Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Keygen.exe in Windows directory - Won't go away! [Solved]

Started by GNumanFan , Nov 09 2012 12:19 AM

  • This topic is locked This topic is locked

#1
GNumanFan
Posted 09 November 2012 - 12:19 AM

GNumanFan

    Member

  • Member
  • PipPip
  • 17 posts
Hi!

i noticed this file being picked up by my quarantine box in MalwareBytes every time I log into my windows account today. Apparently it's been noticed by it for a week or so now by it. But i usually keep my computer running at all times cause I'm constantly running things overnight like burning a disc or converting something in ConvertXtoDVD for example. That is why I didn't notice it sooner. Anyway the file being found by MalwareBytes is in the main windows directory (C:\Windows) and it's a keygen.exe. It's labeled "riskware.tool.ck". Since it was in the quarantine box i deleted it cause i figured it was safe and removed now initially. But every time i restart the computer it's picked up again. I tried running in safe mode and doing scans with the latest versions of MalwareBytes and Kaspersky. But neither did the trick. I tried to use system restore and it failed to restore the system to a earlier date. I believe this keygen is from a windows version i downloaded. I downloaded it simply because I reformatted my computer months ago and I discovered I no longer had my serial key to the windows version I had installed to activate it. I was desperate and I know it was a foolish thing to do. But I thought I could get away with it. Now I'm not 100% sure this is the cause of this keygen file. This keygen could be for something else. But I'm at a loss as to what to do. I really don't want to have to format my drive again. Hopefully someone out there will be able to solve my problem. Thanks in advance!

-Michael

OTL logfile created on: 11/9/2012 12:40:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.77 Gb Available Physical Memory | 74.49% Memory free
31.74 Gb Paging File | 29.56 Gb Available in Paging File | 93.15% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142K:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.76 Gb Total Space | 427.50 Gb Free Space | 46.63% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 764.84 Gb Free Space | 41.05% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 856.56 Gb Free Space | 45.98% Space Free | Partition Type: NTFS
Drive K: | 1863.01 Gb Total Space | 1480.79 Gb Free Space | 79.48% Space Free | Partition Type: NTFS

Computer Name: BARRACUDAPC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/09 00:40:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Downloads\OTL.exe
PRC - [2012/10/26 17:17:49 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/09 08:31:09 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/09/29 18:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/22 15:34:24 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/09/22 15:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/08/17 20:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/15 08:19:52 | 000,750,728 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
PRC - [2012/06/15 08:19:52 | 000,070,280 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2012/05/03 16:52:18 | 000,024,712 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
PRC - [2012/05/03 16:52:08 | 000,071,816 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
PRC - [2012/03/19 16:28:00 | 000,043,072 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
PRC - [2012/02/21 09:04:11 | 000,296,232 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012/02/21 09:04:09 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2012/02/21 09:04:07 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012/01/01 21:21:22 | 000,501,544 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/26 17:17:49 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/09 08:31:09 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/08/17 20:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2012/08/06 21:54:42 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/05/03 16:51:06 | 000,051,848 | ---- | M] () -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
MOD - [2012/01/01 21:21:17 | 000,374,056 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/17 06:38:43 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/26 17:17:49 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 08:31:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/22 15:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/08/17 20:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/15 08:19:52 | 000,070,280 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2012/05/03 16:52:18 | 000,024,712 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2012/04/17 17:00:12 | 000,030,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Uniblue\MaxiDisk\service.exe -- (Uniblue.MaxiDiskSvc)
SRV - [2012/03/19 16:28:00 | 000,043,072 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2012/02/21 09:04:11 | 000,296,232 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012/02/21 09:04:09 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2012/02/21 09:04:07 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/27 10:15:05 | 000,611,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/09/22 15:34:44 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/09/18 07:11:08 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/09/18 07:11:08 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/13 15:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/04 12:56:12 | 000,416,592 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2012/08/04 12:51:25 | 000,018,832 | ---- | M] (PenMount) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pmkbdfltr.sys -- (pmkbdfltr)
DRV:64bit: - [2012/08/02 14:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/08/01 19:23:14 | 000,158,944 | ---- | M] (Tonec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/07/17 07:33:29 | 000,025,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2012/07/17 07:28:08 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/07/17 06:46:46 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2012/07/17 06:38:43 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/07/17 06:38:43 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/17 06:38:43 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/07/17 06:37:57 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/06/19 16:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/06/08 10:38:10 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/05/03 16:52:02 | 000,189,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV:64bit: - [2012/05/03 16:52:00 | 000,048,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)
DRV:64bit: - [2012/05/03 16:51:54 | 000,019,592 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)
DRV:64bit: - [2012/05/03 16:51:52 | 000,058,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)
DRV:64bit: - [2012/05/01 18:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/10 10:14:14 | 000,311,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcSec.sys -- (ArcSec)
DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/11 00:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 00:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/07/28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 05:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2012/11/03 17:32:14 | 000,505,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys -- (RapportCerberus_43926)
DRV - [2012/09/22 15:34:44 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/09/22 15:34:42 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/05/01 18:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2012/04/17 18:22:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/07/17 13:33:25] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({73526619-C24F-470B-9BED-53D455FBB5C6})
DRV - [2011/10/27 01:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 41 42 48 1A B3 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: {85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}:2.0
FF - prefs.js..extensions.enabledAddons: [email protected]:7.3.27
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 5888
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2012/08/28 21:18:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2012/08/28 21:18:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2012/08/28 21:18:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 17:17:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Mike\AppData\Roaming\IDM\idmmzcc5 [2012/09/03 22:48:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 17:17:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Mike\AppData\Roaming\IDM\idmmzcc5 [2012/09/03 22:48:51 | 000,000,000 | ---D | M]

[2012/07/11 21:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Extensions
[2012/10/23 13:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w5id359r.default\extensions
[2012/09/19 15:40:28 | 000,011,801 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w5id359r.default\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}.xpi
[2012/10/26 17:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/03 22:48:51 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\MIKE\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/10/26 17:17:49 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/26 13:39:28 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 02:49:40 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: Kaspersky URL Advisor = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\

Hosts file not found
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
O4 - HKCU..\Run: [MediaFire Tray] C:\Users\Mike\AppData\Local\MediaFire Express\mf_systray.exe (MediaFire LLC)
O4 - HKCU..\Run: [PowerSuite] C:\Program Files (x86)\Uniblue\PowerSuite\Launcher.exe (Uniblue Systems Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE_x64.dll ()
O9:64bit: - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE_x64.dll ()
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll ()
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll ()
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC87CC56-A57F-45C4-B04C-4A86415F707E}: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/03 20:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/10/27 12:49:48 | 000,000,000 | ---D | C] -- C:\MAMEUI 0.147u1 x32-x64
[2012/10/26 17:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/24 22:03:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\New folder
[2012/10/24 14:37:19 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\ArcSoft
[2012/10/24 14:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2012/10/24 14:37:12 | 000,078,200 | ---- | C] (ArcSoft, Inc. ) -- C:\Windows\SysNative\MMCEDT5.exe
[2012/10/24 14:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Theatre 5
[2012/10/24 14:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2012/10/19 14:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Vso
[2012/10/19 14:09:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ConvertXToDVD
[2012/10/10 01:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2012/10/10 01:41:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server

========== Files - Modified Within 30 Days ==========

[2012/11/09 00:37:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/09 00:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/09 00:15:20 | 000,018,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/09 00:15:20 | 000,018,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/09 00:13:07 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/09 00:13:07 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/09 00:13:07 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/09 00:07:47 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/09 00:06:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/09 00:06:53 | 1945,509,887 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/06 15:39:01 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/06 04:15:59 | 000,001,057 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\vso_ts_preview.xml
[2012/11/05 02:56:45 | 000,186,272 | ---- | M] () -- C:\Users\Mike\Documents\Escaflowne2.XtoDVD
[2012/11/05 02:55:35 | 000,186,296 | ---- | M] () -- C:\Users\Mike\Documents\Escaflowne1.XtoDVD
[2012/11/03 20:44:46 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/10/28 02:18:12 | 000,000,608 | ---- | M] () -- C:\Users\Mike\Desktop\mameui64.exe.lnk
[2012/10/27 02:25:41 | 000,001,267 | ---- | M] () -- C:\Users\Public\Desktop\Movie Collector.lnk
[2012/10/24 14:37:12 | 000,002,390 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk
[2012/10/24 14:37:09 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\TotalMedia Theatre 5.lnk
[2012/10/22 18:40:24 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012/10/19 14:10:00 | 000,001,232 | ---- | M] () -- C:\Users\Mike\Desktop\ConvertXtoDVD 5.lnk
[2012/10/19 14:10:00 | 000,001,224 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 5.lnk
[2012/10/18 10:59:09 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/10 01:41:50 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk

========== Files Created - No Company Name ==========

[2012/11/05 02:56:43 | 000,186,272 | ---- | C] () -- C:\Users\Mike\Documents\Escaflowne2.XtoDVD
[2012/11/05 02:55:33 | 000,186,296 | ---- | C] () -- C:\Users\Mike\Documents\Escaflowne1.XtoDVD
[2012/11/03 20:44:46 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/10/28 02:18:12 | 000,000,608 | ---- | C] () -- C:\Users\Mike\Desktop\mameui64.exe.lnk
[2012/10/27 01:03:33 | 000,188,284 | ---- | C] () -- C:\Users\Mike\Desktop\Grease_Monkey-Stylish_Scripts.jpg
[2012/10/24 14:37:12 | 000,311,872 | ---- | C] () -- C:\Windows\SysNative\drivers\ArcSec.sys
[2012/10/24 14:37:12 | 000,007,456 | ---- | C] () -- C:\Windows\SysNative\drivers\win7_64logo.cat
[2012/10/24 14:37:12 | 000,002,390 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk
[2012/10/24 14:37:12 | 000,002,239 | ---- | C] () -- C:\Windows\SysNative\drivers\win7Logo.inf
[2012/10/24 14:37:09 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\TotalMedia Theatre 5.lnk
[2012/10/19 14:10:00 | 000,001,232 | ---- | C] () -- C:\Users\Mike\Desktop\ConvertXtoDVD 5.lnk
[2012/10/19 14:10:00 | 000,001,224 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 5.lnk
[2012/10/10 01:41:50 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2012/08/13 19:07:32 | 000,239,538 | ---- | C] () -- C:\Users\Mike\AppData\Local\soulseek-client.dat
[2012/07/28 20:41:01 | 000,011,412 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Real Audio (Helix) Encoder.dat
[2012/07/28 20:40:21 | 000,003,018 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2012/07/28 20:39:47 | 000,003,071 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2012/07/28 20:39:04 | 000,003,152 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2012/07/28 20:38:12 | 000,001,225 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2012/07/28 20:37:25 | 000,001,745 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Mp2 and BwfMp2 codec.dat
[2012/07/28 20:37:16 | 000,002,869 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2012/07/28 20:36:58 | 000,002,900 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2012/07/28 20:36:44 | 000,003,117 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2012/07/28 20:36:34 | 000,002,862 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2012/07/28 20:36:25 | 000,002,901 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2012/07/28 20:35:31 | 000,002,999 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2012/07/28 20:35:20 | 000,002,884 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2012/07/28 20:35:10 | 000,002,871 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2012/07/28 20:34:31 | 000,002,879 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2012/07/28 20:34:20 | 000,005,477 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2012/07/28 20:32:35 | 000,014,116 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/07/28 20:32:29 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/07/28 20:32:28 | 004,779,592 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/07/17 06:38:44 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/17 06:38:44 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/07/17 06:38:43 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/07/17 05:07:42 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/07/17 02:18:16 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/07/17 02:18:16 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/07/17 02:18:16 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/07/17 02:18:16 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/07/17 02:18:14 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/07/17 01:38:18 | 000,000,600 | ---- | C] () -- C:\Users\Mike\AppData\Local\PUTTY.RND
[2012/07/16 17:06:08 | 000,001,057 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\vso_ts_preview.xml
[2012/07/12 02:18:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/07/12 00:56:07 | 000,017,408 | ---- | C] () -- C:\Users\Mike\AppData\Local\WebpageIcons.db

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/13 00:04:07 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\CUE Tools
[2012/09/27 19:55:33 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\dBpoweramp
[2012/10/24 20:06:25 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\DMCache
[2012/08/30 10:13:54 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\EAC
[2012/11/07 01:29:57 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\FileZilla
[2012/10/03 19:46:23 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\IDM
[2012/07/17 16:52:39 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ImgBurn
[2012/11/09 02:51:53 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\IrfanView
[2012/11/09 02:51:53 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\MediaMonkey
[2012/09/19 15:38:25 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Nuclear Coffee
[2012/07/16 17:02:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Outertech
[2012/09/26 14:05:19 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\rockbox.org
[2012/09/26 14:42:08 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\SharePod
[2012/09/29 17:35:43 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Systweak
[2012/07/31 15:17:59 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TeamViewer
[2012/11/09 02:51:53 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TeraCopy
[2012/08/29 00:14:29 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Trillian
[2012/08/04 13:54:24 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Uniblue
[2012/11/09 02:51:53 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\uTorrent
[2012/08/29 00:57:19 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\VS Revo Group
[2012/11/06 04:15:59 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Vso

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 09 November 2012 - 12:29 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
GNumanFan
Posted 09 November 2012 - 11:16 PM

GNumanFan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hi Gringo!

thanks for the speedy reply! here are the logs generated by the programs you wanted me to download.

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Anti-Virus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


# AdwCleaner v2.007 - Logfile created 11/09/2012 at 23:46:14
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Mike - BARRACUDAPC
# Boot Mode : Normal
# Running from : C:\Users\Mike\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\w5id359r.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [992 octets] - [09/11/2012 23:46:14]

########## EOF - C:\AdwCleaner[S1].txt - [1051 octets] ##########





Gringo, after i ran this program. i have to tell you i did something dumb and i apologize. i decided to check out the ? button cause it mentioned that it can help block websites or something that are malicious. i didn't think it would hurt the process we are doing. anyway i ended up not double clcking the icon it placed on the desktop. and after that i went back intot he program and accidentally pressed delete before closing all the running programs. these programs were just startup programs. i hope i didn't screw up anything. im sorry. here is the logfile it generated after the reboot. it looks fine to me



# AdwCleaner v2.007 - Logfile created 11/09/2012 at 23:52:28
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Mike - BARRACUDAPC
# Boot Mode : Normal
# Running from : C:\Users\Mike\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\w5id359r.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1120 octets] - [09/11/2012 23:46:14]
AdwCleaner[S2].txt - [902 octets] - [09/11/2012 23:52:28]

########## EOF - C:\AdwCleaner[S2].txt - [961 octets] ##########




RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mike [Admin rights]
Mode : Remove -- Date : 11/10/2012 00:02:29

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : MediaFire Tray ("C:\Users\Mike\AppData\Local\MediaFire Express\mf_systray.exe" --boot-start) -> DELETED
[RUN][ROGUE ST] HKCU\[...]\Run : PowerSuite ("C:\PROGRA~2\Uniblue\POWERS~1\launcher.exe" delay 20000 -m) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{73526619-C24F-470B-9BED-53D455FBB5C6} (C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{73526619-C24F-470B-9BED-53D455FBB5C6} (C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 softwares.the-ad.net # Hosts Anti-Adware / PUPs
127.0.0.1 lp.sweetim.com # Hosts Anti-Adware / PUPs
127.0.0.1 dfast.us # Hosts Anti-Adware / PUPs
127.0.0.1 download2.us # Hosts Anti-Adware / PUPs
127.0.0.1 www.softwaresbay.com # Hosts Anti-Adware / PUPs
127.0.0.1 flexweb.getyoursoft.com # Hosts Anti-Adware / PUPs
127.0.0.1 www.download-best-softwares.com # Hosts Anti-Adware / PUPs
127.0.0.1 francais.babylon.com # Hosts Anti-Adware / PUPs
127.0.0.1 do-wn-lo-ad.com # Hosts Anti-Adware / PUPs
127.0.0.1 install.optimuminstaller.com # Hosts Anti-Adware / PUPs
127.0.0.1 ads.sucomspot.com # Hosts Anti-Adware / PUPs
127.0.0.1 www.dataatimeast.com # Hosts Anti-Adware / PUPs
127.0.0.1 push.clping.com # Hosts Anti-Adware / PUPs
127.0.0.1 dn.download-manage.com # Hosts Anti-Adware / PUPs
127.0.0.1 storagenl.info # Hosts Anti-Adware / PUPs
127.0.0.1 download.lollipop-network.com # Hosts Anti-Adware / PUPs
127.0.0.1 d1w467en2eqqh2.cloudfront.net # Hosts Anti-Adware / PUPs
127.0.0.1 api.downloadmr.com # Hosts Anti-Adware / PUPs
127.0.0.1 www.mickyfastdl.com # Hosts Anti-Adware / PUPs
127.0.0.1 landing.etype.com # Hosts Anti-Adware / PUPs
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721010SLA360 ATA Device +++++
--- User ---
[MBR] a83b5da67f7e25b0052d1bfe3e6b3f79
[BSP] 455922883afebcda4e7535baa04663ff : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 15005 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30939136 | Size: 938761 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD20EARS-00MVWB0 ATA Device +++++
--- User ---
[MBR] 993ae9a39d6f6610d17806b3ab2d1f93
[BSP] d82773c15964e07e1da5352c81e030ca : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 62d52ad450754ed3c720ae6139f651e8
[BSP] 5961f59663829d84ea7e3224b08a5777 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: WDC WD20EARS-00MVWB0 ATA Device +++++
--- User ---
[MBR] a5c047ab7c46403749a3aa13ca676d1f
[BSP] 7b0723597d736ab84f4280cb085888a2 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11102012_02d0002.txt >>
RKreport[1]_S_11102012_02d0001.txt ; RKreport[2]_D_11102012_02d0002.txt



after i genereated these logfiles i rebooted. btw i forgot to tell you the exact message that malwarebytes reports when i boot up. here it is:

Malwarebytes Anti-Malware has detected a malicious process attempting to start and has blocked the execution attempt. Please select an option below.

C:\Windows\Keygen.exe
RiskWare.Tool.CK


(the choices are listed as) - Disable Protection, Ignore, or Quarantine. I always choose Quarantine but after i choose that and reboot later this message pops up again. Also now that i've run these programs you told me i noticed in the lower right hand corner i have a new startup program. i think this was caused by me pressing ? before. this is what it is: "HOSTS_Anti-Adware_main.exe" and when i right click it it has options in a foreign language.
  • 0

#4
gringo_pr
Posted 10 November 2012 - 01:27 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I have not heard of that yet but then again I have not done what you said you did - later today I will check out what you did to see if mine does the same thing

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
GNumanFan
Posted 10 November 2012 - 07:16 PM

GNumanFan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hey gringo

i did everything you listed in the instructions. but when i rebooted after it generated the log file i tried to go to windows explorer and it said "Illegial operation attempted on a registery key that has been marked for deletion." i restarted the computer and then it worked. i noticed another thing that keeps popping up in startup programs is a program of some sort for powerdvd. i tried several times to stop it from appearing in startup but it keeps doing so. i don't know if it's related to our problem but i thought i'd mention it. when should i reanble malwarebytes? it's still deactivated like the instructions told me to do. i'm afraid once i turn it on again it will bring up that notification again the keygen. please let me know. thnaks!

