack
Microsoft ASP.NET MVC 3
Microsoft ASP.NET Web Pages
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5 SDK
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Management Objects RC0
Microsoft SQL Server 2012 T-SQL Language Service RC0
Microsoft SQL Server Data Tools Build Utilities Mar 2012
Microsoft System CLR Types for SQL Server 2012 RC0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 11 SharePoint Developer Tools Beta enu Language Pack
Microsoft Web Deploy dbSqlPackage Provider Nov 2011
Microsoft(R) SQL Server Data Tools, RC0 - enu
Mozilla Firefox 4.0.1 (x86 en-GB)
Mumble 1.2.3
Platform
Prerequisites for SSDT RC0
Python 2.7.2
Realtek Ethernet Controller Driver For Windows 7
Revo Uninstaller 1.89
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.3
Spybot - Search & Destroy
SQL Server Data Framework Tools
STDU Viewer version 1.5.427.0
Steam
TurboV EVO
Ubuntu
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2553110)
VC80CRTRedist - 8.0.50727.4053
VIA Platform Device Manager
VLC media player 1.1.1
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
22/04/2012 00:07:14, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
21/04/2012 22:32:46, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {F706B4B5-72BC-49D5-967C-05194FA83446} and APPID {F706B4B5-72BC-49D5-967C-05194FA83446} to the user Computa-PC\Computa SID (S-1-5-21-3986575112-1917475841-2936605180-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
21/04/2012 21:33:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
21/04/2012 21:33:01, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/04/2012 16:43:01, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
18/04/2012 10:13:37, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================

Not sure if it is still required but I shall answer the questions asked in my previous post.

I use Silverlight to run a world of warcraft additional program called Rawr which helps me maximise my characters stats.

I do not do any networking on this PC apart from linking up my home computers.

Recently I installed Visual Studio as I was looking for a C++ compiler but I did not like it and I thought Revo Unistaller had removed it from my PC. I am now using dev C++ to run my programs as I am in the process of refreshing the C++ programming I did at university.

I do not use this PC for any business, nor am I connected to any educational networks.
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm
Advertisement
Register to Remove

Re: Possible Malware Infection

Unread postby torreattack » April 23rd, 2012, 6:54 am

Checking your log, will reply soon.
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Possible Malware Infection

Unread postby torreattack » April 23rd, 2012, 9:51 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.



Hi Cas34 and welcome to Malware Removal :)

My name is torreattack, and I will be helping you with your malware problems.

I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer
Backup your data - Vista
Backup your data - windows 7


I saw you are having Erunt, let's create a System Restore Point with Erunt.

ERUNT - Emergency Recovery Utility NT
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  • Please navigate to Start >> All Programs >> ERUNT, then right click ERUNT and select "run as administrator" from the menu. If UAC prompts, please allow it.
  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!



Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.


I will return, as soon as possible, with additional instructions.

Thank you for your patience.
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Possible Malware Infection

Unread postby torreattack » April 23rd, 2012, 6:05 pm

Hi Cas34 :

Please create an backup with Erunt as instructed in previous post before proceed.

Let's dig more info.

1. TDSSKiller
Please download TDSSKiller.exe and save it to your Desktop.
  • Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


2. OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  • Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Under Output, ensure that Minimal Output is selected.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.


3. Checklist
Please post:
  • TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt
  • OTL.txt and Extra.txt
  • An update on your problems
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Possible Malware Infection

