Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacked by searchnewtab and contineuuetyosave


  • This topic is locked This topic is locked
7 replies to this topic

#1 diamar

diamar

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 07 June 2013 - 04:29 PM

Hi ! After downloading a game, the browser started redirecting my pages (homepage and tabs) to a page of the form http://websearch.searchrocket.info, while the pc started to act slower than usual. i ran. in this order, combofix, junk removal tool and an ESET scanner, before the DDS. the pc continues to run slow and your advice and eye would be very helpful and appreciated.

 

I paste the logs in the order of the procedures done:

 

COMBOFIX LOG

 

ComboFix 13-06-07.03 - User 06/07/2013  23:17:34.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3034.1208 [GMT 3:00]
Running from: c:\users\User\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\contineuuetyosave
c:\programdata\contineuuetyosave\51b23a564a7a3.dll
c:\programdata\contineuuetyosave\51b23a564a7a3.tlb
c:\programdata\contineuuetyosave\settings.ini
c:\programdata\contineuuetyosave\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\contineuuetyosave
c:\programdata\Microsoft\Windows\Start Menu\Programs\contineuuetyosave\contineuuetyosave.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\contineuuetyosave\Uninstall.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\SearchNewTab.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\Uninstall.lnk
c:\programdata\SearchNewTab
c:\programdata\SearchNewTab\51b23a6d355ac.dll
c:\programdata\SearchNewTab\51b23a6d355ac.tlb
c:\programdata\SearchNewTab\settings.ini
c:\programdata\SearchNewTab\uninstall.exe
c:\users\User\Documents\~WRL2594.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-07 to 2013-06-07  )))))))))))))))))))))))))))))))
.
.
2013-06-07 20:22 . 2013-06-07 20:22    --------    d-----w-    c:\users\User\AppData\Local\temp
2013-06-07 20:22 . 2013-06-07 20:22    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-07 20:13 . 2013-06-07 20:13    60872    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB75C89E-ADCC-4A84-B4CF-AE13B2AF168E}\offreg.dll
2013-06-07 20:11 . 2013-06-07 20:11    29904    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB75C89E-ADCC-4A84-B4CF-AE13B2AF168E}\MpKsle69ee645.sys
2013-06-07 20:03 . 2013-06-07 20:03    --------    d-----w-    c:\programdata\StarApp
2013-06-07 19:52 . 2013-06-07 19:52    --------    d-----w-    c:\program files\WebSearch
2013-06-07 19:52 . 2013-06-07 19:52    --------    d-----w-    c:\program files\ContinueToSave
2013-06-07 19:52 . 2013-06-07 19:52    --------    d-----w-    c:\users\User\AppData\Local\Google
2013-06-07 19:51 . 2013-06-07 20:03    --------    d-----w-    c:\programdata\InstallMate
2013-06-06 15:00 . 2013-06-06 15:00    --------    d-----w-    c:\program files\Virtual Families 2 - Our Dream House
2013-06-06 15:00 . 2013-06-06 15:00    --------    d-----w-    c:\windows\Virtual Families 2 - Our Dream House
2013-06-06 14:59 . 2013-06-06 14:59    --------    d-----w-    C:\virtual families
2013-06-06 14:45 . 2013-06-06 14:51    --------    d-----w-    c:\program files\WildTangent Games
2013-06-06 14:45 . 2013-06-06 14:51    --------    d-----w-    c:\users\User\AppData\Roaming\WildTangent
2013-06-06 14:45 . 2013-06-06 14:51    --------    d-----w-    c:\programdata\WildTangent
2013-06-06 14:44 . 2013-06-06 14:44    --------    d-----w-    c:\users\User\AppData\Roaming\Oberon Media
2013-06-06 14:43 . 2013-06-06 14:43    --------    d-----w-    c:\program files\GamesBar
2013-06-06 10:41 . 2013-06-06 14:41    --------    d-----w-    c:\programdata\PogoDGC
2013-06-06 09:10 . 2013-05-13 06:19    7016152    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB75C89E-ADCC-4A84-B4CF-AE13B2AF168E}\mpengine.dll
2013-06-04 22:55 . 2013-05-13 06:19    7016152    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-28 11:17 . 2007-05-23 18:22    89600    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2013-05-26 20:56 . 2013-05-26 20:56    --------    d-----w-    c:\users\User\AppData\Roaming\GoldenBough Games
2013-05-22 22:04 . 2013-05-22 22:04    --------    d-----w-    c:\users\User\AppData\Roaming\funkitron
2013-05-21 22:25 . 2013-05-21 22:24    724464    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{607D7629-C9AB-453E-B5BF-0A61120099F3}\gapaengine.dll
2013-05-18 14:12 . 2013-05-18 14:24    --------    d-----w-    c:\users\User\AppData\Roaming\adelantado_big_fish_en
2013-05-18 13:19 . 2013-05-18 13:19    --------    d-----w-    c:\program files\Common Files\Java
2013-05-18 13:19 . 2013-04-04 02:35    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-05-18 10:17 . 2013-05-18 10:17    --------    d-----w-    c:\program files\Online Games Manager
2013-05-18 09:08 . 2013-05-18 10:59    --------    d-----w-    c:\users\User\AppData\Roaming\dekovir
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-28 17:18 . 2012-12-05 06:23    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-28 17:18 . 2012-12-05 06:23    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2012-12-04 15:52    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-24 20:58 . 2013-03-12 17:31    706640    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-03-22 02:34 . 2012-12-05 19:47    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-22 02:34 . 2012-12-05 19:47    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-05-28 10988176]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-05-14 2038568]
"USB3MON"="c:\program files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"ATKOSD2"="c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-05-30 322208]
"ATKMEDIA"="c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-05-30 174752]
"HControlUser"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2012-04-28 2321584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 145440]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 180768]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 189472]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-18 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2012-12-04 21:09    3058304    ----a-w-    c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 15:50    18642024    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;e:\i386\AsProcOb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 99272]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 287824]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-05 1343400]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 15640]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [2011-09-07 14464]
S1 MpKsle69ee645;MpKsle69ee645;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB75C89E-ADCC-4A84-B4CF-AE13B2AF168E}\MpKsle69ee645.sys [2013-06-07 29904]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files\ASUS\InstantOn for NB\InsOnSrv.exe [2012-04-13 277120]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 462048]
S2 Intel® ME Service;Intel® ME Service;c:\program files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-05-10 128280]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-05-10 165144]
S2 ogmservice;Online Games Manager;c:\program files\Online Games Manager\ogmservice.exe [2013-03-12 559168]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-05-15 363800]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2012-04-11 29184]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2012-04-11 13440]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-05-14 172328]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 349976]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 792856]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2012-04-12 1582656]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys [2012-02-01 219240]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLE69EE645
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-05 17:18]
.
2013-06-07 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-12-04 15:53]
.
2013-06-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 09:54]
.
2013-06-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 09:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://websearch.a-searchpage.info/?pid=924&r=2013/06/07&hid=4290755813&lg=EN&cc=RO&unqvl=18
mStart Page = hxxp://websearch.a-searchpage.info/?pid=924&r=2013/06/07&hid=4290755813&lg=EN&cc=RO&unqvl=18
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
FF - ProfilePath - c:\users\User\AppData\Roaming\mozilla\firefox\Profiles\ldgluxr5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.a-searchpage.info/?pid=924&r=2013/06/07&hid=4290755813&lg=EN&cc=RO&unqvl=18&l=1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://websearch.a-searchpage.info/?pid=924&r=2013/06/07&hid=4290755813&lg=EN&cc=RO&unqvl=18&l=1&q=
FF - ExtSQL: 2013-06-07 22:53; [email protected]; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ldgluxr5.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{51BE2E4F-4294-157A-4000-15E968DC247F} - c:\programdata\SearchNewTab\51b23a6d355ac.dll
BHO-{84AA9F7C-3886-75BD-CF71-80BF7C60AA23} - c:\programdata\contineuuetyosave\51b23a564a7a3.dll
HKCU-Run-FDPRO-516 - c:\program files\Fighters\FighterLauncher.exe
AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\contineuuetyosave\uninstall.exe
AddRemove-{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} - c:\programdata\SearchNewTab\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-07  23:24:25
ComboFix-quarantined-files.txt  2013-06-07 20:24
.
Pre-Run: 73,717,600,256 bytes free
Post-Run: 75,775,156,224 bytes free
.