ComboFix 12-11-09.02 - Mike 11/10/2012 19:48:08.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7935.6312 [GMT -5:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HOSTS Anti-PUPs
.
.
((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 )))))))))))))))))))))))))))))))
.
.
2012-11-11 00:53 . 2012-11-11 00:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-10 04:50 . 2012-11-10 04:51 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2012-11-10 00:11 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBF8CB0F-C540-4B42-A66F-A7003386C255}\mpengine.dll
2012-10-27 17:49 . 2012-10-28 08:19 -------- d-----w- C:\MAMEUI 0.147u1 x32-x64
2012-10-25 03:03 . 2012-10-25 03:03 -------- d-----w- c:\users\Mike\New folder
2012-10-24 20:10 . 2012-09-25 03:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-24 19:37 . 2012-10-24 19:37 -------- d-----w- c:\users\Mike\AppData\Local\ArcSoft
2012-10-24 19:37 . 2012-10-24 19:37 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2012-10-24 19:37 . 2012-04-10 15:04 78200 ----a-w- c:\windows\system32\MMCEDT5.exe
2012-10-24 19:37 . 2011-11-10 15:14 311872 ----a-w- c:\windows\system32\drivers\ArcSec.sys
2012-10-24 19:36 . 2012-10-24 19:36 -------- d-----w- c:\program files (x86)\ArcSoft
2012-10-24 08:31 . 2012-10-24 08:31 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-19 19:11 . 2012-10-19 19:11 -------- d-----w- c:\programdata\Vso
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-28 21:46 . 2012-08-07 02:54 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-10-11 07:04 . 2012-07-13 10:23 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 13:31 . 2012-07-13 06:31 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 13:31 . 2012-07-13 06:31 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-29 23:54 . 2012-08-29 03:35 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-27 15:15 . 2012-08-29 02:18 611160 ----a-w- c:\windows\system32\drivers\klif.sys
2012-09-18 12:11 . 2012-07-25 18:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-09-18 12:11 . 2012-05-25 23:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-09-14 19:19 . 2012-10-10 10:54 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 10:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-01 23:46 . 2012-07-20 12:00 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-01 23:46 . 2012-07-20 12:00 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-01 23:41 . 2012-09-01 23:42 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-01 23:41 . 2012-09-01 23:42 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 23:41 . 2012-09-01 23:41 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-01 23:41 . 2012-09-01 23:41 188904 ----a-w- c:\windows\system32\java.exe
2012-09-01 23:41 . 2012-09-01 23:41 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-01 23:41 . 2012-07-17 07:30 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 18:19 . 2012-10-10 10:55 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 10:55 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 10:55 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 10:55 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-24 18:05 . 2012-10-10 10:54 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 10:54 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 07:00 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 07:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 07:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 07:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 07:00 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 07:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 07:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 07:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 07:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 07:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 07:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 07:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 07:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-11 23:17 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-11 23:17 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-11 23:17 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-11 23:17 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 10:45 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 17:01 . 2012-09-26 19:38 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-08-21 17:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-08-21 17:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 18:48 . 2012-10-10 10:54 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 10:54 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 10:54 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 10:54 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 10:54 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 10:54 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 10:54 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 10:54 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 10:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 10:54 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 10:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 10:54 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 10:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 10:54 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 10:54 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2012-05-03 71816]
"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-06-15 750728]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-01-02 501544]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-02-21 371256]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-08-18 218880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2012-11-10 302961]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-08-02 158944]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2009-06-10 378368]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub; [x]
R3 Uniblue.MaxiDiskSvc;Uniblue Maxi Disk Service;c:\program files (x86)\Uniblue\MaxiDisk\service.exe [2012-04-17 30064]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-13 1255736]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-05-03 58504]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-05-03 48776]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2012-07-17 25688]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-10-28 101688]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2011-11-10 311872]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-05-03 19592]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-05-03 189576]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-11-03 505720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-10-28 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-10-28 297240]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-03-19 43072]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-17 235520]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-02-21 87336]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-02-21 75048]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-02-21 296232]
S2 EaseUS Agent;EaseUS Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-06-15 70280]
S2 Guard Agent;Guard Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-05-03 24712]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-10-28 976728]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-07-17 95248]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-18 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-18 29528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys [2012-08-04 18832]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2012-07-17 402720]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 13:31]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-04 18:15]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-04 18:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-08-04 626552]
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\w5id359r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 5888
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-19 16:40; {85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}; c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\w5id359r.default\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}.xpi
.
.
------- File Associations -------
.
.txt=Text File
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPowerAMP Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPowerAMP Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Audio Info] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Channel Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Length Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b} - c:\programdata\Package Cache\{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}\ImageResizerSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3995779572-2161211002-2123908570-1000_Classes\Wow6432Node\CLSID\{3599131c-5fb7-4bec-be09-b50ae5169f0f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012a
"Therad"=dword:00000013
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3995779572-2161211002-2123908570-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a6,09,ee,9e,c3,32,2e,1a,2b,f7,2a,56,ef,9a,87,9c,cd,55,59,3a,7a,
0c,b6,a7,69,cf,dd,a0,2c,96,aa,24,fd,8d,23,c9,ce,bc,72,12,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
.
**************************************************************************
.
Completion time: 2012-11-10 20:00:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-11 01:00
.
Pre-Run: 475,746,144,256 bytes free
Post-Run: 478,150,479,872 bytes free
.
- - End Of File - - 4054B3E1427817AA6524B394315781BC
  • 0

#6
gringo_pr
Posted 10 November 2012 - 07:46 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#7
GNumanFan
Posted 10 November 2012 - 11:56 PM

GNumanFan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hello gringo

im losing hope that we won't be able to get rid of this keygen.exe file permanently that appears in Malwarebytes. is there still a chance we can beat it???


i had virus protection turned off and the other scanners like you told me to earlier before running the programs you told me to run earlier. but when i got your post today i wasn't sure if you wanted me to still have them turned off since you didn't specifically specify. so i did the scans with them turned off and both turned up nothing. here are the logs below:


00:24:36.0835 4904 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:24:37.0147 4904 ============================================================
00:24:37.0147 4904 Current date / time: 2012/11/11 00:24:37.0147
00:24:37.0147 4904 SystemInfo:
00:24:37.0147 4904
00:24:37.0147 4904 OS Version: 6.1.7601 ServicePack: 1.0
00:24:37.0147 4904 Product type: Workstation
00:24:37.0147 4904 ComputerName: BARRACUDAPC
00:24:37.0147 4904 UserName: Mike
00:24:37.0147 4904 Windows directory: C:\Windows
00:24:37.0147 4904 System windows directory: C:\Windows
00:24:37.0147 4904 Running under WOW64
00:24:37.0147 4904 Processor architecture: Intel x64
00:24:37.0147 4904 Number of processors: 4
00:24:37.0147 4904 Page size: 0x1000
00:24:37.0147 4904 Boot type: Normal boot
00:24:37.0147 4904 ============================================================
00:24:37.0849 4904 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:24:37.0865 4904 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:24:37.0865 4904 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:24:37.0865 4904 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:24:37.0865 4904 ============================================================
00:24:37.0865 4904 \Device\Harddisk2\DR2:
00:24:37.0865 4904 MBR partitions:
00:24:37.0865 4904 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
00:24:37.0865 4904 \Device\Harddisk0\DR0:
00:24:37.0865 4904 MBR partitions:
00:24:37.0865 4904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D81800, BlocksNum 0x72984800
00:24:37.0865 4904 \Device\Harddisk1\DR1:
00:24:37.0865 4904 MBR partitions:
00:24:37.0865 4904 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
00:24:37.0865 4904 \Device\Harddisk3\DR3:
00:24:37.0865 4904 MBR partitions:
00:24:37.0865 4904 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
00:24:37.0865 4904 ============================================================
00:24:37.0881 4904 C: <-> \Device\Harddisk0\DR0\Partition1
00:24:37.0881 4904 D: <-> \Device\Harddisk2\DR2\Partition1
00:24:38.0333 4904 E: <-> \Device\Harddisk3\DR3\Partition1
00:24:38.0333 4904 K: <-> \Device\Harddisk1\DR1\Partition1
00:24:38.0333 4904 ============================================================
00:24:38.0333 4904 Initialize success
00:24:38.0333 4904 ============================================================
00:24:39.0831 6564 ============================================================
00:24:39.0831 6564 Scan started
00:24:39.0831 6564 Mode: Manual;
00:24:39.0831 6564 ============================================================
00:24:40.0798 6564 ================ Scan system memory ========================
00:24:40.0798 6564 System memory - ok
00:24:40.0813 6564 ================ Scan services =============================
00:24:40.0907 6564 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:24:40.0907 6564 1394ohci - ok
00:24:40.0954 6564 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:24:40.0954 6564 ACPI - ok
00:24:40.0969 6564 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:24:40.0969 6564 AcpiPmi - ok
00:24:41.0016 6564 [ 5784321A1F00A4AE01732B9077CB47A7 ] ADExchange C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
00:24:41.0016 6564 ADExchange - ok
00:24:41.0094 6564 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:24:41.0094 6564 AdobeARMservice - ok
00:24:41.0188 6564 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:24:41.0188 6564 AdobeFlashPlayerUpdateSvc - ok
00:24:41.0235 6564 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:24:41.0235 6564 adp94xx - ok
00:24:41.0266 6564 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:24:41.0266 6564 adpahci - ok
00:24:41.0297 6564 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:24:41.0297 6564 adpu320 - ok
00:24:41.0313 6564 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:24:41.0313 6564 AeLookupSvc - ok
00:24:41.0359 6564 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:24:41.0359 6564 AFD - ok
00:24:41.0422 6564 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
00:24:41.0422 6564 AgereSoftModem - ok
00:24:41.0469 6564 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:24:41.0469 6564 agp440 - ok
00:24:41.0500 6564 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:24:41.0500 6564 ALG - ok
00:24:41.0609 6564 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:24:41.0609 6564 aliide - ok
00:24:41.0671 6564 [ 962227630779043B5C1D4CD157ABB912 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:24:41.0671 6564 AMD External Events Utility - ok
00:24:41.0671 6564 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:24:41.0671 6564 amdide - ok
00:24:41.0687 6564 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:24:41.0687 6564 AmdK8 - ok
00:24:41.0874 6564 [ 56D6631761EC37745F0DF16BCDC4CAF4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:24:41.0937 6564 amdkmdag - ok
00:24:41.0968 6564 [ 2D9005EA0BFD25C740E53C8DD3C069E0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
00:24:41.0968 6564 amdkmdap - ok
00:24:41.0999 6564 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:24:41.0999 6564 AmdPPM - ok
00:24:42.0030 6564 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:24:42.0046 6564 amdsata - ok
00:24:42.0061 6564 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:24:42.0061 6564 amdsbs - ok
00:24:42.0077 6564 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:24:42.0077 6564 amdxata - ok
00:24:42.0093 6564 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
00:24:42.0093 6564 androidusb - ok
00:24:42.0139 6564 [ 147866AF11F5EAB84C52436C9CAE3693 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
00:24:42.0139 6564 AnyDVD - ok
00:24:42.0186 6564 [ DC855A333010ECF306D89A344492A589 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
00:24:42.0186 6564 ApfiltrService - ok
00:24:42.0233 6564 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:24:42.0233 6564 AppID - ok
00:24:42.0264 6564 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:24:42.0264 6564 AppIDSvc - ok
00:24:42.0280 6564 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:24:42.0280 6564 Appinfo - ok
00:24:42.0358 6564 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:24:42.0358 6564 Apple Mobile Device - ok
00:24:42.0405 6564 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
00:24:42.0405 6564 AppMgmt - ok
00:24:42.0436 6564 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:24:42.0436 6564 arc - ok
00:24:42.0451 6564 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:24:42.0451 6564 arcsas - ok
00:24:42.0483 6564 [ 36661A0497D8ED2D07B82524DF932EA3 ] ArcSec C:\Windows\system32\drivers\ArcSec.sys
00:24:42.0483 6564 ArcSec - ok
00:24:42.0529 6564 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:24:42.0529 6564 AsyncMac - ok
00:24:42.0545 6564 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:24:42.0545 6564 atapi - ok
00:24:42.0576 6564 [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
00:24:42.0576 6564 AtiHDAudioService - ok
00:24:42.0763 6564 [ 56D6631761EC37745F0DF16BCDC4CAF4 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
00:24:42.0826 6564 atikmdag - ok
00:24:42.0888 6564 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:24:42.0888 6564 AudioEndpointBuilder - ok
00:24:42.0904 6564 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:24:42.0904 6564 AudioSrv - ok
00:24:42.0951 6564 [ F1CA8ED683D6945EFDC4492AB60B1460 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
00:24:42.0951 6564 AVP - ok
00:24:42.0982 6564 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:24:42.0982 6564 AxInstSV - ok
00:24:43.0013 6564 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:24:43.0013 6564 b06bdrv - ok
00:24:43.0029 6564 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:24:43.0029 6564 b57nd60a - ok
00:24:43.0060 6564 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:24:43.0075 6564 BDESVC - ok
00:24:43.0091 6564 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:24:43.0091 6564 Beep - ok
00:24:43.0138 6564 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:24:43.0138 6564 BFE - ok
00:24:43.0169 6564 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
00:24:43.0169 6564 BITS - ok
00:24:43.0185 6564 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:24:43.0185 6564 blbdrive - ok
00:24:43.0231 6564 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:24:43.0231 6564 Bonjour Service - ok
00:24:43.0263 6564 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:24:43.0263 6564 bowser - ok
00:24:43.0278 6564 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:24:43.0278 6564 BrFiltLo - ok
00:24:43.0294 6564 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:24:43.0294 6564 BrFiltUp - ok
00:24:43.0325 6564 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
00:24:43.0325 6564 BridgeMP - ok
00:24:43.0356 6564 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:24:43.0356 6564 Browser - ok
00:24:43.0372 6564 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:24:43.0372 6564 Brserid - ok
00:24:43.0387 6564 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:24:43.0387 6564 BrSerWdm - ok
00:24:43.0387 6564 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:24:43.0403 6564 BrUsbMdm - ok
00:24:43.0403 6564 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:24:43.0403 6564 BrUsbSer - ok
00:24:43.0419 6564 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:24:43.0419 6564 BTHMODEM - ok
00:24:43.0450 6564 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:24:43.0450 6564 bthserv - ok
00:24:43.0465 6564 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:24:43.0481 6564 cdfs - ok
00:24:43.0512 6564 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:24:43.0512 6564 cdrom - ok
00:24:43.0559 6564 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:24:43.0559 6564 CertPropSvc - ok
00:24:43.0575 6564 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:24:43.0575 6564 circlass - ok
00:24:43.0606 6564 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:24:43.0606 6564 CLFS - ok
00:24:43.0715 6564 [ 2454CF8626B183D023D47FEEB17285B5 ] CLHNServiceForPowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
00:24:43.0715 6564 CLHNServiceForPowerDVD12 - ok
00:24:43.0762 6564 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:24:43.0762 6564 clr_optimization_v2.0.50727_32 - ok
00:24:43.0793 6564 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:24:43.0793 6564 clr_optimization_v2.0.50727_64 - ok
00:24:43.0887 6564 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:24:43.0887 6564 clr_optimization_v4.0.30319_32 - ok
00:24:43.0902 6564 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:24:43.0902 6564 clr_optimization_v4.0.30319_64 - ok
00:24:43.0933 6564 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:24:43.0933 6564 CmBatt - ok
00:24:43.0949 6564 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:24:43.0949 6564 cmdide - ok
00:24:43.0996 6564 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
00:24:43.0996 6564 CNG - ok
00:24:44.0011 6564 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:24:44.0011 6564 Compbatt - ok
00:24:44.0043 6564 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:24:44.0043 6564 CompositeBus - ok
00:24:44.0043 6564 COMSysApp - ok
00:24:44.0058 6564 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:24:44.0058 6564 crcdisk - ok
00:24:44.0105 6564 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:24:44.0105 6564 CryptSvc - ok
00:24:44.0136 6564 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
00:24:44.0152 6564 CSC - ok
00:24:44.0183 6564 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
00:24:44.0183 6564 CscService - ok
00:24:44.0214 6564 [ D392F813979EC80EFA16A79EEEAAC8AF ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
00:24:44.0214 6564 CyberLink PowerDVD 12 Media Server Monitor Service - ok
00:24:44.0230 6564 [ F5E32A49478A509EB8215171D8E187BC ] CyberLink PowerDVD 12 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
00:24:44.0230 6564 CyberLink PowerDVD 12 Media Server Service - ok
00:24:44.0277 6564 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:24:44.0277 6564 DcomLaunch - ok
00:24:44.0308 6564 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:24:44.0308 6564 defragsvc - ok
00:24:44.0339 6564 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:24:44.0339 6564 DfsC - ok
00:24:44.0370 6564 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:24:44.0386 6564 Dhcp - ok
00:24:44.0401 6564 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:24:44.0401 6564 discache - ok
00:24:44.0417 6564 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:24:44.0417 6564 Disk - ok
00:24:44.0448 6564 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:24:44.0464 6564 Dnscache - ok
00:24:44.0495 6564 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:24:44.0495 6564 dot3svc - ok
00:24:44.0511 6564 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:24:44.0511 6564 DPS - ok
00:24:44.0542 6564 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:24:44.0542 6564 drmkaud - ok
00:24:44.0589 6564 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:24:44.0589 6564 DXGKrnl - ok
00:24:44.0620 6564 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:24:44.0620 6564 EapHost - ok
00:24:44.0698 6564 [ 4013CCB7A45A70703987572CD1EA3FC6 ] EaseUS Agent C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
00:24:44.0698 6564 EaseUS Agent - ok
00:24:44.0760 6564 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:24:44.0776 6564 ebdrv - ok
00:24:44.0807 6564 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:24:44.0823 6564 EFS - ok
00:24:44.0838 6564 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:24:44.0854 6564 ehRecvr - ok
00:24:44.0869 6564 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:24:44.0869 6564 ehSched - ok
00:24:44.0932 6564 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
00:24:44.0932 6564 ElbyCDIO - ok
00:24:44.0963 6564 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:24:44.0979 6564 elxstor - ok
00:24:44.0994 6564 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:24:44.0994 6564 ErrDev - ok
00:24:45.0025 6564 [ 268999A7B9AE8F1AB0BF833C264FF2D7 ] EUBAKUP C:\Windows\system32\drivers\eubakup.sys
00:24:45.0025 6564 EUBAKUP - ok
00:24:45.0041 6564 [ BBB7392DDC92D653AFBF2F93354DB9F2 ] EUBKMON C:\Windows\system32\drivers\EUBKMON.sys
00:24:45.0041 6564 EUBKMON - ok
00:24:45.0057 6564 [ F5CA6DA167B70478C5AC745BE27AB33E ] EUDSKACS C:\Windows\system32\drivers\eudskacs.sys
00:24:45.0057 6564 EUDSKACS - ok
00:24:45.0072 6564 [ 8CD7997A5A9098F110B14FEAE80FC348 ] EUFDDISK C:\Windows\system32\drivers\EuFdDisk.sys
00:24:45.0072 6564 EUFDDISK - ok
00:24:45.0103 6564 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:24:45.0103 6564 EventSystem - ok
00:24:45.0135 6564 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:24:45.0135 6564 exfat - ok
00:24:45.0135 6564 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:24:45.0150 6564 fastfat - ok
00:24:45.0197 6564 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:24:45.0197 6564 Fax - ok
00:24:45.0213 6564 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:24:45.0213 6564 fdc - ok
00:24:45.0228 6564 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:24:45.0228 6564 fdPHost - ok
00:24:45.0244 6564 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:24:45.0244 6564 FDResPub - ok
00:24:45.0259 6564 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:24:45.0259 6564 FileInfo - ok
00:24:45.0275 6564 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:24:45.0275 6564 Filetrace - ok
00:24:45.0275 6564 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:24:45.0291 6564 flpydisk - ok
00:24:45.0322 6564 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:24:45.0322 6564 FltMgr - ok
00:24:45.0369 6564 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:24:45.0369 6564 FontCache - ok
00:24:45.0415 6564 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:24:45.0415 6564 FontCache3.0.0.0 - ok
00:24:45.0431 6564 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:24:45.0431 6564 FsDepends - ok
00:24:45.0462 6564 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:24:45.0462 6564 Fs_Rec - ok
00:24:45.0509 6564 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:24:45.0509 6564 fvevol - ok
00:24:45.0525 6564 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:24:45.0525 6564 gagp30kx - ok
00:24:45.0556 6564 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:24:45.0556 6564 GEARAspiWDM - ok
00:24:45.0587 6564 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:24:45.0603 6564 gpsvc - ok
00:24:45.0634 6564 [ 922D79BFE60E6277DAA15DFD2A751F4D ] Guard Agent C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
00:24:45.0634 6564 Guard Agent - ok
00:24:45.0681 6564 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:24:45.0681 6564 gupdate - ok
00:24:45.0681 6564 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:24:45.0681 6564 gupdatem - ok
00:24:45.0696 6564 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:24:45.0696 6564 hcw85cir - ok
00:24:45.0743 6564 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:24:45.0743 6564 HdAudAddService - ok