Unread postby Cas34 » April 25th, 2012, 4:18 am

09:04:42.0325 4940 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
09:04:42.0532 4940 ============================================================
09:04:42.0532 4940 Current date / time: 2012/04/25 09:04:42.0532
09:04:42.0532 4940 SystemInfo:
09:04:42.0532 4940
09:04:42.0532 4940 OS Version: 6.1.7601 ServicePack: 1.0
09:04:42.0532 4940 Product type: Workstation
09:04:42.0532 4940 ComputerName: COMPUTA-PC
09:04:42.0533 4940 UserName: Computa
09:04:42.0533 4940 Windows directory: C:\Windows
09:04:42.0533 4940 System windows directory: C:\Windows
09:04:42.0533 4940 Running under WOW64
09:04:42.0533 4940 Processor architecture: Intel x64
09:04:42.0533 4940 Number of processors: 4
09:04:42.0533 4940 Page size: 0x1000
09:04:42.0533 4940 Boot type: Normal boot
09:04:42.0533 4940 ============================================================
09:04:43.0396 4940 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:04:47.0246 4940 Drive \Device\Harddisk1\DR1 - Size: 0x7470C05E00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:04:56.0260 4940 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:04:56.0326 4940 ============================================================
09:04:56.0326 4940 \Device\Harddisk0\DR0:
09:04:56.0326 4940 MBR partitions:
09:04:56.0327 4940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
09:04:56.0337 4940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x4E1EDEC
09:04:56.0343 4940 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEA60981, BlocksNum 0x65CA117F
09:04:56.0343 4940 \Device\Harddisk1\DR1:
09:04:56.0459 4940 MBR partitions:
09:04:56.0459 4940 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C01
09:04:56.0459 4940 \Device\Harddisk2\DR2:
09:04:56.0522 4940 MBR partitions:
09:04:56.0522 4940 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
09:04:56.0522 4940 ============================================================
09:04:56.0531 4940 C: <-> \Device\Harddisk0\DR0\Partition0
09:04:56.0553 4940 D: <-> \Device\Harddisk0\DR0\Partition1
09:04:56.0566 4940 E: <-> \Device\Harddisk0\DR0\Partition2
09:04:56.0616 4940 G: <-> \Device\Harddisk1\DR1\Partition0
09:04:56.0646 4940 H: <-> \Device\Harddisk2\DR2\Partition0
09:04:56.0646 4940 ============================================================
09:04:56.0646 4940 Initialize success
09:04:56.0646 4940 ============================================================
09:05:05.0934 3524 ============================================================
09:05:05.0934 3524 Scan started
09:05:05.0934 3524 Mode: Manual;
09:05:05.0934 3524 ============================================================
09:05:06.0243 3524 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:05:06.0245 3524 1394ohci - ok
09:05:06.0339 3524 a2free (160270fb6706b45392b3c20753bef1a9) C:\Program Files (x86)\a-squared Free\a2service.exe
09:05:06.0356 3524 a2free - ok
09:05:06.0394 3524 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:05:06.0397 3524 ACPI - ok
09:05:06.0408 3524 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:05:06.0409 3524 AcpiPmi - ok
09:05:06.0459 3524 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:05:06.0470 3524 adp94xx - ok
09:05:06.0508 3524 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:05:06.0512 3524 adpahci - ok
09:05:06.0527 3524 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:05:06.0529 3524 adpu320 - ok
09:05:06.0555 3524 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:05:06.0556 3524 AeLookupSvc - ok
09:05:06.0587 3524 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
09:05:06.0593 3524 AFD - ok
09:05:06.0604 3524 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:05:06.0605 3524 agp440 - ok
09:05:06.0628 3524 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:05:06.0629 3524 ALG - ok
09:05:06.0643 3524 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:05:06.0644 3524 aliide - ok
09:05:06.0669 3524 AMD External Events Utility (0d3e12216d6f956f05b0b555d53d7abb) C:\Windows\system32\atiesrxx.exe
09:05:06.0672 3524 AMD External Events Utility - ok
09:05:06.0686 3524 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:05:06.0686 3524 amdide - ok
09:05:06.0703 3524 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:05:06.0705 3524 AmdK8 - ok
09:05:06.0722 3524 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:05:06.0723 3524 AmdPPM - ok
09:05:06.0756 3524 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
09:05:06.0758 3524 amdsata - ok
09:05:06.0786 3524 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:05:06.0789 3524 amdsbs - ok
09:05:06.0802 3524 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
09:05:06.0802 3524 amdxata - ok
09:05:06.0840 3524 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:05:06.0842 3524 AppID - ok
09:05:06.0856 3524 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:05:06.0858 3524 AppIDSvc - ok
09:05:06.0883 3524 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:05:06.0884 3524 Appinfo - ok
09:05:06.0910 3524 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
09:05:06.0912 3524 AppMgmt - ok
09:05:06.0928 3524 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:05:06.0930 3524 arc - ok
09:05:06.0943 3524 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:05:06.0945 3524 arcsas - ok
09:05:07.0014 3524 AsIO (a82c01606dc27d05d9d3bfb6bb807e32) C:\Windows\syswow64\drivers\AsIO.sys
09:05:07.0016 3524 AsIO - ok
09:05:07.0111 3524 aspnet_state (fa558b04f900ef9801534d20f24ff2bf) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:05:07.0113 3524 aspnet_state - ok
09:05:07.0159 3524 AsSysCtrlService (954ffbff05b0b60eb63b52af561436c4) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
09:05:07.0162 3524 AsSysCtrlService - ok
09:05:07.0195 3524 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:05:07.0196 3524 AsyncMac - ok
09:05:07.0209 3524 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:05:07.0209 3524 atapi - ok
09:05:07.0234 3524 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
09:05:07.0236 3524 AtiHdmiService - ok
09:05:07.0388 3524 atikmdag (79ceb8d4f25cabe69f3762c90f5b06b8) C:\Windows\system32\DRIVERS\atikmdag.sys
09:05:07.0446 3524 atikmdag - ok
09:05:07.0562 3524 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:05:07.0576 3524 AudioEndpointBuilder - ok
09:05:07.0586 3524 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:05:07.0590 3524 AudioSrv - ok
09:05:07.0621 3524 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:05:07.0623 3524 AxInstSV - ok
09:05:07.0686 3524 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:05:07.0696 3524 b06bdrv - ok
09:05:07.0722 3524 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:05:07.0726 3524 b57nd60a - ok
09:05:07.0755 3524 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:05:07.0757 3524 BDESVC - ok
09:05:07.0767 3524 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:05:07.0768 3524 Beep - ok
09:05:07.0826 3524 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:05:07.0834 3524 BFE - ok
09:05:07.0874 3524 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
09:05:07.0885 3524 BITS - ok
09:05:07.0905 3524 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:05:07.0906 3524 blbdrive - ok
09:05:07.0944 3524 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:05:07.0945 3524 bowser - ok
09:05:07.0955 3524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:05:07.0955 3524 BrFiltLo - ok
09:05:07.0959 3524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:05:07.0959 3524 BrFiltUp - ok
09:05:07.0986 3524 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:05:07.0989 3524 Browser - ok
09:05:08.0009 3524 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:05:08.0013 3524 Brserid - ok
09:05:08.0023 3524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:05:08.0024 3524 BrSerWdm - ok
09:05:08.0030 3524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:05:08.0030 3524 BrUsbMdm - ok
09:05:08.0037 3524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:05:08.0037 3524 BrUsbSer - ok
09:05:08.0050 3524 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:05:08.0052 3524 BTHMODEM - ok
09:05:08.0068 3524 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:05:08.0069 3524 bthserv - ok
09:05:08.0081 3524 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:05:08.0082 3524 cdfs - ok
09:05:08.0094 3524 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
09:05:08.0096 3524 cdrom - ok
09:05:08.0115 3524 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:05:08.0116 3524 CertPropSvc - ok
09:05:08.0130 3524 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:05:08.0131 3524 circlass - ok
09:05:08.0152 3524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:05:08.0155 3524 CLFS - ok
09:05:08.0217 3524 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:05:08.0220 3524 clr_optimization_v2.0.50727_32 - ok
09:05:08.0259 3524 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:05:08.0262 3524 clr_optimization_v2.0.50727_64 - ok
09:05:08.0327 3524 clr_optimization_v4.0.30319_32 (f53e15a89675b7489fabe74f2091568e) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:05:08.0331 3524 clr_optimization_v4.0.30319_32 - ok
09:05:08.0373 3524 clr_optimization_v4.0.30319_64 (101d397632b9007df13e9a957ea68e04) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:05:08.0376 3524 clr_optimization_v4.0.30319_64 - ok
09:05:08.0399 3524 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:05:08.0400 3524 CmBatt - ok
09:05:08.0410 3524 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:05:08.0411 3524 cmdide - ok
09:05:08.0446 3524 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
09:05:08.0451 3524 CNG - ok
09:05:08.0464 3524 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:05:08.0465 3524 Compbatt - ok
09:05:08.0481 3524 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:05:08.0482 3524 CompositeBus - ok
09:05:08.0488 3524 COMSysApp - ok
09:05:08.0497 3524 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:05:08.0498 3524 crcdisk - ok
09:05:08.0523 3524 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
09:05:08.0525 3524 CryptSvc - ok
09:05:08.0548 3524 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
09:05:08.0554 3524 CSC - ok
09:05:08.0581 3524 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
09:05:08.0589 3524 CscService - ok
09:05:08.0610 3524 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:05:08.0617 3524 DcomLaunch - ok
09:05:08.0644 3524 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:05:08.0648 3524 defragsvc - ok
09:05:08.0695 3524 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:05:08.0696 3524 DfsC - ok
09:05:08.0729 3524 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:05:08.0733 3524 Dhcp - ok
09:05:08.0740 3524 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:05:08.0741 3524 discache - ok
09:05:08.0764 3524 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:05:08.0765 3524 Disk - ok
09:05:08.0785 3524 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:05:08.0788 3524 Dnscache - ok
09:05:08.0816 3524 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:05:08.0820 3524 dot3svc - ok
09:05:08.0841 3524 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:05:08.0844 3524 DPS - ok
09:05:08.0873 3524 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:05:08.0874 3524 drmkaud - ok
09:05:08.0939 3524 DvmMDES (e5b95c75557120881076c45cd146d72c) C:\ASUS.SYS\config\DVMExportService.exe
09:05:08.0944 3524 DvmMDES - ok
09:05:09.0020 3524 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:05:09.0031 3524 DXGKrnl - ok
09:05:09.0049 3524 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:05:09.0051 3524 EapHost - ok
