Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJack This + DDS log - Blue screen - cant enter windows w/o safe mode


  • This topic is locked This topic is locked
29 replies to this topic

#1 RealTalk

RealTalk

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 15 April 2012 - 04:37 PM

Hey guys,

Upon trying to turn my comp on, I get the blue screen and cant start up, on restart it lets me in safe mode. The problem seemed to start when I had a redirect malware. I downloaded both Malware Bytes and AdAware to try and fix it. Once Adaware installed, it went to blue screen and since then i can only enter in safe mode. I did some research and found that having 2 adware programs may cause this problem, so i unsinstalled both from safe mode. No luck.

I'm out of ideas, so here are my logs can someone help me? Otherwise it looks like I'm going to have to take it into a store and have it fixed for a huge fee, or reboot windows. I have no system restores

EDIT: this is what the blue screen says:

A problem has been detected and windows has beens hut down to prevent damage to your computer.

NO_MORE_IRP_STACK_LOCATIONS

If this is the first time youve seent his stop eror screen, restart your computer. If this screen appears again, follow these steps.....

*Didnt want to type it all, seems generic*

Technical information:
***STOP: 0x00000035 (0xFFFFFA800FDE1240, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by Brian at 17:33:38 on 2012-04-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12193.11222 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
mURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: RewardsArcadeSuite: {b6ef6c45-5e8d-4c3b-b580-a5073261a381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Avast\aswWebRepIE.dll
TB: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
uRun: [Facebook Update] "C:\Users\Brian\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [avast] "C:\Program Files\Avast\avastUI.exe" /nogui
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 207.22.166.2 207.22.166.61
TCP: Interfaces\{BB2A3391-3F15-4023-A8A2-A27D61024EF7} : DhcpNameServer = 207.22.166.2 207.22.166.61
TCP: Interfaces\{BB2A3391-3F15-4023-A8A2-A27D61024EF7}\373796467697073797E6564777F627B6 : DhcpNameServer = 207.22.166.2 207.22.166.61
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
BHO-X64: vshare.tv Bar - No File
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: RewardsArcadeSuite: {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
BHO-X64: RewardsArcadeSuite - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll
TB-X64: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [avast] "C:\Program Files\Avast\avastUI.exe" /nogui
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
S1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
S1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-1-7 267480]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]
S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Avast\AvastSvc.exe [2012-3-24 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-2 135664]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-7 2009704]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-7 2656280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 253088]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-2 135664]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-15 21:21:30 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80193C08-7A42-4769-848D-61718675D933}\offreg.dll
2012-04-15 19:40:44 -------- d-----w- C:\Users\Brian\AppData\Local\adaware
2012-04-15 19:40:42 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-04-15 19:40:36 94296 ----a-w- C:\Windows\System32\drivers\sbtis.sys
2012-04-15 19:40:36 60504 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-04-15 19:40:32 84568 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-04-15 19:40:32 253528 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-04-15 19:26:51 -------- d-----w- C:\Users\Brian\AppData\Roaming\Malwarebytes
2012-04-15 19:26:45 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-14 03:19:19 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 14:58:57 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 14:58:57 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 14:58:56 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-11 14:57:30 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 14:57:29 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 14:57:29 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 14:57:29 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 14:57:29 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 14:57:29 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 14:57:29 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-09 01:25:56 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-04-04 12:41:38 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-25 03:45:34 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-22 02:38:53 -------- d-----w- C:\Users\Brian\AppData\Roaming\NVIDIA
2012-03-22 02:36:48 -------- d-----w- C:\ProgramData\Electronic Arts
2012-03-22 02:36:48 -------- d-----w- C:\ProgramData\EA Logs
2012-03-22 02:36:48 -------- d-----w- C:\ProgramData\EA Core
2012-03-21 23:41:20 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2012-03-21 23:40:39 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2012-03-21 23:40:39 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2012-03-21 23:40:39 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2012-03-21 23:40:39 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2012-03-21 23:40:37 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2012-03-21 23:40:37 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
.
==================== Find3M ====================
.
2012-04-15 19:47:10 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-04-14 03:19:26 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 17:34:34.05 ===============


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:33:21 PM, on 4/15/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode

Running processes:
C:\Users\Brian\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: vshare.tv Bar Toolbar - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (file missing)
O2 - BHO: vshare.tv Bar - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll
O3 - Toolbar: vshare.tv Bar Toolbar - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Brian\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (file missing)
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12303 bytes

Attached Files


Edited by RealTalk, 15 April 2012 - 04:41 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:47 PM

Posted 17 April 2012 - 07:26 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 RealTalk

RealTalk
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 18 April 2012 - 08:38 AM

I'm here! Lets do this thing!

Computer has gone completely untouched since that log. I'm using a different computer and that one has just been kept off.

For my schedule, I'll be working from now until 5pm EST, so i won't be able to do anything until this evening. I'll have all evening to work on this.

Tomorrow I fly out on a business trip from Thurs-Sat evening, so if i don't respond on that period it's just because of that. I will be back Sat night if we still have work to do we'll knock it all out then.

Edited by RealTalk, 18 April 2012 - 08:41 AM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:47 PM

Posted 18 April 2012 - 06:02 PM

Okay, I've noted your dates. Thanks :)

If we still have safe mode then we should try and use it.

Download and run aswMBR, a rootkit scanner

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 RealTalk

RealTalk
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 18 April 2012 - 06:45 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-18 19:29:09
-----------------------------
19:29:09.344 OS Version: Windows x64 6.1.7601 Service Pack 1
19:29:09.344 Number of processors: 8 586 0x2A07
19:29:09.376 ComputerName: BRIANASUS UserName: Brian
19:29:10.140 Initialize success
19:29:11.201 AVAST engine defs: 12041501
19:29:21.325 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:29:21.325 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
19:29:21.341 Disk 0 MBR read successfully
19:29:21.341 Disk 0 MBR scan
19:29:21.637 Disk 0 Windows 7 default MBR code
19:29:21.653 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
19:29:21.824 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 190776 MB offset 52430848
19:29:22.027 Disk 0 Partition - 00 0F Extended LBA 260562 MB offset 443140096
19:29:22.058 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 260561 MB offset 443142144
19:29:22.277 Disk 0 scanning C:\Windows\system32\drivers
19:29:35.147 Service scanning
19:29:37.284 Service ASUSProcObsrv E:\I386\AsPrOb64.sys **LOCKED** 21
19:29:49.374 Modules scanning
19:29:49.374 Disk 0 trace - called modules:
19:29:49.390 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
19:29:49.405 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800b0c9790]
19:29:49.421 3 CLASSPNP.SYS[fffff88001b5443f] -> nt!IofCallDriver -> [0xfffffa800ab44870]
19:29:49.421 5 ACPI.sys[fffff88000f9f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800ab4c050]
19:29:50.092 AVAST engine scan C:\Windows
19:29:51.823 AVAST engine scan C:\Windows\system32
19:31:42.677 AVAST engine scan C:\Windows\system32\drivers
19:31:52.271 AVAST engine scan C:\Users\Brian
19:40:39.287 AVAST engine scan C:\ProgramData
19:41:11.017 Scan finished successfully
19:44:55.907 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
19:44:56.017 The log file has been saved successfully to "G:\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:47 PM