00:24:45.0759 6564 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:24:45.0759 6564 HDAudBus - ok
00:24:45.0774 6564 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:24:45.0774 6564 HidBatt - ok
00:24:45.0790 6564 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:24:45.0790 6564 HidBth - ok
00:24:45.0790 6564 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:24:45.0790 6564 HidIr - ok
00:24:45.0805 6564 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
00:24:45.0805 6564 hidserv - ok
00:24:45.0821 6564 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:24:45.0821 6564 HidUsb - ok
00:24:45.0852 6564 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:24:45.0868 6564 hkmsvc - ok
00:24:45.0899 6564 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:24:45.0899 6564 HomeGroupListener - ok
00:24:45.0930 6564 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:24:45.0930 6564 HomeGroupProvider - ok
00:24:45.0961 6564 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:24:45.0961 6564 HpSAMD - ok
00:24:46.0008 6564 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:24:46.0008 6564 HTTP - ok
00:24:46.0024 6564 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:24:46.0039 6564 hwpolicy - ok
00:24:46.0071 6564 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:24:46.0071 6564 i8042prt - ok
00:24:46.0102 6564 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:24:46.0102 6564 iaStor - ok
00:24:46.0133 6564 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:24:46.0133 6564 iaStorV - ok
00:24:46.0180 6564 [ F1458110073AD3B6C5DC3C592A36D1D0 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
00:24:46.0180 6564 IDMWFP - ok
00:24:46.0227 6564 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:24:46.0227 6564 idsvc - ok
00:24:46.0258 6564 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:24:46.0258 6564 iirsp - ok
00:24:46.0289 6564 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:24:46.0305 6564 IKEEXT - ok
00:24:46.0320 6564 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:24:46.0320 6564 intelide - ok
00:24:46.0336 6564 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:24:46.0336 6564 intelppm - ok
00:24:46.0351 6564 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:24:46.0351 6564 IPBusEnum - ok
00:24:46.0383 6564 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:24:46.0383 6564 IpFilterDriver - ok
00:24:46.0414 6564 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:24:46.0414 6564 iphlpsvc - ok
00:24:46.0445 6564 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:24:46.0445 6564 IPMIDRV - ok
00:24:46.0461 6564 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:24:46.0461 6564 IPNAT - ok
00:24:46.0507 6564 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:24:46.0507 6564 iPod Service - ok
00:24:46.0539 6564 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:24:46.0539 6564 IRENUM - ok
00:24:46.0554 6564 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:24:46.0554 6564 isapnp - ok
00:24:46.0585 6564 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:24:46.0585 6564 iScsiPrt - ok
00:24:46.0632 6564 [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
00:24:46.0632 6564 ivusb - ok
00:24:46.0679 6564 [ C54FA746F0E7061526F10FD396DE7D19 ] johci C:\Windows\system32\DRIVERS\johci.sys
00:24:46.0679 6564 johci - ok
00:24:46.0695 6564 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:24:46.0695 6564 kbdclass - ok
00:24:46.0741 6564 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:24:46.0741 6564 kbdhid - ok
00:24:46.0757 6564 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:24:46.0757 6564 KeyIso - ok
00:24:46.0788 6564 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
00:24:46.0788 6564 kl1 - ok
00:24:46.0851 6564 [ 8191BB24F61EBCAF84719993C7F7B5C6 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
00:24:46.0851 6564 KLIF - ok
00:24:46.0866 6564 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
00:24:46.0866 6564 KLIM6 - ok
00:24:46.0866 6564 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
00:24:46.0866 6564 klkbdflt - ok
00:24:46.0882 6564 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
00:24:46.0882 6564 klmouflt - ok
00:24:46.0882 6564 [ FFC0501A1EA742406F1904A0CFE3BFE2 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
00:24:46.0882 6564 kltdi - ok
00:24:46.0897 6564 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
00:24:46.0897 6564 kneps - ok
00:24:46.0929 6564 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:24:46.0929 6564 KSecDD - ok
00:24:46.0944 6564 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:24:46.0944 6564 KSecPkg - ok
00:24:46.0960 6564 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:24:46.0960 6564 ksthunk - ok
00:24:46.0975 6564 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:24:46.0991 6564 KtmRm - ok
00:24:47.0038 6564 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
00:24:47.0038 6564 LanmanServer - ok
00:24:47.0069 6564 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:24:47.0069 6564 LanmanWorkstation - ok
00:24:47.0100 6564 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:24:47.0100 6564 lltdio - ok
00:24:47.0116 6564 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:24:47.0116 6564 lltdsvc - ok
00:24:47.0116 6564 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:24:47.0116 6564 lmhosts - ok
00:24:47.0147 6564 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:24:47.0147 6564 LSI_FC - ok
00:24:47.0163 6564 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:24:47.0163 6564 LSI_SAS - ok
00:24:47.0178 6564 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:24:47.0178 6564 LSI_SAS2 - ok
00:24:47.0194 6564 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:24:47.0194 6564 LSI_SCSI - ok
00:24:47.0209 6564 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:24:47.0209 6564 luafv - ok
00:24:47.0256 6564 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
00:24:47.0256 6564 MBAMProtector - ok
00:24:47.0303 6564 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:24:47.0303 6564 MBAMScheduler - ok
00:24:47.0334 6564 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:24:47.0334 6564 MBAMService - ok
00:24:47.0365 6564 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:24:47.0365 6564 Mcx2Svc - ok
00:24:47.0381 6564 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:24:47.0381 6564 megasas - ok
00:24:47.0397 6564 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:24:47.0397 6564 MegaSR - ok
00:24:47.0475 6564 Microsoft SharePoint Workspace Audit Service - ok
00:24:47.0506 6564 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:24:47.0506 6564 MMCSS - ok
00:24:47.0521 6564 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:24:47.0521 6564 Modem - ok
00:24:47.0537 6564 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:24:47.0537 6564 monitor - ok
00:24:47.0568 6564 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:24:47.0568 6564 mouclass - ok
00:24:47.0615 6564 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:24:47.0615 6564 mouhid - ok
00:24:47.0646 6564 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:24:47.0646 6564 mountmgr - ok
00:24:47.0677 6564 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:24:47.0677 6564 MozillaMaintenance - ok
00:24:47.0709 6564 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:24:47.0709 6564 mpio - ok
00:24:47.0724 6564 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:24:47.0724 6564 mpsdrv - ok
00:24:47.0755 6564 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:24:47.0771 6564 MpsSvc - ok
00:24:47.0802 6564 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:24:47.0802 6564 MRxDAV - ok
00:24:47.0818 6564 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:24:47.0818 6564 mrxsmb - ok
00:24:47.0833 6564 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:24:47.0833 6564 mrxsmb10 - ok
00:24:47.0849 6564 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:24:47.0849 6564 mrxsmb20 - ok
00:24:47.0880 6564 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:24:47.0880 6564 msahci - ok
00:24:47.0912 6564 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:24:47.0912 6564 msdsm - ok
00:24:47.0943 6564 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:24:47.0943 6564 MSDTC - ok
00:24:47.0974 6564 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:24:47.0974 6564 Msfs - ok
00:24:47.0990 6564 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:24:47.0990 6564 mshidkmdf - ok
00:24:48.0005 6564 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:24:48.0005 6564 msisadrv - ok
00:24:48.0021 6564 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:24:48.0021 6564 MSiSCSI - ok
00:24:48.0021 6564 msiserver - ok
00:24:48.0036 6564 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:24:48.0036 6564 MSKSSRV - ok
00:24:48.0052 6564 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:24:48.0052 6564 MSPCLOCK - ok
00:24:48.0068 6564 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:24:48.0068 6564 MSPQM - ok
00:24:48.0099 6564 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:24:48.0099 6564 MsRPC - ok
00:24:48.0130 6564 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:24:48.0130 6564 mssmbios - ok
00:24:48.0146 6564 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:24:48.0146 6564 MSTEE - ok
00:24:48.0146 6564 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:24:48.0146 6564 MTConfig - ok
00:24:48.0177 6564 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:24:48.0177 6564 Mup - ok
00:24:48.0208 6564 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:24:48.0208 6564 napagent - ok
00:24:48.0239 6564 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:24:48.0239 6564 NativeWifiP - ok
00:24:48.0286 6564 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:24:48.0302 6564 NDIS - ok
00:24:48.0317 6564 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:24:48.0317 6564 NdisCap - ok
00:24:48.0348 6564 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:24:48.0348 6564 NdisTapi - ok
00:24:48.0380 6564 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:24:48.0380 6564 Ndisuio - ok
00:24:48.0411 6564 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:24:48.0411 6564 NdisWan - ok
00:24:48.0442 6564 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:24:48.0442 6564 NDProxy - ok
00:24:48.0458 6564 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:24:48.0458 6564 NetBIOS - ok
00:24:48.0489 6564 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:24:48.0489 6564 NetBT - ok
00:24:48.0504 6564 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:24:48.0504 6564 Netlogon - ok
00:24:48.0551 6564 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:24:48.0551 6564 Netman - ok
00:24:48.0551 6564 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:24:48.0567 6564 netprofm - ok
00:24:48.0598 6564 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:24:48.0598 6564 NetTcpPortSharing - ok
00:24:48.0629 6564 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:24:48.0629 6564 nfrd960 - ok
00:24:48.0660 6564 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:24:48.0660 6564 NlaSvc - ok
00:24:48.0676 6564 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:24:48.0676 6564 Npfs - ok
00:24:48.0692 6564 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:24:48.0692 6564 nsi - ok
00:24:48.0692 6564 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:24:48.0692 6564 nsiproxy - ok
00:24:48.0754 6564 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:24:48.0770 6564 Ntfs - ok
00:24:48.0785 6564 [ EAAC965642EF5F818AED508CADF83E4B ] ntk_PowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
00:24:48.0785 6564 ntk_PowerDVD12 - ok
00:24:48.0816 6564 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:24:48.0816 6564 Null - ok
00:24:48.0848 6564 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:24:48.0848 6564 nvraid - ok
00:24:48.0863 6564 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:24:48.0863 6564 nvstor - ok
00:24:48.0879 6564 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:24:48.0879 6564 nv_agp - ok
00:24:48.0894 6564 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
00:24:48.0894 6564 ohci1394 - ok
00:24:48.0941 6564 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:24:48.0957 6564 ose - ok
00:24:49.0050 6564 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:24:49.0082 6564 osppsvc - ok
00:24:49.0097 6564 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:24:49.0113 6564 p2pimsvc - ok
00:24:49.0128 6564 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:24:49.0128 6564 p2psvc - ok
00:24:49.0144 6564 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:24:49.0144 6564 Parport - ok
00:24:49.0175 6564 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:24:49.0175 6564 partmgr - ok
00:24:49.0191 6564 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:24:49.0191 6564 PcaSvc - ok
00:24:49.0222 6564 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:24:49.0222 6564 pci - ok
00:24:49.0238 6564 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:24:49.0238 6564 pciide - ok
00:24:49.0253 6564 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:24:49.0269 6564 pcmcia - ok
00:24:49.0269 6564 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:24:49.0269 6564 pcw - ok
00:24:49.0300 6564 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:24:49.0300 6564 PEAUTH - ok
00:24:49.0362 6564 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
00:24:49.0378 6564 PeerDistSvc - ok
00:24:49.0440 6564 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:24:49.0440 6564 PerfHost - ok
00:24:49.0503 6564 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:24:49.0503 6564 pla - ok
00:24:49.0550 6564 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:24:49.0550 6564 PlugPlay - ok
00:24:49.0581 6564 [ BDEA03A01DD58FF120C9D757A28DAA8B ] pmkbdfltr C:\Windows\system32\DRIVERS\pmkbdfltr.sys
00:24:49.0581 6564 pmkbdfltr - ok
00:24:49.0596 6564 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:24:49.0612 6564 PNRPAutoReg - ok
00:24:49.0612 6564 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:24:49.0628 6564 PNRPsvc - ok
00:24:49.0659 6564 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:24:49.0659 6564 PolicyAgent - ok
00:24:49.0690 6564 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:24:49.0690 6564 Power - ok
00:24:49.0721 6564 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:24:49.0721 6564 PptpMiniport - ok
00:24:49.0737 6564 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:24:49.0737 6564 Processor - ok
00:24:49.0784 6564 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:24:49.0784 6564 ProfSvc - ok
00:24:49.0799 6564 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:24:49.0799 6564 ProtectedStorage - ok
00:24:49.0830 6564 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:24:49.0830 6564 Psched - ok
00:24:49.0862 6564 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:24:49.0877 6564 ql2300 - ok
00:24:49.0893 6564 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:24:49.0893 6564 ql40xx - ok
00:24:49.0908 6564 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:24:49.0908 6564 QWAVE - ok
00:24:49.0924 6564 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:24:49.0924 6564 QWAVEdrv - ok
00:24:50.0064 6564 [ F98487B25828441B1C6488C642C2AC10 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
00:24:50.0064 6564 RapportCerberus_43926 - ok
00:24:50.0111 6564 [ 463F084AD6E8EB0AD8656165C41289C2 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
00:24:50.0111 6564 RapportEI64 - ok
00:24:50.0142 6564 [ BB3D8C466178BF72FEB084FC85D764E6 ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
00:24:50.0158 6564 RapportKE64 - ok
00:24:50.0189 6564 [ 2E35747769F297086505138E0B0A08F3 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
00:24:50.0189 6564 RapportMgmtService - ok
00:24:50.0205 6564 [ 3A3CA7B0D258E272DA572DEAE27D6A30 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
00:24:50.0205 6564 RapportPG64 - ok
00:24:50.0220 6564 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:24:50.0220 6564 RasAcd - ok
00:24:50.0236 6564 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:24:50.0236 6564 RasAgileVpn - ok
00:24:50.0252 6564 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:24:50.0252 6564 RasAuto - ok
00:24:50.0283 6564 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:24:50.0283 6564 Rasl2tp - ok
00:24:50.0314 6564 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:24:50.0314 6564 RasMan - ok
00:24:50.0345 6564 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:24:50.0345 6564 RasPppoe - ok
00:24:50.0361 6564 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:24:50.0361 6564 RasSstp - ok
00:24:50.0392 6564 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:24:50.0392 6564 rdbss - ok
00:24:50.0408 6564 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:24:50.0408 6564 rdpbus - ok
00:24:50.0423 6564 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:24:50.0423 6564 RDPCDD - ok
00:24:50.0454 6564 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:24:50.0454 6564 RDPDR - ok
00:24:50.0486 6564 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:24:50.0486 6564 RDPENCDD - ok