09:05:09.0141 3524 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:05:09.0171 3524 ebdrv - ok
09:05:09.0238 3524 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
09:05:09.0242 3524 EFS - ok
09:05:09.0309 3524 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:05:09.0324 3524 ehRecvr - ok
09:05:09.0351 3524 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:05:09.0355 3524 ehSched - ok
09:05:09.0421 3524 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:05:09.0433 3524 elxstor - ok
09:05:09.0459 3524 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:05:09.0460 3524 ErrDev - ok
09:05:09.0499 3524 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:05:09.0504 3524 EventSystem - ok
09:05:09.0520 3524 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:05:09.0523 3524 exfat - ok
09:05:09.0539 3524 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:05:09.0542 3524 fastfat - ok
09:05:09.0589 3524 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:05:09.0597 3524 Fax - ok
09:05:09.0613 3524 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:05:09.0614 3524 fdc - ok
09:05:09.0627 3524 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:05:09.0628 3524 fdPHost - ok
09:05:09.0641 3524 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:05:09.0642 3524 FDResPub - ok
09:05:09.0656 3524 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:05:09.0657 3524 FileInfo - ok
09:05:09.0663 3524 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:05:09.0664 3524 Filetrace - ok
09:05:09.0678 3524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:05:09.0679 3524 flpydisk - ok
09:05:09.0703 3524 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:05:09.0706 3524 FltMgr - ok
09:05:09.0747 3524 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
09:05:09.0760 3524 FontCache - ok
09:05:09.0825 3524 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:05:09.0827 3524 FontCache3.0.0.0 - ok
09:05:09.0841 3524 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:05:09.0843 3524 FsDepends - ok
09:05:09.0857 3524 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:05:09.0859 3524 Fs_Rec - ok
09:05:09.0886 3524 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:05:09.0888 3524 fvevol - ok
09:05:09.0921 3524 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:05:09.0924 3524 gagp30kx - ok
09:05:09.0963 3524 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:05:09.0972 3524 gpsvc - ok
09:05:09.0988 3524 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:05:09.0989 3524 hcw85cir - ok
09:05:10.0036 3524 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:05:10.0042 3524 HdAudAddService - ok
09:05:10.0067 3524 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:05:10.0069 3524 HDAudBus - ok
09:05:10.0082 3524 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:05:10.0083 3524 HidBatt - ok
09:05:10.0100 3524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:05:10.0101 3524 HidBth - ok
09:05:10.0116 3524 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:05:10.0118 3524 HidIr - ok
09:05:10.0131 3524 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
09:05:10.0133 3524 hidserv - ok
09:05:10.0150 3524 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
09:05:10.0151 3524 HidUsb - ok
09:05:10.0181 3524 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:05:10.0183 3524 hkmsvc - ok
09:05:10.0208 3524 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:05:10.0211 3524 HomeGroupListener - ok
09:05:10.0227 3524 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:05:10.0231 3524 HomeGroupProvider - ok
09:05:10.0246 3524 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:05:10.0247 3524 HpSAMD - ok
09:05:10.0300 3524 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:05:10.0313 3524 HTTP - ok
09:05:10.0328 3524 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:05:10.0329 3524 hwpolicy - ok
09:05:10.0346 3524 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:05:10.0347 3524 i8042prt - ok
09:05:10.0376 3524 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
09:05:10.0382 3524 iaStorV - ok
09:05:10.0487 3524 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:05:10.0498 3524 idsvc - ok
09:05:10.0525 3524 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:05:10.0526 3524 iirsp - ok
09:05:10.0555 3524 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:05:10.0565 3524 IKEEXT - ok
09:05:10.0580 3524 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:05:10.0581 3524 intelide - ok
09:05:10.0605 3524 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:05:10.0606 3524 intelppm - ok
09:05:10.0619 3524 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:05:10.0621 3524 IPBusEnum - ok
09:05:10.0647 3524 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:05:10.0648 3524 IpFilterDriver - ok
09:05:10.0676 3524 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:05:10.0683 3524 iphlpsvc - ok
09:05:10.0695 3524 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:05:10.0697 3524 IPMIDRV - ok
09:05:10.0710 3524 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:05:10.0712 3524 IPNAT - ok
09:05:10.0733 3524 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:05:10.0734 3524 IRENUM - ok
09:05:10.0742 3524 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:05:10.0743 3524 isapnp - ok
09:05:10.0762 3524 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:05:10.0765 3524 iScsiPrt - ok
09:05:10.0786 3524 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:05:10.0788 3524 kbdclass - ok
09:05:10.0815 3524 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:05:10.0816 3524 kbdhid - ok
09:05:10.0836 3524 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
09:05:10.0837 3524 KeyIso - ok
09:05:10.0852 3524 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
09:05:10.0853 3524 KSecDD - ok
09:05:10.0877 3524 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
09:05:10.0879 3524 KSecPkg - ok
09:05:10.0887 3524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:05:10.0888 3524 ksthunk - ok
09:05:10.0914 3524 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:05:10.0919 3524 KtmRm - ok
09:05:10.0938 3524 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
09:05:10.0943 3524 LanmanServer - ok
09:05:10.0965 3524 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:05:10.0968 3524 LanmanWorkstation - ok
09:05:11.0034 3524 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
09:05:11.0038 3524 LBTServ - ok
09:05:11.0083 3524 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:05:11.0086 3524 LHidFilt - ok
09:05:11.0111 3524 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:05:11.0114 3524 lltdio - ok
09:05:11.0136 3524 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:05:11.0141 3524 lltdsvc - ok
09:05:11.0151 3524 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:05:11.0152 3524 lmhosts - ok
09:05:11.0160 3524 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:05:11.0161 3524 LMouFilt - ok
09:05:11.0184 3524 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:05:11.0186 3524 LSI_FC - ok
09:05:11.0209 3524 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:05:11.0211 3524 LSI_SAS - ok
09:05:11.0220 3524 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:05:11.0221 3524 LSI_SAS2 - ok
09:05:11.0234 3524 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:05:11.0235 3524 LSI_SCSI - ok
09:05:11.0256 3524 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:05:11.0258 3524 luafv - ok
09:05:11.0281 3524 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
09:05:11.0282 3524 LUsbFilt - ok
09:05:11.0305 3524 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:05:11.0307 3524 Mcx2Svc - ok
09:05:11.0319 3524 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:05:11.0320 3524 megasas - ok
09:05:11.0338 3524 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:05:11.0341 3524 MegaSR - ok
09:05:11.0365 3524 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:05:11.0368 3524 MMCSS - ok
09:05:11.0372 3524 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:05:11.0373 3524 Modem - ok
09:05:11.0397 3524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:05:11.0397 3524 monitor - ok
09:05:11.0423 3524 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
09:05:11.0425 3524 mouclass - ok
09:05:11.0448 3524 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:05:11.0450 3524 mouhid - ok
09:05:11.0469 3524 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:05:11.0470 3524 mountmgr - ok
09:05:11.0511 3524 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
09:05:11.0515 3524 MpFilter - ok
09:05:11.0543 3524 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:05:11.0545 3524 mpio - ok
09:05:11.0567 3524 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
09:05:11.0568 3524 MpNWMon - ok
09:05:11.0578 3524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:05:11.0579 3524 mpsdrv - ok
09:05:11.0611 3524 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
09:05:11.0621 3524 MpsSvc - ok
09:05:11.0655 3524 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:05:11.0657 3524 MRxDAV - ok
09:05:11.0678 3524 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:05:11.0680 3524 mrxsmb - ok
09:05:11.0703 3524 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:05:11.0706 3524 mrxsmb10 - ok
09:05:11.0724 3524 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:05:11.0725 3524 mrxsmb20 - ok
09:05:11.0746 3524 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:05:11.0747 3524 msahci - ok
09:05:11.0787 3524 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:05:11.0791 3524 msdsm - ok
09:05:11.0812 3524 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:05:11.0818 3524 MSDTC - ok
09:05:11.0855 3524 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:05:11.0856 3524 Msfs - ok
09:05:11.0877 3524 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:05:11.0878 3524 mshidkmdf - ok
09:05:11.0903 3524 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:05:11.0903 3524 msisadrv - ok
09:05:11.0929 3524 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:05:11.0932 3524 MSiSCSI - ok
09:05:11.0935 3524 msiserver - ok
09:05:11.0960 3524 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:05:11.0961 3524 MSKSSRV - ok
09:05:12.0023 3524 MsMpSvc (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
09:05:12.0024 3524 MsMpSvc - ok
09:05:12.0046 3524 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:05:12.0048 3524 MSPCLOCK - ok
09:05:12.0061 3524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:05:12.0062 3524 MSPQM - ok
09:05:12.0089 3524 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:05:12.0093 3524 MsRPC - ok
09:05:12.0104 3524 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:05:12.0104 3524 mssmbios - ok
09:05:12.0113 3524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:05:12.0114 3524 MSTEE - ok
09:05:12.0119 3524 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:05:12.0120 3524 MTConfig - ok
09:05:12.0153 3524 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
09:05:12.0154 3524 MTsensor - ok
09:05:12.0179 3524 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:05:12.0180 3524 Mup - ok
09:05:12.0224 3524 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:05:12.0230 3524 napagent - ok
09:05:12.0255 3524 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:05:12.0259 3524 NativeWifiP - ok
09:05:12.0298 3524 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:05:12.0308 3524 NDIS - ok
09:05:12.0321 3524 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:05:12.0322 3524 NdisCap - ok
09:05:12.0345 3524 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:05:12.0346 3524 NdisTapi - ok