Posted 18 April 2012 - 07:08 PM

That looks okay so please run FSS, a different type of scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Posted Image
m0le is a proud member of UNITE

#7 RealTalk

RealTalk
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 18 April 2012 - 07:18 PM

Farbar Service Scanner Version: 16-04-2012
Ran by Brian (administrator) on 18-04-2012 at 20:17:26
Running from "C:\Users\Brian\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Minimal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.

nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:47 PM

Posted 18 April 2012 - 07:33 PM

Please run Combofix in safe mode now. There's evidence of rootkit involvement in the FSS log.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 RealTalk

RealTalk
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 18 April 2012 - 07:52 PM

ComboFix 12-04-18.02 - Brian 04/18/2012 20:45:03.1.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12193.10695 [GMT -4:00]
Running from: c:\users\Brian\Desktop\comfix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\AsPatch10430001.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-19 00:48 . 2012-04-19 00:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-19 00:48 . 2012-04-19 00:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 23:31 . 2012-04-18 23:31 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80193C08-7A42-4769-848D-61718675D933}\offreg.dll
2012-04-15 19:40 . 2012-04-15 19:40 -------- d-----w- c:\users\Brian\AppData\Local\adaware
2012-04-15 19:40 . 2012-04-15 19:40 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-04-15 19:40 . 2011-04-05 21:35 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-15 19:40 . 2011-04-05 21:35 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-15 19:40 . 2011-04-05 21:35 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-15 19:40 . 2011-02-08 13:14 84568 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-15 19:26 . 2012-04-15 19:26 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes
2012-04-15 19:26 . 2012-04-15 19:26 -------- d-----w- c:\programdata\Malwarebytes
2012-04-14 03:19 . 2012-04-14 03:19 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 14:58 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 14:58 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 14:58 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 14:57 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 14:57 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 14:57 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 14:57 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 14:57 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 14:57 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 14:57 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 01:25 . 2012-04-09 01:25 -------- d-----w- c:\programdata\Hewlett-Packard
2012-04-09 01:25 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-04-04 12:41 . 2012-04-14 03:19 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-25 03:45 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-22 02:38 . 2012-03-22 02:38 -------- d-----w- c:\users\Brian\AppData\Roaming\NVIDIA
2012-03-22 02:36 . 2012-03-22 02:36 -------- d-----w- c:\programdata\Electronic Arts
2012-03-22 02:36 . 2012-03-22 02:36 -------- d-----w- c:\programdata\EA Logs
2012-03-22 02:36 . 2012-03-22 02:36 -------- d-----w- c:\programdata\EA Core
2012-03-21 23:41 . 2012-03-21 23:41 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-03-21 23:40 . 2008-10-15 10:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-03-21 23:40 . 2008-10-15 10:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-03-21 23:40 . 2008-10-15 10:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-03-21 23:40 . 2008-10-15 10:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-03-21 23:40 . 2008-10-15 10:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-03-21 23:40 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 19:47 . 2011-10-12 22:42 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-04-14 03:19 . 2011-10-23 12:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 23:15 . 2011-10-13 00:55 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-10-13 00:55 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-10-13 00:55 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-10-13 00:55 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-10-13 00:55 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-10-13 00:55 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-10-13 00:55 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-10-13 00:55 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-17 06:38 . 2012-03-13 20:15 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 20:15 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 20:15 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 20:15 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-13 20:15 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 20:15 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-13 20:16 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-13 20:15 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 20:15 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 20:15 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Brian\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-13 137536]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-02-25 40448]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"avast"="c:\program files\Avast\avastUI.exe" [2012-03-06 4241512]
"VirtualCloneDrive"="c:\program files (x86)\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-2 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2012-1-7 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIService]
@=""
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-14 2009704]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;e:\i386\AsPrOb64.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:19]
.
2012-04-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2814915296-174591460-2764255659-1001Core.job
- c:\users\Brian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-13 04:02]
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2814915296-174591460-2764255659-1001UA.job
- c:\users\Brian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-13 04:02]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 207.22.166.2 207.22.166.61
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{7AEB3EFD-E564-43F1-B658-5058A7C5743B} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-18 20:50:37
ComboFix-quarantined-files.txt 2012-04-19 00:50
.
Pre-Run: 4,608,442,368 bytes free
Post-Run: 5,005,611,008 bytes free
.
- - End Of File - - 4BEF1B31A268770D83A7FEA0B363FCEB

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:47 PM

Posted 19 April 2012 - 05:01 PM

Please run TDSSKiller in safe mode now

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#11 RealTalk

RealTalk
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 22 April 2012 - 12:27 PM