- - End Of File - - 70960E3419AF5C5248ED8E010D1E76A8
A36C5E4F47E84449FF07ED3517B43A31

 

JUNK REMOVAL LOG

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x86
Ran by User on Fri 06/07/2013 at 23:27:39.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-123240983-3953526646-1464163483-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Program Files\continuetosave"
Successfully deleted: [Folder] "C:\Program Files\gamesbar"
Successfully deleted: [Folder] "C:\Program Files\websearch"



~~~ FireFox

Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ldgluxr5.default\prefs.js

user_pref("browser.search.defaultenginename", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaulturl", "hxxp://websearch.a-searchpage.info/?pid=924&r=2013/06/07&hid=4290755813&lg=EN&cc=RO&unqvl=18&l=1&q=");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("extensions.51b23a564a6bc.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("keyword.URL", "hxxp://websearch.a-searchpage.info/?pid=924&r=2013/06/07&hid=4290755813&lg=EN&cc=RO&unqvl=18&l=1&q=");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ldgluxr5.default\minidumps [353 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/07/2013 at 23:28:34.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

then procedeed with the ESET scanner, and the DDS log comes afterwards:

 

DDS LOG

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455  BrowserJavaVersion: 10.21.2
Run by User at 0:09:54 on 2013-06-08
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3034.1443 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Online Games Manager\ogmservice.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ETDCtrl] c:\program files\elantech\ETDCtrl.exe
mRun: [USB3MON] "c:\program files\intel\intel® usb 3.0 extensible host controller driver\application\iusb3mon.exe"
mRun: [ATKOSD2] c:\program files\asus\atk package\atkosd2\ATKOSD2.exe
mRun: [ATKMEDIA] c:\program files\asus\atk package\atk media\DMedia.exe
mRun: [HControlUser] c:\program files\asus\atk package\atk hotkey\HControlUser.exe
mRun: [Wireless Console 3] c:\program files\asus\wireless console 3\wcourier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{4AC209D2-B90E-4741-9B25-A7209BFA8457} : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{4AC209D2-B90E-4741-9B25-A7209BFA8457}\6657C676562757F5262716761646962757 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4AC209D2-B90E-4741-9B25-A7209BFA8457}\75C414E4D2333344245313 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4AC209D2-B90E-4741-9B25-A7209BFA8457}\75C45323037434F5A5946425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4AC209D2-B90E-4741-9B25-A7209BFA8457}\84F64756C6052796E6369607562313 : DHCPNameServer = 192.168.0.254 151.99.0.100 151.99.125.2
TCP: Interfaces\{9A611DCC-DD90-4427-A93E-EEE1E48650AC} : DHCPNameServer = 192.168.32.203
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\ldgluxr5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIIPT.dll
FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIUpdater.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-12-4 15640]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files\asus\atk package\atk wmiacpi\atkwmiacpi.sys [2011-9-7 14464]
R2 ASUS InstantOn;ASUS InstantOn Service;c:\program files\asus\instanton for nb\InsOnSrv.exe [2012-4-13 277120]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-4-20 462048]
R2 Intel® ME Service;Intel® ME Service;c:\program files\intel\intel® management engine components\fwservice\IntelMeFWService.exe [2012-12-4 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2012-12-4 165144]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
R2 ogmservice;Online Games Manager;c:\program files\online games manager\ogmservice.exe [2013-3-12 559168]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-12-4 363800]
R3 AsusVBus;AsusVBus;c:\windows\system32\drivers\AsusVBus.sys [2012-4-11 29184]
R3 AsusVTouch;AsusVTouch;c:\windows\system32\drivers\AsusVTouch.sys [2012-4-11 13440]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2012-12-4 172328]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-12-4 349976]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-12-4 792856]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-7-17 55104]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2012-12-4 1582656]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\drivers\RtsBaStor.sys [2012-12-4 219240]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-12-4 414824]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-5 14848]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-12-5 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-5 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-12-5 27136]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-12-5 1343400]
S4 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-11-22 3290304]
.
=============== Created Last 30 ================
.
2013-06-07 21:07:13    7016152    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{e450d41d-4b9c-46bf-b53c-109dbff103e6}\mpengine.dll
2013-06-07 20:31:28    --------    d-----w-    c:\program files\ESET
2013-06-07 20:27:38    --------    d-----w-    c:\windows\ERUNT
2013-06-07 20:27:34    --------    d-----w-    C:\JRT
2013-06-07 20:24:28    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-06-07 20:24:27    --------    d-----w-    c:\users\user\appdata\local\temp
2013-06-07 20:16:01    98816    ----a-w-    c:\windows\sed.exe
2013-06-07 20:16:01    256000    ----a-w-    c:\windows\PEV.exe
2013-06-07 20:16:01    208896    ----a-w-    c:\windows\MBR.exe
2013-06-07 20:03:47    --------    d-----w-    c:\programdata\StarApp
2013-06-07 19:52:24    --------    d-----w-    c:\users\user\appdata\local\Google
2013-06-06 15:00:14    --------    d-----w-    c:\windows\Virtual Families 2 - Our Dream House
2013-06-06 15:00:14    --------    d-----w-    c:\program files\Virtual Families 2 - Our Dream House
2013-06-06 14:59:10    --------    d-----w-    C:\virtual families
2013-06-06 14:45:24    --------    d-----w-    c:\users\user\appdata\roaming\WildTangent
2013-06-06 14:45:24    --------    d-----w-    c:\programdata\WildTangent
2013-06-06 14:45:24    --------    d-----w-    c:\program files\WildTangent Games
2013-06-06 14:44:09    --------    d-----w-    c:\users\user\appdata\roaming\Oberon Media
2013-06-06 10:41:15    --------    d-----w-    c:\programdata\PogoDGC
2013-06-04 22:55:22    7016152    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-05-28 11:17:42    89600    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
2013-05-26 20:56:17    --------    d-----w-    c:\users\user\appdata\roaming\GoldenBough Games
2013-05-24 09:55:23    262552    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-22 22:04:54    --------    d-----w-    c:\users\user\appdata\roaming\funkitron
2013-05-21 22:25:21    724464    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{607d7629-c9ab-453e-b5bf-0a61120099f3}\gapaengine.dll
2013-05-18 14:12:55    --------    d-----w-    c:\users\user\appdata\roaming\adelantado_big_fish_en
2013-05-18 13:19:12    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-05-18 10:17:06    --------    d-----w-    c:\program files\Online Games Manager
2013-05-18 09:08:15    --------    d-----w-    c:\users\user\appdata\roaming\dekovir
.
==================== Find3M  ====================
.
2013-05-28 17:18:43    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-28 17:18:43    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-02 15:28:50    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-03-22 02:34:13    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-22 02:34:13    782240    ----a-w-    c:\windows\system32\deployJava1.dll
.
============= FINISH:  0:10:29.72 ===============
 

 

 

Thank you for the time put into reading this, and for any help,

Diana

 



BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:46 AM

Posted 07 June 2013 - 07:27 PM

Hello diamar and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. smile.png

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt


----------Step 3----------------

First, please delete your existing copy of ComboFix.exe.

Then, please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


----------Step 5----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. smile.png

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"
 

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)




-DFB


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 diamar

diamar
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 08 June 2013 - 04:43 PM

Hi D-Fred-Brown, thank you for your help. The information you asked for is this one:

 

TDSS KILLER LOG

 

23:08:09.0687 5956  TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34
23:08:10.0016 5956  ============================================================
23:08:10.0016 5956  Current date / time: 2013/06/08 23:08:10.0016
23:08:10.0016 5956  SystemInfo:
23:08:10.0016 5956  
23:08:10.0016 5956  OS Version: 6.1.7601 ServicePack: 1.0
23:08:10.0016 5956  Product type: Workstation
23:08:10.0017 5956  ComputerName: ASUS-PC
23:08:10.0017 5956  UserName: User
23:08:10.0017 5956  Windows directory: C:\Windows
23:08:10.0017 5956  System windows directory: C:\Windows
23:08:10.0017 5956  Processor architecture: Intel x86
23:08:10.0017 5956  Number of processors: 4
23:08:10.0017 5956  Page size: 0x1000
23:08:10.0017 5956  Boot type: Normal boot
23:08:10.0017 5956  ============================================================
23:08:12.0048 5956  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:08:12.0050 5956  ============================================================
23:08:12.0050 5956  \Device\Harddisk0\DR0:
23:08:12.0050 5956  MBR partitions:
23:08:12.0050 5956  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:08:12.0050 5956  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC832000
23:08:12.0050 5956  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC864800, BlocksNum 0x2DB21000
23:08:12.0050 5956  ============================================================
23:08:12.0076 5956  C: <-> \Device\Harddisk0\DR0\Partition2
23:08:12.0150 5956  D: <-> \Device\Harddisk0\DR0\Partition3
23:08:12.0150 5956  ============================================================
23:08:12.0150 5956  Initialize success
23:08:12.0150 5956  ============================================================
23:08:15.0580 4184  ============================================================
23:08:15.0580 4184  Scan started
23:08:15.0580 4184  Mode: Manual;
23:08:15.0580 4184  ============================================================
23:08:16.0104 4184  ================ Scan system memory ========================
23:08:16.0104 4184  System memory - ok
23:08:16.0105 4184  ================ Scan services =============================
23:08:16.0297 4184  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:08:16.0302 4184  1394ohci - ok
23:08:16.0333 4184  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:08:16.0340 4184  ACPI - ok
23:08:16.0371 4184  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:08:16.0373 4184  AcpiPmi - ok
23:08:16.0441 4184  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:08:16.0444 4184  AdobeARMservice - ok