09:05:12.0369 3524 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:05:12.0370 3524 Ndisuio - ok
09:05:12.0399 3524 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:05:12.0401 3524 NdisWan - ok
09:05:12.0424 3524 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:05:12.0425 3524 NDProxy - ok
09:05:12.0438 3524 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:05:12.0438 3524 NetBIOS - ok
09:05:12.0453 3524 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:05:12.0456 3524 NetBT - ok
09:05:12.0483 3524 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
09:05:12.0484 3524 Netlogon - ok
09:05:12.0535 3524 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:05:12.0546 3524 Netman - ok
09:05:12.0641 3524 NetMsmqActivator (7e9228c814c0d0b551af9a114b7e0b16) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:05:12.0645 3524 NetMsmqActivator - ok
09:05:12.0654 3524 NetPipeActivator (7e9228c814c0d0b551af9a114b7e0b16) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:05:12.0657 3524 NetPipeActivator - ok
09:05:12.0686 3524 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:05:12.0692 3524 netprofm - ok
09:05:12.0696 3524 NetTcpActivator (7e9228c814c0d0b551af9a114b7e0b16) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:05:12.0698 3524 NetTcpActivator - ok
09:05:12.0701 3524 NetTcpPortSharing (7e9228c814c0d0b551af9a114b7e0b16) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:05:12.0702 3524 NetTcpPortSharing - ok
09:05:12.0746 3524 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:05:12.0748 3524 nfrd960 - ok
09:05:12.0786 3524 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:05:12.0789 3524 NisDrv - ok
09:05:12.0870 3524 NisSrv (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
09:05:12.0876 3524 NisSrv - ok
09:05:12.0915 3524 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:05:12.0924 3524 NlaSvc - ok
09:05:12.0941 3524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:05:12.0942 3524 Npfs - ok
09:05:12.0971 3524 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:05:12.0973 3524 nsi - ok
09:05:12.0984 3524 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:05:12.0985 3524 nsiproxy - ok
09:05:13.0039 3524 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
09:05:13.0054 3524 Ntfs - ok
09:05:13.0093 3524 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:05:13.0094 3524 Null - ok
09:05:13.0122 3524 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
09:05:13.0123 3524 nvraid - ok
09:05:13.0139 3524 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
09:05:13.0141 3524 nvstor - ok
09:05:13.0157 3524 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:05:13.0158 3524 nv_agp - ok
09:05:13.0238 3524 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:05:13.0247 3524 odserv - ok
09:05:13.0264 3524 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:05:13.0266 3524 ohci1394 - ok
09:05:13.0339 3524 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:05:13.0343 3524 ose - ok
09:05:13.0381 3524 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:05:13.0386 3524 p2pimsvc - ok
09:05:13.0406 3524 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:05:13.0413 3524 p2psvc - ok
09:05:13.0443 3524 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:05:13.0444 3524 Parport - ok
09:05:13.0466 3524 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:05:13.0466 3524 partmgr - ok
09:05:13.0480 3524 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:05:13.0484 3524 PcaSvc - ok
09:05:13.0501 3524 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:05:13.0503 3524 pci - ok
09:05:13.0510 3524 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:05:13.0511 3524 pciide - ok
09:05:13.0529 3524 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:05:13.0532 3524 pcmcia - ok
09:05:13.0547 3524 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:05:13.0548 3524 pcw - ok
09:05:13.0571 3524 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:05:13.0579 3524 PEAUTH - ok
09:05:13.0637 3524 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
09:05:13.0650 3524 PeerDistSvc - ok
09:05:13.0696 3524 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:05:13.0697 3524 PerfHost - ok
09:05:13.0795 3524 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:05:13.0811 3524 pla - ok
09:05:13.0839 3524 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:05:13.0844 3524 PlugPlay - ok
09:05:13.0860 3524 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:05:13.0862 3524 PNRPAutoReg - ok
09:05:13.0877 3524 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:05:13.0880 3524 PNRPsvc - ok
09:05:13.0901 3524 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:05:13.0906 3524 PolicyAgent - ok
09:05:13.0928 3524 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:05:13.0930 3524 Power - ok
09:05:13.0964 3524 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:05:13.0966 3524 PptpMiniport - ok
09:05:13.0986 3524 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:05:13.0987 3524 Processor - ok
09:05:14.0009 3524 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
09:05:14.0012 3524 ProfSvc - ok
09:05:14.0031 3524 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
09:05:14.0032 3524 ProtectedStorage - ok
09:05:14.0058 3524 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:05:14.0059 3524 Psched - ok
09:05:14.0102 3524 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:05:14.0116 3524 ql2300 - ok
09:05:14.0202 3524 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:05:14.0206 3524 ql40xx - ok
09:05:14.0231 3524 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:05:14.0236 3524 QWAVE - ok
09:05:14.0249 3524 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:05:14.0250 3524 QWAVEdrv - ok
09:05:14.0259 3524 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:05:14.0259 3524 RasAcd - ok
09:05:14.0279 3524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:05:14.0280 3524 RasAgileVpn - ok
09:05:14.0289 3524 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:05:14.0292 3524 RasAuto - ok
09:05:14.0305 3524 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:05:14.0307 3524 Rasl2tp - ok
09:05:14.0337 3524 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:05:14.0343 3524 RasMan - ok
09:05:14.0355 3524 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:05:14.0356 3524 RasPppoe - ok
09:05:14.0366 3524 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:05:14.0368 3524 RasSstp - ok
09:05:14.0395 3524 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:05:14.0399 3524 rdbss - ok
09:05:14.0423 3524 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:05:14.0424 3524 rdpbus - ok
09:05:14.0433 3524 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:05:14.0434 3524 RDPCDD - ok
09:05:14.0456 3524 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
09:05:14.0459 3524 RDPDR - ok
09:05:14.0472 3524 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:05:14.0473 3524 RDPENCDD - ok
09:05:14.0479 3524 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:05:14.0479 3524 RDPREFMP - ok
09:05:14.0502 3524 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
09:05:14.0505 3524 RDPWD - ok
09:05:14.0550 3524 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:05:14.0555 3524 rdyboost - ok
09:05:14.0584 3524 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:05:14.0587 3524 RemoteAccess - ok
09:05:14.0601 3524 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:05:14.0604 3524 RemoteRegistry - ok
09:05:14.0636 3524 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:05:14.0639 3524 RpcEptMapper - ok
09:05:14.0652 3524 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:05:14.0653 3524 RpcLocator - ok
09:05:14.0687 3524 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:05:14.0692 3524 RpcSs - ok
09:05:14.0702 3524 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:05:14.0704 3524 rspndr - ok
09:05:14.0744 3524 RTL8167 (8de1701afcc1855c6a9df28a25a0ef3e) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:05:14.0749 3524 RTL8167 - ok
09:05:14.0772 3524 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
09:05:14.0773 3524 s3cap - ok
09:05:14.0785 3524 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
09:05:14.0786 3524 SamSs - ok
09:05:14.0839 3524 SbieDrv (035dd5d74ed74de036113cae60fe55b3) C:\Program Files\Sandboxie\SbieDrv.sys
09:05:14.0843 3524 SbieDrv - ok
09:05:14.0862 3524 SbieSvc (6eee34e7f3c46c0111ee16db30d289d1) C:\Program Files\Sandboxie\SbieSvc.exe
09:05:14.0865 3524 SbieSvc - ok
09:05:14.0881 3524 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:05:14.0883 3524 sbp2port - ok
09:05:14.0962 3524 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
09:05:14.0973 3524 SBSDWSCService - ok
09:05:14.0990 3524 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:05:14.0993 3524 SCardSvr - ok
09:05:15.0039 3524 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:05:15.0041 3524 scfilter - ok
09:05:15.0108 3524 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:05:15.0123 3524 Schedule - ok
09:05:15.0152 3524 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:05:15.0153 3524 SCPolicySvc - ok
09:05:15.0182 3524 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:05:15.0185 3524 SDRSVC - ok
09:05:15.0202 3524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:05:15.0203 3524 secdrv - ok
09:05:15.0224 3524 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:05:15.0226 3524 seclogon - ok
09:05:15.0251 3524 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
09:05:15.0253 3524 SENS - ok
09:05:15.0265 3524 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:05:15.0267 3524 SensrSvc - ok
09:05:15.0289 3524 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:05:15.0290 3524 Serenum - ok
09:05:15.0315 3524 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:05:15.0317 3524 Serial - ok
09:05:15.0338 3524 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:05:15.0339 3524 sermouse - ok
09:05:15.0373 3524 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:05:15.0376 3524 SessionEnv - ok
09:05:15.0389 3524 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:05:15.0390 3524 sffdisk - ok
09:05:15.0397 3524 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:05:15.0398 3524 sffp_mmc - ok
09:05:15.0402 3524 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:05:15.0403 3524 sffp_sd - ok
09:05:15.0421 3524 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:05:15.0422 3524 sfloppy - ok
09:05:15.0450 3524 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:05:15.0455 3524 SharedAccess - ok
09:05:15.0483 3524 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:05:15.0489 3524 ShellHWDetection - ok
09:05:15.0506 3524 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:05:15.0507 3524 SiSRaid2 - ok
09:05:15.0519 3524 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:05:15.0520 3524 SiSRaid4 - ok
09:05:15.0548 3524 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:05:15.0550 3524 Smb - ok
09:05:15.0568 3524 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:05:15.0570 3524 SNMPTRAP - ok
09:05:15.0577 3524 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:05:15.0577 3524 spldr - ok
09:05:15.0604 3524 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:05:15.0612 3524 Spooler - ok
09:05:15.0708 3524 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:05:15.0742 3524 sppsvc - ok
09:05:15.0815 3524 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:05:15.0820 3524 sppuinotify - ok
09:05:15.0886 3524 SQLWriter (ca1d717d195ae57766699be76c915f21) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:05:15.0889 3524 SQLWriter - ok
09:05:15.0941 3524 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:05:15.0950 3524 srv - ok