13:23:27.0258 1624 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
13:23:27.0492 1624 ============================================================
13:23:27.0492 1624 Current date / time: 2012/04/22 13:23:27.0492
13:23:27.0492 1624 SystemInfo:
13:23:27.0492 1624
13:23:27.0492 1624 OS Version: 6.1.7601 ServicePack: 1.0
13:23:27.0492 1624 Product type: Workstation
13:23:27.0492 1624 ComputerName: BRIANASUS
13:23:27.0492 1624 UserName: Brian
13:23:27.0492 1624 Windows directory: C:\Windows
13:23:27.0492 1624 System windows directory: C:\Windows
13:23:27.0492 1624 Running under WOW64
13:23:27.0492 1624 Processor architecture: Intel x64
13:23:27.0492 1624 Number of processors: 8
13:23:27.0492 1624 Page size: 0x1000
13:23:27.0492 1624 Boot type: Safe boot
13:23:27.0492 1624 ============================================================
13:23:27.0991 1624 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:23:27.0991 1624 Drive \Device\Harddisk1\DR2 - Size: 0xFB000000 (3.92 Gb), SectorSize: 0x200, Cylinders: 0x1FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:23:28.0007 1624 \Device\Harddisk0\DR0:
13:23:28.0007 1624 MBR partitions:
13:23:28.0007 1624 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
13:23:28.0022 1624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
13:23:28.0022 1624 \Device\Harddisk1\DR2:
13:23:28.0022 1624 MBR partitions:
13:23:28.0022 1624 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x100, BlocksNum 0x7D7F00
13:23:28.0054 1624 C: <-> \Device\Harddisk0\DR0\Partition0
13:23:28.0085 1624 D: <-> \Device\Harddisk0\DR0\Partition1
13:23:28.0085 1624 Initialize success
13:23:28.0085 1624 ============================================================
13:23:29.0738 1764 ============================================================
13:23:29.0738 1764 Scan started
13:23:29.0738 1764 Mode: Manual;
13:23:29.0738 1764 ============================================================
13:23:30.0004 1764 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:23:30.0004 1764 1394ohci - ok
13:23:30.0050 1764 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:23:30.0050 1764 ACPI - ok
13:23:30.0097 1764 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:23:30.0097 1764 AcpiPmi - ok
13:23:30.0191 1764 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:23:30.0191 1764 AdobeARMservice - ok
13:23:30.0269 1764 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:23:30.0269 1764 AdobeFlashPlayerUpdateSvc - ok
13:23:30.0331 1764 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:23:30.0331 1764 adp94xx - ok
13:23:30.0378 1764 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:23:30.0378 1764 adpahci - ok
13:23:30.0425 1764 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:23:30.0440 1764 adpu320 - ok
13:23:30.0487 1764 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:23:30.0487 1764 AeLookupSvc - ok
13:23:30.0534 1764 AFBAgent (6e79a119b0ce418fe44e0c824bf3f039) C:\Windows\system32\FBAgent.exe
13:23:30.0581 1764 AFBAgent - ok
13:23:30.0659 1764 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:23:30.0659 1764 AFD - ok
13:23:30.0690 1764 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:23:30.0706 1764 agp440 - ok
13:23:30.0737 1764 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:23:30.0752 1764 ALG - ok
13:23:30.0784 1764 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:23:30.0784 1764 aliide - ok
13:23:30.0815 1764 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:23:30.0815 1764 amdide - ok
13:23:30.0830 1764 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:23:30.0830 1764 AmdK8 - ok
13:23:30.0862 1764 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:23:30.0862 1764 AmdPPM - ok
13:23:30.0893 1764 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:23:30.0893 1764 amdsata - ok
13:23:30.0940 1764 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:23:30.0940 1764 amdsbs - ok
13:23:30.0955 1764 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:23:30.0955 1764 amdxata - ok
13:23:31.0064 1764 Amsp (e8494519bcb9e3b1b72e5604993a76e3) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
13:23:31.0080 1764 Amsp - ok
13:23:31.0111 1764 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
13:23:31.0127 1764 AmUStor - ok
13:23:31.0174 1764 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:23:31.0174 1764 AppID - ok
13:23:31.0205 1764 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:23:31.0205 1764 AppIDSvc - ok
13:23:31.0236 1764 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:23:31.0236 1764 Appinfo - ok
13:23:31.0267 1764 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:23:31.0267 1764 arc - ok
13:23:31.0298 1764 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:23:31.0298 1764 arcsas - ok
13:23:31.0392 1764 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
13:23:31.0392 1764 ASLDRService - ok
13:23:31.0423 1764 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
13:23:31.0423 1764 ASMMAP64 - ok
13:23:31.0439 1764 ASUSProcObsrv - ok
13:23:31.0486 1764 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
13:23:31.0486 1764 aswFsBlk - ok
13:23:31.0517 1764 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
13:23:31.0517 1764 aswMonFlt - ok
13:23:31.0548 1764 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
13:23:31.0548 1764 aswRdr - ok
13:23:31.0579 1764 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
13:23:31.0595 1764 aswSnx - ok
13:23:31.0626 1764 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
13:23:31.0626 1764 aswSP - ok
13:23:31.0642 1764 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
13:23:31.0642 1764 aswTdi - ok
13:23:31.0688 1764 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:23:31.0688 1764 AsyncMac - ok
13:23:31.0720 1764 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:23:31.0720 1764 atapi - ok
13:23:31.0751 1764 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
13:23:31.0751 1764 AthBTPort - ok
13:23:31.0798 1764 Atheros Bt&Wlan Coex Agent (4c4a576818ea028257c624ae36ff7a03) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
13:23:31.0813 1764 Atheros Bt&Wlan Coex Agent - ok
13:23:31.0829 1764 AtherosSvc (21753130331188c4b474e1d3b396e629) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
13:23:31.0829 1764 AtherosSvc - ok
13:23:31.0891 1764 athr (de8b9c3e0e09d918b394207f34ac16dd) C:\Windows\system32\DRIVERS\athrx.sys
13:23:31.0938 1764 athr - ok
13:23:31.0985 1764 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
13:23:31.0985 1764 ATKGFNEXSrv - ok
13:23:32.0016 1764 atksgt (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
13:23:32.0016 1764 atksgt - ok
13:23:32.0047 1764 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
13:23:32.0047 1764 ATKWMIACPIIO - ok
13:23:32.0094 1764 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:23:32.0110 1764 AudioEndpointBuilder - ok
13:23:32.0125 1764 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:23:32.0141 1764 AudioSrv - ok
13:23:32.0188 1764 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Avast\AvastSvc.exe
13:23:32.0203 1764 avast! Antivirus - ok
13:23:32.0266 1764 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:23:32.0266 1764 AxInstSV - ok
13:23:32.0297 1764 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:23:32.0312 1764 b06bdrv - ok
13:23:32.0359 1764 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:23:32.0359 1764 b57nd60a - ok
13:23:32.0390 1764 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:23:32.0390 1764 BDESVC - ok
13:23:32.0422 1764 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:23:32.0422 1764 Beep - ok
13:23:32.0468 1764 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:23:32.0484 1764 BFE - ok
13:23:32.0515 1764 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:23:32.0578 1764 BITS - ok
13:23:32.0609 1764 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:23:32.0609 1764 blbdrive - ok
13:23:32.0640 1764 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:23:32.0640 1764 bowser - ok
13:23:32.0671 1764 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:23:32.0671 1764 BrFiltLo - ok
13:23:32.0687 1764 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:23:32.0687 1764 BrFiltUp - ok
13:23:32.0702 1764 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:23:32.0702 1764 BridgeMP - ok
13:23:32.0749 1764 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:23:32.0749 1764 Browser - ok
13:23:32.0765 1764 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:23:32.0765 1764 Brserid - ok
13:23:32.0796 1764 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:23:32.0796 1764 BrSerWdm - ok
13:23:32.0812 1764 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:23:32.0812 1764 BrUsbMdm - ok
13:23:32.0827 1764 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:23:32.0827 1764 BrUsbSer - ok
13:23:32.0858 1764 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
13:23:32.0858 1764 BTATH_A2DP - ok
13:23:32.0905 1764 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
13:23:32.0905 1764 BTATH_BUS - ok
13:23:32.0936 1764 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
13:23:32.0936 1764 BTATH_HCRP - ok
13:23:32.0983 1764 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
13:23:32.0983 1764 BTATH_LWFLT - ok
13:23:33.0014 1764 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
13:23:33.0014 1764 BTATH_RCP - ok
13:23:33.0061 1764 BtFilter (aa0f5afcf077c5246589b32eceeae566) C:\Windows\system32\DRIVERS\btfilter.sys
13:23:33.0061 1764 BtFilter - ok
13:23:33.0108 1764 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
13:23:33.0108 1764 BthEnum - ok
13:23:33.0139 1764 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:23:33.0139 1764 BTHMODEM - ok
13:23:33.0186 1764 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:23:33.0186 1764 BthPan - ok
13:23:33.0233 1764 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
13:23:33.0248 1764 BTHPORT - ok
13:23:33.0264 1764 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:23:33.0264 1764 bthserv - ok
13:23:33.0295 1764 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
13:23:33.0295 1764 BTHUSB - ok
13:23:33.0311 1764 catchme - ok
13:23:33.0342 1764 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:23:33.0342 1764 cdfs - ok
13:23:33.0373 1764 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:23:33.0373 1764 cdrom - ok
13:23:33.0420 1764 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:23:33.0420 1764 CertPropSvc - ok
13:23:33.0436 1764 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:23:33.0436 1764 circlass - ok
13:23:33.0482 1764 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:23:33.0498 1764 CLFS - ok
13:23:33.0576 1764 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:23:33.0576 1764 clr_optimization_v2.0.50727_32 - ok
13:23:33.0607 1764 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:23:33.0607 1764 clr_optimization_v2.0.50727_64 - ok
13:23:33.0685 1764 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:23:33.0763 1764 clr_optimization_v4.0.30319_32 - ok
13:23:33.0810 1764 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:23:33.0810 1764 clr_optimization_v4.0.30319_64 - ok
13:23:33.0872 1764 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:23:33.0888 1764 CmBatt - ok
13:23:33.0919 1764 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:23:33.0919 1764 cmdide - ok
13:23:33.0966 1764 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:23:33.0982 1764 CNG - ok
13:23:34.0013 1764 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:23:34.0013 1764 Compbatt - ok
13:23:34.0060 1764 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:23:34.0060 1764 CompositeBus - ok
13:23:34.0091 1764 COMSysApp - ok
13:23:34.0122 1764 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:23:34.0122 1764 crcdisk - ok
13:23:34.0169 1764 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:23:34.0169 1764 CryptSvc - ok
13:23:34.0216 1764 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:23:34.0231 1764 DcomLaunch - ok
13:23:34.0262 1764 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:23:34.0262 1764 defragsvc - ok
13:23:34.0294 1764 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:23:34.0294 1764 DfsC - ok
13:23:34.0325 1764 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:23:34.0325 1764 Dhcp - ok
13:23:34.0340 1764 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:23:34.0340 1764 discache - ok
13:23:34.0356 1764 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:23:34.0372 1764 Disk - ok
13:23:34.0387 1764 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:23:34.0403 1764 Dnscache - ok
13:23:34.0450 1764 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:23:34.0465 1764 dot3svc - ok
13:23:34.0481 1764 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:23:34.0481 1764 DPS - ok
13:23:34.0512 1764 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:23:34.0512 1764 drmkaud - ok
13:23:34.0559 1764 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:23:34.0574 1764 DXGKrnl - ok
13:23:34.0606 1764 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:23:34.0606 1764 EapHost - ok
13:23:34.0684 1764 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:23:34.0762 1764 ebdrv - ok
13:23:34.0793 1764 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:23:34.0793 1764 EFS - ok
13:23:34.0871 1764 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:23:34.0886 1764 ehRecvr - ok
13:23:34.0902 1764 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:23:34.0902 1764 ehSched - ok
13:23:34.0964 1764 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:23:34.0964 1764 ElbyCDIO - ok
13:23:34.0996 1764 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:23:34.0996 1764 elxstor - ok
13:23:35.0027 1764 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:23:35.0027 1764 ErrDev - ok
13:23:35.0074 1764 ETD (05b0dcda418e297a1b4cd8d7b8ade403) C:\Windows\system32\DRIVERS\ETD.sys
13:23:35.0074 1764 ETD - ok
13:23:35.0105 1764 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:23:35.0120 1764 EventSystem - ok
13:23:35.0136 1764 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:23:35.0136 1764 exfat - ok
13:23:35.0167 1764 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:23:35.0167 1764 fastfat - ok
13:23:35.0214 1764 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:23:35.0230 1764 Fax - ok
13:23:35.0261 1764 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:23:35.0261 1764 fdc - ok
13:23:35.0292 1764 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:23:35.0292 1764 fdPHost - ok
13:23:35.0308 1764 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:23:35.0308 1764 FDResPub - ok
13:23:35.0323 1764 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:23:35.0323 1764 FileInfo - ok
13:23:35.0339 1764 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:23:35.0354 1764 Filetrace - ok
13:23:35.0370 1764 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:23:35.0370 1764 flpydisk - ok
13:23:35.0401 1764 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:23:35.0401 1764 FltMgr - ok
13:23:35.0448 1764 FLxHCIc (10b5ab16c34d4e316edb825386f57da6) C:\Windows\system32\DRIVERS\FLxHCIc.sys
13:23:35.0448 1764 FLxHCIc - ok
13:23:35.0479 1764 FLxHCIh (66de264c2defe746cb2e71f3a5eb5c2c) C:\Windows\system32\DRIVERS\FLxHCIh.sys
13:23:35.0479 1764 FLxHCIh - ok
13:23:35.0510 1764 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:23:35.0542 1764 FontCache - ok
13:23:35.0635 1764 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:23:35.0635 1764 FontCache3.0.0.0 - ok
13:23:35.0666 1764 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:23:35.0666 1764 FsDepends - ok
13:23:35.0698 1764 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
13:23:35.0698 1764 fssfltr - ok
13:23:35.0807 1764 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:23:35.0838 1764 fsssvc - ok
13:23:35.0885 1764 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:23:35.0885 1764 Fs_Rec - ok
13:23:35.0916 1764 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:23:35.0916 1764 fvevol - ok
13:23:35.0932 1764 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:23:35.0947 1764 gagp30kx - ok
13:23:35.0978 1764 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:23:35.0994 1764 gpsvc - ok
13:23:36.0056 1764 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:23:36.0056 1764 gupdate - ok
13:23:36.0072 1764 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:23:36.0072 1764 gupdatem - ok
13:23:36.0103 1764 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:23:36.0103 1764 hcw85cir - ok
13:23:36.0134 1764 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:23:36.0150 1764 HdAudAddService - ok
13:23:36.0181 1764 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:23:36.0181 1764 HDAudBus - ok
13:23:36.0197 1764 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:23:36.0197 1764 HidBatt - ok
13:23:36.0228 1764 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:23:36.0228 1764 HidBth - ok
13:23:36.0244 1764 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:23:36.0244 1764 HidIr - ok
13:23:36.0259 1764 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:23:36.0275 1764 hidserv - ok
13:23:36.0290 1764 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:23:36.0290 1764 HidUsb - ok
13:23:36.0306 1764 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:23:36.0322 1764 hkmsvc - ok
13:23:36.0353 1764 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:23:36.0353 1764 HomeGroupListener - ok
13:23:36.0384 1764 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:23:36.0400 1764 HomeGroupProvider - ok
13:23:36.0415 1764 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:23:36.0415 1764 HpSAMD - ok
13:23:36.0462 1764 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:23:36.0478 1764 HTTP - ok
13:23:36.0493 1764 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:23:36.0493 1764 hwpolicy - ok
13:23:36.0524 1764 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:23:36.0524 1764 i8042prt - ok
13:23:36.0571 1764 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
13:23:36.0571 1764 iaStor - ok
13:23:36.0602 1764 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:23:36.0618 1764 iaStorV - ok
13:23:36.0712 1764 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:23:36.0743 1764 idsvc - ok
13:23:36.0977 1764 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:23:37.0195 1764 igfx - ok
13:23:37.0226 1764 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:23:37.0226 1764 iirsp - ok
13:23:37.0273 1764 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:23:37.0304 1764 IKEEXT - ok
13:23:37.0398 1764 IntcAzAudAddService (177b4e48c7a288e70779b42ab81d2d06) C:\Windows\system32\drivers\RTKVHD64.sys
13:23:37.0460 1764 IntcAzAudAddService - ok
13:23:37.0507 1764 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
13:23:37.0507 1764 IntcDAud - ok
13:23:37.0538 1764 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:23:37.0538 1764 intelide - ok
13:23:37.0554 1764 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:23:37.0554 1764 intelppm - ok
13:23:37.0570 1764 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:23:37.0585 1764 IPBusEnum - ok
13:23:37.0616 1764 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:23:37.0616 1764 IpFilterDriver - ok
13:23:37.0679 1764 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:23:37.0694 1764 iphlpsvc - ok
13:23:37.0710 1764 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:23:37.0710 1764 IPMIDRV - ok
13:23:37.0741 1764 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:23:37.0741 1764 IPNAT - ok
13:23:37.0772 1764 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:23:37.0772 1764 IRENUM - ok
13:23:37.0788 1764 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:23:37.0788 1764 isapnp - ok
13:23:37.0819 1764 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:23:37.0819 1764 iScsiPrt - ok
13:23:37.0850 1764 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:23:37.0850 1764 kbdclass - ok
13:23:37.0866 1764 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:23:37.0882 1764 kbdhid - ok
13:23:37.0913 1764 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
13:23:37.0913 1764 kbfiltr - ok
13:23:37.0928 1764 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:23:37.0928 1764 KeyIso - ok
13:23:37.0960 1764 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:23:37.0960 1764 KSecDD - ok
13:23:37.0991 1764 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:23:37.0991 1764 KSecPkg - ok
13:23:38.0006 1764 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:23:38.0006 1764 ksthunk - ok
13:23:38.0038 1764 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:23:38.0053 1764 KtmRm - ok
13:23:38.0084 1764 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
13:23:38.0084 1764 L1C - ok
13:23:38.0131 1764 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:23:38.0147 1764 LanmanServer - ok
13:23:38.0178 1764 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:23:38.0178 1764 LanmanWorkstation - ok
13:23:38.0225 1764 lirsgt (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
13:23:38.0225 1764 lirsgt - ok
13:23:38.0256 1764 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:23:38.0256 1764 lltdio - ok
13:23:38.0272 1764 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:23:38.0287 1764 lltdsvc - ok
13:23:38.0303 1764 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:23:38.0303 1764 lmhosts - ok
13:23:38.0381 1764 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:23:38.0381 1764 LMS - ok
13:23:38.0428 1764 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:23:38.0428 1764 LSI_FC - ok
13:23:38.0443 1764 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:23:38.0443 1764 LSI_SAS - ok
13:23:38.0474 1764 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:23:38.0474 1764 LSI_SAS2 - ok
13:23:38.0506 1764 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:23:38.0506 1764 LSI_SCSI - ok
13:23:38.0537 1764 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:23:38.0537 1764 luafv - ok
13:23:38.0568 1764 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:23:38.0568 1764 Mcx2Svc - ok
13:23:38.0599 1764 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:23:38.0599 1764 megasas - ok
13:23:38.0615 1764 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:23:38.0630 1764 MegaSR - ok
13:23:38.0646 1764 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
13:23:38.0646 1764 MEIx64 - ok
13:23:38.0677 1764 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:23:38.0677 1764 MMCSS - ok
13:23:38.0693 1764 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:23:38.0693 1764 Modem - ok
13:23:38.0724 1764 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:23:38.0724 1764 monitor - ok
13:23:38.0755 1764 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:23:38.0755 1764 mouclass - ok
13:23:38.0771 1764 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:23:38.0771 1764 mouhid - ok
13:23:38.0786 1764 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:23:38.0786 1764 mountmgr - ok
13:23:38.0802 1764 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:23:38.0818 1764 mpio - ok
13:23:38.0833 1764 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:23:38.0833 1764 mpsdrv - ok
13:23:38.0864 1764 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:23:38.0880 1764 MpsSvc - ok
13:23:38.0911 1764 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:23:38.0911 1764 MRxDAV - ok
13:23:38.0942 1764 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:23:38.0958 1764 mrxsmb - ok
13:23:38.0974 1764 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:23:38.0989 1764 mrxsmb10 - ok
13:23:39.0005 1764 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:23:39.0005 1764 mrxsmb20 - ok
13:23:39.0020 1764 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:23:39.0020 1764 msahci - ok
13:23:39.0036 1764 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:23:39.0052 1764 msdsm - ok
13:23:39.0067 1764 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:23:39.0067 1764 MSDTC - ok
13:23:39.0083 1764 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:23:39.0083 1764 Msfs - ok
13:23:39.0114 1764 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:23:39.0114 1764 mshidkmdf - ok
13:23:39.0130 1764 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:23:39.0130 1764 msisadrv - ok
13:23:39.0161 1764 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:23:39.0161 1764 MSiSCSI - ok
13:23:39.0176 1764 msiserver - ok
13:23:39.0208 1764 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:23:39.0223 1764 MSKSSRV - ok
13:23:39.0239 1764 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:23:39.0239 1764 MSPCLOCK - ok
13:23:39.0254 1764 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:23:39.0270 1764 MSPQM - ok
13:23:39.0301 1764 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:23:39.0301 1764 MsRPC - ok
13:23:39.0317 1764 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:23:39.0317 1764 mssmbios - ok
13:23:39.0348 1764 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:23:39.0348 1764 MSTEE - ok
13:23:39.0364 1764 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:23:39.0364 1764 MTConfig - ok
13:23:39.0395 1764 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:23:39.0395 1764 Mup - ok
13:23:39.0442 1764 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:23:39.0442 1764 napagent - ok
13:23:39.0488 1764 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:23:39.0504 1764 NativeWifiP - ok
13:23:39.0551 1764 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
13:23:39.0566 1764 NDIS - ok
13:23:39.0598 1764 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:23:39.0598 1764 NdisCap - ok
13:23:39.0629 1764 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:23:39.0629 1764 NdisTapi - ok
13:23:39.0660 1764 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:23:39.0660 1764 Ndisuio - ok
13:23:39.0676 1764 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:23:39.0676 1764 NdisWan - ok
13:23:39.0691 1764 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:23:39.0691 1764 NDProxy - ok
13:23:39.0722 1764 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:23:39.0722 1764 NetBIOS - ok
13:23:39.0738 1764 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:23:39.0738 1764 NetBT - ok
13:23:39.0785 1764 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:23:39.0785 1764 Netlogon - ok
13:23:39.0832 1764 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:23:39.0832 1764 Netman - ok
13:23:39.0863 1764 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:23:39.0863 1764 netprofm - ok
13:23:39.0910 1764 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:23:39.0910 1764 NetTcpPortSharing - ok
13:23:39.0925 1764 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:23:39.0941 1764 nfrd960 - ok
13:23:39.0972 1764 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:23:39.0972 1764 NlaSvc - ok
13:23:39.0988 1764 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:23:39.0988 1764 Npfs - ok
13:23:40.0034 1764 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:23:40.0034 1764 nsi - ok
13:23:40.0050 1764 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:23:40.0050 1764 nsiproxy - ok
13:23:40.0112 1764 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:23:40.0144 1764 Ntfs - ok
13:23:40.0159 1764 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:23:40.0159 1764 Null - ok
13:23:40.0424 1764 nvlddmkm (7328528daf9b8a486e16595a35043db0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:23:40.0658 1764 nvlddmkm - ok
13:23:40.0721 1764 nvpciflt (8ae5a124f3b65c3ec531d251a3e9c87f) C:\Windows\system32\DRIVERS\nvpciflt.sys
13:23:40.0721 1764 nvpciflt - ok
13:23:40.0768 1764 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:23:40.0768 1764 nvraid - ok
13:23:40.0783 1764 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:23:40.0799 1764 nvstor - ok
13:23:40.0846 1764 NVSvc (cea3416907c17bb6623d9cb1e015b3c4) C:\Windows\system32\nvvsvc.exe
13:23:40.0861 1764 NVSvc - ok
13:23:40.0939 1764 nvUpdatusService (741688e5a65cc43567bcc329ae130075) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
13:23:40.0986 1764 nvUpdatusService - ok
13:23:41.0017 1764 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:23:41.0017 1764 nv_agp - ok
13:23:41.0033 1764 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:23:41.0048 1764 ohci1394 - ok
13:23:41.0080 1764 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:23:41.0080 1764 p2pimsvc - ok
13:23:41.0111 1764 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:23:41.0126 1764 p2psvc - ok
13:23:41.0142 1764 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:23:41.0142 1764 Parport - ok
13:23:41.0158 1764 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:23:41.0158 1764 partmgr - ok
13:23:41.0173 1764 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:23:41.0173 1764 PcaSvc - ok
13:23:41.0204 1764 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:23:41.0204 1764 pci - ok
13:23:41.0236 1764 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:23:41.0236 1764 pciide - ok
13:23:41.0251 1764 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:23:41.0267 1764 pcmcia - ok
13:23:41.0282 1764 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:23:41.0282 1764 pcw - ok
13:23:41.0314 1764 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:23:41.0314 1764 PEAUTH - ok
13:23:41.0360 1764 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:23:41.0454 1764 PerfHost - ok
13:23:41.0532 1764 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:23:41.0548 1764 pla - ok
13:23:41.0579 1764 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:23:41.0594 1764 PlugPlay - ok
13:23:41.0610 1764 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:23:41.0610 1764 PNRPAutoReg - ok
13:23:41.0626 1764 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:23:41.0641 1764 PNRPsvc - ok
13:23:41.0672 1764 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:23:41.0672 1764 PolicyAgent - ok
13:23:41.0704 1764 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:23:41.0704 1764 Power - ok
13:23:41.0750 1764 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:23:41.0750 1764 PptpMiniport - ok
13:23:41.0766 1764 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:23:41.0782 1764 Processor - ok
13:23:41.0813 1764 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:23:41.0813 1764 ProfSvc - ok
13:23:41.0828 1764 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:23:41.0828 1764 ProtectedStorage - ok
13:23:41.0860 1764 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:23:41.0860 1764 Psched - ok
13:23:41.0906 1764 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:23:41.0938 1764 ql2300 - ok
13:23:41.0984 1764 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:23:41.0984 1764 ql40xx - ok
13:23:42.0016 1764 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:23:42.0016 1764 QWAVE - ok
13:23:42.0047 1764 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:23:42.0047 1764 QWAVEdrv - ok
13:23:42.0062 1764 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:23:42.0062 1764 RasAcd - ok
13:23:42.0094 1764 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:23:42.0094 1764 RasAgileVpn - ok
13:23:42.0109 1764 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:23:42.0109 1764 RasAuto - ok
13:23:42.0125 1764 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:23:42.0140 1764 Rasl2tp - ok
13:23:42.0187 1764 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:23:42.0187 1764 RasMan - ok
13:23:42.0218 1764 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:23:42.0218 1764 RasPppoe - ok
13:23:42.0250 1764 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:23:42.0250 1764 RasSstp - ok
13:23:42.0265 1764 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:23:42.0281 1764 rdbss - ok
13:23:42.0296 1764 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
13:23:42.0296 1764 rdpbus - ok
13:23:42.0312 1764 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:23:42.0312 1764 RDPCDD - ok
13:23:42.0343 1764 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:23:42.0343 1764 RDPENCDD - ok
13:23:42.0359 1764 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:23:42.0359 1764 RDPREFMP - ok
13:23:42.0406 1764 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:23:42.0406 1764 RDPWD - ok
13:23:42.0421 1764 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:23:42.0437 1764 rdyboost - ok
13:23:42.0452 1764 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:23:42.0452 1764 RemoteAccess - ok
13:23:42.0484 1764 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:23:42.0484 1764 RemoteRegistry - ok
13:23:42.0530 1764 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:23:42.0530 1764 RFCOMM - ok
13:23:42.0608 1764 RichVideo (616f6e52cae254727a886ba8eda1beea) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
13:23:42.0624 1764 RichVideo - ok
13:23:42.0655 1764 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:23:42.0655 1764 RpcEptMapper - ok
13:23:42.0686 1764 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:23:42.0686 1764 RpcLocator - ok
13:23:42.0702 1764 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:23:42.0702 1764 RpcSs - ok
13:23:42.0749 1764 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:23:42.0749 1764 rspndr - ok
13:23:42.0780 1764 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:23:42.0796 1764 RTL8167 - ok
13:23:42.0811 1764 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:23:42.0811 1764 SamSs - ok
13:23:42.0889 1764 SbFw (cdb954c736d51dc5fa712c039af4f683) C:\Windows\system32\drivers\SbFw.sys
13:23:42.0889 1764 SbFw - ok
13:23:42.0952 1764 SBFWIMCL (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\sbfwim.sys
13:23:42.0952 1764 SBFWIMCL - ok
13:23:42.0983 1764 SBFWIMCLMP (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\SBFWIM.sys
13:23:42.0983 1764 SBFWIMCLMP - ok
13:23:43.0030 1764 sbhips (a5bc45f8c2f30350e7566799c86b2f5d) C:\Windows\system32\drivers\sbhips.sys
13:23:43.0030 1764 sbhips - ok
13:23:43.0061 1764 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:23:43.0061 1764 sbp2port - ok
13:23:43.0092 1764 SBRE - ok
13:23:43.0108 1764 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys
13:23:43.0108 1764 SbTis - ok
13:23:43.0139 1764 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:23:43.0154 1764 SCardSvr - ok
13:23:43.0170 1764 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:23:43.0170 1764 scfilter - ok
13:23:43.0201 1764 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:23:43.0217 1764 Schedule - ok
13:23:43.0248 1764 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:23:43.0248 1764 SCPolicySvc - ok
13:23:43.0279 1764 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:23:43.0279 1764 SDRSVC - ok
13:23:43.0310 1764 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:23:43.0310 1764 secdrv - ok
13:23:43.0326 1764 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:23:43.0342 1764 seclogon - ok
13:23:43.0357 1764 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:23:43.0357 1764 SENS - ok
13:23:43.0388 1764 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:23:43.0388 1764 SensrSvc - ok
13:23:43.0420 1764 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:23:43.0420 1764 Serenum - ok
13:23:43.0451 1764 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:23:43.0451 1764 Serial - ok
13:23:43.0466 1764 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:23:43.0466 1764 sermouse - ok
13:23:43.0498 1764 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:23:43.0498 1764 SessionEnv - ok
13:23:43.0529 1764 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:23:43.0529 1764 sffdisk - ok
13:23:43.0544 1764 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:23:43.0544 1764 sffp_mmc - ok
13:23:43.0544 1764 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:23:43.0544 1764 sffp_sd - ok
13:23:43.0560 1764 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:23:43.0560 1764 sfloppy - ok
13:23:43.0607 1764 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:23:43.0607 1764 SharedAccess - ok
13:23:43.0638 1764 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:23:43.0654 1764 ShellHWDetection - ok
13:23:43.0685 1764 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
13:23:43.0685 1764 SiSGbeLH - ok
13:23:43.0700 1764 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:23:43.0700 1764 SiSRaid2 - ok
13:23:43.0716 1764 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:23:43.0732 1764 SiSRaid4 - ok
13:23:43.0794 1764 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:23:43.0794 1764 SkypeUpdate - ok
13:23:43.0810 1764 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:23:43.0810 1764 Smb - ok
13:23:43.0841 1764 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:23:43.0841 1764 SNMPTRAP - ok
13:23:43.0856 1764 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:23:43.0856 1764 spldr - ok
13:23:43.0903 1764 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:23:43.0919 1764 Spooler - ok
13:23:43.0981 1764 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:23:44.0059 1764 sppsvc - ok
13:23:44.0106 1764 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:23:44.0106 1764 sppuinotify - ok
13:23:44.0137 1764 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:23:44.0137 1764 srv - ok
13:23:44.0168 1764 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:23:44.0168 1764 srv2 - ok
13:23:44.0184 1764 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:23:44.0184 1764 srvnet - ok
13:23:44.0215 1764 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:23:44.0231 1764 SSDPSRV - ok
13:23:44.0231 1764 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:23:44.0231 1764 SstpSvc - ok
13:23:44.0262 1764 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:23:44.0262 1764 stexstor - ok
13:23:44.0309 1764 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:23:44.0340 1764 stisvc - ok
13:23:44.0356 1764 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:23:44.0356 1764 swenum - ok
13:23:44.0387 1764 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:23:44.0402 1764 swprv - ok
13:23:44.0434 1764 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:23:44.0496 1764 SysMain - ok
13:23:44.0527 1764 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:23:44.0527 1764 TabletInputService - ok
13:23:44.0543 1764 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:23:44.0558 1764 TapiSrv - ok
13:23:44.0574 1764 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:23:44.0574 1764 TBS - ok
13:23:44.0636 1764 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:23:44.0683 1764 Tcpip - ok
13:23:44.0746 1764 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:23:44.0746 1764 TCPIP6 - ok
13:23:44.0808 1764 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:23:44.0808 1764 tcpipreg - ok
13:23:44.0824 1764 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:23:44.0824 1764 TDPIPE - ok
13:23:44.0855 1764 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:23:44.0855 1764 TDTCP - ok
13:23:44.0870 1764 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:23:44.0870 1764 tdx - ok
13:23:44.0902 1764 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
13:23:44.0902 1764 TermDD - ok
13:23:44.0948 1764 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:23:44.0964 1764 TermService - ok
13:23:44.0980 1764 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:23:44.0980 1764 Themes - ok
13:23:45.0011 1764 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:23:45.0011 1764 THREADORDER - ok
13:23:45.0058 1764 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
13:23:45.0058 1764 tmactmon - ok
13:23:45.0089 1764 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
13:23:45.0089 1764 tmcomm - ok
13:23:45.0104 1764 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
13:23:45.0104 1764 tmevtmgr - ok
13:23:45.0151 1764 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
13:23:45.0151 1764 tmtdi - ok
13:23:45.0182 1764 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:23:45.0182 1764 TrkWks - ok
13:23:45.0214 1764 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:23:45.0214 1764 TrustedInstaller - ok
13:23:45.0245 1764 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:23:45.0245 1764 tssecsrv - ok
13:23:45.0276 1764 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:23:45.0276 1764 TsUsbFlt - ok
13:23:45.0292 1764 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:23:45.0292 1764 TsUsbGD - ok
13:23:45.0323 1764 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:23:45.0323 1764 tunnel - ok
13:23:45.0354 1764 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
13:23:45.0354 1764 TurboB - ok
13:23:45.0401 1764 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
13:23:45.0416 1764 TurboBoost - ok
13:23:45.0432 1764 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:23:45.0432 1764 uagp35 - ok
13:23:45.0479 1764 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:23:45.0479 1764 udfs - ok
13:23:45.0510 1764 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:23:45.0510 1764 UI0Detect - ok
13:23:45.0526 1764 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:23:45.0526 1764 uliagpkx - ok
13:23:45.0557 1764 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:23:45.0557 1764 umbus - ok
13:23:45.0572 1764 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:23:45.0572 1764 UmPass - ok
13:23:45.0697 1764 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:23:45.0744 1764 UNS - ok
13:23:45.0775 1764 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:23:45.0791 1764 upnphost - ok
13:23:45.0806 1764 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:23:45.0806 1764 usbccgp - ok
13:23:45.0838 1764 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:23:45.0838 1764 usbcir - ok
13:23:45.0869 1764 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:23:45.0869 1764 usbehci - ok
13:23:45.0900 1764 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:23:45.0900 1764 usbhub - ok
13:23:45.0931 1764 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:23:45.0931 1764 usbohci - ok
13:23:45.0962 1764 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
13:23:45.0962 1764 usbprint - ok
13:23:45.0994 1764 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:23:45.0994 1764 USBSTOR - ok
13:23:46.0009 1764 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:23:46.0009 1764 usbuhci - ok
13:23:46.0040 1764 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
13:23:46.0056 1764 usbvideo - ok
13:23:46.0072 1764 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:23:46.0087 1764 UxSms - ok
13:23:46.0118 1764 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:23:46.0118 1764 VaultSvc - ok
13:23:46.0150 1764 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
13:23:46.0150 1764 VClone - ok
13:23:46.0181 1764 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:23:46.0181 1764 vdrvroot - ok
13:23:46.0212 1764 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:23:46.0228 1764 vds - ok
13:23:46.0243 1764 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:23:46.0243 1764 vga - ok
13:23:46.0274 1764 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:23:46.0274 1764 VgaSave - ok
13:23:46.0290 1764 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:23:46.0306 1764 vhdmp - ok
13:23:46.0306 1764 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:23:46.0306 1764 viaide - ok
13:23:46.0337 1764 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:23:46.0337 1764 volmgr - ok
13:23:46.0368 1764 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:23:46.0368 1764 volmgrx - ok
13:23:46.0384 1764 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:23:46.0384 1764 volsnap - ok
13:23:46.0415 1764 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:23:46.0415 1764 vsmraid - ok
13:23:46.0462 1764 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:23:46.0493 1764 VSS - ok
13:23:46.0524 1764 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:23:46.0524 1764 vwifibus - ok
13:23:46.0555 1764 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:23:46.0555 1764 vwififlt - ok
13:23:46.0602 1764 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:23:46.0602 1764 W32Time - ok
13:23:46.0618 1764 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:23:46.0618 1764 WacomPen - ok
13:23:46.0649 1764 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:23:46.0649 1764 WANARP - ok
13:23:46.0664 1764 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:23:46.0664 1764 Wanarpv6 - ok
13:23:46.0742 1764 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:23:46.0758 1764 WatAdminSvc - ok
13:23:46.0805 1764 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:23:46.0836 1764 wbengine - ok
13:23:46.0852 1764 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:23:46.0852 1764 WbioSrvc - ok
13:23:46.0867 1764 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:23:46.0883 1764 wcncsvc - ok
13:23:46.0898 1764 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:23:46.0898 1764 WcsPlugInService - ok
13:23:46.0914 1764 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:23:46.0914 1764 Wd - ok
13:23:46.0945 1764 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:23:46.0961 1764 Wdf01000 - ok
13:23:46.0976 1764 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:23:46.0976 1764 WdiServiceHost - ok
13:23:46.0976 1764 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:23:46.0976 1764 WdiSystemHost - ok
13:23:47.0023 1764 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:23:47.0023 1764 WebClient - ok
13:23:47.0039 1764 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:23:47.0054 1764 Wecsvc - ok
13:23:47.0070 1764 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:23:47.0070 1764 wercplsupport - ok
13:23:47.0101 1764 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:23:47.0101 1764 WerSvc - ok
13:23:47.0132 1764 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:23:47.0132 1764 WfpLwf - ok
13:23:47.0164 1764 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
13:23:47.0179 1764 WimFltr - ok
13:23:47.0195 1764 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:23:47.0195 1764 WIMMount - ok
13:23:47.0242 1764 WinDefend - ok
13:23:47.0242 1764 WinHttpAutoProxySvc - ok
13:23:47.0288 1764 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:23:47.0288 1764 Winmgmt - ok
13:23:47.0335 1764 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:23:47.0382 1764 WinRM - ok
13:23:47.0429 1764 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:23:47.0460 1764 Wlansvc - ok
13:23:47.0507 1764 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:23:47.0507 1764 wlcrasvc - ok
13:23:47.0585 1764 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:23:47.0632 1764 wlidsvc - ok
13:23:47.0678 1764 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:23:47.0678 1764 WmiAcpi - ok
13:23:47.0725 1764 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:23:47.0725 1764 wmiApSrv - ok
13:23:47.0772 1764 WMPNetworkSvc - ok
13:23:47.0803 1764 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:23:47.0803 1764 WPCSvc - ok
13:23:47.0819 1764 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:23:47.0819 1764 WPDBusEnum - ok
13:23:47.0834 1764 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:23:47.0850 1764 ws2ifsl - ok
13:23:47.0866 1764 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:23:47.0866 1764 wscsvc - ok
13:23:47.0866 1764 WSearch - ok
13:23:47.0928 1764 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:23:47.0975 1764 wuauserv - ok
13:23:47.0990 1764 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:23:47.0990 1764 WudfPf - ok
13:23:48.0022 1764 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:23:48.0022 1764 WUDFRd - ok
13:23:48.0037 1764 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:23:48.0068 1764 wudfsvc - ok
13:23:48.0100 1764 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:23:48.0100 1764 WwanSvc - ok
13:23:48.0146 1764 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
13:23:48.0146 1764 xusb21 - ok
13:23:48.0178 1764 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:23:48.0209 1764 \Device\Harddisk0\DR0 - ok
13:23:48.0224 1764 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR2
13:23:48.0224 1764 \Device\Harddisk1\DR2 - ok
13:23:48.0224 1764 Boot (0x1200) (b64a48bfd40272b21c9532b283e55dd8) \Device\Harddisk0\DR0\Partition0
13:23:48.0224 1764 \Device\Harddisk0\DR0\Partition0 - ok
13:23:48.0256 1764 Boot (0x1200) (f4aa77d0e00062ded55cc302208e5d13) \Device\Harddisk0\DR0\Partition1
13:23:48.0256 1764 \Device\Harddisk0\DR0\Partition1 - ok
13:23:48.0256 1764 Boot (0x1200) (9edfb4c98c4cb34e93635ce54950eb67) \Device\Harddisk1\DR2\Partition0
13:23:48.0256 1764 \Device\Harddisk1\DR2\Partition0 - ok
13:23:48.0256 1764 ============================================================
13:23:48.0256 1764 Scan finished
13:23:48.0256 1764 ============================================================
13:23:48.0271 1096 Detected object count: 0
13:23:48.0271 1096 Actual detected object count: 0

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:47 PM

Posted 22 April 2012 - 07:09 PM

My research points to an issue with Avast. Boot into safe mode and uninstall it and then see if you can boot normally.
Posted Image
m0le is a proud member of UNITE

#13 RealTalk

RealTalk
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 23 April 2012 - 10:29 PM

Man this is getting frustrating. I just uninstalled avast, and its actually able to load the computer in normal mode now for the first time in over a week, but the blue screen still comes up once i try and run any program. Tried with a few different things and same result.

Any more suggestions? This seems like a tough one :busy:

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:47 PM

Posted 24 April 2012 - 06:32 PM

The same error message?

NO_MORE_IRP_STACK_LOCATIONS


Posted Image
m0le is a proud member of UNITE

#15 RealTalk

RealTalk
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 24 April 2012 - 09:49 PM

Yup same error message. Just turned it on again and same thing. Didnt even wait for me to load a program this time, straight to that error message when windows loaded.

Am I screwed? Am I at the stage where i have to either take it to a shop or reinstall windows? Or do i need a new comp? This sucks, this is a relatively new computer




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users