00:24:50.0486 6564 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:24:50.0486 6564 RDPREFMP - ok
00:24:50.0532 6564 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:24:50.0532 6564 RdpVideoMiniport - ok
00:24:50.0564 6564 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:24:50.0564 6564 RDPWD - ok
00:24:50.0610 6564 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:24:50.0610 6564 rdyboost - ok
00:24:50.0626 6564 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:24:50.0626 6564 RemoteAccess - ok
00:24:50.0642 6564 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:24:50.0642 6564 RemoteRegistry - ok
00:24:50.0673 6564 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
00:24:50.0673 6564 Revoflt - ok
00:24:50.0688 6564 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:24:50.0688 6564 RpcEptMapper - ok
00:24:50.0688 6564 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:24:50.0704 6564 RpcLocator - ok
00:24:50.0751 6564 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
00:24:50.0751 6564 RpcSs - ok
00:24:50.0798 6564 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:24:50.0798 6564 rspndr - ok
00:24:50.0829 6564 [ 9269EF78A780A3161087DF1BEC117DC8 ] RTL85n64 C:\Windows\system32\DRIVERS\RTL85n64.sys
00:24:50.0829 6564 RTL85n64 - ok
00:24:50.0844 6564 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:24:50.0844 6564 SamSs - ok
00:24:50.0876 6564 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:24:50.0876 6564 sbp2port - ok
00:24:50.0907 6564 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:24:50.0907 6564 SCardSvr - ok
00:24:50.0938 6564 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:24:50.0938 6564 scfilter - ok
00:24:50.0985 6564 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:24:50.0985 6564 Schedule - ok
00:24:51.0016 6564 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:24:51.0016 6564 SCPolicySvc - ok
00:24:51.0047 6564 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:24:51.0047 6564 SDRSVC - ok
00:24:51.0078 6564 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:24:51.0078 6564 secdrv - ok
00:24:51.0110 6564 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:24:51.0110 6564 seclogon - ok
00:24:51.0125 6564 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
00:24:51.0141 6564 SENS - ok
00:24:51.0156 6564 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:24:51.0156 6564 SensrSvc - ok
00:24:51.0156 6564 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:24:51.0156 6564 Serenum - ok
00:24:51.0172 6564 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:24:51.0188 6564 Serial - ok
00:24:51.0203 6564 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:24:51.0203 6564 sermouse - ok
00:24:51.0234 6564 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:24:51.0250 6564 SessionEnv - ok
00:24:51.0266 6564 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:24:51.0281 6564 sffdisk - ok
00:24:51.0281 6564 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:24:51.0281 6564 sffp_mmc - ok
00:24:51.0297 6564 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:24:51.0297 6564 sffp_sd - ok
00:24:51.0312 6564 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:24:51.0312 6564 sfloppy - ok
00:24:51.0328 6564 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:24:51.0344 6564 SharedAccess - ok
00:24:51.0359 6564 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:24:51.0359 6564 ShellHWDetection - ok
00:24:51.0359 6564 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:24:51.0359 6564 SiSRaid2 - ok
00:24:51.0375 6564 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:24:51.0375 6564 SiSRaid4 - ok
00:24:51.0390 6564 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:24:51.0390 6564 Smb - ok
00:24:51.0422 6564 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:24:51.0422 6564 SNMPTRAP - ok
00:24:51.0453 6564 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:24:51.0453 6564 spldr - ok
00:24:51.0484 6564 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:24:51.0500 6564 Spooler - ok
00:24:51.0578 6564 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:24:51.0593 6564 sppsvc - ok
00:24:51.0624 6564 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:24:51.0624 6564 sppuinotify - ok
00:24:51.0656 6564 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:24:51.0656 6564 srv - ok
00:24:51.0671 6564 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:24:51.0687 6564 srv2 - ok
00:24:51.0702 6564 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:24:51.0702 6564 srvnet - ok
00:24:51.0734 6564 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
00:24:51.0734 6564 ssadbus - ok
00:24:51.0765 6564 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
00:24:51.0765 6564 ssadmdfl - ok
00:24:51.0765 6564 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
00:24:51.0765 6564 ssadmdm - ok
00:24:51.0796 6564 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
00:24:51.0796 6564 sscdbus - ok
00:24:51.0812 6564 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
00:24:51.0812 6564 sscdmdfl - ok
00:24:51.0827 6564 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
00:24:51.0827 6564 sscdmdm - ok
00:24:51.0858 6564 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:24:51.0858 6564 SSDPSRV - ok
00:24:51.0874 6564 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:24:51.0874 6564 SstpSvc - ok
00:24:51.0890 6564 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:24:51.0890 6564 stexstor - ok
00:24:51.0921 6564 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:24:51.0921 6564 stisvc - ok
00:24:51.0952 6564 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:24:51.0952 6564 swenum - ok
00:24:51.0983 6564 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:24:51.0983 6564 swprv - ok
00:24:51.0999 6564 Synth3dVsc - ok
00:24:52.0030 6564 [ 0A535B4F638D5BBCF3EE6C997BF33892 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:24:52.0030 6564 SynTP - ok
00:24:52.0077 6564 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:24:52.0092 6564 SysMain - ok
00:24:52.0108 6564 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:24:52.0124 6564 TabletInputService - ok
00:24:52.0139 6564 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:24:52.0139 6564 TapiSrv - ok
00:24:52.0155 6564 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:24:52.0155 6564 TBS - ok
00:24:52.0217 6564 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:24:52.0233 6564 Tcpip - ok
00:24:52.0248 6564 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:24:52.0264 6564 TCPIP6 - ok
00:24:52.0295 6564 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:24:52.0295 6564 tcpipreg - ok
00:24:52.0311 6564 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:24:52.0311 6564 TDPIPE - ok
00:24:52.0342 6564 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:24:52.0342 6564 TDTCP - ok
00:24:52.0389 6564 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:24:52.0389 6564 tdx - ok
00:24:52.0404 6564 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:24:52.0404 6564 TermDD - ok
00:24:52.0436 6564 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:24:52.0451 6564 TermService - ok
00:24:52.0451 6564 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:24:52.0467 6564 Themes - ok
00:24:52.0482 6564 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:24:52.0482 6564 THREADORDER - ok
00:24:52.0482 6564 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:24:52.0498 6564 TrkWks - ok
00:24:52.0529 6564 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:24:52.0529 6564 TrustedInstaller - ok
00:24:52.0560 6564 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:24:52.0560 6564 tssecsrv - ok
00:24:52.0592 6564 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:24:52.0592 6564 TsUsbFlt - ok
00:24:52.0592 6564 tsusbhub - ok
00:24:52.0654 6564 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:24:52.0654 6564 tunnel - ok
00:24:52.0685 6564 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:24:52.0685 6564 uagp35 - ok
00:24:52.0716 6564 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:24:52.0716 6564 udfs - ok
00:24:52.0763 6564 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:24:52.0763 6564 UI0Detect - ok
00:24:52.0794 6564 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:24:52.0794 6564 uliagpkx - ok
00:24:52.0826 6564 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:24:52.0826 6564 umbus - ok
00:24:52.0857 6564 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:24:52.0857 6564 UmPass - ok
00:24:52.0904 6564 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
00:24:52.0904 6564 UmRdpService - ok
00:24:52.0950 6564 [ 6125F6F2CFABE63D216C3FC9B4ECC482 ] Uniblue.MaxiDiskSvc C:\Program Files (x86)\Uniblue\MaxiDisk\service.exe
00:24:52.0950 6564 Uniblue.MaxiDiskSvc - ok
00:24:52.0966 6564 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:24:52.0982 6564 upnphost - ok
00:24:52.0997 6564 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
00:24:52.0997 6564 USBAAPL64 - ok
00:24:53.0044 6564 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:24:53.0044 6564 usbccgp - ok
00:24:53.0075 6564 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:24:53.0075 6564 usbcir - ok
00:24:53.0091 6564 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:24:53.0091 6564 usbehci - ok
00:24:53.0122 6564 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:24:53.0122 6564 usbhub - ok
00:24:53.0138 6564 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
00:24:53.0138 6564 usbohci - ok
00:24:53.0169 6564 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:24:53.0169 6564 usbprint - ok
00:24:53.0200 6564 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:24:53.0200 6564 usbscan - ok
00:24:53.0216 6564 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:24:53.0216 6564 USBSTOR - ok
00:24:53.0231 6564 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:24:53.0231 6564 usbuhci - ok
00:24:53.0247 6564 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:24:53.0247 6564 UxSms - ok
00:24:53.0262 6564 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:24:53.0262 6564 VaultSvc - ok
00:24:53.0278 6564 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
00:24:53.0278 6564 VClone - ok
00:24:53.0325 6564 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:24:53.0325 6564 vdrvroot - ok
00:24:53.0356 6564 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:24:53.0372 6564 vds - ok
00:24:53.0387 6564 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:24:53.0387 6564 vga - ok
00:24:53.0403 6564 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:24:53.0403 6564 VgaSave - ok
00:24:53.0403 6564 VGPU - ok
00:24:53.0434 6564 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:24:53.0434 6564 vhdmp - ok
00:24:53.0450 6564 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:24:53.0450 6564 viaide - ok
00:24:53.0481 6564 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:24:53.0481 6564 volmgr - ok
00:24:53.0512 6564 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:24:53.0528 6564 volmgrx - ok
00:24:53.0528 6564 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:24:53.0543 6564 volsnap - ok
00:24:53.0559 6564 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:24:53.0559 6564 vsmraid - ok
00:24:53.0606 6564 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:24:53.0606 6564 VSS - ok
00:24:53.0621 6564 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
00:24:53.0621 6564 vwifibus - ok
00:24:53.0652 6564 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:24:53.0668 6564 W32Time - ok
00:24:53.0668 6564 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:24:53.0668 6564 WacomPen - ok
00:24:53.0699 6564 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:24:53.0699 6564 WANARP - ok
00:24:53.0699 6564 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:24:53.0699 6564 Wanarpv6 - ok
00:24:53.0762 6564 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:24:53.0777 6564 WatAdminSvc - ok
00:24:53.0824 6564 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:24:53.0840 6564 wbengine - ok
00:24:53.0855 6564 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:24:53.0855 6564 WbioSrvc - ok
00:24:53.0886 6564 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:24:53.0886 6564 wcncsvc - ok
00:24:53.0886 6564 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:24:53.0902 6564 WcsPlugInService - ok
00:24:53.0902 6564 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:24:53.0902 6564 Wd - ok
00:24:53.0933 6564 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:24:53.0933 6564 Wdf01000 - ok
00:24:53.0949 6564 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:24:53.0949 6564 WdiServiceHost - ok
00:24:53.0949 6564 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:24:53.0949 6564 WdiSystemHost - ok
00:24:53.0980 6564 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:24:53.0996 6564 WebClient - ok
00:24:54.0011 6564 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:24:54.0011 6564 Wecsvc - ok
00:24:54.0027 6564 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:24:54.0027 6564 wercplsupport - ok
00:24:54.0058 6564 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:24:54.0058 6564 WerSvc - ok
00:24:54.0074 6564 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:24:54.0074 6564 WfpLwf - ok
00:24:54.0074 6564 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:24:54.0074 6564 WIMMount - ok
00:24:54.0089 6564 WinDefend - ok
00:24:54.0089 6564 WinHttpAutoProxySvc - ok
00:24:54.0136 6564 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:24:54.0136 6564 Winmgmt - ok
00:24:54.0198 6564 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:24:54.0214 6564 WinRM - ok
00:24:54.0261 6564 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:24:54.0261 6564 Wlansvc - ok
00:24:54.0292 6564 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:24:54.0292 6564 WmiAcpi - ok
00:24:54.0308 6564 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:24:54.0308 6564 wmiApSrv - ok
00:24:54.0339 6564 WMPNetworkSvc - ok
00:24:54.0354 6564 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:24:54.0354 6564 WPCSvc - ok
00:24:54.0386 6564 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:24:54.0386 6564 WPDBusEnum - ok
00:24:54.0401 6564 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:24:54.0401 6564 ws2ifsl - ok
00:24:54.0432 6564 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
00:24:54.0432 6564 wscsvc - ok
00:24:54.0432 6564 WSearch - ok
00:24:54.0510 6564 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:24:54.0526 6564 wuauserv - ok
00:24:54.0542 6564 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:24:54.0542 6564 WudfPf - ok
00:24:54.0573 6564 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:24:54.0588 6564 WUDFRd - ok
00:24:54.0604 6564 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:24:54.0620 6564 wudfsvc - ok
00:24:54.0635 6564 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:24:54.0635 6564 WwanSvc - ok
00:24:54.0682 6564 [ 5250193EF8E173AA7491250F00EB367F ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
00:24:54.0682 6564 yukonw7 - ok
00:24:54.0698 6564 ================ Scan global ===============================
00:24:54.0729 6564 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:24:54.0760 6564 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
00:24:54.0760 6564 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
00:24:54.0791 6564 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:24:54.0807 6564 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:24:54.0807 6564 [Global] - ok
00:24:54.0807 6564 ================ Scan MBR ==================================
00:24:54.0807 6564 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
00:24:54.0807 6564 \Device\Harddisk2\DR2 - ok
00:24:54.0822 6564 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:24:54.0978 6564 \Device\Harddisk0\DR0 - ok
00:24:54.0978 6564 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
00:24:54.0978 6564 \Device\Harddisk1\DR1 - ok
00:24:54.0978 6564 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
00:24:54.0994 6564 \Device\Harddisk3\DR3 - ok
00:24:54.0994 6564 ================ Scan VBR ==================================
00:24:54.0994 6564 [ F021CEB98A3D2B0A1B5A5A1D7BCAFACB ] \Device\Harddisk2\DR2\Partition1
00:24:54.0994 6564 \Device\Harddisk2\DR2\Partition1 - ok
00:24:54.0994 6564 [ A4B357B8AD09B50B45029F8A6E4C5B46 ] \Device\Harddisk0\DR0\Partition1
00:24:54.0994 6564 \Device\Harddisk0\DR0\Partition1 - ok
00:24:55.0010 6564 [ 23C50F9A0DB0E755361DBE3BA0BFD213 ] \Device\Harddisk1\DR1\Partition1
00:24:55.0010 6564 \Device\Harddisk1\DR1\Partition1 - ok
00:24:55.0010 6564 [ DB40723F4993E6A08D6B0C0C8BD53E40 ] \Device\Harddisk3\DR3\Partition1
00:24:55.0010 6564 \Device\Harddisk3\DR3\Partition1 - ok
00:24:55.0010 6564 ============================================================
00:24:55.0010 6564 Scan finished
00:24:55.0010 6564 ============================================================
00:24:55.0025 6556 Detected object count: 0
00:24:55.0025 6556 Actual detected object count: 0
00:24:57.0818 5752 Deinitialize success






aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-11 00:25:00
-----------------------------
00:25:00.532 OS Version: Windows x64 6.1.7601 Service Pack 1
00:25:00.532 Number of processors: 4 586 0x203
00:25:00.532 ComputerName: BARRACUDAPC UserName: Mike
00:25:02.014 Initialize success
00:25:12.434 AVAST engine defs: 12111002
00:25:25.679 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
00:25:25.679 Disk 0 Vendor: Hitachi_HDT721010SLA360 ST6OA31B Size: 953869MB BusType: 3
00:25:25.694 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-2
00:25:25.694 Disk 1 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
00:25:25.694 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T1L0-5
00:25:25.694 Disk 2 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907729MB BusType: 3
00:25:25.694 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP2T1L0-6
00:25:25.694 Disk 3 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
00:25:25.726 Disk 0 MBR read successfully
00:25:25.726 Disk 0 MBR scan
00:25:25.741 Disk 0 Windows 7 default MBR code
00:25:25.741 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
00:25:25.757 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 938761 MB offset 30939136
00:25:25.788 Disk 0 scanning C:\Windows\system32\drivers
00:25:36.178 Service scanning
00:26:02.682 Modules scanning
00:26:02.682 Disk 0 trace - called modules:
00:26:02.698 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:26:02.698 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b26060]
00:26:02.698 3 CLASSPNP.SYS[fffff880019cb43f] -> nt!IofCallDriver -> [0xfffffa8007858520]
00:26:02.713 5 ACPI.sys[fffff88000f857a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007853680]
00:26:04.367 AVAST engine scan C:\Windows
00:26:07.019 AVAST engine scan C:\Windows\system32
00:28:31.912 AVAST engine scan C:\Windows\system32\drivers
00:28:44.720 AVAST engine scan C:\Users\Mike
00:32:03.323 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
00:32:03.339 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"