09:05:15.0969 3524 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:05:15.0973 3524 srv2 - ok
09:05:15.0986 3524 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:05:15.0988 3524 srvnet - ok
09:05:16.0009 3524 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:05:16.0012 3524 SSDPSRV - ok
09:05:16.0022 3524 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:05:16.0025 3524 SstpSvc - ok
09:05:16.0049 3524 Steam Client Service - ok
09:05:16.0070 3524 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:05:16.0071 3524 stexstor - ok
09:05:16.0113 3524 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:05:16.0122 3524 stisvc - ok
09:05:16.0150 3524 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
09:05:16.0151 3524 storflt - ok
09:05:16.0172 3524 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
09:05:16.0174 3524 StorSvc - ok
09:05:16.0184 3524 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
09:05:16.0185 3524 storvsc - ok
09:05:16.0199 3524 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:05:16.0199 3524 swenum - ok
09:05:16.0227 3524 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:05:16.0234 3524 swprv - ok
09:05:16.0294 3524 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:05:16.0313 3524 SysMain - ok
09:05:16.0389 3524 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:05:16.0395 3524 TabletInputService - ok
09:05:16.0427 3524 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:05:16.0437 3524 TapiSrv - ok
09:05:16.0461 3524 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:05:16.0467 3524 TBS - ok
09:05:16.0561 3524 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
09:05:16.0582 3524 Tcpip - ok
09:05:16.0641 3524 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
09:05:16.0649 3524 TCPIP6 - ok
09:05:16.0689 3524 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:05:16.0690 3524 tcpipreg - ok
09:05:16.0710 3524 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:05:16.0711 3524 TDPIPE - ok
09:05:16.0722 3524 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:05:16.0723 3524 TDTCP - ok
09:05:16.0754 3524 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:05:16.0756 3524 tdx - ok
09:05:16.0775 3524 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:05:16.0776 3524 TermDD - ok
09:05:16.0806 3524 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:05:16.0814 3524 TermService - ok
09:05:16.0822 3524 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:05:16.0824 3524 Themes - ok
09:05:16.0854 3524 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:05:16.0858 3524 THREADORDER - ok
09:05:16.0877 3524 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:05:16.0884 3524 TrkWks - ok
09:05:16.0921 3524 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:05:16.0926 3524 TrustedInstaller - ok
09:05:16.0955 3524 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:05:16.0957 3524 tssecsrv - ok
09:05:16.0994 3524 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:05:16.0995 3524 TsUsbFlt - ok
09:05:17.0021 3524 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:05:17.0023 3524 tunnel - ok
09:05:17.0037 3524 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:05:17.0038 3524 uagp35 - ok
09:05:17.0065 3524 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:05:17.0069 3524 udfs - ok
09:05:17.0098 3524 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:05:17.0101 3524 UI0Detect - ok
09:05:17.0117 3524 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:05:17.0118 3524 uliagpkx - ok
09:05:17.0136 3524 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:05:17.0137 3524 umbus - ok
09:05:17.0145 3524 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:05:17.0146 3524 UmPass - ok
09:05:17.0168 3524 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
09:05:17.0172 3524 UmRdpService - ok
09:05:17.0195 3524 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:05:17.0200 3524 upnphost - ok
09:05:17.0216 3524 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
09:05:17.0218 3524 usbccgp - ok
09:05:17.0253 3524 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:05:17.0254 3524 usbcir - ok
09:05:17.0266 3524 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
09:05:17.0267 3524 usbehci - ok
09:05:17.0289 3524 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
09:05:17.0293 3524 usbhub - ok
09:05:17.0303 3524 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
09:05:17.0304 3524 usbohci - ok
09:05:17.0317 3524 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:05:17.0318 3524 usbprint - ok
09:05:17.0331 3524 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:05:17.0343 3524 USBSTOR - ok
09:05:17.0348 3524 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
09:05:17.0349 3524 usbuhci - ok
09:05:17.0370 3524 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:05:17.0372 3524 UxSms - ok
09:05:17.0393 3524 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
09:05:17.0393 3524 VaultSvc - ok
09:05:17.0397 3524 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:05:17.0398 3524 vdrvroot - ok
09:05:17.0429 3524 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:05:17.0435 3524 vds - ok
09:05:17.0451 3524 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:05:17.0452 3524 vga - ok
09:05:17.0464 3524 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:05:17.0465 3524 VgaSave - ok
09:05:17.0487 3524 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:05:17.0489 3524 vhdmp - ok
09:05:17.0549 3524 VIAHdAudAddService (dfdf7f9caa50ee72a633ea4bbd65a557) C:\Windows\system32\drivers\viahduaa.sys
09:05:17.0562 3524 VIAHdAudAddService - ok
09:05:17.0584 3524 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:05:17.0585 3524 viaide - ok
09:05:17.0602 3524 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
09:05:17.0604 3524 vmbus - ok
09:05:17.0618 3524 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
09:05:17.0619 3524 VMBusHID - ok
09:05:17.0629 3524 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:05:17.0630 3524 volmgr - ok
09:05:17.0660 3524 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:05:17.0664 3524 volmgrx - ok
09:05:17.0698 3524 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:05:17.0701 3524 volsnap - ok
09:05:17.0728 3524 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:05:17.0730 3524 vsmraid - ok
09:05:17.0780 3524 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:05:17.0796 3524 VSS - ok
09:05:17.0863 3524 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
09:05:17.0863 3524 vwifibus - ok
09:05:17.0897 3524 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:05:17.0902 3524 W32Time - ok
09:05:17.0924 3524 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:05:17.0925 3524 WacomPen - ok
09:05:17.0954 3524 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:05:17.0955 3524 WANARP - ok
09:05:17.0958 3524 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:05:17.0959 3524 Wanarpv6 - ok
09:05:18.0016 3524 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:05:18.0028 3524 WatAdminSvc - ok
09:05:18.0074 3524 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:05:18.0089 3524 wbengine - ok
09:05:18.0113 3524 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:05:18.0116 3524 WbioSrvc - ok
09:05:18.0144 3524 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:05:18.0149 3524 wcncsvc - ok
09:05:18.0162 3524 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:05:18.0164 3524 WcsPlugInService - ok
09:05:18.0176 3524 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:05:18.0177 3524 Wd - ok
09:05:18.0205 3524 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:05:18.0211 3524 Wdf01000 - ok
09:05:18.0225 3524 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:05:18.0228 3524 WdiServiceHost - ok
09:05:18.0230 3524 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:05:18.0231 3524 WdiSystemHost - ok
09:05:18.0259 3524 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:05:18.0262 3524 WebClient - ok
09:05:18.0283 3524 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:05:18.0287 3524 Wecsvc - ok
09:05:18.0292 3524 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:05:18.0294 3524 wercplsupport - ok
09:05:18.0313 3524 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:05:18.0315 3524 WerSvc - ok
09:05:18.0340 3524 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:05:18.0341 3524 WfpLwf - ok
09:05:18.0344 3524 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:05:18.0345 3524 WIMMount - ok
09:05:18.0374 3524 WinDefend - ok
09:05:18.0379 3524 WinHttpAutoProxySvc - ok
09:05:18.0420 3524 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:05:18.0422 3524 Winmgmt - ok
09:05:18.0484 3524 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:05:18.0503 3524 WinRM - ok
09:05:18.0553 3524 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:05:18.0563 3524 Wlansvc - ok
09:05:18.0582 3524 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:05:18.0583 3524 WmiAcpi - ok
09:05:18.0606 3524 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:05:18.0608 3524 wmiApSrv - ok
09:05:18.0626 3524 WMPNetworkSvc - ok
09:05:18.0636 3524 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:05:18.0638 3524 WPCSvc - ok
09:05:18.0663 3524 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:05:18.0665 3524 WPDBusEnum - ok
09:05:18.0674 3524 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:05:18.0675 3524 ws2ifsl - ok
09:05:18.0680 3524 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
09:05:18.0683 3524 wscsvc - ok
09:05:18.0685 3524 WSearch - ok
09:05:18.0742 3524 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
09:05:18.0765 3524 wuauserv - ok
09:05:18.0797 3524 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:05:18.0798 3524 WudfPf - ok
09:05:18.0821 3524 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:05:18.0823 3524 WUDFRd - ok
09:05:18.0840 3524 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:05:18.0842 3524 wudfsvc - ok
09:05:18.0857 3524 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:05:18.0860 3524 WwanSvc - ok
09:05:18.0874 3524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:05:18.0895 3524 \Device\Harddisk0\DR0 - ok
09:05:19.0185 3524 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
09:05:19.0257 3524 \Device\Harddisk1\DR1 - ok
09:05:19.0291 3524 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
09:05:19.0299 3524 \Device\Harddisk2\DR2 - ok
09:05:19.0306 3524 Boot (0x1200) (8652ac0d9e5c7529bc4fbcd7d0f5888a) \Device\Harddisk0\DR0\Partition0
09:05:19.0308 3524 \Device\Harddisk0\DR0\Partition0 - ok
09:05:19.0337 3524 Boot (0x1200) (e32c2652f0793175e9a8ef3f85d94e62) \Device\Harddisk0\DR0\Partition1
09:05:19.0340 3524 \Device\Harddisk0\DR0\Partition1 - ok
09:05:19.0360 3524 Boot (0x1200) (8837f4b6dba37a697ed921b3121f7504) \Device\Harddisk0\DR0\Partition2
09:05:19.0364 3524 \Device\Harddisk0\DR0\Partition2 - ok
09:05:19.0372 3524 Boot (0x1200) (c2f4d0be7726fb769610b5eb56a477e5) \Device\Harddisk1\DR1\Partition0
09:05:19.0375 3524 \Device\Harddisk1\DR1\Partition0 - ok
09:05:19.0379 3524 Boot (0x1200) (c014583bf30481c47ef5e5e9c21d4430) \Device\Harddisk2\DR2\Partition0
09:05:19.0382 3524 \Device\Harddisk2\DR2\Partition0 - ok
09:05:19.0382 3524 ============================================================
09:05:19.0382 3524 Scan finished
09:05:19.0382 3524 ============================================================
09:05:19.0424 4264 Detected object count: 0
09:05:19.0424 4264 Actual detected object count: 0
09:05:41.0798 4996 Deinitialize success
--------------------------------------
END
--------------------------------------
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm

Re: Possible Malware Infection

Unread postby Cas34 » April 25th, 2012, 4:19 am

OTL logfile created on: 25/04/2012 09:09:03 - Run 1
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Computa\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 54.19% Memory free
7.99 Gb Paging File | 5.59 Gb Available in Paging File | 69.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78.13 Gb Total Space | 10.44 Gb Free Space | 13.36% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 35.81 Gb Free Space | 91.68% Space Free | Partition Type: NTFS
Drive E: | 814.31 Gb Total Space | 742.56 Gb Free Space | 91.19% Space Free | Partition Type: NTFS
Drive F: | 6.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 465.76 Gb Total Space | 387.75 Gb Free Space | 83.25% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 255.29 Gb Free Space | 27.41% Space Free | Partition Type: NTFS

Computer Name: COMPUTA-PC | User Name: Computa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Computa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - E:\Key Pass\KeePass.exe (Dominik Reichl)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Mumble\mumble_ol.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\flashobj.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsusService.dll ()
MOD - C:\Windows\DAODx.exe ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (a2free) -- C:\Program Files (x86)\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3986575112-1917475841-2936605180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3986575112-1917475841-2936605180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3986575112-1917475841-2936605180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 BF 1F D2 B7 18 CD 01 [binary data]
IE - HKU\S-1-5-21-3986575112-1917475841-2936605180-1000\..\SearchScopes,DefaultScope = {C2B811B5-E60F-4DC1-9576-EDFA385F5459}
IE - HKU\S-1-5-21-3986575112-1917475841-2936605180-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3986575112-1917475841-2936605180-1000\..\SearchScopes\{C2B811B5-E60F-4DC1-9576-EDFA385F5459}: "URL" = http://uk.search.yahoo.com/search?fr=ch ... =937811&p={searchTerms}
IE - HKU\S-1-5-21-3986575112-1917475841-2936605180-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/06/10 20:08:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/06/10 20:08:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/14 11:15:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/26 20:48:00 | 000,000,000 | ---D | M]

[2010/07/27 23:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computa\AppData\Roaming\Mozilla\Extensions
[2012/02/26 21:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computa\AppData\Roaming\Mozilla\Firefox\Profiles\v51wapug.default\extensions
[2012/02/26 20:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/21 01:45:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/26 20:48:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/06/14 11:15:16 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/26 20:47:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/14 11:15:17 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/06/14 11:15:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/06/14 11:15:17 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/06/14 11:15:17 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/06/14 11:15:17 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/27 23:36:41 | 000,414,782 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 14320 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-3986575112-1917475841-2936605180-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\S-1-5-21-3986575112-1917475841-2936605180-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3986575112-1917475841-2936605180-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Computa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Computa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Diary Master.lnk = E:\Programs\Application\Files\TestMasterDiary.exe (NITC Ltd.)
O4 - Startup: C:\Users\Computa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DiaryMaster.exe.lnk = C:\Users\Computa\AppData\Roaming\Microsoft\Installer\{F6FAAF2F-3DAD-4BCA-9F0B-08271A13DE6F}\_CDE5361904BA7B121B3A6F.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3E7D795-95FF-418A-B054-7B8AB5451598}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/27 20:54:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/02/25 10:48:26 | 000,000,494 | R--- | M] () - F:\autorun.bat -- [ CDFS ]
O32 - AutoRun File - [2010/04/07 12:17:08 | 000,000,061 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/07/19 16:41:04 | 000,000,067 | ---- | M] () - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/10 19:25:02 | 000,000,067 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{e41308f3-99e1-11df-bb1d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e41308f3-99e1-11df-bb1d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- [2010/10/18 14:02:48 | 000,687,352 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/25 09:03:19 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Computa\Desktop\OTL.exe
[2012/04/25 09:02:52 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Computa\Desktop\tdsskiller.exe
[2012/04/18 18:18:43 | 000,000,000 | ---D | C] -- C:\Users\Computa\Desktop\Malware Removal
[2012/04/18 18:16:04 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Computa\Desktop\dds.scr
[2012/04/04 22:18:23 | 000,000,000 | ---D | C] -- C:\Users\Computa\AppData\Roaming\Dev-Cpp
[2012/04/04 22:18:17 | 000,000,000 | ---D | C] -- C:\Users\Computa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
[2012/04/04 22:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
[2012/04/04 22:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dev-Cpp
[2012/04/03 13:06:49 | 000,000,000 | ---D | C] -- C:\Users\Computa\AppData\Local\PerfWatson
[2012/04/03 13:04:25 | 000,000,000 | ---D | C] -- C:\Users\Computa\Documents\Visual Studio 11
[2012/04/03 13:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
[2012/04/03 13:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
[2012/04/03 13:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/04/03 13:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/04/03 12:56:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2012/04/03 12:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012/04/03 12:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/04/03 12:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2012/04/03 12:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS
[2012/04/03 12:54:36 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012/04/03 12:45:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2012/04/03 12:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012/04/03 12:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012/04/03 12:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0
[2012/04/03 12:34:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2012/04/03 12:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2012/04/03 12:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2012/04/03 11:26:26 | 000,000,000 | ---D | C] -- C:\Users\Computa\AppData\Roaming\codeblocks
[2012/04/03 10:58:37 | 000,000,000 | ---D | C] -- C:\Users\Computa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2012/04/03 10:58:27 | 000,000,000 | ---D | C] -- C:\Python27

========== Files - Modified Within 30 Days ==========

[2012/04/25 09:03:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Computa\Desktop\OTL.exe
[2012/04/25 09:02:57 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Computa\Desktop\tdsskiller.exe
[2012/04/24 19:43:15 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/04/24 19:40:21 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/24 19:40:21 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/24 19:39:08 | 000,784,304 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/24 19:39:08 | 000,667,712 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/24 19:39:08 | 000,126,818 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/24 19:35:47 | 000,001,564 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/04/24 19:33:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/24 19:33:05 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/22 07:47:20 | 000,000,857 | ---- | M] () -- C:\Users\Computa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Diary Master.lnk
[2012/04/18 18:16:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Computa\Desktop\dds.scr
[2012/04/04 22:18:17 | 000,001,014 | ---- | M] () -- C:\Users\Computa\Application Data\Microsoft\Internet Explorer\Quick Launch\Dev-C++.lnk
[2012/04/04 22:18:17 | 000,000,990 | ---- | M] () -- C:\Users\Computa\Desktop\Dev-C++.lnk
[2012/04/03 15:25:22 | 000,134,976 | ---- | M] () -- C:\wubildr
[2012/04/03 15:25:21 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2012/04/03 14:17:32 | 000,304,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/03 12:02:53 | 000,768,170 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012/04/04 22:18:17 | 000,001,014 | ---- | C] () -- C:\Users\Computa\Application Data\Microsoft\Internet Explorer\Quick Launch\Dev-C++.lnk
[2012/04/04 22:18:17 | 000,000,990 | ---- | C] () -- C:\Users\Computa\Desktop\Dev-C++.lnk
[2012/04/03 15:25:21 | 000,134,976 | ---- | C] () -- C:\wubildr
[2012/04/03 15:25:21 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2012/04/03 12:55:53 | 000,002,059 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2012/01/31 00:46:53 | 000,005,632 | ---- | C] () -- C:\Users\Computa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/16 14:06:02 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/06 05:06:04 | 000,768,170 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/08 20:59:34 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/07/27 23:46:47 | 000,001,564 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/07/27 23:08:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/07/27 22:56:00 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/07/27 22:56:00 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/07/27 22:55:58 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/07/27 22:55:58 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/07/27 22:40:26 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/07/27 22:40:19 | 000,030,390 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

< End of report >
OTL Extras logfile created on: 25/04/2012 09:09:03 - Run 1
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Computa\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 54.19% Memory free
7.99 Gb Paging File | 5.59 Gb Available in Paging File | 69.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78.13 Gb Total Space | 10.44 Gb Free Space | 13.36% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 35.81 Gb Free Space | 91.68% Space Free | Partition Type: NTFS
Drive E: | 814.31 Gb Total Space | 742.56 Gb Free Space | 91.19% Space Free | Partition Type: NTFS
Drive F: | 6.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 465.76 Gb Total Space | 387.75 Gb Free Space | 83.25% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 255.29 Gb Free Space | 27.41% Space Free | Partition Type: NTFS

Computer Name: COMPUTA-PC | User Name: Computa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3986575112-1917475841-2936605180-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{19BDBFE9-0B6A-37F2-80F6-48AFD1EA582D}" = ATI AVIVO64 Codecs
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{271B7D95-0A19-406F-886B-7D7936F9BF54}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom RC0
"{2B671A8A-5750-4682-9425-F5A5A7327775}" = Microsoft SQL Server 2012 Management Objects RC0 (x64)
"{38145F6E-041F-69AE-59B4-37CA06F33D67}" = ccc-utility64
"{3F263601-92CC-4DA5-813A-BE6A3E94F84E}" = Microsoft System CLR Types for SQL Server 2012 RC0 (x64)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{54AC5197-9CE4-4C42-B191-16F5918479EC}" = Microsoft Web Platform Installer 4.0
"{6D53338A-BAE2-42A3-8704-1A211CE8A505}" = Microsoft SQL Server 2012 Express LocalDB RC0
"{77E0AEEA-7217-4FE5-AA67-1830FADD8097}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{795AE7FA-334A-3348-A358-6F56377B8639}" = Microsoft .NET Framework 4.5 Beta
"{7E77E47D-16B7-46EA-92BD-0742E6EAD7E7}" = Microsoft SQL Server 2012 Native Client RC0
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 Beta
"{9F95E499-93DA-41C5-8D12-6BE59C0867F6}" = Microsoft Web Deploy 3.0
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B85D868D-1415-FDA5-8DB9-D4D457080885}" = ATI Catalyst Install Manager
"{C9D3F784-B0A4-43E8-9B51-5D4FD01BCDCE}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service RC0
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{FAF57A91-58B3-490C-9D0C-66337DAD3F11}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1
"{FAFC28FA-BB18-4F01-A40C-0CA2EE80B0DC}" = Microsoft SQL Server 2012 Command Line Utilities RC0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Sandboxie" = Sandboxie 3.46 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{16B1C956-EA06-4C26-8AE5-A4686804EDD7}" = Microsoft Web Deploy dbSqlPackage Provider Nov 2011
"{181BD097-A91A-4F59-AA85-3C01B07A5B16}" = Microsoft System CLR Types for SQL Server 2012 RC0
"{1FE5F23D-88B8-40B4-9B6B-2F84F3808BDC}" = SQL Server Data Framework Tools
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2E295B5B-1AD4-4D36-97C2-A316084722CF}" = Python 2.7.2
"{3AC02D87-274C-BAE6-ACFA-B64B714A0083}" = Catalyst Control Center Core Implementation
"{3BE6FFBC-742A-4AF0-B8C6-F0549AA21DF5}" = Microsoft SQL Server Data Tools Build Utilities Mar 2012
"{42CA2096-C607-7F71-5550-F19BCD9A4100}" = Catalyst Control Center InstallProxy
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{605DDD7B-1521-423B-A654-E9A963573D82}" = Catalyst Control Center Graphics Light
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{6F187617-80E6-3D65-8FE5-85D73472EC6E}" = Microsoft Visual Studio 11 SharePoint Developer Tools Beta enu Language Pack
"{6F1891DD-CEFE-4349-CFB3-172ED6C94A18}" = ccc-core-static
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75CFBC87-1B8A-2DA8-4575-F50BD61E9368}" = Catalyst Control Center Graphics Previews Vista
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{907FFBDC-8CFC-4C98-AFD1-BE1B6872FC1D}" = Microsoft SQL Server 2012 T-SQL Language Service RC0
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9C49AB5C-A457-DEF0-0436-AADEB2062296}" = Catalyst Control Center Graphics Previews Common
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C34B429D-BC54-4F04-B1DB-9DE39FB07548}" = Prerequisites for SSDT RC0
"{C54AE051-35E6-A421-164B-FDF2C3A8EE4E}" = Catalyst Control Center Graphics Full Existing
"{CA5290FD-1C71-D40D-E0B9-D44FF41007FA}" = Catalyst Control Center HydraVision Full
"{CC1AC03A-6251-4263-A415-EF69F08E83DB}" = Microsoft SQL Server 2012 Management Objects RC0
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D24E110A-CEDA-3170-A02B-6BB408B6E650}" = Microsoft .NET Framework 4.5 Beta Multi-Targeting Pack
"{D3CF1241-B6B9-C0F1-8D69-96A01360A07A}" = Catalyst Control Center Graphics Full New
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DD7851B2-C277-204C-C414-797649FBFCAA}" = CCC Help English
"{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
"{E4F4CB1F-5319-EECB-F758-A651DAF87D02}" = Catalyst Control Center Localization All
"{E7BEEE1A-9219-49DA-BD22-34D401A9B708}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{EAD78496-2A02-457A-8564-878006F5433C}" = Microsoft(R) SQL Server Data Tools, RC0 - enu
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6FAAF2F-3DAD-4BCA-9F0B-08271A13DE6F}" = Driving Test Master
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"a-squared Free_is1" = a-squared Free 4.5
"Dev-C++" = Dev-C++
"DivX Setup.divx.com" = DivX Setup
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"foobar2000" = foobar2000 v1.0.3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"Revo Uninstaller" = Revo Uninstaller 1.89
"STANDARDR" = Microsoft Office Standard 2007
"STDU Viewer_is1" = STDU Viewer version 1.5.427.0
"Steam App 10540" = Football Manager 2009
"VLC media player" = VLC media player 1.1.1
"World of Warcraft" = World of Warcraft
"Wubi" = Ubuntu