23:08:16.0507 4184  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:08:16.0513 4184  AdobeFlashPlayerUpdateSvc - ok
23:08:16.0552 4184  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:08:16.0563 4184  adp94xx - ok
23:08:16.0591 4184  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:08:16.0596 4184  adpahci - ok
23:08:16.0635 4184  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:08:16.0638 4184  adpu320 - ok
23:08:16.0669 4184  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:08:16.0671 4184  AeLookupSvc - ok
23:08:16.0712 4184  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
23:08:16.0718 4184  AFD - ok
23:08:16.0751 4184  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
23:08:16.0753 4184  agp440 - ok
23:08:16.0785 4184  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
23:08:16.0787 4184  aic78xx - ok
23:08:16.0840 4184  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
23:08:16.0842 4184  ALG - ok
23:08:16.0875 4184  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:08:16.0877 4184  aliide - ok
23:08:16.0904 4184  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:08:16.0906 4184  amdagp - ok
23:08:16.0920 4184  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:08:16.0921 4184  amdide - ok
23:08:16.0953 4184  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:08:16.0955 4184  AmdK8 - ok
23:08:16.0960 4184  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23:08:16.0962 4184  AmdPPM - ok
23:08:17.0001 4184  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:08:17.0003 4184  amdsata - ok
23:08:17.0046 4184  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:08:17.0049 4184  amdsbs - ok
23:08:17.0064 4184  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:08:17.0064 4184  amdxata - ok
23:08:17.0093 4184  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
23:08:17.0095 4184  AppID - ok
23:08:17.0131 4184  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:08:17.0133 4184  AppIDSvc - ok
23:08:17.0146 4184  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
23:08:17.0148 4184  Appinfo - ok
23:08:17.0212 4184  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:08:17.0215 4184  Apple Mobile Device - ok
23:08:17.0259 4184  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
23:08:17.0263 4184  AppMgmt - ok
23:08:17.0301 4184  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
23:08:17.0303 4184  arc - ok
23:08:17.0317 4184  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:08:17.0319 4184  arcsas - ok
23:08:17.0395 4184  [ A3626C6D3F2DC95497F3F61842D7FD89 ] ASLDRService    C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
23:08:17.0398 4184  ASLDRService - ok
23:08:17.0412 4184  [ B9FDFA552EBA5B4BF377F7CCEC9B8BC7 ] ASMMAP          C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys
23:08:17.0414 4184  ASMMAP - ok
23:08:17.0498 4184  [ 6A122B4F0E5293CACFA8A5F2CBA9B356 ] ASUS InstantOn  C:\Program Files\ASUS\InstantOn for NB\InsOnSrv.exe
23:08:17.0505 4184  ASUS InstantOn - ok
23:08:17.0523 4184  ASUSProcObsrv - ok
23:08:17.0562 4184  [ 365160B968D9E6A174EA18F3C91B209E ] AsusVBus        C:\Windows\system32\DRIVERS\AsusVBus.sys
23:08:17.0563 4184  AsusVBus - ok
23:08:17.0590 4184  [ 25C739A1D591822034EBAD56804F0DB2 ] AsusVTouch      C:\Windows\system32\DRIVERS\AsusVTouch.sys
23:08:17.0592 4184  AsusVTouch - ok
23:08:17.0637 4184  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:08:17.0639 4184  AsyncMac - ok
23:08:17.0657 4184  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
23:08:17.0657 4184  atapi - ok
23:08:17.0680 4184  [ DBC598E47E7A382E60E2A4745D41FEF9 ] ATKGFNEXSrv     C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
23:08:17.0682 4184  ATKGFNEXSrv - ok
23:08:17.0729 4184  [ B8BE87FF7942D1740ECBD6A9BB5DC0E0 ] ATKWMIACPIIO    C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys
23:08:17.0730 4184  ATKWMIACPIIO - ok
23:08:17.0777 4184  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:08:17.0787 4184  AudioEndpointBuilder - ok
23:08:17.0799 4184  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:08:17.0806 4184  Audiosrv - ok
23:08:17.0850 4184  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:08:17.0852 4184  AxInstSV - ok
23:08:17.0894 4184  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
23:08:17.0901 4184  b06bdrv - ok
23:08:17.0925 4184  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:08:17.0929 4184  b57nd60x - ok
23:08:17.0968 4184  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:08:17.0970 4184  BDESVC - ok
23:08:18.0003 4184  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:08:18.0004 4184  Beep - ok
23:08:18.0044 4184  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
23:08:18.0052 4184  BFE - ok
23:08:18.0083 4184  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
23:08:18.0094 4184  BITS - ok
23:08:18.0120 4184  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:08:18.0121 4184  blbdrive - ok
23:08:18.0192 4184  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:08:18.0201 4184  Bonjour Service - ok
23:08:18.0249 4184  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:08:18.0251 4184  bowser - ok
23:08:18.0268 4184  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:08:18.0270 4184  BrFiltLo - ok
23:08:18.0296 4184  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:08:18.0298 4184  BrFiltUp - ok
23:08:18.0324 4184  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
23:08:18.0327 4184  BridgeMP - ok
23:08:18.0366 4184  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
23:08:18.0378 4184  Browser - ok
23:08:18.0420 4184  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:08:18.0427 4184  Brserid - ok
23:08:18.0455 4184  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:08:18.0457 4184  BrSerWdm - ok
23:08:18.0468 4184  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:08:18.0469 4184  BrUsbMdm - ok
23:08:18.0491 4184  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:08:18.0492 4184  BrUsbSer - ok
23:08:18.0515 4184  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:08:18.0517 4184  BTHMODEM - ok
23:08:18.0552 4184  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
23:08:18.0554 4184  bthserv - ok
23:08:18.0656 4184  catchme - ok
23:08:18.0690 4184  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:08:18.0692 4184  cdfs - ok
23:08:18.0723 4184  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:08:18.0725 4184  cdrom - ok
23:08:18.0763 4184  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:08:18.0765 4184  CertPropSvc - ok
23:08:18.0797 4184  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:08:18.0799 4184  circlass - ok
23:08:18.0829 4184  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
23:08:18.0832 4184  CLFS - ok
23:08:18.0888 4184  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:08:18.0889 4184  clr_optimization_v2.0.50727_32 - ok
23:08:18.0912 4184  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:08:18.0913 4184  CmBatt - ok
23:08:18.0928 4184  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:08:18.0929 4184  cmdide - ok
23:08:18.0964 4184  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
23:08:18.0969 4184  CNG - ok
23:08:18.0997 4184  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:08:18.0998 4184  Compbatt - ok
23:08:19.0021 4184  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:08:19.0023 4184  CompositeBus - ok
23:08:19.0040 4184  COMSysApp - ok
23:08:19.0081 4184  [ 651E7A42942D0B0E4571887F40F408B4 ] cphs            C:\Windows\system32\IntelCpHeciSvc.exe
23:08:19.0086 4184  cphs - ok
23:08:19.0100 4184  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:08:19.0102 4184  crcdisk - ok
23:08:19.0163 4184  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:08:19.0167 4184  CryptSvc - ok
23:08:19.0200 4184  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
23:08:19.0210 4184  CSC - ok
23:08:19.0259 4184  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
23:08:19.0269 4184  CscService - ok
23:08:19.0312 4184  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:08:19.0322 4184  DcomLaunch - ok
23:08:19.0358 4184  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:08:19.0362 4184  defragsvc - ok
23:08:19.0499 4184  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:08:19.0514 4184  DfsC - ok
23:08:19.0710 4184  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:08:19.0717 4184  Dhcp - ok
23:08:19.0736 4184  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
23:08:19.0738 4184  discache - ok
23:08:19.0788 4184  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
23:08:19.0789 4184  Disk - ok
23:08:19.0810 4184  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
23:08:19.0812 4184  dmvsc - ok
23:08:19.0843 4184  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:08:19.0847 4184  Dnscache - ok
23:08:19.0877 4184  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:08:19.0882 4184  dot3svc - ok
23:08:19.0896 4184  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
23:08:19.0900 4184  DPS - ok
23:08:19.0935 4184  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:08:19.0936 4184  drmkaud - ok
23:08:19.0988 4184  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:08:19.0998 4184  DXGKrnl - ok
23:08:20.0029 4184  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
23:08:20.0031 4184  EapHost - ok
23:08:20.0131 4184  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
23:08:20.0183 4184  ebdrv - ok
23:08:20.0211 4184  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
23:08:20.0213 4184  EFS - ok
23:08:20.0268 4184  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:08:20.0281 4184  ehRecvr - ok
23:08:20.0316 4184  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
23:08:20.0318 4184  ehSched - ok
23:08:20.0374 4184  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:08:20.0384 4184  elxstor - ok
23:08:20.0404 4184  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:08:20.0404 4184  ErrDev - ok
23:08:20.0454 4184  [ A02337867826D6D67D53A8E64CFA33E6 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
23:08:20.0464 4184  ETD - ok
23:08:20.0484 4184  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
23:08:20.0494 4184  EventSystem - ok
23:08:20.0524 4184  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
23:08:20.0534 4184  exfat - ok
23:08:20.0544 4184  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:08:20.0554 4184  fastfat - ok
23:08:20.0594 4184  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
23:08:20.0604 4184  Fax - ok
23:08:20.0634 4184  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys
23:08:20.0634 4184  fdc - ok
23:08:20.0654 4184  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
23:08:20.0664 4184  fdPHost - ok
23:08:20.0674 4184  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
23:08:20.0684 4184  FDResPub - ok
23:08:20.0694 4184  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:08:20.0694 4184  FileInfo - ok
23:08:20.0704 4184  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:08:20.0704 4184  Filetrace - ok
23:08:20.0724 4184  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:08:20.0724 4184  flpydisk - ok
23:08:20.0754 4184  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:08:20.0754 4184  FltMgr - ok
23:08:20.0794 4184  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