i thought maybe i needed the scanners turned on and i did the scans again with them turned on and still nothing. btw when i opened up malwarebytes again it showed more logs of keygen.exe in c:\windows. they were in the quarantined log box. i sure do hope you have a idea of what is going on. i think the problem lies with malwarebytes.
  • 0

#8
gringo_pr
Posted 11 November 2012 - 05:08 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
show me the report from MBAM as I have not seen it yet in any of the other reports



gringo
  • 0

#9
GNumanFan
Posted 11 November 2012 - 01:35 PM

GNumanFan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hi gringo

do you mean to do a full scan and then copy and paste the report? i just wanna be sure. i have a bunch of logs that i thought you would need but i don't know which one you would want. i am attaching a picture of the quarantine box that has a listing of all the times keygen has appeared. i am also attaching a pic of the log box archive. finally does it matter if i run s full scan in the safe mode or not? i noticed that when i run a full scan in safe mode it doesn't detect the keygen that's why i ask.

let me know. thanks!

Attached Thumbnails

  • malwareby.png
  • logs.png

  • 0

#10
gringo_pr
Posted 12 November 2012 - 05:17 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

Advertisements

#11
GNumanFan
Posted 12 November 2012 - 04:56 PM

GNumanFan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
gringo

before i do the steps you just told me to do can you tell me if i should shut down Kaspersky and MAlwarebytes? or should i just leave them alone? i'm not running any scans right now on them just so you know. and i know not to run any scans while i do the combofix step you told me to do. please let me know before i proceed. and also please let me know if you were able to get anything out of the info i provided in my previous post with the info and pix i posted from malwarebytes?
  • 0

#12
gringo_pr
Posted 12 November 2012 - 06:09 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
shut down what you can when you run the scans, I see the file but it is not showing up in any of the reports, I want you to restart the computer b ut do not let MBAM find it, lets see if combofix will see it




gringo
  • 0

#13
GNumanFan
Posted 12 November 2012 - 06:54 PM

GNumanFan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hi gringo

ok i shut down malwarebytes and kaspersky before running combofix. i also rebooted before running combofix. after rebooting and making the script and using the method you told me to do it asked me to update combofix. i did so thinking it was the right thing to do. i hope it was. anyway it seemed to detect nothing. and it didn't ask me to reboot. here is the log file.

also one more thing when i opened up firefox after the combofix scan it asked if i want to make Firefox my default browser. i had it as my default browser all this time and it didn't ask that question when i last used this browser before the combofix scan and shut down Malwarebytes before rebooting to see if combofix can see the infected file. i didn't notice any other problems so far as of writing this. maybe my malwarebytes itself is infected and that's why it keeps reporting that infected keygen???



ComboFix 12-11-12.03 - Mike 11/12/2012 19:37:56.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7935.6443 [GMT -5:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
Command switches used :: c:\users\Mike\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 )))))))))))))))))))))))))))))))
.
.
2012-11-13 00:43 . 2012-11-13 00:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-12 03:58 . 2012-11-12 03:58 -------- d-----w- c:\programdata\boost_interprocess
2012-11-11 02:07 . 2012-11-11 02:07 -------- d-----w- c:\users\Mike\AppData\Roaming\EurekaLog
2012-11-10 04:50 . 2012-11-10 04:51 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2012-11-10 00:11 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBF8CB0F-C540-4B42-A66F-A7003386C255}\mpengine.dll
2012-10-27 17:49 . 2012-10-28 08:19 -------- d-----w- C:\MAMEUI 0.147u1 x32-x64
2012-10-25 03:03 . 2012-10-25 03:03 -------- d-----w- c:\users\Mike\New folder
2012-10-24 20:10 . 2012-09-25 03:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-24 19:37 . 2012-10-24 19:37 -------- d-----w- c:\users\Mike\AppData\Local\ArcSoft
2012-10-24 19:37 . 2012-10-24 19:37 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2012-10-24 19:37 . 2012-04-10 15:04 78200 ----a-w- c:\windows\system32\MMCEDT5.exe
2012-10-24 19:37 . 2011-11-10 15:14 311872 ----a-w- c:\windows\system32\drivers\ArcSec.sys
2012-10-24 19:36 . 2012-10-24 19:36 -------- d-----w- c:\program files (x86)\ArcSoft
2012-10-24 08:31 . 2012-10-24 08:31 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-19 19:11 . 2012-10-19 19:11 -------- d-----w- c:\programdata\Vso
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-28 21:46 . 2012-08-07 02:54 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-10-11 07:04 . 2012-07-13 10:23 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 13:31 . 2012-07-13 06:31 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 13:31 . 2012-07-13 06:31 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-29 23:54 . 2012-08-29 03:35 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-27 15:15 . 2012-08-29 02:18 611160 ----a-w- c:\windows\system32\drivers\klif.sys
2012-09-18 12:11 . 2012-07-25 18:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-09-18 12:11 . 2012-05-25 23:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-09-14 19:19 . 2012-10-10 10:54 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 10:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-01 23:46 . 2012-07-20 12:00 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-01 23:46 . 2012-07-20 12:00 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-01 23:41 . 2012-09-01 23:42 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-01 23:41 . 2012-09-01 23:42 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 23:41 . 2012-09-01 23:41 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-01 23:41 . 2012-09-01 23:41 188904 ----a-w- c:\windows\system32\java.exe
2012-09-01 23:41 . 2012-09-01 23:41 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-01 23:41 . 2012-07-17 07:30 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 18:19 . 2012-10-10 10:55 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 10:55 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 10:55 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 10:55 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-24 18:05 . 2012-10-10 10:54 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 10:54 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 07:00 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 07:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 07:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 07:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 07:00 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 07:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 07:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 07:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 07:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 07:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 07:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 07:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 07:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-11 23:17 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-11 23:17 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-11 23:17 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-11 23:17 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 10:45 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 17:01 . 2012-09-26 19:38 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-08-21 17:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-08-21 17:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 18:48 . 2012-10-10 10:54 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 10:54 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 10:54 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 10:54 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 10:54 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 10:54 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 10:54 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 10:54 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 10:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 10:54 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 10:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 10:54 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 10:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 10:54 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 10:54 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2012-05-03 71816]
"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-06-15 750728]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-01-02 501544]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-02-21 371256]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-08-18 218880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-08-02 158944]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2009-06-10 378368]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub; [x]
R3 Uniblue.MaxiDiskSvc;Uniblue Maxi Disk Service;c:\program files (x86)\Uniblue\MaxiDisk\service.exe [2012-04-17 30064]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-13 1255736]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-05-03 58504]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-05-03 48776]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2012-07-17 25688]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-10-28 101688]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2011-11-10 311872]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-05-03 19592]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-05-03 189576]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-11-03 505720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-10-28 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-10-28 297240]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-03-19 43072]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-17 235520]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-02-21 87336]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-02-21 75048]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-02-21 296232]
S2 EaseUS Agent;EaseUS Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-06-15 70280]
S2 Guard Agent;Guard Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-05-03 24712]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-10-28 976728]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-07-17 95248]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-18 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-18 29528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys [2012-08-04 18832]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2012-07-17 402720]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 13:31]
.
2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-04 18:15]
.
2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-04 18:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-08-04 626552]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\w5id359r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 5888
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-19 16:40; {85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}; c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\w5id359r.default\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPowerAMP Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPowerAMP Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Audio Info] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Channel Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Length Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b} - c:\programdata\Package Cache\{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}\ImageResizerSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3995779572-2161211002-2123908570-1000_Classes\Wow6432Node\CLSID\{3599131c-5fb7-4bec-be09-b50ae5169f0f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012a
"Therad"=dword:00000013
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3995779572-2161211002-2123908570-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a6,09,ee,9e,c3,32,2e,1a,2b,f7,2a,56,ef,9a,87,9c,cd,55,59,3a,7a,
0c,b6,a7,69,cf,dd,a0,2c,96,aa,24,fd,8d,23,c9,ce,bc,72,12,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-12 19:45:37
ComboFix-quarantined-files.txt 2012-11-13 00:45
ComboFix2.txt 2012-11-11 01:00
.
Pre-Run: 474,976,284,672 bytes free
Post-Run: 474,603,134,976 bytes free
.
- - End Of File - - CD65E47682698AB9D9AA21799B1D6700
  • 0

#14
gringo_pr
Posted 12 November 2012 - 10:01 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
lets see if it is something to do with Malwarebytes - what does get me is that it keeps finding it



Uninstall Malwarebytes

  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs and Features
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

  • 0

#15
GNumanFan
Posted 12 November 2012 - 10:49 PM

GNumanFan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hey gringo

followed your instructions and after reinstalling it and rebooting it still found the keygen! i used a serial from a forum to register prior to having this problem with malwarebytes but that was several months ago. the earliest date as indicated by the pic above where i showed the quarantine log when it detected keygen was in october. so it couldn't possibly be that serial. i've been updating it and it has been working fine until now. i really don't think it is the cause. when i reinstaled the program tonite i chose trial and it is in trial now for pro. i really really hope you can still help me gringo. i am desperate. i really dont want to have to format the computer again. but if i have to and its the only solution then so be it. but i know that this can be solved somehow....
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP