SpyWare BeWare! ASAP
May 18, 2013, 02:52:39 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
SpyWare BeWare! > Security & Privacy > Malware Removal Help > Help! Malware
Pages: 1 [2]   Go Down
« previous next »
  Print  
Author Topic: Help! Malware  (Read 1722 times)
0 Members and 1 Guest are viewing this topic.
Valiux21
Newbie
*
Offline Offline

Date Registered:June 28, 2012, 08:35:24 AM
Posts: 18
« Reply #15 on: July 05, 2012, 03:38:37 PM »
[2012/06/30 16:33:40 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/06/30 16:33:40 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/06/30 16:33:40 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/30 16:33:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/30 16:33:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/30 16:33:40 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/30 16:33:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/30 16:33:40 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/06/30 16:33:40 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/06/30 16:33:40 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/06/30 16:33:40 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/06/30 16:33:40 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/06/30 16:33:40 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/06/30 16:33:40 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/06/30 16:33:40 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/06/30 16:33:40 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/06/30 16:33:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/30 16:33:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/30 16:33:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/30 16:33:40 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/06/30 16:33:40 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/06/30 16:33:40 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/06/30 16:33:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/30 16:33:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/30 16:33:40 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/06/30 16:33:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/06/30 16:33:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/06/30 16:33:40 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/06/30 16:33:40 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/06/30 16:33:40 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/06/30 16:33:40 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/06/30 16:33:40 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/06/30 16:33:40 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/06/30 16:33:40 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/06/30 16:33:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/30 16:33:40 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/06/30 16:33:40 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/06/30 16:33:40 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/06/30 16:33:40 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/06/30 16:33:40 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/06/30 16:33:40 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/06/30 16:33:40 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/06/30 16:33:40 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/06/30 16:33:40 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/06/30 16:33:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/30 16:33:40 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/06/30 16:33:40 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/06/30 16:33:40 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/06/30 16:33:40 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/06/30 16:33:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/06/30 16:33:40 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/06/30 16:33:40 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/06/30 16:33:40 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/06/30 16:33:40 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/06/30 16:33:40 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/06/30 16:33:40 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/06/30 16:33:40 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/06/30 16:33:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/30 16:33:40 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/06/30 16:33:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/06/30 16:33:40 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/06/30 16:33:40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/06/30 16:33:40 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/06/30 16:33:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/06/30 16:33:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/06/30 16:33:40 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/06/30 16:33:40 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/06/30 16:33:40 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/06/30 16:33:40 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/06/30 16:33:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/06/30 16:33:40 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/06/30 16:33:40 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/06/30 16:30:58 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/06/30 16:30:58 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/06/30 16:30:58 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/06/30 16:29:37 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/06/30 16:29:37 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/06/30 16:29:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/06/30 16:29:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/06/30 16:29:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/06/30 16:29:37 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/06/30 16:29:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/06/30 16:29:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/06/30 16:29:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/06/30 16:29:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/06/30 16:29:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/06/30 16:29:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/06/30 16:29:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/06/30 16:29:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/06/30 16:29:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/06/30 16:29:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/06/30 16:29:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/06/30 16:29:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/06/30 16:29:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/06/30 16:29:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/06/30 16:29:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/06/30 16:29:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/06/30 16:29:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/06/30 16:29:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/06/30 16:29:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/06/30 16:29:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/06/30 16:29:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/06/30 16:29:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/06/30 16:29:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/06/30 16:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/06/30 16:29:36 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/30 16:29:36 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/30 16:29:36 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/30 16:29:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/06/30 16:29:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/06/30 16:29:34 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/30 16:29:34 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/30 16:29:14 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/06/30 16:29:14 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/06/30 16:29:14 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/06/30 16:29:14 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/06/30 16:29:14 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/06/30 16:29:14 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/06/30 16:29:14 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/06/30 16:29:14 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/06/30 16:29:14 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/06/30 16:29:14 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/06/30 16:29:14 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/06/30 16:29:14 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/06/30 16:29:14 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/06/30 16:29:13 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/06/30 16:29:13 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/06/30 16:29:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/06/30 16:29:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/06/30 16:29:13 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/06/30 16:29:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/06/30 16:29:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/06/30 16:29:13 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/06/30 16:29:13 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/06/30 16:29:12 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/06/30 16:29:12 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/06/30 16:29:12 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/06/30 16:29:12 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/06/30 16:29:12 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/06/30 16:29:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/06/30 16:29:08 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/06/30 16:29:07 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/06/30 16:29:07 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/06/30 16:29:07 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/06/30 16:29:07 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/06/30 16:29:07 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/06/30 16:29:07 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/06/30 16:29:05 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/06/30 16:29:05 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/06/30 16:29:02 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/06/30 16:29:02 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/06/30 16:29:02 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/06/30 16:29:02 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/06/30 16:29:01 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/06/30 16:28:59 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/06/30 16:28:59 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/06/30 16:28:59 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012/06/30 16:28:59 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012/06/30 16:28:59 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/06/30 16:28:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/06/30 16:28:57 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/06/30 16:28:57 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/06/30 16:28:57 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/06/30 16:28:57 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/06/30 16:28:57 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/30 16:28:57 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/30 16:28:56 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/06/30 16:28:56 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/06/30 16:28:55 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/06/30 16:28:55 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/06/30 16:28:54 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/06/30 16:28:54 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/06/30 16:28:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/06/30 16:28:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/06/30 16:28:53 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/30 16:28:53 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/30 16:28:53 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/30 16:28:52 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/06/30 16:28:52 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/06/30 16:28:49 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/06/30 16:28:49 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/06/30 16:28:49 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/06/30 16:28:49 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/06/30 16:28:49 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/06/30 16:28:48 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/06/30 16:28:48 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/06/30 16:28:46 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/06/30 16:28:46 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/06/30 16:28:46 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/06/30 16:28:46 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/06/30 16:28:46 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/06/30 16:28:46 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/06/30 16:28:46 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/06/30 16:28:45 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/30 16:28:42 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/06/30 16:28:42 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/06/30 16:28:40 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/06/30 16:28:40 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/06/30 16:28:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/06/30 16:28:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/06/30 16:28:38 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/06/30 16:28:38 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/06/30 16:28:25 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/06/30 16:28:25 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/06/30 16:24:25 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/06/30 16:24:24 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/06/30 16:24:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/06/30 16:23:39 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/06/30 16:23:39 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/06/30 16:21:19 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/30 16:21:19 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/30 16:21:19 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/30 16:21:10 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/30 16:21:10 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/30 16:21:10 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/30 16:21:03 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/30 16:21:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/30 16:19:48 | 000,000,000 | ---D | C] -- C:\Users\Seima\AppData\Roaming\Intel
[2012/06/30 16:19:39 | 000,000,000 | ---D | C] -- C:\Users\Seima\Roaming
[2012/06/30 16:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2012/06/30 16:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2012/06/30 16:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012/06/30 16:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/06/30 16:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/06/30 16:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012/06/30 16:17:47 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/06/30 16:17:29 | 000,000,000 | ---D | C] -- C:\Dell
[2012/06/30 16:14:13 | 000,000,000 | R--D | C] -- C:\Users\Seima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/30 16:14:13 | 000,000,000 | R--D | C] -- C:\Users\Seima\Searches
[2012/06/30 16:14:13 | 000,000,000 | R--D | C] -- C:\Users\Seima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/30 16:14:13 | 000,000,000 | -H-D | C] -- C:\Users\Seima\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/06/30 16:14:03 | 000,000,000 | ---D | C] -- C:\Users\Seima\AppData\Roaming\Identities
[2012/06/30 16:14:01 | 000,000,000 | R--D | C] -- C:\Users\Seima\Contacts
[2012/06/30 16:14:00 | 000,000,000 | ---D | C] -- C:\Users\Seima\AppData\Local\VirtualStore
[2012/06/30 16:13:54 | 000,000,000 | --SD | C] -- C:\Users\Seima\AppData\Roaming\Microsoft
[2012/06/30 16:13:54 | 000,000,000 | R--D | C] -- C:\Users\Seima\Videos
[2012/06/30 16:13:54 | 000,000,000 | R--D | C] -- C:\Users\Seima\Saved Games
[2012/06/30 16:13:54 | 000,000,000 | R--D | C] -- C:\Users\Seima\Pictures
[2012/06/30 16:13:54 | 000,000,000 | R--D | C] -- C:\Users\Seima\Music
[2012/06/30 16:13:54 | 000,000,000 | R--D | C] -- C:\Users\Seima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/30 16:13:54 | 000,000,000 | R--D | C] -- C:\Users\Seima\Links
[2012/06/30 16:13:54 | 000,000,000 | R--D | C] -- C:\Users\Seima\Favorites
[2012/06/30 16:13:54 | 000,000,000 | R--D | C] -- C:\Users\Seima\Downloads
[2012/06/30 16:13:54 | 000,000,000 | R--D | C] -- C:\Users\Seima\Documents
[2012/06/30 16:13:54 | 000,000,000 | R--D | C] -- C:\Users\Seima\Desktop
[2012/06/30 16:13:54 | 000,000,000 | R--D | C] -- C:\Users\Seima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/30 16:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Seima\AppData\Local\Temporary Internet Files
[2012/06/30 16:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Seima\Templates
[2012/06/30 16:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Seima\Start Menu
[2012/06/30 16:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Seima\SendTo
[2012/06/30 16:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Seima\Recent
[2012/06/30 16:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Seima\PrintHood
[2012/06/30 16:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Seima\NetHood
[2012/06/30 16:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Seima\Documents\My Videos
[2012/06/30 16:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Seima\Documents\My Pictures
[2012/06/30 16:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Seima\Documents\My Music
[2012/06/30 16:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Seima\My Documents
[2012/06/30 16:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Seima\Local Settings
[2012/06/30 16:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Seima\AppData\Local\History
[2012/06/30 16:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Seima\Cookies
[2012/06/30 16:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Seima\Application Data
[2012/06/30 16:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Seima\AppData\Local\Application Data
[2012/06/30 16:13:54 | 000,000,000 | -H-D | C] -- C:\Users\Seima\AppData
[2012/06/30 16:13:54 | 000,000,000 | ---D | C] -- C:\Users\Seima\AppData\Local\Temp
[2012/06/30 16:13:54 | 000,000,000 | ---D | C] -- C:\Users\Seima\AppData\Local\Microsoft
[2012/06/30 16:13:54 | 000,000,000 | ---D | C] -- C:\Users\Seima\AppData\Roaming\Media Center Programs
[2012/06/30 16:13:49 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/06/30 16:13:46 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/06/30 16:09:44 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/06/30 16:09:12 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/04 20:59:59 | 000,017,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 20:59:59 | 000,017,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 20:27:03 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/07/04 20:16:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Seima\Desktop\OTL.exe
[2012/07/04 20:15:29 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/04 20:15:29 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/04 20:15:29 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/04 20:10:17 | 000,409,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/04 20:10:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/04 20:10:01 | 4263,641,086 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/03 22:44:41 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/07/03 22:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/03 14:20:21 | 000,458,240 | ---- | M] () -- C:\Users\Seima\Desktop\CKScanner.exe
[2012/07/03 06:31:59 | 000,002,092 | ---- | M] () -- C:\Users\Seima\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/07/03 06:31:59 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2012/07/02 22:01:21 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dll
[2012/07/02 21:34:21 | 783,030,237 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/02 20:43:22 | 000,007,597 | ---- | M] () -- C:\Users\Seima\AppData\Local\Resmon.ResmonCfg
[2012/07/01 13:48:58 | 000,000,338 | ---- | M] () -- C:\Users\Seima\Documents\ax_files.xml
[2012/07/01 13:40:56 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/07/01 13:39:58 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2012/07/01 12:18:22 | 000,000,306 | ---- | M] () -- C:\Windows\setup.iss
[2012/07/01 12:02:23 | 000,001,063 | ---- | M] () -- C:\Users\Seima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
[2012/07/01 10:58:50 | 000,003,584 | ---- | M] () -- C:\Users\Seima\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/01 10:53:55 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/07/01 10:53:55 | 000,189,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/07/01 10:53:55 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/07/01 10:53:55 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/07/01 10:22:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/01 10:22:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/01 10:21:33 | 000,001,982 | ---- | M] () -- C:\Users\Seima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2012/07/01 09:53:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2012/07/01 09:52:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/07/01 09:27:49 | 000,074,452 | ---- | M] () -- C:\Windows\SysNative\drivers\RTWAVES30.dat
[2012/06/30 16:48:40 | 000,001,441 | ---- | M] () -- C:\Users\Seima\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/30 16:33:40 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/06/30 16:33:40 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/06/30 16:33:40 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/30 16:33:40 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/30 16:33:40 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/30 16:33:40 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/30 16:33:40 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/30 16:33:40 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/06/30 16:33:40 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/06/30 16:33:40 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/06/30 16:33:40 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/06/30 16:33:40 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/06/30 16:33:40 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/06/30 16:33:40 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/06/30 16:33:40 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/06/30 16:33:40 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/06/30 16:33:40 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/30 16:33:40 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/30 16:33:40 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/30 16:33:40 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/06/30 16:33:40 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/06/30 16:33:40 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/06/30 16:33:40 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/30 16:33:40 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/30 16:33:40 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/06/30 16:33:40 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/06/30 16:33:40 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/06/30 16:33:40 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/06/30 16:33:40 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/06/30 16:33:40 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/06/30 16:33:40 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/06/30 16:33:40 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/06/30 16:33:40 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/06/30 16:33:40 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/06/30 16:33:40 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/30 16:33:40 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/06/30 16:33:40 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/06/30 16:33:40 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/06/30 16:33:40 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/06/30 16:33:40 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/06/30 16:33:40 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/06/30 16:33:40 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/06/30 16:33:40 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/06/30 16:33:40 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/06/30 16:33:40 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/30 16:33:40 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/06/30 16:33:40 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/06/30 16:33:40 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/06/30 16:33:40 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/06/30 16:33:40 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/06/30 16:33:40 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/06/30 16:33:40 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/06/30 16:33:40 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/06/30 16:33:40 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/06/30 16:33:40 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/06/30 16:33:40 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/06/30 16:33:40 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/06/30 16:33:40 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/30 16:33:40 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/06/30 16:33:40 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/30 16:33:40 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/06/30 16:33:40 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/06/30 16:33:40 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/06/30 16:33:40 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/06/30 16:33:40 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/06/30 16:33:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/06/30 16:33:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/06/30 16:33:40 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/06/30 16:33:40 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/06/30 16:33:40 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/06/30 16:33:40 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/06/30 16:33:40 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/06/30 16:33:40 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/06/30 16:33:40 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/06/30 16:19:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2012/06/30 16:11:50 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/06/30 16:11:50 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
 
========== Files Created - No Company Name ==========
 
[2012/07/03 22:44:41 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/07/03 22:44:41 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/07/03 18:34:20 | 000,086,608 | ---- | C] () -- C:\Windows\SysNative\cpwmon64.dll
[2012/07/03 14:20:21 | 000,458,240 | ---- | C] () -- C:\Users\Seima\Desktop\CKScanner.exe
[2012/07/03 06:31:59 | 000,002,092 | ---- | C] () -- C:\Users\Seima\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/07/03 06:31:59 | 000,002,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2012/07/03 06:31:59 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2012/07/02 22:01:21 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/07/02 17:34:11 | 783,030,237 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/01 13:48:58 | 000,000,338 | ---- | C] () -- C:\Users\Seima\Documents\ax_files.xml
[2012/07/01 12:18:14 | 000,000,306 | ---- | C] () -- C:\Windows\setup.iss
[2012/07/01 12:05:51 | 000,007,597 | ---- | C] () -- C:\Users\Seima\AppData\Local\Resmon.ResmonCfg
[2012/07/01 12:02:25 | 000,001,063 | ---- | C] () -- C:\Users\Seima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
[2012/07/01 10:58:50 | 000,003,584 | ---- | C] () -- C:\Users\Seima\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/01 10:22:20 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/01 10:21:33 | 000,001,982 | ---- | C] () -- C:\Users\Seima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2012/07/01 10:15:57 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/07/01 10:15:56 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/07/01 09:57:19 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012/07/01 09:53:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2012/07/01 09:52:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/07/01 09:50:13 | 000,262,080 | ---- | C] () -- C:\Windows\SysNative\SynPS2.bin
[2012/07/01 09:39:04 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2012/07/01 09:27:49 | 000,074,452 | ---- | C] () -- C:\Windows\SysNative\drivers\RTWAVES30.dat
[2012/07/01 01:08:22 | 000,000,028 | RH-- | C] () -- C:\Windows\version
[2012/06/30 16:57:21 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/06/30 16:33:40 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/06/30 16:33:40 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/30 16:23:25 | 000,001,441 | ---- | C] () -- C:\Users\Seima\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/30 16:19:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2012/06/30 16:14:17 | 000,001,413 | ---- | C] () -- C:\Users\Seima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/06/30 16:14:14 | 000,001,447 | ---- | C] () -- C:\Users\Seima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/06/30 16:13:54 | 000,000,290 | ---- | C] () -- C:\Users\Seima\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/06/30 16:13:54 | 000,000,272 | ---- | C] () -- C:\Users\Seima\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/06/30 16:11:45 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/06/30 16:11:42 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/06/30 16:09:12 | 4263,641,086 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/03 13:24:18 | 000,322,880 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== LOP Check ==========
 
[2012/07/01 13:41:02 | 000,000,000 | ---D | M] -- C:\Users\Seima\AppData\Roaming\Epson
[2012/07/03 22:45:57 | 000,000,000 | ---D | M] -- C:\Users\Seima\AppData\Roaming\ImgBurn
[2012/07/01 10:13:42 | 000,000,000 | ---D | M] -- C:\Users\Seima\AppData\Roaming\PCDr
[2012/07/01 13:40:56 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/14 06:08:49 | 000,008,078 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/04 20:27:03 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 

< End of report >
Logged
pgmigg
ASAP Members
Jr. Member
**
Offline Offline

Gender: Male
Date Registered:November 19, 2011, 10:43:19 AM
Posts: 50
« Reply #16 on: July 05, 2012, 03:57:08 PM »
Hello Valiux21,

Thank you for the full OTL log. Good job!  Wink

Quote
the eset scaner found 3 threads but not deleted i think should i do the same scan again?
Returning to ESET log, you wrote that ESET scanner found 3 items it means that you saw them somewhere. Everything ESSET found automatically inserted to the log.

Yes, please run ESET again and post there the log or copy all information you will receive from ESET on the screen. I must see exact information about those items. You wrote that ESET did not delete them, so most likely the results will be the same...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
Logged
Honors Graduate of MalWare Removal University
Member of...
Valiux21
Newbie
*
Offline Offline

Date Registered:June 28, 2012, 08:35:24 AM
Posts: 18
« Reply #17 on: July 05, 2012, 03:59:48 PM »
i dit that but it is the same again, but these are just simple programs like 7zip, babylon toolbar and so,ething else, i run the log again and write you in few minutes. but i do not think it is the cause of the problems because i think it is somewhere deeper. write you in a minute with the answers. thank you.!
Logged
Valiux21
Newbie
*
Offline Offline

Date Registered:June 28, 2012, 08:35:24 AM
Posts: 18
« Reply #18 on: July 05, 2012, 04:17:04 PM »
here are they
 C:\Users\Seima\AppData\Local\Temp\ICReinstall_Alcohol52_FE_2.0.2.3931.exe   a variant of Win32/InstallCore.R application
C:\Users\Seima\AppData\Local\Temp\is1988980107\MyBabylonTB.exe   Win32/Toolbar.Babylon application
C:\Users\Seima\Downloads\7zip_installer_1650.exe   a variant of Win32/InstallIQ application
Logged
pgmigg
ASAP Members
Jr. Member
**
Offline Offline

Gender: Male
Date Registered:November 19, 2011, 10:43:19 AM
Posts: 50
« Reply #19 on: July 05, 2012, 11:23:42 PM »
Hello Valiux21,

Quote
here are they
 C:\Users\Seima\AppData\Local\Temp\ICReinstall_Alcohol52_FE_2.0.2.3931.exe   a variant of Win32/InstallCore.R application
C:\Users\Seima\AppData\Local\Temp\is1988980107\MyBabylonTB.exe   Win32/Toolbar.Babylon application
C:\Users\Seima\Downloads\7zip_installer_1650.exe   a variant of Win32/InstallIQ application
Thank you!
Quote
these are just simple programs like 7zip, babylon toolbar and so
But they are not so simple as you thought...

Step 1.
Disable CD Emulator(s)
We need to use powerful tools to investigate your system. *If* you are are using a CD Emulator (Daemon Tools, Alcohol XXX%, Astroburn, AnyDVD) be aware that they use hidden drivers with rootkit-like techniques to hide from other applications. When dealing with a malware infections, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results, false detection of legitimate files, cause unexpected crashes, BSODs, and general 'dross' which often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by Emulators. Since the hidden drivers from CD Emulators can be seen as a rootkit, we need to remove or disable them until disinfection is completed.

Defogger
Disable Drivers
Please download DeFogger... by jpshortstuff.  Save it to your desktop.
  • Double click DeFogger.exe to run the tool.  The application window will appear.
  • Click the Disable button to disable your CD Emulation drivers.
  • Click Yes to continue. A 'Finished!' message will appear.  Click OK.
  • Click OK when DeFogger asks to reboot the machine.
Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
 
Step 2.
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  • Right click on TDSSKiller.exe, select "Run As Administrator..." to run it.  If prompted by UAC, please allow it.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see:  How to change the file extension.
  • Click the Start Scan button.  Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer 3 options.
    • Please select Skip instead of Cure (default).
  • Then click Continue, then Close and then Close again.
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Please include in your next reply:
  • Do you have any problems executing the instructions?
  • Contents of TDSSKiller report file.
  • Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
Logged
Honors Graduate of MalWare Removal University
Member of...
Valiux21
Newbie
*
Offline Offline

Date Registered:June 28, 2012, 08:35:24 AM
Posts: 18
« Reply #20 on: July 05, 2012, 11:34:50 PM »
Hello Pgmigg, i had no problems with the instructions, i did everything but it found nothing:) here is the log
05:31:11.0206 1336   TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
05:31:12.0081 1336   ============================================================
05:31:12.0081 1336   Current date / time: 2012/07/06 05:31:12.0081
05:31:12.0081 1336   SystemInfo:
05:31:12.0081 1336   
05:31:12.0081 1336   OS Version: 6.1.7601 ServicePack: 1.0
05:31:12.0081 1336   Product type: Workstation
05:31:12.0081 1336   ComputerName: SEIMA-PC
05:31:12.0081 1336   UserName: Seima
05:31:12.0081 1336   Windows directory: C:\Windows
05:31:12.0081 1336   System windows directory: C:\Windows
05:31:12.0081 1336   Running under WOW64
05:31:12.0081 1336   Processor architecture: Intel x64
05:31:12.0081 1336   Number of processors: 8
05:31:12.0081 1336   Page size: 0x1000
05:31:12.0081 1336   Boot type: Normal boot
05:31:12.0081 1336   ============================================================
05:31:12.0918 1336   Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
05:31:12.0934 1336   ============================================================
05:31:12.0934 1336   \Device\Harddisk0\DR0:
05:31:12.0934 1336   MBR partitions:
05:31:12.0934 1336   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
05:31:12.0934 1336   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
05:31:12.0934 1336   ============================================================
05:31:12.0981 1336   C: <-> \Device\Harddisk0\DR0\Partition1
05:31:12.0981 1336   ============================================================
05:31:12.0981 1336   Initialize success
05:31:12.0981 1336   ============================================================
05:32:06.0310 7164   ============================================================
05:32:06.0310 7164   Scan started
05:32:06.0310 7164   Mode: Manual;
05:32:06.0310 7164   ============================================================
05:32:07.0172 7164   1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
05:32:07.0297 7164   1394ohci - ok
05:32:07.0468 7164   ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
05:32:07.0500 7164   ABBYY.Licensing.FineReader.Sprint.9.0 - ok
05:32:07.0576 7164   Acceler         (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
05:32:07.0663 7164   Acceler - ok
05:32:07.0717 7164   ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
05:32:07.0722 7164   ACPI - ok
05:32:07.0738 7164   AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
05:32:07.0789 7164   AcpiPmi - ok
05:32:07.0955 7164   AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
05:32:07.0970 7164   AdobeFlashPlayerUpdateSvc - ok
05:32:08.0064 7164   adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
05:32:08.0095 7164   adp94xx - ok
05:32:08.0158 7164   adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
05:32:08.0189 7164   adpahci - ok
05:32:08.0236 7164   adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
05:32:08.0314 7164   adpu320 - ok
05:32:08.0360 7164   AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
05:32:08.0360 7164   AeLookupSvc - ok
05:32:08.0423 7164   AERTFilters     (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
05:32:08.0438 7164   AERTFilters - ok
05:32:08.0516 7164   AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
05:32:08.0548 7164   AFD - ok
05:32:08.0563 7164   agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
05:32:08.0579 7164   agp440 - ok
05:32:08.0594 7164   ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
05:32:08.0610 7164   ALG - ok
05:32:08.0641 7164   aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
05:32:08.0657 7164   aliide - ok
05:32:08.0657 7164   amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
05:32:08.0657 7164   amdide - ok
05:32:08.0688 7164   AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
05:32:08.0688 7164   AmdK8 - ok
05:32:08.0704 7164   AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
05:32:08.0704 7164   AmdPPM - ok
05:32:08.0766 7164   amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
05:32:08.0860 7164   amdsata - ok
05:32:08.0875 7164   amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
05:32:08.0906 7164   amdsbs - ok
05:32:08.0922 7164   amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
05:32:09.0016 7164   amdxata - ok
05:32:09.0047 7164   AMPPAL          (12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\AMPPAL.sys
05:32:09.0140 7164   AMPPAL - ok
05:32:09.0140 7164   AMPPALP         (12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\amppal.sys
05:32:09.0140 7164   AMPPALP - ok
05:32:09.0250 7164   AMPPALR3        (2cc0cbf2707be4d5b6ce6b87d9da2f97) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
05:32:09.0265 7164   AMPPALR3 - ok
05:32:09.0296 7164   AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
05:32:09.0296 7164   AppID - ok
05:32:09.0312 7164   AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
05:32:09.0312 7164   AppIDSvc - ok
05:32:09.0343 7164   Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
05:32:09.0343 7164   Appinfo - ok
05:32:09.0359 7164   arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
05:32:09.0359 7164   arc - ok
05:32:09.0374 7164   arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
05:32:09.0390 7164   arcsas - ok
05:32:09.0406 7164   AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
05:32:09.0421 7164   AsyncMac - ok
05:32:09.0421 7164   atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
05:32:09.0421 7164   atapi - ok
05:32:09.0515 7164   AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
05:32:09.0530 7164   AudioEndpointBuilder - ok
05:32:09.0546 7164   AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
05:32:09.0546 7164   AudioSrv - ok
05:32:09.0668 7164   AxAutoMntSrv    (7692f4b242e45870873caf4cb85cf769) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
05:32:09.0671 7164   AxAutoMntSrv - ok
05:32:09.0705 7164   AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
05:32:09.0714 7164   AxInstSV - ok
05:32:09.0757 7164   b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
05:32:09.0780 7164   b06bdrv - ok
05:32:09.0811 7164   b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
05:32:09.0828 7164   b57nd60a - ok
05:32:09.0857 7164   BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
05:32:09.0874 7164   BDESVC - ok
05:32:09.0889 7164   Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
05:32:09.0889 7164   Beep - ok
05:32:09.0983 7164   BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
05:32:09.0999 7164   BFE - ok
05:32:10.0077 7164   BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
05:32:10.0108 7164   BITS - ok
05:32:10.0139 7164   blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
05:32:10.0155 7164   blbdrive - ok
05:32:10.0186 7164   bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
05:32:10.0201 7164   bowser - ok
05:32:10.0217 7164   BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
05:32:10.0217 7164   BrFiltLo - ok
05:32:10.0233 7164   BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
05:32:10.0233 7164   BrFiltUp - ok
05:32:10.0264 7164   Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
05:32:10.0279 7164   Browser - ok
05:32:10.0311 7164   Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
05:32:10.0326 7164   Brserid - ok
05:32:10.0342 7164   BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
05:32:10.0357 7164   BrSerWdm - ok
05:32:10.0357 7164   BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
05:32:10.0373 7164   BrUsbMdm - ok
05:32:10.0373 7164   BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
05:32:10.0373 7164   BrUsbSer - ok
05:32:10.0435 7164   BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
05:32:10.0435 7164   BthEnum - ok
05:32:10.0451 7164   BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
05:32:10.0451 7164   BTHMODEM - ok
05:32:10.0498 7164   BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
05:32:10.0498 7164   BthPan - ok
05:32:10.0576 7164   BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
05:32:10.0692 7164   BTHPORT - ok
05:32:10.0734 7164   bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
05:32:10.0738 7164   bthserv - ok
05:32:10.0807 7164   BTHSSecurityMgr (d6ceec2f878149e4db9fe93fa5d8fe60) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
05:32:10.0814 7164   BTHSSecurityMgr - ok
05:32:10.0857 7164   BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
05:32:10.0936 7164   BTHUSB - ok
05:32:10.0983 7164   btmhsf          (5ba4c6f82a5ca3307c0579d9f7b36e28) C:\Windows\system32\DRIVERS\btmhsf.sys
05:32:11.0092 7164   btmhsf - ok
05:32:11.0123 7164   cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
05:32:11.0139 7164   cdfs - ok
05:32:11.0185 7164   cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
05:32:11.0279 7164   cdrom - ok
05:32:11.0310 7164   CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
05:32:11.0310 7164   CertPropSvc - ok
05:32:11.0357 7164   cfwids          (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
05:32:11.0451 7164   cfwids - ok
05:32:11.0482 7164   circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
05:32:11.0482 7164   circlass - ok
05:32:11.0529 7164   CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
05:32:11.0529 7164   CLFS - ok
05:32:11.0609 7164   clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:32:11.0614 7164   clr_optimization_v2.0.50727_32 - ok
05:32:11.0665 7164   clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
05:32:11.0675 7164   clr_optimization_v2.0.50727_64 - ok
05:32:11.0819 7164   clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:32:11.0926 7164   clr_optimization_v4.0.30319_32 - ok
05:32:12.0035 7164   clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
05:32:12.0035 7164   clr_optimization_v4.0.30319_64 - ok
05:32:12.0066 7164   CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
05:32:12.0082 7164   CmBatt - ok
05:32:12.0082 7164   cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
05:32:12.0082 7164   cmdide - ok
05:32:12.0160 7164   CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
05:32:12.0175 7164   CNG - ok
05:32:12.0191 7164   Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
05:32:12.0191 7164   Compbatt - ok
05:32:12.0222 7164   CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
05:32:12.0285 7164   CompositeBus - ok
05:32:12.0300 7164   COMSysApp - ok
05:32:12.0316 7164   crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
05:32:12.0316 7164   crcdisk - ok
05:32:12.0347 7164   CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
05:32:12.0347 7164   CryptSvc - ok
05:32:12.0425 7164   DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
05:32:12.0441 7164   DcomLaunch - ok
05:32:12.0487 7164   defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
05:32:12.0487 7164   defragsvc - ok
05:32:12.0503 7164   DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
05:32:12.0519 7164   DfsC - ok
05:32:12.0550 7164   Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
05:32:12.0550 7164   Dhcp - ok
05:32:12.0565 7164   discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
05:32:12.0565 7164   discache - ok
05:32:12.0581 7164   Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
05:32:12.0581 7164   Disk - ok
05:32:12.0626 7164   Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
05:32:12.0639 7164   Dnscache - ok
05:32:12.0667 7164   DockLoginService - ok
05:32:12.0695 7164   dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
05:32:12.0705 7164   dot3svc - ok
05:32:12.0728 7164   DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
05:32:12.0732 7164   DPS - ok
05:32:12.0757 7164   drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
05:32:12.0764 7164   drmkaud - ok
05:32:12.0829 7164   DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
05:32:12.0838 7164   DXGKrnl - ok
05:32:12.0853 7164   EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
05:32:12.0856 7164   EapHost - ok
05:32:13.0161 7164   ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
05:32:13.0286 7164   ebdrv - ok
05:32:13.0395 7164   EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
05:32:13.0411 7164   EFS - ok
05:32:13.0504 7164   ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
05:32:13.0520 7164   ehRecvr - ok
05:32:13.0551 7164   ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
05:32:13.0567 7164   ehSched - ok
05:32:13.0645 7164   elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
05:32:13.0676 7164   elxstor - ok
05:32:13.0769 7164   EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
05:32:13.0769 7164   EpsonBidirectionalService - ok
05:32:13.0801 7164   ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
05:32:13.0801 7164   ErrDev - ok
05:32:13.0879 7164   EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
05:32:13.0910 7164   EventSystem - ok
05:32:14.0128 7164   EvtEng          (532b8ff8e07f3772b086620377654f95) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
05:32:14.0175 7164   EvtEng - ok
05:32:14.0300 7164   exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
05:32:14.0300 7164   exfat - ok
05:32:14.0331 7164   fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
05:32:14.0331 7164   fastfat - ok
05:32:14.0425 7164   Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
05:32:14.0440 7164   Fax - ok
05:32:14.0456 7164   fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
05:32:14.0456 7164   fdc - ok
05:32:14.0471 7164   fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
05:32:14.0471 7164   fdPHost - ok
05:32:14.0487 7164   FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
05:32:14.0503 7164   FDResPub - ok
05:32:14.0518 7164   FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
05:32:14.0518 7164   FileInfo - ok
05:32:14.0518 7164   Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
05:32:14.0534 7164   Filetrace - ok
05:32:14.0534 7164   flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
05:32:14.0534 7164   flpydisk - ok
05:32:14.0581 7164   FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
05:32:14.0581 7164   FltMgr - ok
05:32:14.0729 7164   FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
05:32:14.0754 7164   FontCache - ok
05:32:14.0802 7164   FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
05:32:14.0804 7164   FontCache3.0.0.0 - ok
05:32:14.0821 7164   FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
05:32:14.0824 7164   FsDepends - ok
05:32:14.0894 7164   Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
05:32:14.0896 7164   Fs_Rec - ok
05:32:14.0920 7164   fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
05:32:14.0924 7164   fvevol - ok
05:32:14.0940 7164   gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
05:32:14.0956 7164   gagp30kx - ok
05:32:15.0034 7164   gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
05:32:15.0049 7164   gpsvc - ok
05:32:15.0080 7164   hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
05:32:15.0080 7164   hcw85cir - ok
05:32:15.0143 7164   HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
05:32:15.0252 7164   HdAudAddService - ok
05:32:15.0268 7164   HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
05:32:15.0268 7164   HDAudBus - ok
05:32:15.0268 7164   HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
05:32:15.0268 7164   HidBatt - ok
05:32:15.0283 7164   HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
05:32:15.0283 7164   HidBth - ok
05:32:15.0299 7164   HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
05:32:15.0299 7164   HidIr - ok
05:32:15.0314 7164   hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
05:32:15.0314 7164   hidserv - ok
05:32:15.0314 7164   HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
05:32:15.0346 7164   HidUsb - ok
05:32:15.0361 7164   hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
05:32:15.0377 7164   hkmsvc - ok
05:32:15.0392 7164   HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
05:32:15.0408 7164   HomeGroupListener - ok
05:32:15.0455 7164   HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
05:32:15.0455 7164   HomeGroupProvider - ok
05:32:15.0470 7164   HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
05:32:15.0533 7164   HpSAMD - ok
05:32:15.0611 7164   HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
05:32:15.0626 7164   HTTP - ok
05:32:15.0626 7164   hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
05:32:15.0626 7164   hwpolicy - ok
05:32:15.0648 7164   i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
05:32:15.0659 7164   i8042prt - ok
05:32:15.0717 7164   iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
05:32:15.0783 7164   iaStor - ok
05:32:15.0896 7164   IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
05:32:15.0897 7164   IAStorDataMgrSvc - ok
05:32:15.0944 7164   iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
05:32:16.0022 7164   iaStorV - ok
05:32:16.0054 7164   iBtFltCoex      (806422f30df9ce8307457485779c77b7) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
05:32:16.0085 7164   iBtFltCoex - ok
05:32:16.0241 7164   idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
05:32:16.0272 7164   idsvc - ok
05:32:16.0288 7164   iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
05:32:16.0303 7164   iirsp - ok
05:32:16.0397 7164   IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
05:32:16.0444 7164   IKEEXT - ok
05:32:16.0859 7164   IntcAzAudAddService (a5f7cef8a939ebe270462edefd629f20) C:\Windows\system32\drivers\RTKVHD64.sys
05:32:16.0943 7164   IntcAzAudAddService - ok
05:32:17.0767 7164   intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
05:32:17.0774 7164   intelide - ok
05:32:17.0864 7164   intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
05:32:17.0867 7164   intelppm - ok
05:32:18.0099 7164   IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
05:32:18.0130 7164   IPBusEnum - ok
05:32:18.0302 7164   IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:32:18.0349 7164   IpFilterDriver - ok
05:32:18.0536 7164   iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
05:32:18.0552 7164   iphlpsvc - ok
05:32:18.0552 7164   IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
05:32:18.0645 7164   IPMIDRV - ok
05:32:18.0679 7164   IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
05:32:18.0681 7164   IPNAT - ok
05:32:18.0739 7164   IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
05:32:18.0741 7164   IRENUM - ok
05:32:18.0759 7164   isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
05:32:18.0763 7164   isapnp - ok
05:32:18.0915 7164   iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
05:32:18.0999 7164   iScsiPrt - ok
05:32:18.0999 7164   kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
05:32:19.0015 7164   kbdclass - ok
05:32:19.0031 7164   kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
05:32:19.0109 7164   kbdhid - ok
05:32:19.0140 7164   KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
05:32:19.0140 7164   KeyIso - ok
05:32:19.0155 7164   KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
05:32:19.0155 7164   KSecDD - ok
05:32:19.0202 7164   KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
05:32:19.0218 7164   KSecPkg - ok
05:32:19.0233 7164   ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
05:32:19.0233 7164   ksthunk - ok
05:32:19.0296 7164   KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
05:32:19.0311 7164   KtmRm - ok
05:32:19.0358 7164   LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
05:32:19.0374 7164   LanmanServer - ok
05:32:19.0405 7164   LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
05:32:19.0421 7164   LanmanWorkstation - ok
05:32:19.0452 7164   lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
05:32:19.0452 7164   lltdio - ok
05:32:19.0499 7164   lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
05:32:19.0514 7164   lltdsvc - ok
05:32:19.0530 7164   lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
05:32:19.0545 7164   lmhosts - ok
05:32:19.0655 7164   LMS             (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
05:32:19.0670 7164   LMS - ok
05:32:19.0716 7164   LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
05:32:19.0727 7164   LSI_FC - ok
05:32:19.0748 7164   LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
05:32:19.0757 7164   LSI_SAS - ok
05:32:19.0770 7164   LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
05:32:19.0777 7164   LSI_SAS2 - ok
05:32:19.0795 7164   LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
05:32:19.0806 7164   LSI_SCSI - ok
05:32:19.0830 7164   luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
05:32:19.0834 7164   luafv - ok
05:32:19.0971 7164   McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
05:32:19.0977 7164   McAfee SiteAdvisor Service - ok
05:32:19.0986 7164   McMPFSvc        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
05:32:19.0992 7164   McMPFSvc - ok
05:32:20.0000 7164   mcmscsvc        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
05:32:20.0005 7164   mcmscsvc - ok
05:32:20.0008 7164   McNaiAnn        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
05:32:20.0008 7164   McNaiAnn - ok
05:32:20.0040 7164   McNASvc         (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
05:32:20.0040 7164   McNASvc - ok
05:32:20.0227 7164   McODS           (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
05:32:20.0289 7164   McODS - ok
05:32:20.0305 7164   McProxy         (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
05:32:20.0305 7164   McProxy - ok
05:32:20.0367 7164   McShield        (597c77235621e7ddd32a68574fde6464) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
05:32:20.0367 7164   McShield - ok
05:32:20.0414 7164   Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
05:32:20.0430 7164   Mcx2Svc - ok
05:32:20.0461 7164   megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
05:32:20.0461 7164   megasas - ok
05:32:20.0523 7164   MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
05:32:20.0539 7164   MegaSR - ok
05:32:20.0554 7164   MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
05:32:20.0632 7164   MEIx64 - ok
05:32:20.0721 7164   mfeapfk         (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
05:32:20.0723 7164   mfeapfk - ok
05:32:20.0811 7164   mfeavfk         (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
05:32:20.0874 7164   mfeavfk - ok
05:32:20.0906 7164   mfeavfk01 - ok
05:32:20.0957 7164   mfefire         (134bb16f93a07c2c89b0b9c399382bdb) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
05:32:20.0962 7164   mfefire - ok
05:32:21.0044 7164   mfefirek        (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
05:32:21.0137 7164   mfefirek - ok
05:32:21.0247 7164   mfehidk         (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
05:32:21.0325 7164   mfehidk - ok
05:32:21.0340 7164   mfenlfk         (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
05:32:21.0371 7164   mfenlfk - ok
05:32:21.0403 7164   mferkdet        (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
05:32:21.0449 7164   mferkdet - ok
05:32:21.0512 7164   mfevtp          (4d0ecd05abb518ea323f651f4ab8458f) C:\Windows\system32\mfevtps.exe
05:32:21.0590 7164   mfevtp - ok
05:32:21.0637 7164   mfewfpk         (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
05:32:21.0699 7164   mfewfpk - ok
05:32:21.0730 7164   MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
05:32:21.0730 7164   MMCSS - ok
05:32:21.0757 7164   Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
05:32:21.0758 7164   Modem - ok
05:32:21.0779 7164   monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
05:32:21.0780 7164   monitor - ok
05:32:21.0798 7164   mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
05:32:21.0801 7164   mouclass - ok
05:32:21.0812 7164   mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
05:32:21.0816 7164   mouhid - ok
05:32:21.0831 7164   mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
05:32:21.0832 7164   mountmgr - ok
05:32:21.0844 7164   mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
05:32:21.0879 7164   mpio - ok
05:32:21.0885 7164   mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
05:32:21.0887 7164   mpsdrv - ok
05:32:21.0937 7164   MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
05:32:21.0945 7164   MpsSvc - ok
05:32:21.0969 7164   MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
05:32:21.0972 7164   MRxDAV - ok
05:32:21.0998 7164   mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
05:32:22.0004 7164   mrxsmb - ok
05:32:22.0044 7164   mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:32:22.0060 7164   mrxsmb10 - ok
05:32:22.0091 7164   mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:32:22.0106 7164   mrxsmb20 - ok
05:32:22.0106 7164   msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
05:32:22.0184 7164   msahci - ok
05:32:22.0200 7164   msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
05:32:22.0231 7164   msdsm - ok
05:32:22.0262 7164   MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
05:32:22.0262 7164   MSDTC - ok
05:32:22.0262 7164   Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
05:32:22.0278 7164   Msfs - ok
05:32:22.0278 7164   mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
05:32:22.0278 7164   mshidkmdf - ok
05:32:22.0294 7164   msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
05:32:22.0294 7164   msisadrv - ok
05:32:22.0325 7164   MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
05:32:22.0340 7164   MSiSCSI - ok
05:32:22.0340 7164   msiserver - ok
05:32:22.0481 7164   MSK80Service    (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
05:32:22.0481 7164   MSK80Service - ok
05:32:22.0512 7164   MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
05:32:22.0528 7164   MSKSSRV - ok
05:32:22.0543 7164   MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
05:32:22.0543 7164   MSPCLOCK - ok
05:32:22.0543 7164   MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
05:32:22.0543 7164   MSPQM - ok
05:32:22.0590 7164   MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
05:32:22.0606 7164   MsRPC - ok
05:32:22.0606 7164   mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
05:32:22.0621 7164   mssmbios - ok
05:32:22.0637 7164   MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
05:32:22.0637 7164   MSTEE - ok
05:32:22.0637 7164   MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
05:32:22.0652 7164   MTConfig - ok
05:32:22.0668 7164   Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
05:32:22.0668 7164   Mup - ok
05:32:22.0757 7164   MyWiFiDHCPDNS   (265937bc59819df1dab65e27c60f94c0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
05:32:22.0773 7164   MyWiFiDHCPDNS - ok
05:32:22.0836 7164   napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
05:32:22.0853 7164   napagent - ok
05:32:22.0906 7164   NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
05:32:22.0919 7164   NativeWifiP - ok
05:32:23.0017 7164   NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
05:32:23.0030 7164   NDIS - ok
05:32:23.0046 7164   NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
05:32:23.0046 7164   NdisCap - ok
05:32:23.0061 7164   NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
05:32:23.0061 7164   NdisTapi - ok
05:32:23.0077 7164   Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
05:32:23.0077 7164   Ndisuio - ok
05:32:23.0092 7164   NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
05:32:23.0108 7164   NdisWan - ok
05:32:23.0108 7164   NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
05:32:23.0124 7164   NDProxy - ok
05:32:23.0124 7164   NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
05:32:23.0124 7164   NetBIOS - ok
05:32:23.0155 7164   NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
05:32:23.0170 7164   NetBT - ok
05:32:23.0202 7164   Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
05:32:23.0202 7164   Netlogon - ok
05:32:23.0280 7164   Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
05:32:23.0295 7164   Netman - ok
05:32:23.0342 7164   netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
05:32:23.0358 7164   netprofm - ok
05:32:23.0420 7164   NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:32:23.0436 7164   NetTcpPortSharing - ok
05:32:23.0969 7164   NETwNs64        (774c9eccef83ab8a3d1466f19809c95f) C:\Windows\system32\DRIVERS\NETwNs64.sys
05:32:24.0199 7164   NETwNs64 - ok
05:32:24.0355 7164   nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
05:32:24.0355 7164   nfrd960 - ok
05:32:24.0417 7164   NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
05:32:24.0433 7164   NlaSvc - ok
05:32:24.0448 7164   Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
05:32:24.0448 7164   Npfs - ok
05:32:24.0464 7164   nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
05:32:24.0464 7164   nsi - ok
05:32:24.0480 7164   nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
05:32:24.0480 7164   nsiproxy - ok
05:32:24.0698 7164   Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
05:32:24.0729 7164   Ntfs - ok
05:32:24.0830 7164   Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
05:32:24.0832 7164   Null - ok
05:32:24.0889 7164   nusb3hub        (d584abb6a308933a5f72b46c9e5a783f) C:\Windows\system32\DRIVERS\nusb3hub.sys
05:32:24.0974 7164   nusb3hub - ok
05:32:25.0030 7164   nusb3xhc        (345b9c04e2036da4346e3249a5bdfd06) C:\Windows\system32\DRIVERS\nusb3xhc.sys
05:32:25.0062 7164   nusb3xhc - ok
05:32:25.0108 7164   NVHDA           (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
05:32:25.0171 7164   NVHDA - ok
05:32:25.0935 7164   nvlddmkm        (386fb2e1ef51495629089231957b7d9a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
05:32:26.0017 7164   nvlddmkm - ok
05:32:26.0111 7164   nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
05:32:26.0204 7164   nvraid - ok
05:32:26.0267 7164   nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
05:32:26.0345 7164   nvstor - ok
05:32:26.0391 7164   NvStUSB         (4dc87cda61d7b185e79618581f46b85a) C:\Windows\system32\DRIVERS\nvstusb.sys
05:32:26.0391 7164   NvStUSB - ok
05:32:26.0563 7164   nvsvc           (3947ad5d03e6abcce037801162fdb90d) C:\Windows\system32\nvvsvc.exe
05:32:26.0750 7164   nvsvc - ok
05:32:26.0849 7164   nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
05:32:26.0866 7164   nv_agp - ok
05:32:26.0879 7164   ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
05:32:26.0893 7164   ohci1394 - ok
05:32:26.0950 7164   p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
05:32:26.0967 7164   p2pimsvc - ok
05:32:27.0030 7164   p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
05:32:27.0046 7164   p2psvc - ok
05:32:27.0062 7164   Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
05:32:27.0072 7164   Parport - ok
05:32:27.0105 7164   partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
05:32:27.0108 7164   partmgr - ok
05:32:27.0166 7164   PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
05:32:27.0181 7164   PcaSvc - ok
05:32:27.0212 7164   pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
05:32:27.0212 7164   pci - ok
05:32:27.0228 7164   pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
05:32:27.0244 7164   pciide - ok
05:32:27.0275 7164   pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
05:32:27.0290 7164   pcmcia - ok
05:32:27.0306 7164   pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
05:32:27.0322 7164   pcw - ok
05:32:27.0384 7164   PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
05:32:27.0384 7164   PEAUTH - ok
05:32:27.0493 7164   PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
05:32:27.0493 7164   PerfHost - ok
05:32:27.0665 7164   pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
05:32:27.0696 7164   pla - ok
05:32:27.0774 7164   PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
05:32:27.0790 7164   PlugPlay - ok
05:32:27.0805 7164   PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
05:32:27.0805 7164   PNRPAutoReg - ok
05:32:27.0857 7164   PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
05:32:27.0866 7164   PNRPsvc - ok
05:32:27.0925 7164   PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
05:32:27.0942 7164   PolicyAgent - ok
05:32:27.0970 7164   Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
05:32:27.0978 7164   Power - ok
05:32:28.0025 7164   PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
05:32:28.0028 7164   PptpMiniport - ok
05:32:28.0041 7164   Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
05:32:28.0045 7164   Processor - ok
05:32:28.0076 7164   ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
05:32:28.0089 7164   ProfSvc - ok
05:32:28.0099 7164   ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
05:32:28.0099 7164   ProtectedStorage - ok
05:32:28.0146 7164   Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
05:32:28.0161 7164   Psched - ok
05:32:28.0192 7164   qicflt          (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
05:32:28.0239 7164   qicflt - ok
05:32:28.0411 7164   ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
05:32:28.0473 7164   ql2300 - ok
05:32:28.0582 7164   ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
05:32:28.0582 7164   ql40xx - ok
05:32:28.0629 7164   QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
05:32:28.0629 7164   QWAVE - ok
05:32:28.0660 7164   QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
05:32:28.0660 7164   QWAVEdrv - ok
05:32:28.0660 7164   RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
05:32:28.0660 7164   RasAcd - ok
05:32:28.0707 7164   RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
05:32:28.0707 7164   RasAgileVpn - ok
05:32:28.0738 7164   RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
05:32:28.0754 7164   RasAuto - ok
05:32:28.0770 7164   Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
05:32:28.0770 7164   Rasl2tp - ok
05:32:28.0816 7164   RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
05:32:28.0849 7164   RasMan - ok
05:32:28.0866 7164   RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
05:32:28.0870 7164   RasPppoe - ok
05:32:28.0892 7164   RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
05:32:28.0896 7164   RasSstp - ok
05:32:28.0928 7164   rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
05:32:28.0935 7164   rdbss - ok
05:32:28.0952 7164   rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
05:32:28.0964 7164   rdpbus - ok
05:32:28.0977 7164   RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
05:32:28.0979 7164   RDPCDD - ok
05:32:28.0996 7164   RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
05:32:28.0999 7164   RDPENCDD - ok
05:32:29.0012 7164   RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
05:32:29.0014 7164   RDPREFMP - ok
05:32:29.0054 7164   RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
05:32:29.0065 7164   RDPWD - ok
05:32:29.0090 7164   rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
05:32:29.0097 7164   rdyboost - ok
05:32:29.0244 7164   RegSrvc         (7196be857e29007470ff9b689c7f29a7) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
05:32:29.0260 7164   RegSrvc - ok
05:32:29.0307 7164   RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
05:32:29.0322 7164   RemoteAccess - ok
05:32:29.0353 7164   RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
05:32:29.0385 7164   RemoteRegistry - ok
05:32:29.0447 7164   RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
05:32:29.0463 7164   RFCOMM - ok
05:32:29.0494 7164   RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
05:32:29.0509 7164   RpcEptMapper - ok
05:32:29.0525 7164   RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
05:32:29.0525 7164   RpcLocator - ok
05:32:29.0603 7164   RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
05:32:29.0603 7164   RpcSs - ok
05:32:29.0619 7164   rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
05:32:29.0619 7164   rspndr - ok
05:32:29.0878 7164   RTL8167         (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
05:32:29.0966 7164   RTL8167 - ok
05:32:30.0030 7164   SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
05:32:30.0032 7164   SamSs - ok
05:32:30.0042 7164   sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
05:32:30.0103 7164   sbp2port - ok
05:32:30.0160 7164   SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
05:32:30.0175 7164   SCardSvr - ok
05:32:30.0238 7164   scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
05:32:30.0238 7164   scfilter - ok
05:32:30.0519 7164   Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
05:32:30.0581 7164   Schedule - ok
05:32:30.0628 7164   SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
05:32:30.0628 7164   SCPolicySvc - ok
05:32:30.0753 7164   SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
05:32:30.0768 7164   SDRSVC - ok
05:32:30.0815 7164   secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
05:32:30.0831 7164   secdrv - ok
05:32:30.0853 7164   seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
05:32:30.0858 7164   seclogon - ok
05:32:30.0881 7164   SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
05:32:30.0893 7164   SENS - ok
05:32:30.0910 7164   SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
05:32:30.0915 7164   SensrSvc - ok
05:32:30.0964 7164   Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
05:32:30.0971 7164   Serenum - ok
05:32:31.0036 7164   Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
05:32:31.0044 7164   Serial - ok
05:32:31.0075 7164   sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
05:32:31.0080 7164   sermouse - ok
05:32:31.0182 7164   SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
05:32:31.0197 7164   SessionEnv - ok
05:32:31.0197 7164   sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
05:32:31.0213 7164   sffdisk - ok
05:32:31.0213 7164   sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
05:32:31.0228 7164   sffp_mmc - ok
05:32:31.0228 7164   sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
05:32:31.0291 7164   sffp_sd - ok
05:32:31.0322 7164   sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
05:32:31.0322 7164   sfloppy - ok
05:32:31.0369 7164   SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
05:32:31.0384 7164   SharedAccess - ok
05:32:31.0431 7164   ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
05:32:31.0447 7164   ShellHWDetection - ok
05:32:31.0462 7164   SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
05:32:31.0478 7164   SiSRaid2 - ok
05:32:31.0478 7164   SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
05:32:31.0494 7164   SiSRaid4 - ok
05:32:31.0618 7164   SkypeUpdate     (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
05:32:31.0618 7164   SkypeUpdate - ok
05:32:31.0650 7164   Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
05:32:31.0650 7164   Smb - ok
05:32:31.0681 7164   SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
05:32:31.0681 7164   SNMPTRAP - ok
05:32:31.0681 7164   spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
05:32:31.0696 7164   spldr - ok
05:32:31.0759 7164   Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
05:32:31.0774 7164   Spooler - ok
05:32:32.0013 7164   sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
05:32:32.0071 7164   sppsvc - ok
05:32:32.0127 7164   sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
05:32:32.0143 7164   sppuinotify - ok
05:32:32.0190 7164   sptd - ok
05:32:32.0268 7164   srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
05:32:32.0283 7164   srv - ok
05:32:32.0346 7164   srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
05:32:32.0346 7164   srv2 - ok
05:32:32.0377 7164   srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
05:32:32.0393 7164   srvnet - ok
05:32:32.0424 7164   SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
05:32:32.0439 7164   SSDPSRV - ok
05:32:32.0455 7164   SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
05:32:32.0455 7164   SstpSvc - ok
05:32:32.0627 7164   StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
05:32:32.0642 7164   StarWindServiceAE - ok
05:32:32.0673 7164   stdcfltn        (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
05:32:32.0751 7164   stdcfltn - ok
05:32:32.0829 7164   Stereo Service  (b69e79470474a8bef06be2130d0210a8) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
05:32:32.0829 7164   Stereo Service - ok
05:32:32.0845 7164   stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
05:32:32.0862 7164   stexstor - ok
05:32:32.0917 7164   stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
05:32:32.0926 7164   stisvc - ok
05:32:32.0930 7164   swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
05:32:32.0934 7164   swenum - ok
05:32:32.0978 7164   swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
05:32:32.0994 7164   swprv - ok
05:32:33.0087 7164   SynTP           (c4ce3ce7e1858b25adb16938258cd1c9) C:\Windows\system32\DRIVERS\SynTP.sys
05:32:33.0128 7164   SynTP - ok
05:32:33.0315 7164   SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
05:32:33.0377 7164   SysMain - ok
05:32:33.0486 7164   TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
05:32:33.0502 7164   TabletInputService - ok
05:32:33.0549 7164   TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
05:32:33.0564 7164   TapiSrv - ok
05:32:33.0596 7164   TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
05:32:33.0611 7164   TBS - ok
05:32:33.0845 7164   Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
05:32:33.0892 7164   Tcpip - ok
05:32:34.0173 7164   TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
05:32:34.0204 7164   TCPIP6 - ok
05:32:34.0298 7164   tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
05:32:34.0313 7164   tcpipreg - ok
05:32:34.0376 7164   TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
05:32:34.0376 7164   TDPIPE - ok
05:32:34.0454 7164   TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
05:32:34.0454 7164   TDTCP - ok
05:32:34.0516 7164   tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
05:32:34.0516 7164   tdx - ok
05:32:34.0547 7164   TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
05:32:34.0625 7164   TermDD - ok
05:32:34.0688 7164   TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
05:32:34.0703 7164   TermService - ok
05:32:34.0719 7164   Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
05:32:34.0734 7164   Themes - ok
05:32:34.0750 7164   THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
05:32:34.0750 7164   THREADORDER - ok
05:32:34.0781 7164   TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
05:32:34.0797 7164   TrkWks - ok
05:32:34.0844 7164   TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
05:32:34.0859 7164   TrustedInstaller - ok
05:32:34.0875 7164   tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
05:32:34.0875 7164   tssecsrv - ok
05:32:34.0899 7164   TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
05:32:34.0901 7164   TsUsbFlt - ok
05:32:34.0910 7164   TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
05:32:34.0982 7164   TsUsbGD - ok
05:32:35.0005 7164   tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
05:32:35.0007 7164   tunnel - ok
05:32:35.0048 7164   TurboB          (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
05:32:35.0100 7164   TurboB - ok
05:32:35.0224 7164   TurboBoost      (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
05:32:35.0224 7164   TurboBoost - ok
05:32:35.0239 7164   uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
05:32:35.0255 7164   uagp35 - ok
05:32:35.0286 7164   udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
05:32:35.0286 7164   udfs - ok
05:32:35.0333 7164   UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
05:
Logged
pgmigg
ASAP Members
Jr. Member
**
Offline Offline

Gender: Male
Date Registered:November 19, 2011, 10:43:19 AM
Posts: 50
« Reply #21 on: July 05, 2012, 11:51:27 PM »
Hello Valiux21,

Please post the rest of TDSSKiller log - report you placed here was cut...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
Logged
Honors Graduate of MalWare Removal University
Member of...
Valiux21
Newbie
*
Offline Offline

Date Registered:June 28, 2012, 08:35:24 AM
Posts: 18
« Reply #22 on: July 06, 2012, 11:35:25 AM »
sorry about that. here is the rest
05:32:35.0005 7164   tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
05:32:35.0007 7164   tunnel - ok
05:32:35.0048 7164   TurboB          (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
05:32:35.0100 7164   TurboB - ok
05:32:35.0224 7164   TurboBoost      (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
05:32:35.0224 7164   TurboBoost - ok
05:32:35.0239 7164   uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
05:32:35.0255 7164   uagp35 - ok
05:32:35.0286 7164   udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
05:32:35.0286 7164   udfs - ok
05:32:35.0333 7164   UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
05:32:35.0333 7164   UI0Detect - ok
05:32:35.0349 7164   uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
05:32:35.0427 7164   uliagpkx - ok
05:32:35.0442 7164   umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
05:32:35.0520 7164   umbus - ok
05:32:35.0536 7164   UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
05:32:35.0551 7164   UmPass - ok
05:32:35.0889 7164   UNS             (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
05:32:35.0940 7164   UNS - ok
05:32:36.0044 7164   upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
05:32:36.0059 7164   upnphost - ok
05:32:36.0132 7164   usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
05:32:36.0163 7164   usbccgp - ok
05:32:36.0194 7164   usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
05:32:36.0194 7164   usbcir - ok
05:32:36.0209 7164   usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
05:32:36.0241 7164   usbehci - ok
05:32:36.0272 7164   usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
05:32:36.0319 7164   usbhub - ok
05:32:36.0350 7164   usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
05:32:36.0381 7164   usbohci - ok
05:32:36.0397 7164   usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
05:32:36.0397 7164   usbprint - ok
05:32:36.0443 7164   USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
05:32:36.0537 7164   USBSTOR - ok
05:32:36.0537 7164   usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
05:32:36.0584 7164   usbuhci - ok
05:32:36.0631 7164   usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
05:32:36.0693 7164   usbvideo - ok
05:32:36.0709 7164   UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
05:32:36.0724 7164   UxSms - ok
05:32:36.0740 7164   VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
05:32:36.0740 7164   VaultSvc - ok
05:32:36.0771 7164   vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
05:32:36.0771 7164   vdrvroot - ok
05:32:36.0849 7164   vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
05:32:36.0849 7164   vds - ok
05:32:36.0865 7164   vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
05:32:36.0865 7164   vga - ok
05:32:36.0885 7164   VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
05:32:36.0887 7164   VgaSave - ok
05:32:36.0915 7164   vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
05:32:37.0017 7164   vhdmp - ok
05:32:37.0022 7164   viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
05:32:37.0028 7164   viaide - ok
05:32:37.0044 7164   volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
05:32:37.0095 7164   volmgr - ok
05:32:37.0116 7164   volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
05:32:37.0121 7164   volmgrx - ok
05:32:37.0140 7164   volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
05:32:37.0162 7164   volsnap - ok
05:32:37.0177 7164   vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
05:32:37.0193 7164   vsmraid - ok
05:32:37.0365 7164   VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
05:32:37.0411 7164   VSS - ok
05:32:37.0536 7164   vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
05:32:37.0536 7164   vwifibus - ok
05:32:37.0552 7164   vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
05:32:37.0567 7164   vwififlt - ok
05:32:37.0583 7164   vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
05:32:37.0583 7164   vwifimp - ok
05:32:37.0645 7164   W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
05:32:37.0661 7164   W32Time - ok
05:32:37.0677 7164   WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
05:32:37.0677 7164   WacomPen - ok
05:32:37.0692 7164   WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
05:32:37.0708 7164   WANARP - ok
05:32:37.0708 7164   Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
05:32:37.0708 7164   Wanarpv6 - ok
05:32:37.0833 7164   WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
05:32:37.0879 7164   WatAdminSvc - ok
05:32:37.0972 7164   wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
05:32:37.0998 7164   wbengine - ok
05:32:38.0041 7164   WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
05:32:38.0047 7164   WbioSrvc - ok
05:32:38.0081 7164   wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
05:32:38.0092 7164   wcncsvc - ok
05:32:38.0110 7164   WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
05:32:38.0112 7164   WcsPlugInService - ok
05:32:38.0138 7164   Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
05:32:38.0143 7164   Wd - ok
05:32:38.0194 7164   Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
05:32:38.0210 7164   Wdf01000 - ok
05:32:38.0225 7164   WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
05:32:38.0241 7164   WdiServiceHost - ok
05:32:38.0257 7164   WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
05:32:38.0257 7164   WdiSystemHost - ok
05:32:38.0288 7164   WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
05:32:38.0303 7164   WebClient - ok
05:32:38.0350 7164   Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
05:32:38.0366 7164   Wecsvc - ok
05:32:38.0381 7164   wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
05:32:38.0397 7164   wercplsupport - ok
05:32:38.0413 7164   WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
05:32:38.0428 7164   WerSvc - ok
05:32:38.0444 7164   WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
05:32:38.0444 7164   WfpLwf - ok
05:32:38.0459 7164   WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
05:32:38.0459 7164   WIMMount - ok
05:32:38.0506 7164   WinDefend - ok
05:32:38.0522 7164   WinHttpAutoProxySvc - ok
05:32:38.0615 7164   Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
05:32:38.0631 7164   Winmgmt - ok
05:32:38.0865 7164   WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
05:32:38.0912 7164   WinRM - ok
05:32:39.0046 7164   Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
05:32:39.0058 7164   Wlansvc - ok
05:32:39.0081 7164   WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
05:32:39.0081 7164   WmiAcpi - ok
05:32:39.0116 7164   wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
05:32:39.0118 7164   wmiApSrv - ok
05:32:39.0122 7164   WMPNetworkSvc - ok
05:32:39.0153 7164   WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
05:32:39.0155 7164   WPCSvc - ok
05:32:39.0178 7164   WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
05:32:39.0180 7164   WPDBusEnum - ok
05:32:39.0191 7164   ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
05:32:39.0192 7164   ws2ifsl - ok
05:32:39.0259 7164   wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
05:32:39.0259 7164   wscsvc - ok
05:32:39.0259 7164   WSearch - ok
05:32:39.0618 7164   wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
05:32:39.0680 7164   wuauserv - ok
05:32:39.0805 7164   WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
05:32:39.0805 7164   WudfPf - ok
05:32:39.0836 7164   wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
05:32:39.0836 7164   wudfsvc - ok
05:32:39.0852 7164   WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
05:32:39.0867 7164   WwanSvc - ok
05:32:39.0898 7164   MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
05:32:40.0110 7164   \Device\Harddisk0\DR0 - ok
05:32:40.0112 7164   Boot (0x1200)   (2d1e533d027f5018efdce6639f5c0ae5) \Device\Harddisk0\DR0\Partition0
05:32:40.0113 7164   \Device\Harddisk0\DR0\Partition0 - ok
05:32:40.0120 7164   Boot (0x1200)   (a66cc25607954192fc89420abdb01138) \Device\Harddisk0\DR0\Partition1
05:32:40.0122 7164   \Device\Harddisk0\DR0\Partition1 - ok
05:32:40.0122 7164   ============================================================
05:32:40.0122 7164   Scan finished
05:32:40.0122 7164   ============================================================
05:32:40.0128 7156   Detected object count: 0
05:32:40.0128 7156   Actual detected object count: 0
05:32:52.0370 1828   Deinitialize success
Logged
pgmigg
ASAP Members
Jr. Member
**
Offline Offline

Gender: Male
Date Registered:November 19, 2011, 10:43:19 AM
Posts: 50
« Reply #23 on: July 07, 2012, 01:43:01 PM »
Hello Valiux21,

Sorry for delay - we have unusual hot summer here and power switched off from time to time...  Shocked

Download and Run ComboFix
  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus and Firewall you have active, as shown in this topic.  Please close all open application windows.
  • Double click on ComboFix.exe and follow the prompts.
  • When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use!
ComboFix SHOULD NOT be used unless requested by a forum helper.

Please include in your next reply:
  • Do you have any problems executing the instructions?
  • Contents of ComboFix log file.
  • Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
Logged
Honors Graduate of MalWare Removal University
Member of...
Valiux21
Newbie
*
Offline Offline

Date Registered:June 28, 2012, 08:35:24 AM
Posts: 18
« Reply #24 on: July 08, 2012, 02:40:02 PM »
hello, sorry for the delay, i was on 2 day vacation:) here is my log. the computer showed me about 20 times the error message that pev.3XE stopped working., like windows error message. but it went till the end.
ComboFix 12-07-08.01 - Seima 08/07/2012  20:26:51.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.16344.13958 [GMT 1:00]
Running from: c:\users\Seima\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-08 to 2012-07-08  )))))))))))))))))))))))))))))))
.
.
2012-07-08 19:31 . 2012-07-08 19:31   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-07-06 20:06 . 2012-07-08 19:18   --------   d-----w-   c:\programdata\NVIDIA
2012-07-06 20:06 . 2012-07-06 20:06   --------   d-----w-   c:\program files (x86)\NVIDIA Corporation
2012-07-04 20:48 . 2012-07-04 20:48   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2012-07-04 20:48 . 2012-07-04 20:48   --------   d-----r-   c:\program files (x86)\Skype
2012-07-04 20:48 . 2012-07-04 20:48   --------   d-----w-   c:\programdata\Skype
2012-07-04 19:27 . 2012-07-04 19:27   --------   d-----w-   c:\program files (x86)\ESET
2012-07-03 21:44 . 2012-07-03 21:44   --------   d-----w-   c:\program files (x86)\ImgBurn
2012-07-03 17:34 . 2012-07-03 17:34   --------   d-----w-   c:\program files (x86)\GPLGS
2012-07-03 17:34 . 2012-07-03 17:34   --------   d-----w-   c:\program files (x86)\Acro Software
2012-07-03 17:34 . 2012-03-11 13:56   86608   ----a-w-   c:\windows\system32\cpwmon64.dll
2012-07-03 05:31 . 2012-07-03 05:31   --------   d-----w-   c:\program files (x86)\Belarc
2012-07-02 21:01 . 2012-07-02 21:01   74703   ----a-w-   c:\windows\SysWow64\mfc45.dll
2012-07-02 21:01 . 2012-07-03 13:27   --------   d-----w-   c:\programdata\iolo
2012-07-02 20:31 . 2011-02-19 12:05   1139200   ----a-w-   c:\windows\system32\FntCache.dll
2012-07-02 20:31 . 2011-02-19 12:04   902656   ----a-w-   c:\windows\system32\d2d1.dll
2012-07-02 20:31 . 2011-02-19 06:30   739840   ----a-w-   c:\windows\SysWow64\d2d1.dll
2012-07-01 20:53 . 2012-07-01 20:53   --------   d-----w-   c:\users\Default\AppData\Local\Microsoft Help
2012-07-01 20:37 . 2012-07-03 13:15   --------   d-----w-   C:\MGADiagToolOutput
2012-07-01 12:48 . 2012-07-03 21:41   --------   d-----w-   c:\programdata\Microsoft Help
2012-07-01 12:46 . 2012-07-01 12:46   --------   d-----w-   c:\program files (x86)\Alcohol Soft
2012-07-01 12:39 . 2012-07-01 12:39   560184   ----a-w-   c:\windows\system32\drivers\sptd.sys
2012-07-01 12:38 . 2007-09-07 16:33   135168   ----a-w-   c:\windows\SysWow64\EEBAPI.dll
2012-07-01 12:38 . 2007-03-28 17:26   65536   ----a-w-   c:\windows\SysWow64\EEBUtil.dll
2012-07-01 12:38 . 2006-12-19 17:31   110592   ----a-w-   c:\windows\SysWow64\EEBDSCVR.dll
2012-07-01 12:38 . 2006-12-19 17:20   77824   ----a-w-   c:\windows\SysWow64\EBAPI.dll
2012-07-01 12:38 . 2003-12-17 00:01   55808   ----a-w-   c:\windows\SysWow64\EEBSDKIF.dll
2012-07-01 12:38 . 2012-07-01 12:38   --------   d-----w-   c:\program files\Common Files\EPSON
2012-07-01 11:19 . 2012-07-01 11:19   --------   d-----w-   c:\programdata\UDL
2012-07-01 11:18 . 2012-07-01 11:18   --------   d-----w-   c:\program files\Epson Software
2012-07-01 11:16 . 2012-07-01 11:18   --------   d-----w-   c:\program files (x86)\Epson Software
2012-07-01 11:15 . 2012-07-01 11:16   --------   d-----w-   c:\program files (x86)\ABBYY FineReader 9.0 Sprint
2012-07-01 11:15 . 2012-07-01 11:15   --------   d-----w-   c:\programdata\ABBYY
2012-07-01 11:15 . 2012-07-01 11:15   --------   d-----w-   c:\program files (x86)\Common Files\ABBYY
2012-07-01 11:14 . 2012-07-01 11:14   --------   d-----w-   c:\program files\EpsonNet
2012-07-01 11:14 . 2010-09-13 14:01   538112   ----a-w-   c:\windows\system32\ensppui.dll
2012-07-01 11:14 . 2010-09-13 14:01   538112   ----a-w-   c:\windows\system32\enppui.dll
2012-07-01 11:14 . 2010-09-13 14:00   558592   ----a-w-   c:\windows\system32\ensppmon.dll
2012-07-01 11:14 . 2010-09-13 14:00   558592   ----a-w-   c:\windows\system32\enppmon.dll
2012-07-01 11:14 . 2008-06-18 10:49   250880   ----a-w-   c:\windows\system32\enspres.dll
2012-07-01 11:14 . 2008-06-18 10:49   250880   ----a-w-   c:\windows\system32\enpres.dll
2012-07-01 11:14 . 2012-07-01 12:38   --------   d-----w-   c:\program files (x86)\Common Files\EPSON
2012-07-01 11:13 . 2012-07-01 11:13   --------   d-----w-   c:\program files (x86)\EpsonNet
2012-07-01 11:13 . 2007-04-10 01:06   10752   ----a-w-   c:\windows\system32\E_GCINST.DLL
2012-07-01 11:12 . 2008-11-12 03:00   118784   ----a-w-   c:\windows\system32\E_ILMGCE.DLL
2012-07-01 11:12 . 2009-10-01 03:01   88064   ----a-w-   c:\windows\system32\E_IBCBGCE.DLL
2012-07-01 11:12 . 2012-07-01 12:38   --------   d-----w-   c:\programdata\EPSON
2012-07-01 11:12 . 2009-11-19 23:00   464384   ----a-w-   c:\windows\system32\esxw2ud.dll
2012-07-01 11:12 . 2009-04-30 23:00   17408   ----a-w-   c:\windows\system32\esxcdev.dll
2012-07-01 11:12 . 2009-04-30 23:00   128392   ----a-w-   c:\windows\system32\esdevapp.exe
2012-07-01 11:12 . 2012-07-01 11:17   --------   d-----w-   c:\program files (x86)\epson
2012-07-01 10:00 . 2012-07-01 10:00   2301208   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-01 10:00 . 2012-07-01 10:00   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-01 10:00 . 2012-07-01 10:00   710992   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-01 09:55 . 2012-07-01 09:55   --------   d-----w-   c:\program files (x86)\Dell
2012-07-01 09:54 . 2012-07-01 09:53   521448   ----a-w-   c:\windows\system32\deployJava1.dll
2012-07-01 09:53 . 2012-07-01 09:53   --------   d-----w-   c:\program files\Java
2012-07-01 09:41 . 2012-07-01 09:41   --------   d-----w-   c:\programdata\Office Genuine Advantage
2012-07-01 09:22 . 2012-07-01 09:22   70344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-01 09:22 . 2012-07-01 09:22   426184   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-01 09:22 . 2012-07-01 09:22   --------   d-----w-   c:\windows\SysWow64\Macromed
2012-07-01 09:22 . 2012-07-01 09:22   --------   d-----w-   c:\windows\system32\Macromed
2012-07-01 09:15 . 2012-07-05 20:45   --------   d-----w-   c:\programdata\PCDr
2012-07-01 09:15 . 2012-07-01 09:15   --------   d-----w-   c:\program files\Dell Support Center
2012-07-01 09:00 . 2012-07-01 09:00   --------   dc----w-   c:\windows\system32\DRVSTORE
2012-07-01 09:00 . 2010-08-20 10:05   21616   ----a-w-   c:\windows\system32\drivers\stdcfltn.sys
2012-07-01 09:00 . 2012-07-01 09:00   --------   d-----w-   c:\program files\STMicroelectronics
2012-07-01 09:00 . 2010-12-13 08:34   81008   ----a-w-   c:\windows\system32\accelernco01.dll
2012-07-01 09:00 . 2010-12-13 08:34   27760   ----a-w-   c:\windows\system32\drivers\Accelern.sys
2012-07-01 09:00 . 2012-07-01 09:00   --------   d-----w-   c:\program files (x86)\STMicroelectronics
2012-07-01 08:58 . 2011-01-12 16:51   439320   ----a-w-   c:\windows\system32\drivers\iaStor.sys
2012-07-01 08:57 . 2011-08-23 20:57   74272   ----a-w-   c:\windows\system32\RtNicProp64.dll
2012-07-01 08:57 . 2011-08-23 20:57   565352   ----a-w-   c:\windows\system32\drivers\Rt64win7.sys
2012-07-01 08:57 . 2011-08-23 20:57   107552   ----a-w-   c:\windows\system32\RTNUninst64.dll
2012-07-01 08:51 . 2012-07-01 08:51   --------   d-----w-   c:\program files\Synaptics
2012-07-01 08:50 . 2011-08-25 20:06   66856   ----a-w-   c:\windows\SysWow64\SynTPEnhPS.dll
2012-07-01 08:50 . 2011-08-25 20:06   107816   ----a-w-   c:\windows\SysWow64\SynTPCOM.dll
2012-07-01 08:50 . 2011-08-25 20:06   148264   ----a-w-   c:\windows\system32\SynTPCo9.dll
2012-07-01 08:50 . 2011-08-25 20:09   390704   ----a-w-   c:\windows\system32\drivers\SynTP.sys
2012-07-01 08:50 . 2011-08-25 20:06   226600   ----a-w-   c:\windows\system32\SynTPAPI.dll
2012-07-01 08:50 . 2011-08-16 14:48   262080   ----a-w-   c:\windows\system32\SynPS2.bin
2012-07-01 08:50 . 2011-08-25 20:06   222504   ----a-w-   c:\windows\SysWow64\SynCtrl.dll
2012-07-01 08:50 . 2011-08-25 20:06   276776   ----a-w-   c:\windows\system32\SynCtrl.dll
2012-07-01 08:50 . 2011-08-25 20:06   411432   ----a-w-   c:\windows\system32\SynCOM.dll
2012-07-01 08:50 . 2011-08-25 20:06   177448   ----a-w-   c:\windows\SysWow64\SynCOM.dll
2012-07-01 08:45 . 2012-07-01 08:45   --------   d-----w-   c:\program files (x86)\Common Files\McAfee
2012-07-01 08:45 . 2012-02-22 12:29   10248   ----a-w-   c:\windows\system32\drivers\mfeclnk.sys
2012-07-01 08:45 . 2012-02-22 12:29   75936   ----a-w-   c:\windows\system32\drivers\mfenlfk.sys
2012-07-01 08:45 . 2012-02-22 12:29   65264   ----a-w-   c:\windows\system32\drivers\cfwids.sys
2012-07-01 08:45 . 2012-02-22 12:29   487296   ----a-w-   c:\windows\system32\drivers\mfefirek.sys
2012-07-01 08:45 . 2012-02-22 12:29   289664   ----a-w-   c:\windows\system32\drivers\mfewfpk.sys
2012-07-01 08:45 . 2012-02-22 12:29   229528   ----a-w-   c:\windows\system32\drivers\mfeavfk.sys
2012-07-01 08:45 . 2012-02-22 12:29   100912   ----a-w-   c:\windows\system32\drivers\mferkdet.sys
2012-07-01 08:44 . 2012-07-01 08:45   --------   d-----w-   c:\program files\McAfee
2012-07-01 08:44 . 2012-07-01 08:45   --------   d-----w-   c:\program files\Common Files\McAfee
2012-07-01 08:44 . 2012-07-02 19:07   --------   d-----w-   c:\program files (x86)\McAfee
2012-07-01 08:39 . 2012-05-25 16:13   162224   ----a-w-   c:\windows\system32\mfevtps.exe
2012-07-01 08:39 . 2012-07-01 08:46   --------   d-----w-   c:\programdata\McAfee
2012-07-01 08:39 . 2010-12-20 17:08   8192   ----a-w-   c:\windows\system32\drivers\IntelMEFWVer.dll
2012-07-01 08:39 . 2012-07-01 08:39   --------   d-----w-   c:\program files (x86)\Common Files\postureAgent
2012-07-01 08:37 . 2009-07-14 01:43   281256   -c----w-   c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_5255b97ff18ee9a9f453de7f1c508b4a92d1e9b4_cab_0f4d5ca0\rsaenh.dll
2012-07-01 08:31 . 2012-07-01 08:58   --------   d-----w-   c:\program files (x86)\Intel
2012-07-01 08:31 . 2010-10-04 12:02   53248   ----a-w-   c:\windows\SysWow64\CSVer.dll
2012-07-01 08:30 . 2012-07-01 08:30   --------   d-----w-   C:\Intel
2012-07-01 07:58 . 2012-07-01 09:55   --------   d-----w-   c:\programdata\Dell
2012-07-01 07:58 . 2012-07-03 13:28   --------   d-----w-   c:\program files\Dell
2012-07-01 00:08 . 2012-06-30 15:13   --------   d-----w-   c:\windows\Panther
2012-07-01 00:08 . 2012-07-01 00:08   --------   d-----w-   C:\Hotfix
2012-07-01 00:08 . 2012-07-01 00:08   --------   d-----w-   C:\Drivers
2012-07-01 00:08 . 2012-06-30 15:13   --------   d-----w-   c:\windows\system32\OEM
2012-06-30 21:56 . 2012-07-03 21:41   --------   d-----w-   c:\program files (x86)\Microsoft.NET
2012-06-30 21:54 . 2012-06-30 21:54   --------   d-----w-   c:\windows\SysWow64\Wat
2012-06-30 21:54 . 2012-06-30 21:54   --------   d-----w-   c:\windows\system32\Wat
2012-06-30 15:57 . 2012-07-06 20:05   --------   d-----w-   c:\program files\NVIDIA Corporation
2012-06-30 15:44 . 2012-06-18 02:12   9013136   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{27CB6324-1818-488D-933D-5F1F9C219A9B}\mpengine.dll
2012-06-30 15:30 . 2012-03-01 06:46   23408   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-06-30 15:30 . 2012-03-01 06:38   220672   ----a-w-   c:\windows\system32\wintrust.dll
2012-06-30 15:30 . 2012-03-01 06:33   81408   ----a-w-   c:\windows\system32\imagehlp.dll
2012-06-30 15:30 . 2012-03-01 06:28   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-06-30 15:30 . 2012-03-01 05:37   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-06-30 15:30 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2012-06-30 15:30 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
2012-06-30 15:28 . 2011-02-19 12:03   46080   ----a-w-   c:\windows\system32\atmlib.dll
2012-06-30 15:26 . 2011-11-05 05:32   2048   ----a-w-   c:\windows\system32\tzres.dll
2012-06-30 15:26 . 2011-11-05 04:26   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-07 17425072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
.
c:\users\Seima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-01-05 75624]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 257224]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-10 288768]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 59904]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-30 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-03 381248]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-10-31 8615936]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-13 95744]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-13 212992]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-08 174184]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [2011-10-15 291648]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-02 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 09:22]
.
2012-07-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
2012-07-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-08-29 4146848]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-11-04 540992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}\delldock.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-08  20:33:33
ComboFix-quarantined-files.txt  2012-07-08 19:33
.
Pre-Run: 688,645,931,008 bytes free
Post-Run: 689,467,269,120 bytes free
.
- - End Of File - - B6080FAEAF3F778E840C8A8EA6083FA5
Logged
pgmigg
ASAP Members
Jr. Member
**
Offline Offline

Gender: Male
Date Registered:November 19, 2011, 10:43:19 AM
Posts: 50
« Reply #25 on: July 09, 2012, 11:26:35 AM »
Hello Valiux21,

SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  • Right click on SystemLook.exe, select "Run As Administrator..." to run it.  If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  • Highlight and copy the following entries into SystemLook's main text entry window:
Code:
:filefind
*Babylon*

:folderfind
*Babylon*

:Regfind
Babylon
  • Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  • Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  • Do you have any problems executing the instructions?
  • Contents of SystemLook.txt report file.
  • Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
Logged
Honors Graduate of MalWare Removal University
Member of...
Valiux21
Newbie
*
Offline Offline

Date Registered:June 28, 2012, 08:35:24 AM
Posts: 18
« Reply #26 on: July 09, 2012, 11:56:18 AM »
executed fine, here is the log
Mcafee found a trojan in combofix, and deleted it.
so doctor is something geting clearer? what is happening? ar we finding something?Smiley
SystemLook 30.07.11 by jpshortstuff
Log created at 17:52 on 09/07/2012 by Seima
Administrator - Elevation successful

========== filefind ==========

Searching for "*Babylon*"
No files found.

========== folderfind ==========

Searching for "*Babylon*"
No folders found.

========== Regfind ==========

Searching for "Babylon"
No data found.

-= EOF =-
Logged
pgmigg
ASAP Members
Jr. Member
**
Offline Offline

Gender: Male
Date Registered:November 19, 2011, 10:43:19 AM
Posts: 50
« Reply #27 on: July 09, 2012, 01:25:53 PM »
Hello Valiux21,

Quote
Mcafee found a trojan in combofix, and deleted it.

If you remember when I asked you to run ComboFix, there was step asking you to disable any Antivirus and Firewall you have active. I t is necessary because most onboard AV's, Firewalls, and Anti-Malware programs can and will interfere with the running of ComboFix. These AV's (including McAfee) detect and quarantine/delete files that ComboFix needs to do it's job. They are not malicious files, rather files that you often see in online scan results listed as 'possibly unwanted tool'. As these AV's cannot determine whether these files are being used for malicious purposes, they assume the worst and quarantine or delete them.

Quote
so doctor is something geting clearer? what is happening? ar we finding something?

Looking over your logs, it seems to me that you don't have any evidences of real infection. Your latest set of logs appear to be clean!  yippee

I I guess your problems became from different source. It may be some incompatebility between drivers and hardware, some specific CMOS settings, HDD controller errors, etc.
Probably you need to open a topic in other place like Hardware & Software > Windows/PC Discussions.

Then meantime, this is my general post for when your logs show no more signs of malware and before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps:

Step 1.
Remove Program(s)
  • Click on Start, then click the Start Search box on the Start Menu.
  • Copy and Paste the appwiz.cpl into the open text entry box
  • Then press Enter - the Unistall or change a program list will be opened.
  • Click on the following entry Java(TM) 6 Update 22, if it exists, choose Uninstall, and give permission to Continue.
  • Take extra care in answering questions posed by any Uninstaller.
  • When the program(s) have been uninstalled, please close Control Panel.
  • Reboot you computer.

Step 2.
Latest Java Installation Needed!

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD LATEST VERSION
  • Get the latest version (7u5) of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  • Click the "Download JRE" button to the right.
  • Check "Accept License Agreement "
  • Locate the entry for Windows x64 and click on the associated file name, save the file to your Desktop.

INSTALL Java
  • Close all open applications (standard), especially your browser.
  • From Desktop please right-click on jre-7u5-windows-x64.exe select "Run As Administrator..." to install the newest version.
  • Follow the on-screen directions. When installation is completed successfully, please reboot your computer normally.
  • Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.

OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  • Go to Control Panel and click on the JAVA icon.
  • Press the Update tab and UNCHECK "Check for Updates Automatically".  (You can check for updates manually.)
    • Reply "Never Check" to the warning prompt.
  • Now press the Advanced tab.  Press the [+] to expand the "Miscellaneous" options.
  • UNCHECK "Java Quick Starter".
  • Press Apply and OK, then close the Java Control Panel and exit Control Panel.

Step 3.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  • Right click on OTL.exe select "Run As Administrator..." to run it.  If prompted by UAC, please allow it.
  • Copy and Paste the following code into the text box. Do not include the word Code
Code:
:Commands
[EMPTYTEMP]
[CLEARALLRESTOREPOINTS]
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • OTL may ask to reboot the machine. Please do so if asked.

Step 4.
Enable CD Emulator by Defogger
You should still have this program on your desktop, just ignore the download instructions, provided for convenience.
Please download DeFogger... by jpshortstuff.  Save it to your desktop.
To enable your Emulation drivers again, only when instructed to do so by your helper.
  • Double click DeFogger.exe to run the tool.  The application window will appear.
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue.  A 'Finished!' message will appear.  Click OK
  • Click OK when DeFogger asks to reboot the machine.
Your Emulation drivers are now enabled.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Step 5.
OTL-Cleanup
  • Right click on OTL.exe select "Run As Administrator..." to run it.  If prompted by UAC, please allow it.
  • Press the CleanUp button.
  • When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.
 

Then please don't forget to enable all your defense software!

Finally, please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe!  Wink
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
Logged
Honors Graduate of MalWare Removal University
Member of...
pgmigg
ASAP Members
Jr. Member
**
Offline Offline

Gender: Male
Date Registered:November 19, 2011, 10:43:19 AM
Posts: 50
« Reply #28 on: July 12, 2012, 05:44:53 PM »
As this issue appears resolved, this topic is now closed.


The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine!


Any other members requiring Malware Removal assistance, Please Start HERE!


If you have been helped and wish to donate to help with the costs of this volunteer site: Please Help Support This Site and ASAP™


Thanks!
Logged
Honors Graduate of MalWare Removal University
Member of...
Pages: 1 [2]   Go Up
  Print  
« previous next »
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.17 | SMF © 2011, Simple Machines Valid XHTML 1.0! Valid CSS!