23:08:20.0804 4184  FontCache - ok
23:08:20.0854 4184  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:08:20.0864 4184  FontCache3.0.0.0 - ok
23:08:20.0884 4184  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:08:20.0884 4184  FsDepends - ok
23:08:20.0914 4184  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:08:20.0914 4184  Fs_Rec - ok
23:08:20.0934 4184  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:08:20.0944 4184  fvevol - ok
23:08:20.0974 4184  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:08:20.0974 4184  gagp30kx - ok
23:08:21.0024 4184  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:08:21.0024 4184  GEARAspiWDM - ok
23:08:21.0064 4184  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:08:21.0074 4184  gpsvc - ok
23:08:21.0104 4184  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:08:21.0104 4184  hcw85cir - ok
23:08:21.0144 4184  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:08:21.0154 4184  HdAudAddService - ok
23:08:21.0174 4184  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:08:21.0174 4184  HDAudBus - ok
23:08:21.0214 4184  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
23:08:21.0214 4184  HidBatt - ok
23:08:21.0224 4184  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:08:21.0234 4184  HidBth - ok
23:08:21.0254 4184  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:08:21.0254 4184  HidIr - ok
23:08:21.0284 4184  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
23:08:21.0294 4184  hidserv - ok
23:08:21.0324 4184  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:08:21.0364 4184  HidUsb - ok
23:08:21.0384 4184  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:08:21.0384 4184  hkmsvc - ok
23:08:21.0414 4184  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:08:21.0414 4184  HomeGroupListener - ok
23:08:21.0444 4184  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:08:21.0454 4184  HomeGroupProvider - ok
23:08:21.0494 4184  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:08:21.0494 4184  HpSAMD - ok
23:08:21.0504 4184  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:08:21.0514 4184  HTTP - ok
23:08:21.0534 4184  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:08:21.0534 4184  hwpolicy - ok
23:08:21.0584 4184  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:08:21.0584 4184  i8042prt - ok
23:08:21.0634 4184  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:08:21.0644 4184  iaStorV - ok
23:08:21.0734 4184  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:08:21.0754 4184  idsvc - ok
23:08:21.0894 4184  [ 08635472A005E4881FBF0164AA19B44F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
23:08:21.0994 4184  igfx - ok
23:08:22.0044 4184  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:08:22.0044 4184  iirsp - ok
23:08:22.0094 4184  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:08:22.0114 4184  IKEEXT - ok
23:08:22.0234 4184  [ 2D6E527B8BE62FB0223DA0C2D9C75B45 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:08:22.0304 4184  IntcAzAudAddService - ok
23:08:22.0374 4184  [ AE2B75CD6C71F5706AD485FD6693CFF7 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
23:08:22.0384 4184  Intel® Capability Licensing Service Interface - ok
23:08:22.0444 4184  [ F317B37F907A35713DCD2F4A58515EA0 ] Intel® ME Service C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
23:08:22.0444 4184  Intel® ME Service - ok
23:08:22.0454 4184  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:08:22.0454 4184  intelide - ok
23:08:22.0494 4184  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:08:22.0494 4184  intelppm - ok
23:08:22.0524 4184  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:08:22.0534 4184  IPBusEnum - ok
23:08:22.0554 4184  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:08:22.0554 4184  IpFilterDriver - ok
23:08:22.0614 4184  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:08:22.0624 4184  iphlpsvc - ok
23:08:22.0664 4184  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:08:22.0664 4184  IPMIDRV - ok
23:08:22.0674 4184  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:08:22.0684 4184  IPNAT - ok
23:08:22.0744 4184  [ 02682AE021F0FB92F5768B49776B8B5B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:08:22.0764 4184  iPod Service - ok
23:08:22.0774 4184  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:08:22.0784 4184  IRENUM - ok
23:08:22.0804 4184  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:08:22.0804 4184  isapnp - ok
23:08:22.0824 4184  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:08:22.0824 4184  iScsiPrt - ok
23:08:22.0854 4184  [ 1E6403EC6B1143F66DB08C7C811AF718 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
23:08:22.0854 4184  iusb3hcs - ok
23:08:22.0874 4184  [ 762D729942D3DF15364FD858827DC53B ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
23:08:22.0884 4184  iusb3hub - ok
23:08:22.0904 4184  [ 531967D3CB82747B6980EA7A8E2A2671 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
23:08:22.0914 4184  iusb3xhc - ok
23:08:22.0964 4184  [ 4E5DB6816F165C0C7A7FAA0055788884 ] jhi_service     C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
23:08:22.0964 4184  jhi_service - ok
23:08:23.0004 4184  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
23:08:23.0004 4184  kbdclass - ok
23:08:23.0014 4184  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23:08:23.0014 4184  kbdhid - ok
23:08:23.0044 4184  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
23:08:23.0044 4184  KeyIso - ok
23:08:23.0054 4184  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:08:23.0054 4184  KSecDD - ok
23:08:23.0084 4184  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:08:23.0084 4184  KSecPkg - ok
23:08:23.0114 4184  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:08:23.0124 4184  KtmRm - ok
23:08:23.0164 4184  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
23:08:23.0164 4184  LanmanServer - ok
23:08:23.0194 4184  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:08:23.0204 4184  LanmanWorkstation - ok
23:08:23.0244 4184  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:08:23.0244 4184  lltdio - ok
23:08:23.0274 4184  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:08:23.0284 4184  lltdsvc - ok
23:08:23.0294 4184  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:08:23.0294 4184  lmhosts - ok
23:08:23.0344 4184  [ B596A99DD9577C6CF1C8078A9FC5038C ] LMS             C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:08:23.0354 4184  LMS - ok
23:08:23.0384 4184  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:08:23.0384 4184  LSI_FC - ok
23:08:23.0424 4184  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:08:23.0424 4184  LSI_SAS - ok
23:08:23.0444 4184  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:08:23.0444 4184  LSI_SAS2 - ok
23:08:23.0464 4184  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:08:23.0475 4184  LSI_SCSI - ok
23:08:23.0495 4184  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
23:08:23.0495 4184  luafv - ok
23:08:23.0596 4184  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
23:08:23.0606 4184  McComponentHostService - ok
23:08:23.0636 4184  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:08:23.0636 4184  Mcx2Svc - ok
23:08:23.0666 4184  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:08:23.0666 4184  megasas - ok
23:08:23.0706 4184  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:08:23.0706 4184  MegaSR - ok
23:08:23.0746 4184  [ 9E0A56C77E9244D2CAAC3811F4B47FCB ] MEI             C:\Windows\system32\DRIVERS\HECI.sys
23:08:23.0746 4184  MEI - ok
23:08:23.0806 4184  Microsoft SharePoint Workspace Audit Service - ok
23:08:23.0836 4184  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
23:08:23.0846 4184  MMCSS - ok
23:08:23.0856 4184  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
23:08:23.0856 4184  Modem - ok
23:08:23.0896 4184  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:08:23.0936 4184  monitor - ok
23:08:23.0976 4184  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:08:23.0976 4184  mouclass - ok
23:08:24.0006 4184  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:08:24.0026 4184  mouhid - ok
23:08:24.0046 4184  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:08:24.0046 4184  mountmgr - ok
23:08:24.0176 4184  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:08:24.0176 4184  MozillaMaintenance - ok
23:08:24.0256 4184  [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
23:08:24.0256 4184  MpFilter - ok
23:08:24.0296 4184  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:08:24.0296 4184  mpio - ok
23:08:24.0466 4184  [ A69630D039C38018689190234F866D77 ] MpKsl98404941   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9B8BE440-AFE2-49F1-911C-6319176BD000}\MpKsl98404941.sys
23:08:24.0466 4184  MpKsl98404941 - ok
23:08:24.0506 4184  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:08:24.0506 4184  mpsdrv - ok
23:08:24.0596 4184  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:08:24.0617 4184  MpsSvc - ok
23:08:24.0647 4184  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:08:24.0657 4184  MRxDAV - ok
23:08:24.0697 4184  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:08:24.0727 4184  mrxsmb - ok
23:08:24.0757 4184  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:08:24.0757 4184  mrxsmb10 - ok
23:08:24.0777 4184  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:08:24.0777 4184  mrxsmb20 - ok
23:08:24.0807 4184  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
23:08:24.0807 4184  msahci - ok
23:08:24.0817 4184  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:08:24.0827 4184  msdsm - ok
23:08:24.0847 4184  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
23:08:24.0857 4184  MSDTC - ok
23:08:24.0877 4184  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:08:24.0877 4184  Msfs - ok
23:08:24.0897 4184  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:08:24.0897 4184  mshidkmdf - ok
23:08:24.0907 4184  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:08:24.0907 4184  msisadrv - ok
23:08:24.0947 4184  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:08:24.0947 4184  MSiSCSI - ok
23:08:24.0947 4184  msiserver - ok
23:08:24.0987 4184  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:08:24.0997 4184  MSKSSRV - ok
23:08:25.0037 4184  [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
23:08:25.0047 4184  MsMpSvc - ok
23:08:25.0067 4184  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:08:25.0077 4184  MSPCLOCK - ok
23:08:25.0097 4184  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:08:25.0097 4184  MSPQM - ok
23:08:25.0127 4184  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:08:25.0127 4184  MsRPC - ok
23:08:25.0147 4184  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:08:25.0157 4184  mssmbios - ok
23:08:25.0167 4184  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:08:25.0177 4184  MSTEE - ok
23:08:25.0187 4184  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:08:25.0187 4184  MTConfig - ok
23:08:25.0207 4184  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:08:25.0207 4184  Mup - ok
23:08:25.0237 4184  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
23:08:25.0247 4184  napagent - ok
23:08:25.0287 4184  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:08:25.0287 4184  NativeWifiP - ok
23:08:25.0347 4184  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:08:25.0367 4184  NDIS - ok
23:08:25.0397 4184  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:08:25.0397 4184  NdisCap - ok
23:08:25.0427 4184  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:08:25.0427 4184  NdisTapi - ok
23:08:25.0457 4184  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:08:25.0457 4184  Ndisuio - ok
23:08:25.0477 4184  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:08:25.0477 4184  NdisWan - ok
23:08:25.0507 4184  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:08:25.0507 4184  NDProxy - ok
23:08:25.0537 4184  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:08:25.0537 4184  NetBIOS - ok
23:08:25.0557 4184  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:08:25.0557 4184  NetBT - ok
23:08:25.0577 4184  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
23:08:25.0577 4184  Netlogon - ok
23:08:25.0617 4184  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
23:08:25.0627 4184  Netman - ok
23:08:25.0637 4184  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
23:08:25.0637 4184  netprofm - ok
23:08:25.0687 4184  [ BF80761AAB8CC2DE067F16FDC4591B3E ] netr28          C:\Windows\system32\DRIVERS\netr28.sys
23:08:25.0707 4184  netr28 - ok
23:08:25.0727 4184  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:08:25.0727 4184  NetTcpPortSharing - ok
23:08:25.0767 4184  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:08:25.0767 4184  nfrd960 - ok
23:08:25.0797 4184  [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:08:25.0807 4184  NisDrv - ok
23:08:25.0827 4184  [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
23:08:25.0827 4184  NisSrv - ok
23:08:25.0867 4184  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:08:25.0867 4184  NlaSvc - ok
23:08:25.0877 4184  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:08:25.0887 4184  Npfs - ok
23:08:25.0917 4184  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
23:08:25.0917 4184  nsi - ok
23:08:25.0937 4184  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:08:25.0937 4184  nsiproxy - ok
23:08:25.0987 4184  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:08:26.0007 4184  Ntfs - ok
23:08:26.0027 4184  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
23:08:26.0027 4184  Null - ok
23:08:26.0077 4184  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:08:26.0077 4184  nvraid - ok
23:08:26.0087 4184  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:08:26.0087 4184  nvstor - ok
23:08:26.0107 4184  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:08:26.0107 4184  nv_agp - ok
23:08:26.0187 4184  [ F0F6BEE889236BB6D6A94560D7EEA2AC ] ogmservice      C:\Program Files\Online Games Manager\ogmservice.exe
23:08:26.0197 4184  ogmservice - ok
23:08:26.0237 4184  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:08:26.0237 4184  ohci1394 - ok
23:08:26.0297 4184  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:08:26.0307 4184  ose - ok
23:08:26.0487 4184  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:08:26.0637 4184  osppsvc - ok
23:08:26.0667 4184  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:08:26.0677 4184  p2pimsvc - ok
23:08:26.0697 4184  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:08:26.0697 4184  p2psvc - ok
23:08:26.0727 4184  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\drivers\parport.sys
23:08:26.0727 4184  Parport - ok
23:08:26.0747 4184  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:08:26.0747 4184  partmgr - ok
23:08:26.0767 4184  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
23:08:26.0767 4184  Parvdm - ok
23:08:26.0787 4184  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:08:26.0787 4184  PcaSvc - ok
23:08:26.0817 4184  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
23:08:26.0817 4184  pci - ok
23:08:26.0837 4184  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
23:08:26.0837 4184  pciide - ok
23:08:26.0857 4184  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:08:26.0857 4184  pcmcia - ok
23:08:26.0867 4184  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
23:08:26.0877 4184  pcw - ok
23:08:26.0917 4184  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:08:26.0937 4184  PEAUTH - ok
23:08:26.0977 4184  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
23:08:26.0997 4184  PeerDistSvc - ok
23:08:27.0077 4184  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
23:08:27.0097 4184  pla - ok
23:08:27.0157 4184  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:08:27.0167 4184  PlugPlay - ok
23:08:27.0177 4184  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:08:27.0187 4184  PNRPAutoReg - ok
23:08:27.0207 4184  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:08:27.0207 4184  PNRPsvc - ok
23:08:27.0237 4184  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:08:27.0237 4184  PolicyAgent - ok
23:08:27.0267 4184  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
23:08:27.0277 4184  Power - ok
23:08:27.0317 4184  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:08:27.0317 4184  PptpMiniport - ok
23:08:27.0337 4184  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
23:08:27.0337 4184  Processor - ok
23:08:27.0377 4184  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
23:08:27.0377 4184  ProfSvc - ok
23:08:27.0397 4184  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:08:27.0397 4184  ProtectedStorage - ok
23:08:27.0427 4184  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:08:27.0427 4184  Psched - ok
23:08:27.0517 4184  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:08:27.0537 4184  ql2300 - ok
23:08:27.0557 4184  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:08:27.0557 4184  ql40xx - ok
23:08:27.0587 4184  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
23:08:27.0587 4184  QWAVE - ok
23:08:27.0607 4184  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:08:27.0607 4184  QWAVEdrv - ok
23:08:27.0627 4184  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:08:27.0627 4184  RasAcd - ok
23:08:27.0647 4184  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:08:27.0647 4184  RasAgileVpn - ok
23:08:27.0677 4184  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
23:08:27.0687 4184  RasAuto - ok
23:08:27.0697 4184  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:08:27.0697 4184  Rasl2tp - ok
23:08:27.0717 4184  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
23:08:27.0727 4184  RasMan - ok
23:08:27.0757 4184  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:08:27.0757 4184  RasPppoe - ok
23:08:27.0777 4184  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:08:27.0777 4184  RasSstp - ok
23:08:27.0797 4184  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:08:27.0797 4184  rdbss - ok
23:08:27.0817 4184  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:08:27.0817 4184  rdpbus - ok
23:08:27.0827 4184  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:08:27.0827 4184  RDPCDD - ok
23:08:27.0857 4184  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
23:08:27.0857 4184  RDPDR - ok
23:08:27.0877 4184  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:08:27.0877 4184  RDPENCDD - ok
23:08:27.0897 4184  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:08:27.0897 4184  RDPREFMP - ok
23:08:27.0927 4184  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:08:27.0927 4184  RdpVideoMiniport - ok
23:08:27.0957 4184  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:08:27.0967 4184  RDPWD - ok
23:08:27.0997 4184  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:08:27.0997 4184  rdyboost - ok
23:08:28.0037 4184  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:08:28.0037 4184  RemoteAccess - ok
23:08:28.0087 4184  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:08:28.0097 4184  RemoteRegistry - ok
23:08:28.0127 4184  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:08:28.0127 4184  RpcEptMapper - ok
23:08:28.0147 4184  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
23:08:28.0157 4184  RpcLocator - ok
23:08:28.0177 4184  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
23:08:28.0177 4184  RpcSs - ok
23:08:28.0257 4184  [ CCD9E973F845747056EB456B4A6E221D ] RSBASTOR        C:\Windows\system32\DRIVERS\RtsBaStor.sys
23:08:28.0267 4184  RSBASTOR - ok
23:08:28.0317 4184  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:08:28.0317 4184  rspndr - ok
23:08:28.0407 4184  [ 3849D5D73BDD9B7BC4E3305DDC345B2C ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
23:08:28.0417 4184  RTL8167 - ok
23:08:28.0447 4184  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
23:08:28.0447 4184  s3cap - ok
23:08:28.0467 4184  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
23:08:28.0467 4184  SamSs - ok
23:08:28.0487 4184  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:08:28.0487 4184  sbp2port - ok
23:08:28.0527 4184  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:08:28.0527 4184  SCardSvr - ok
23:08:28.0547 4184  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:08:28.0547 4184  scfilter - ok
23:08:28.0597 4184  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
23:08:28.0607 4184  Schedule - ok
23:08:28.0628 4184  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:08:28.0628 4184  SCPolicySvc - ok
23:08:28.0658 4184  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:08:28.0668 4184  SDRSVC - ok
23:08:28.0688 4184  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:08:28.0688 4184  secdrv - ok
23:08:28.0708 4184  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
23:08:28.0708 4184  seclogon - ok
23:08:28.0718 4184  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
23:08:28.0718 4184  SENS - ok
23:08:28.0738 4184  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:08:28.0738 4184  SensrSvc - ok
23:08:28.0748 4184  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\drivers\serenum.sys
23:08:28.0748 4184  Serenum - ok
23:08:28.0768 4184  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\drivers\serial.sys
23:08:28.0768 4184  Serial - ok
23:08:28.0768 4184  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:08:28.0768 4184  sermouse - ok
23:08:28.0808 4184  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:08:28.0808 4184  SessionEnv - ok
23:08:28.0828 4184  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:08:28.0828 4184  sffdisk - ok
23:08:28.0838 4184  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:08:28.0838 4184  sffp_mmc - ok
23:08:28.0848 4184  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:08:28.0858 4184  sffp_sd - ok
23:08:28.0858 4184  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:08:28.0858 4184  sfloppy - ok
23:08:28.0888 4184  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:08:28.0898 4184  SharedAccess - ok
23:08:28.0928 4184  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:08:28.0938 4184  ShellHWDetection - ok
23:08:28.0968 4184  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:08:28.0978 4184  sisagp - ok
23:08:28.0998 4184  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:08:28.0998 4184  SiSRaid2 - ok
23:08:29.0018 4184  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:08:29.0018 4184  SiSRaid4 - ok
23:08:29.0128 4184  [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:08:29.0218 4184  Skype C2C Service - ok
23:08:29.0278 4184  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
23:08:29.0278 4184  SkypeUpdate - ok
23:08:29.0298 4184  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:08:29.0298 4184  Smb - ok
23:08:29.0348 4184  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:08:29.0348 4184  SNMPTRAP - ok
23:08:29.0378 4184  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:08:29.0378 4184  spldr - ok
23:08:29.0428 4184  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
23:08:29.0438 4184  Spooler - ok
23:08:29.0528 4184  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:08:29.0628 4184  sppsvc - ok
23:08:29.0648 4184  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:08:29.0648 4184  sppuinotify - ok
23:08:29.0678 4184  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:08:29.0678 4184  srv - ok
23:08:29.0698 4184  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:08:29.0698 4184  srv2 - ok
23:08:29.0728 4184  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:08:29.0728 4184  srvnet - ok
23:08:29.0758 4184  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:08:29.0758 4184  SSDPSRV - ok
23:08:29.0768 4184  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:08:29.0778 4184  SstpSvc - ok
23:08:29.0798 4184  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:08:29.0798 4184  stexstor - ok
23:08:29.0828 4184  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
23:08:29.0838 4184  StiSvc - ok
23:08:29.0868 4184  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
23:08:29.0868 4184  storflt - ok
23:08:29.0898 4184  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
23:08:29.0898 4184  storvsc - ok
23:08:29.0928 4184  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:08:29.0928 4184  swenum - ok
23:08:29.0968 4184  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
23:08:29.0968 4184  swprv - ok
23:08:29.0998 4184  [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
23:08:29.0998 4184  Synth3dVsc - ok
23:08:30.0048 4184  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
23:08:30.0058 4184  SysMain - ok
23:08:30.0098 4184  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:08:30.0098 4184  TabletInputService - ok
23:08:30.0118 4184  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:08:30.0128 4184  TapiSrv - ok
23:08:30.0138 4184  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
23:08:30.0138 4184  TBS - ok
23:08:30.0208 4184  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:08:30.0228 4184  Tcpip - ok
23:08:30.0298 4184  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:08:30.0318 4184  TCPIP6 - ok
23:08:30.0338 4184  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:08:30.0338 4184  tcpipreg - ok
23:08:30.0368 4184  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:08:30.0368 4184  TDPIPE - ok
23:08:30.0388 4184  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:08:30.0388 4184  TDTCP - ok
23:08:30.0408 4184  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:08:30.0408 4184  tdx - ok
23:08:30.0418 4184  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:08:30.0418 4184  TermDD - ok
23:08:30.0448 4184  [ E951866BAC5A23403F62A349EDBB6EEB ] terminpt        C:\Windows\system32\drivers\terminpt.sys
23:08:30.0448 4184  terminpt - ok
23:08:30.0478 4184  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
23:08:30.0488 4184  TermService - ok
23:08:30.0498 4184  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
23:08:30.0508 4184  Themes - ok
23:08:30.0518 4184  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
23:08:30.0518 4184  THREADORDER - ok
23:08:30.0538 4184  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
23:08:30.0548 4184  TrkWks - ok
23:08:30.0598 4184  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:08:30.0608 4184  TrustedInstaller - ok
23:08:30.0628 4184  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:08:30.0628 4184  tssecsrv - ok
23:08:30.0658 4184  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:08:30.0658 4184  TsUsbFlt - ok
23:08:30.0698 4184  [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
23:08:30.0698 4184  TsUsbGD - ok
23:08:30.0708 4184  [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
23:08:30.0708 4184  tsusbhub - ok
23:08:30.0758 4184  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:08:30.0758 4184  tunnel - ok
23:08:30.0778 4184  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:08:30.0778 4184  uagp35 - ok
23:08:30.0798 4184  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:08:30.0798 4184  udfs - ok
23:08:30.0838 4184  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:08:30.0848 4184  UI0Detect - ok
23:08:30.0858 4184  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:08:30.0858 4184  uliagpkx - ok
23:08:30.0888 4184  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:08:30.0918 4184  umbus - ok
23:08:30.0948 4184  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:08:30.0958 4184  UmPass - ok
23:08:30.0988 4184  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
23:08:30.0988 4184  UmRdpService - ok
23:08:31.0028 4184  [ C5CC2D35F038F2A934483A4D1C2E4435 ] UNS             C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:08:31.0028 4184  UNS - ok
23:08:31.0058 4184  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
23:08:31.0058 4184  upnphost - ok
23:08:31.0098 4184  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:08:31.0148 4184  usbccgp - ok
23:08:31.0188 4184  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:08:31.0198 4184  usbcir - ok
23:08:31.0218 4184  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:08:31.0228 4184  usbehci - ok
23:08:31.0258 4184  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:08:31.0268 4184  usbhub - ok
23:08:31.0278 4184  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:08:31.0278 4184  usbohci - ok
23:08:31.0308 4184  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:08:31.0338 4184  usbprint - ok
23:08:31.0378 4184  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:08:31.0438 4184  usbscan - ok
23:08:31.0468 4184  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:08:31.0498 4184  USBSTOR - ok
23:08:31.0518 4184  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:08:31.0518 4184  usbuhci - ok
23:08:31.0548 4184  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:08:31.0548 4184  usbvideo - ok
23:08:31.0578 4184  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
23:08:31.0578 4184  UxSms - ok
23:08:31.0598 4184  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
23:08:31.0598 4184  VaultSvc - ok
23:08:31.0638 4184  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:08:31.0638 4184  vdrvroot - ok
23:08:31.0668 4184  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
23:08:31.0688 4184  vds - ok
23:08:31.0708 4184  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:08:31.0708 4184  vga - ok
23:08:31.0728 4184  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:08:31.0728 4184  VgaSave - ok
23:08:31.0728 4184  VGPU - ok
23:08:31.0748 4184  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:08:31.0748 4184  vhdmp - ok
23:08:31.0788 4184  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:08:31.0788 4184  viaagp - ok
23:08:31.0808 4184  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
23:08:31.0808 4184  ViaC7 - ok
23:08:31.0838 4184  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
23:08:31.0838 4184  viaide - ok
23:08:31.0868 4184  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
23:08:31.0868 4184  vmbus - ok
23:08:31.0888 4184  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
23:08:31.0888 4184  VMBusHID - ok
23:08:31.0908 4184  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:08:31.0908 4184  volmgr - ok
23:08:31.0928 4184  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:08:31.0938 4184  volmgrx - ok
23:08:31.0948 4184  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:08:31.0958 4184  volsnap - ok
23:08:31.0978 4184  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:08:31.0978 4184  vsmraid - ok
23:08:32.0038 4184  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
23:08:32.0068 4184  VSS - ok
23:08:32.0088 4184  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:08:32.0088 4184  vwifibus - ok
23:08:32.0128 4184  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:08:32.0128 4184  vwififlt - ok
23:08:32.0138 4184  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
23:08:32.0148 4184  vwifimp - ok
23:08:32.0178 4184  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
23:08:32.0188 4184  W32Time - ok
23:08:32.0208 4184  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:08:32.0208 4184  WacomPen - ok
23:08:32.0248 4184  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:08:32.0248 4184  WANARP - ok
23:08:32.0248 4184  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:08:32.0248 4184  Wanarpv6 - ok
23:08:32.0318 4184  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:08:32.0348 4184  WatAdminSvc - ok
23:08:32.0408 4184  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
23:08:32.0438 4184  wbengine - ok
23:08:32.0458 4184  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:08:32.0468 4184  WbioSrvc - ok
23:08:32.0498 4184  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:08:32.0508 4184  wcncsvc - ok
23:08:32.0518 4184  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:08:32.0518 4184  WcsPlugInService - ok
23:08:32.0548 4184  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
23:08:32.0548 4184  Wd - ok
23:08:32.0578 4184  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:08:32.0578 4184  Wdf01000 - ok
23:08:32.0608 4184  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:08:32.0608 4184  WdiServiceHost - ok
23:08:32.0608 4184  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:08:32.0608 4184  WdiSystemHost - ok
23:08:32.0638 4184  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
23:08:32.0638 4184  WebClient - ok
23:08:32.0648 4184  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:08:32.0648 4184  Wecsvc - ok
23:08:32.0668 4184  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:08:32.0668 4184  wercplsupport - ok
23:08:32.0698 4184  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:08:32.0708 4184  WerSvc - ok
23:08:32.0738 4184  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:08:32.0738 4184  WfpLwf - ok
23:08:32.0778 4184  [ 090A2B8F055343815556A01F725F6C35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
23:08:32.0778 4184  WimFltr - ok
23:08:32.0788 4184  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:08:32.0788 4184  WIMMount - ok
23:08:32.0878 4184  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:08:32.0898 4184  WinDefend - ok
23:08:32.0908 4184  WinHttpAutoProxySvc - ok
23:08:32.0968 4184  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:08:32.0968 4184  Winmgmt - ok
23:08:33.0048 4184  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
23:08:33.0078 4184  WinRM - ok
23:08:33.0128 4184  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:08:33.0188 4184  WinUsb - ok
23:08:33.0238 4184  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:08:33.0258 4184  Wlansvc - ok
23:08:33.0288 4184  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:08:33.0288 4184  WmiAcpi - ok
23:08:33.0318 4184  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:08:33.0328 4184  wmiApSrv - ok
23:08:33.0408 4184  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:08:33.0438 4184  WMPNetworkSvc - ok
23:08:33.0468 4184  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:08:33.0468 4184  WPCSvc - ok
23:08:33.0488 4184  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:08:33.0498 4184  WPDBusEnum - ok
23:08:33.0528 4184  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:08:33.0528 4184  ws2ifsl - ok
23:08:33.0538 4184  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
23:08:33.0548 4184  wscsvc - ok
23:08:33.0548 4184  WSearch - ok
23:08:33.0628 4184  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
23:08:33.0658 4184  wuauserv - ok
23:08:33.0688 4184  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:08:33.0688 4184  WudfPf - ok
23:08:33.0718 4184  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:08:33.0718 4184  WUDFRd - ok
23:08:33.0748 4184  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:08:33.0748 4184  wudfsvc - ok
23:08:33.0778 4184  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:08:33.0778 4184  WwanSvc - ok
23:08:33.0808 4184  ================ Scan global ===============================
23:08:33.0828 4184  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:08:33.0848 4184  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
23:08:33.0858 4184  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
23:08:33.0888 4184  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:08:33.0918 4184  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:08:33.0918 4184  [Global] - ok
23:08:33.0918 4184  ================ Scan MBR ==================================
23:08:33.0928 4184  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:08:34.0348 4184  \Device\Harddisk0\DR0 - ok
23:08:34.0348 4184  ================ Scan VBR ==================================
23:08:34.0348 4184  [ 203E08E1AD9D2D0C6CD9BC01248F33D6 ] \Device\Harddisk0\DR0\Partition1
23:08:34.0348 4184  \Device\Harddisk0\DR0\Partition1 - ok
23:08:34.0358 4184  [ 10A968638048B0E5B13C515B79DF6A25 ] \Device\Harddisk0\DR0\Partition2
23:08:34.0358 4184  \Device\Harddisk0\DR0\Partition2 - ok
23:08:34.0388 4184  [ D8FE008A438BF501849551A796A15F45 ] \Device\Harddisk0\DR0\Partition3
23:08:34.0388 4184  \Device\Harddisk0\DR0\Partition3 - ok
23:08:34.0388 4184  ============================================================
23:08:34.0388 4184  Scan finished
23:08:34.0388 4184  ============================================================
23:08:34.0398 6064  Detected object count: 0
23:08:34.0398 6064  Actual detected object count: 0
23:08:52.0033 1924  Deinitialize success

 

MBAR mbar LOG

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.08.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: ASUS-PC [administrator]

6/8/2013 11:36:26 PM
mbar-log-2013-06-08 (23-36-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 206791
Time elapsed: 22 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

MBAR SYSTEM LOG

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 3181154304, free: 1738166272

Downloaded database version: v2013.06.08.05
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
     06/08/2013 23:36:12
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECI.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netr28.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\AsusVBus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\AsusVTouch.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9B8BE440-AFE2-49F1-911C-6319176BD000}\MpKsl98404941.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\ole32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\lpk.dll
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\gdi32.dll
\Windows\System32\wininet.dll
\Windows\System32\normaliz.dll
\Windows\System32\shell32.dll
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\user32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\urlmon.dll
\Windows\System32\difxapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\psapi.dll
\Windows\System32\usp10.dll
\Windows\System32\msctf.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\nsi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\advapi32.dll
\Windows\System32\sechost.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8625f030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85d5f030
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8625f030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8625e200, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8625f030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85d5f030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 69B53599

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 209920000

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 210126848  Numsec = 766644224

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

 

COMBOFIX LOG

 

ComboFix 13-06-08.02 - User 06/09/2013   0:17.2.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3034.2170 [GMT 3:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-08 to 2013-06-08  )))))))))))))))))))))))))))))))
.
.
2013-06-08 21:27 . 2013-06-08 21:27    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-08 20:35 . 2013-06-08 20:35    --------    d-----w-    C:\mbar
2013-06-08 20:10 . 2013-06-08 21:00    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-08 20:10 . 2013-06-08 20:10    --------    d-----w-    c:\programdata\Malwarebytes
2013-06-08 20:08 . 2013-06-08 20:08    29904    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B8BE440-AFE2-49F1-911C-6319176BD000}\MpKsl98404941.sys
2013-06-08 08:52 . 2013-05-13 06:19    7016152    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B8BE440-AFE2-49F1-911C-6319176BD000}\mpengine.dll
2013-06-07 21:07 . 2013-05-13 06:19    7016152    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-07 20:27 . 2013-06-07 20:27    --------    d-----w-    c:\windows\ERUNT
2013-06-07 20:27 . 2013-06-07 20:27    --------    d-----w-    C:\JRT
2013-06-07 20:24 . 2013-06-08 21:27    --------    d-----w-    c:\users\User\AppData\Local\temp
2013-06-07 20:03 . 2013-06-07 20:03    --------    d-----w-    c:\programdata\StarApp
2013-06-07 19:52 . 2013-06-07 19:52    --------    d-----w-    c:\users\User\AppData\Local\Google
2013-06-06 15:00 . 2013-06-06 15:00    --------    d-----w-    c:\program files\Virtual Families 2 - Our Dream House
2013-06-06 15:00 . 2013-06-06 15:00    --------    d-----w-    c:\windows\Virtual Families 2 - Our Dream House
2013-06-06 14:59 . 2013-06-06 14:59    --------    d-----w-    C:\virtual families
2013-06-06 14:45 . 2013-06-06 14:51    --------    d-----w-    c:\program files\WildTangent Games
2013-06-06 14:45 . 2013-06-06 14:51    --------    d-----w-    c:\users\User\AppData\Roaming\WildTangent
2013-06-06 14:45 . 2013-06-06 14:51    --------    d-----w-    c:\programdata\WildTangent
2013-06-06 14:44 . 2013-06-06 14:44    --------    d-----w-    c:\users\User\AppData\Roaming\Oberon Media
2013-06-06 10:41 . 2013-06-06 14:41    --------    d-----w-    c:\programdata\PogoDGC
2013-05-28 11:17 . 2007-05-23 18:22    89600    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2013-05-26 20:56 . 2013-05-26 20:56    --------    d-----w-    c:\users\User\AppData\Roaming\GoldenBough Games
2013-05-22 22:04 . 2013-05-22 22:04    --------    d-----w-    c:\users\User\AppData\Roaming\funkitron
2013-05-21 22:25 . 2013-05-21 22:24    724464    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{607D7629-C9AB-453E-B5BF-0A61120099F3}\gapaengine.dll
2013-05-18 14:12 . 2013-05-18 14:24    --------    d-----w-    c:\users\User\AppData\Roaming\adelantado_big_fish_en
2013-05-18 13:19 . 2013-05-18 13:19    --------    d-----w-    c:\program files\Common Files\Java
2013-05-18 13:19 . 2013-04-04 02:35    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-05-18 10:17 . 2013-05-18 10:17    --------    d-----w-    c:\program files\Online Games Manager
2013-05-18 09:08 . 2013-05-18 10:59    --------    d-----w-    c:\users\User\AppData\Roaming\dekovir
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-28 17:18 . 2012-12-05 06:23    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-28 17:18 . 2012-12-05 06:23    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2012-12-04 15:52    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-24 20:58 . 2013-03-12 17:31    706640    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-03-22 02:34 . 2012-12-05 19:47    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-22 02:34 . 2012-12-05 19:47    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-05-28 10988176]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-05-14 2038568]
"USB3MON"="c:\program files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"ATKOSD2"="c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-05-30 322208]
"ATKMEDIA"="c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-05-30 174752]
"HControlUser"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2012-04-28 2321584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 145440]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 180768]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 189472]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-18 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2012-12-04 21:09    3058304    ----a-w-    c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 15:50    18642024    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;e:\i386\AsProcOb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 99272]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 287824]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-05 1343400]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 15640]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [2011-09-07 14464]
S1 MpKsl98404941;MpKsl98404941;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B8BE440-AFE2-49F1-911C-6319176BD000}\MpKsl98404941.sys [2013-06-08 29904]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files\ASUS\InstantOn for NB\InsOnSrv.exe [2012-04-13 277120]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 462048]
S2 Intel® ME Service;Intel® ME Service;c:\program files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-05-10 128280]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-05-10 165144]
S2 ogmservice;Online Games Manager;c:\program files\Online Games Manager\ogmservice.exe [2013-03-12 559168]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-05-15 363800]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2012-04-11 29184]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2012-04-11 13440]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-05-14 172328]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 349976]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 792856]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2012-04-12 1582656]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys [2012-02-01 219240]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 87826302
*NewlyCreated* - MPKSL98404941
*NewlyCreated* - WS2IFSL
*Deregistered* - 87826302
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-05 17:18]
.
2013-06-08 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 09:54]
.
2013-06-08 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 09:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
FF - ProfilePath - c:\users\User\AppData\Roaming\mozilla\firefox\Profiles\ldgluxr5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SP_09b71135 - c:\program files\ContinueToSave\uninstall.exe
AddRemove-SP_b0285714 - c:\program files\WebSearch\uninstall.exe
AddRemove-{2BE5B442-4961-A36F-C7D1-EDA95A37D4FD} - c:\progra~2\INSTAL~1\{485AB~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-09  00:31:16
ComboFix-quarantined-files.txt  2013-06-08 21:31
.
Pre-Run: 78,281,064,448 bytes free
Post-Run: 78,159,589,376 bytes free
.
- - End Of File - - F7BC5FC01FDA40E9CA47E13EC1F6B5C0
A36C5E4F47E84449FF07ED3517B43A31

 

SECURITY CHECK REPORT

 

Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 21  
 Adobe Flash Player     11.7.700.202  
 Adobe Reader XI  
 Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Online Games Manager ogmservice.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

Thank you,

Diana



#4 diamar

diamar
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 08 June 2013 - 04:48 PM

I will wait to see if continuetosave continues to appear in the folders. yesterday after the combofix disappeared, but saw it again later today..



#5 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:46 AM

Posted 08 June 2013 - 07:49 PM

Looks better. Still have some fixing to do.

 

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

 

Driver::
87826302

File::
C:\Windows\System32\Drivers\87826302.sys

 

Reboot::



Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now
 
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#6 diamar

diamar
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 11 June 2013 - 04:42 AM

Good morning! This is the  Combofix log

 

ComboFix 13-06-08.02 - User 06/11/2013  12:30:56.3.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3034.2052 [GMT 3:00]
Running from: c:\users\User\Downloads\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
FILE ::
"c:\windows\System32\Drivers\87826302.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_87826302
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-11 to 2013-06-11  )))))))))))))))))))))))))))))))
.
.
2013-06-11 09:35 . 2013-06-11 09:35    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-10 16:34 . 2013-05-13 06:19    7016152    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9543DB08-1E20-44FF-B9EB-96502E1A6143}\mpengine.dll
2013-06-09 09:21 . 2013-05-13 06:19    7016152    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-08 20:35 . 2013-06-08 20:35    --------    d-----w-    C:\mbar
2013-06-08 20:10 . 2013-06-08 21:00    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-08 20:10 . 2013-06-08 20:10    --------    d-----w-    c:\programdata\Malwarebytes
2013-06-07 20:27 . 2013-06-07 20:27    --------    d-----w-    c:\windows\ERUNT
2013-06-07 20:27 . 2013-06-07 20:27    --------    d-----w-    C:\JRT
2013-06-07 20:24 . 2013-06-11 09:37    --------    d-----w-    c:\users\User\AppData\Local\temp
2013-06-07 20:03 . 2013-06-07 20:03    --------    d-----w-    c:\programdata\StarApp
2013-06-07 19:52 . 2013-06-07 19:52    --------    d-----w-    c:\users\User\AppData\Local\Google
2013-06-06 15:00 . 2013-06-06 15:00    --------    d-----w-    c:\program files\Virtual Families 2 - Our Dream House
2013-06-06 15:00 . 2013-06-06 15:00    --------    d-----w-    c:\windows\Virtual Families 2 - Our Dream House
2013-06-06 14:59 . 2013-06-06 14:59    --------    d-----w-    C:\virtual families
2013-06-06 14:45 . 2013-06-06 14:51    --------    d-----w-    c:\program files\WildTangent Games
2013-06-06 14:45 . 2013-06-06 14:51    --------    d-----w-    c:\users\User\AppData\Roaming\WildTangent
2013-06-06 14:45 . 2013-06-06 14:51    --------    d-----w-    c:\programdata\WildTangent
2013-06-06 14:44 . 2013-06-06 14:44    --------    d-----w-    c:\users\User\AppData\Roaming\Oberon Media
2013-06-06 10:41 . 2013-06-06 14:41    --------    d-----w-    c:\programdata\PogoDGC
2013-05-28 11:17 . 2007-05-23 18:22    89600    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2013-05-26 20:56 . 2013-05-26 20:56    --------    d-----w-    c:\users\User\AppData\Roaming\GoldenBough Games
2013-05-22 22:04 . 2013-05-22 22:04    --------    d-----w-    c:\users\User\AppData\Roaming\funkitron
2013-05-21 22:25 . 2013-05-21 22:24    724464    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{607D7629-C9AB-453E-B5BF-0A61120099F3}\gapaengine.dll
2013-05-18 14:12 . 2013-05-18 14:24    --------    d-----w-    c:\users\User\AppData\Roaming\adelantado_big_fish_en
2013-05-18 13:19 . 2013-05-18 13:19    --------    d-----w-    c:\program files\Common Files\Java
2013-05-18 13:19 . 2013-04-04 02:35    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-05-18 10:17 . 2013-05-18 10:17    --------    d-----w-    c:\program files\Online Games Manager
2013-05-18 09:08 . 2013-05-18 10:59    --------    d-----w-    c:\users\User\AppData\Roaming\dekovir
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-28 17:18 . 2012-12-05 06:23    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-28 17:18 . 2012-12-05 06:23    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2012-12-04 15:52    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-24 20:58 . 2013-03-12 17:31    706640    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-03-22 02:34 . 2012-12-05 19:47    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-22 02:34 . 2012-12-05 19:47    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-05-28 10988176]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-05-14 2038568]
"USB3MON"="c:\program files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"ATKOSD2"="c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-05-30 322208]
"ATKMEDIA"="c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-05-30 174752]
"HControlUser"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2012-04-28 2321584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 145440]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 180768]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 189472]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-18 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2012-12-04 21:09    3058304    ----a-w-    c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 15:50    18642024    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;e:\i386\AsProcOb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 99272]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 287824]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-05 1343400]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 15640]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [2011-09-07 14464]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files\ASUS\InstantOn for NB\InsOnSrv.exe [2012-04-13 277120]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 462048]
S2 Intel® ME Service;Intel® ME Service;c:\program files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-05-10 128280]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-05-10 165144]
S2 ogmservice;Online Games Manager;c:\program files\Online Games Manager\ogmservice.exe [2013-03-12 559168]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-05-15 363800]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2012-04-11 29184]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2012-04-11 13440]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-05-14 172328]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 349976]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 792856]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2012-04-12 1582656]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys [2012-02-01 219240]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-05 17:18]
.
2013-06-11 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 09:54]
.
2013-06-10 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 09:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
FF - ProfilePath - c:\users\User\AppData\Roaming\mozilla\firefox\Profiles\ldgluxr5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files\ASUS\P4G\BatteryLife.exe
c:\program files\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
c:\program files\ASUS\InstantOn for NB\InsOnWMI.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2013-06-11  12:40:02 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-11 09:40
ComboFix2.txt  2013-06-08 21:31
.
Pre-Run: 76,553,179,136 bytes free
Post-Run: 76,257,533,952 bytes free
.
- - End Of File - - DC118D4897919C19C0ACB5A6EFF797FB
A36C5E4F47E84449FF07ED3517B43A31
 

The computer hasn't been working slowly these days, thank you for all your advices!

Diana



#7 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:46 AM

Posted 11 June 2013 - 11:41 AM

Looks a whole lot better. I'd like to run a few more scans to see if we missed anything:

----------Step 1----------------

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

 

----------Step 2----------------
We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 3 (note: this scan may take a little time)----------------
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 4----------------
Please post the AdwCleaner logfile, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:46 AM

Posted 03 July 2013 - 10:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users