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3986575112-1917475841-2936605180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/04/2012 19:31:53 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 15/04/2012 19:32:23 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 16/04/2012 21:46:21 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 16/04/2012 21:47:28 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 18/04/2012 05:09:31 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 18/04/2012 05:10:44 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 18/04/2012 22:07:32 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 18/04/2012 22:08:33 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 24/04/2012 19:58:38 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 24/04/2012 19:59:35 | Computer Name = Computa-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 03/06/2011 10:28:24 | Computer Name = Computa-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 03/06/2011 10:28:25 | Computer Name = Computa-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 03/06/2011 10:28:26 | Computer Name = Computa-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 03/06/2011 10:28:26 | Computer Name = Computa-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 03/06/2011 10:28:27 | Computer Name = Computa-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 03/06/2011 10:28:28 | Computer Name = Computa-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 05/06/2011 07:32:33 | Computer Name = Computa-PC | Source = DCOM | ID = 10016
Description =

Error - 05/06/2011 07:32:33 | Computer Name = Computa-PC | Source = DCOM | ID = 10016
Description =

Error - 05/06/2011 07:32:34 | Computer Name = Computa-PC | Source = DCOM | ID = 10016
Description =

Error - 05/06/2011 07:32:34 | Computer Name = Computa-PC | Source = DCOM | ID = 10016
Description =


< End of report >

Just let me know what I need to do next :o

I will probably not be able to reply until tomorrow as it is my partner's birthday today, so appologies for the delay.
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm

Re: Possible Malware Infection

Unread postby torreattack » April 26th, 2012, 2:46 am

Hi Cas34 :

I will probably not be able to reply until tomorrow as it is my partner's birthday today, so appologies for the delay.
No problem.


1. Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware and save to your desktop.
  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
    Note: If MBAM doesn't return after an update, please start it again.
  • When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you wish)
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply


2. Your Java is out of date.
It can be updated by the Java control panel
  • click on Start > Control Panel> under the VIEW BY, choose Small icons > Java (looks like a coffee cup) > Update Tab > Update Now.
  • An update should begin.
  • Just follow the prompts.



3. ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on Run ESET Online Scanner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


4. Checklist
Please post:
  • mbam-log-date (time).txt
  • Eset online scanning result
  • An update on your problems

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Possible Malware Infection

Unread postby Cas34 » April 26th, 2012, 1:09 pm

How do I copy the log file in ESET?

I have just ran the scan which took 7 hours and when it got to the end it did not give me an option to save the log file so I am going to have to run the scan again as I selected finish. :(

There was 1 threat found when I done the scan.
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm

Re: Possible Malware Infection

Unread postby torreattack » April 27th, 2012, 7:39 am

Hi Cas34:

How do I copy the log file in ESET?

It should located at :
C:\Program Files\ESET\EsetOnlineScanner\log.txt.

or

C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt.

If you fail to found it again, try to search it:



checklist
Please post:
  • mbam-log-date (time).txt
  • Eset online scanning result
  • An update on your problems


Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Possible Malware Infection

Unread postby Cas34 » April 27th, 2012, 9:05 am

When the scan finished previously I done the steps you suggested but there is no log there. I think the problem is no log got saved and that is why I asked how do I save the log when the scan finishes as I did not get that option?
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm

Re: Possible Malware Infection

Unread postby torreattack » April 28th, 2012, 10:07 am

Hi cas34 :

Let's try another scanner later, please run the Malwarebyte's Anti-malware first.

1. Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware and save to your desktop.
  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
    Note: If MBAM doesn't return after an update, please start it again.
  • When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you wish)
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply


2. PANDA ONLINE SCAN
Please go Here to run Panda's ActiveScan
  • Once you are on the Panda site, click the Scan your PC button
  • A new window will open...click the Scan Now button
  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply


3. Checklist
Please post:
  • mbam-log-date (time).txt
  • Activescan.txt
  • An update on your problems

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Possible Malware Infection

Unread postby Cas34 » April 28th, 2012, 12:05 pm

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.28.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Computa :: COMPUTA-PC [administrator]

28/04/2012 16:37:52
mbam-log-2012-04-28 (16-37-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202813
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

------------------------
Malware. FILE: C:\USERS\COMPUTA\COOKIES\SDS5LGSQ.TXT to be deleted.

Malware. FILE: C:\USERS\COMPUTA\COOKIES\8TP9R1NO.TXT to be deleted.

Malware. FILE: C:\USERS\COMPUTA\COOKIES\ODMCEHW7.TXT to be deleted.

Malware. FILE: C:\USERS\COMPUTA\COOKIES\HLB5O6PS.TXT to be deleted.

Malware. FILE: C:\USERS\COMPUTA\COOKIES\HGHWOF3E.TXT to be deleted.

Malware. FILE: C:\USERS\COMPUTA\COOKIES\COMPUTA@QUESTIONMARKET[2].TXT to be deleted.

Malware. FILE: C:\USERS\COMPUTA\COOKIES\OB06GV1U.TXT to be deleted.

Still seeing a larger number of files to delete when I close Sandboxie and browser slows down once been opened for a while. Not noticed my mouse working on its own.

The Panda Online scan did not work like you said it would and I was not getting an export to option when the scan completed.
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm

Re: Possible Malware Infection

Unread postby Cas34 » April 28th, 2012, 12:07 pm

Panda Active Scan also installed on my PC but I have now uninstalled it.
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm

Re: Possible Malware Infection

Unread postby torreattack » April 29th, 2012, 12:18 pm

Hi cas34 :

1. Does the panda online scan detect anything? If "yes", can you tell me the name of the related files or the name of the infection?

2. Which browser that you are using to browse the internet? Internet Explorer or Firefox?

3. Does your computer infected with malware recently? If "yes", can you tell me the name of the related files or the name of the infection?

4. Since the Eset Online Scan do detect something, do you mind to re-run it and write down the name of the file and other details for me?

If you had uninstall the Eset online scanner, please re-download it as instructed below. Otherwise, please skip the download step and start the Eset Online Scanner to scan.

ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on Run ESET Online Scanner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Possible Malware Infection

Unread postby Cas34 » April 29th, 2012, 7:47 pm

1. Panda Online detected this:

Malware. FILE: C:\USERS\COMPUTA\COOKIES\SDS5LGSQ.TXT to be deleted.

Malware. FILE: C:\USERS\COMPUTA\COOKIES\8TP9R1NO.TXT to be deleted.

Malware. FILE: C:\USERS\COMPUTA\COOKIES\ODMCEHW7.TXT to be deleted.

Malware. FILE: C:\USERS\COMPUTA\COOKIES\HLB5O6PS.TXT to be deleted.

Malware. FILE: C:\USERS\COMPUTA\COOKIES\HGHWOF3E.TXT to be deleted.

Malware. FILE: C:\USERS\COMPUTA\COOKIES\COMPUTA@QUESTIONMARKET[2].TXT to be deleted.

Malware. FILE: C:\USERS\COMPUTA\COOKIES\OB06GV1U.TXT to be deleted.

2. I'm using Firefox

3. My current anti virus and spyware checkers did not detect anything but I know that does not mean I am not infected.

4. I am about to go to bed but will run ESET before I do and post the results tomorrow.
Cas34
Regular Member
 
Posts: 32
Joined: January 22nd, 2009, 3:45 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware