Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD c0000135


  • This topic is locked This topic is locked
29 replies to this topic

#1 zeecam

zeecam

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 16 April 2012 - 02:14 AM

windows7 It started out with Google redirects, ran malwarebytes pro and SuperAntispyware and after reboot I get BSOD STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program system. It will not boot into windows

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:24 PM

Posted 16 April 2012 - 02:47 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 zeecam

zeecam
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 16 April 2012 - 02:56 AM

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 16-04-2012 02:51:05
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe [252544 2010-09-28] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Zee\...\Run: [abbfecfbbbcadct] "C:\ProgramData\abbfecfbbbcadct.exe" [86016 2012-04-14] ()
Tcpip\Parameters: [DhcpNameServer] 208.180.83.133 208.180.42.68 192.168.1.1
AppInit_DLLs: prio.dll
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-11-09] (SUPERAntiSpyware.com)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-04-02] (Adobe Systems Incorporated)
2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-01] ()
2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-11-05] (Intel Corporation)
2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [133800 2010-08-12] (Intel Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [51456888 2010-03-25] (Microsoft Corporation)
3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [174440 2010-01-09] (Microsoft Corporation)
2 simptcp; C:\Windows\System32\tcpsvcs.exe [10240 2009-07-13] (Microsoft Corporation)
2 simptcp; C:\Windows\SysWow64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
2 ZDCNDIS5; C:\Windows\System32\s616obex.dll [6656 2009-07-13] (Oak Technology Inc.)

========================== Drivers (Whitelisted) =============

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2011-06-18] ()
1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [14464 2010-08-02] ()
3 ctgame; C:\Windows\System32\Drivers\ctgame.sys [26264 2011-05-30] (Creative Technology Ltd.)
3 dmvsc; C:\Windows\System32\Drivers\dmvsc.sys [71168 2010-11-20] (Microsoft Corporation)
3 e1cexpress; C:\Windows\System32\DRIVERS\e1c62x64.sys [313520 2010-09-20] (Intel Corporation)
3 ICCWDT; C:\Windows\System32\Drivers\ICCWDT.sys [26136 2010-08-17] (Intel Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
0 mv91cons; C:\Windows\System32\Drivers\mv91cons.sys [24880 2010-11-21] (Marvell Semiconductor Inc.)
0 mv91xx; C:\Windows\System32\Drivers\mv91xx.sys [303408 2010-11-21] (Marvell Semiconductor, Inc.)
3 NPF; C:\Windows\SysWow64\Drivers\NPF.sys [30336 2003-04-04] (Politecnico di Torino)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 Synth3dVsc; C:\Windows\System32\Drivers\Synth3dVsc.sys [88960 2010-11-20] (Microsoft Corporation)
3 terminpt; C:\Windows\System32\Drivers\terminpt.sys [34816 2010-11-20] (Microsoft Corporation)
3 TsUsbGD; C:\Windows\System32\Drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation)
3 tsusbhub; C:\Windows\System32\Drivers\tsusbhub.sys [117248 2010-11-20] (Microsoft Corporation)
3 kxwdmdrv; C:\Windows\System32\drivers\kx.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: ZDCNDIS5

============ One Month Created Files and Folders ==============

2012-04-16 02:50 - 2012-04-16 02:51 - 0000000 ____D C:\FRST
2012-04-15 00:12 - 2012-04-15 03:37 - 0000000 ____D C:\BM virus killer
2012-04-14 03:51 - 2012-04-14 03:52 - 0000178 ____A C:\Users\Zee\Desktop\hjt.url
2012-04-14 03:48 - 2012-04-14 03:49 - 0002867 ____A C:\rapport.txt
2012-04-14 03:48 - 2012-04-14 03:48 - 0000678 ____A C:\Windows\SysWOW64\tmp.reg
2012-04-14 03:48 - 2012-04-14 03:48 - 0000000 ____A C:\Windows\SysWOW64\tmp.txt
2012-04-14 03:47 - 2008-04-12 14:34 - 0086528 ____A (S!Ri.URZ) C:\Windows\SysWOW64\VACFix.exe
2012-04-14 03:47 - 2008-04-12 10:49 - 0082432 ____A (S!Ri.URZ) C:\Windows\SysWOW64\IEDFix.exe
2012-04-14 03:47 - 2007-10-03 21:36 - 0025600 ____A C:\Windows\SysWOW64\WS2Fix.exe
2012-04-14 03:47 - 2007-09-05 21:22 - 0289144 ____A (S!Ri) C:\Windows\SysWOW64\VCCLSID.exe
2012-04-14 03:47 - 2006-12-01 03:20 - 0079360 ____A (SteelWerX) C:\Windows\SysWOW64\swxcacls.exe
2012-04-14 03:47 - 2006-08-29 16:43 - 0135168 ____A (SteelWerX) C:\Windows\SysWOW64\swreg.exe
2012-04-14 03:47 - 2006-04-27 14:49 - 0288417 ____A (S!Ri) C:\Windows\SysWOW64\SrchSTS.exe
2012-04-14 03:47 - 2006-01-09 07:36 - 0040960 ____A C:\Windows\SysWOW64\swsc.exe
2012-04-14 03:47 - 2004-07-31 15:50 - 0051200 ____A C:\Windows\SysWOW64\dumphive.exe
2012-04-14 03:47 - 2003-06-05 18:13 - 0053248 ____A (http://www.beyondlogic.org) C:\Windows\SysWOW64\Process.exe
2012-04-13 19:58 - 2012-04-13 19:59 - 0041272 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2012-04-13 19:49 - 2012-04-13 20:16 - 0000892 ____A C:\Windows\PFRO.log
2012-04-13 19:31 - 2012-04-14 04:02 - 0000616 ____A C:\Windows\setupact.log
2012-04-13 19:31 - 2012-04-13 19:31 - 0000000 ____A C:\Windows\setuperr.log
2012-04-13 17:37 - 2012-04-14 04:11 - 0088173 ____A C:\Windows\WindowsUpdate.log
2012-04-13 17:09 - 2012-04-14 04:03 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-13 17:08 - 2012-04-14 04:11 - 0086016 ____A C:\Users\All Users\abbfecfbbbcadct.exe
2012-04-13 17:08 - 2012-04-14 04:11 - 0086016 ____A C:\ProgramData\abbfecfbbbcadct.exe
2012-04-13 17:08 - 2012-04-13 17:08 - 0000000 ____D C:\Windows\system64
2012-04-12 11:08 - 2012-04-12 11:08 - 0014377 ____A C:\Users\Zee\Desktop\Balancing teaching.txt
2012-04-11 23:21 - 2012-04-11 23:38 - 0002149 ____A C:\Users\Zee\Desktop\angles.txt
2012-04-11 01:30 - 2012-04-11 01:31 - 0017266 ____A C:\Users\Zee\Desktop\Handling Problems.txt
2012-04-10 15:34 - 2012-04-10 15:34 - 0005219 ____A C:\Users\Zee\Desktop\Metric rear roll center ( achieve this).txt
2012-04-10 11:04 - 2012-04-10 11:05 - 0015584 ____A C:\Users\Zee\Desktop\Tips.txt
2012-04-10 10:59 - 2012-04-10 10:59 - 0000180 ____A C:\Users\Zee\Desktop\RaceWise Dirt Track Chassis School By Mark Bush Official Site.url
2012-04-10 10:52 - 2012-04-10 10:53 - 0017838 ____A C:\Users\Zee\Desktop\Asphalt chassis setup.txt
2012-04-09 16:59 - 2012-04-09 17:00 - 0007170 ____A C:\Users\Zee\Desktop\Rear Metric Bars.txt
2012-04-07 22:18 - 2012-04-07 22:39 - 0002386 ____A C:\Users\Zee\Desktop\Unhooking metric upper mount.txt
2012-04-07 21:59 - 2012-04-07 21:59 - 0003370 ____A C:\Users\Zee\Desktop\Pinion angle.txt
2012-04-07 13:37 - 2012-04-07 13:38 - 0000000 ____D C:\Users\Zee\Desktop\Jimmys Rearend
2012-04-05 22:48 - 2012-04-05 22:49 - 0003718 ____A C:\Users\Zee\Desktop\Dale Earnhardt.txt
2012-04-03 15:52 - 2012-04-03 15:52 - 520349696 ____A C:\Users\Zee\Downloads\ophcrack-vista-livecd-2.3.1.iso
2012-04-02 19:28 - 2012-04-02 19:28 - 0000000 ____D C:\Users\Zee\Desktop\Brackets
2012-04-02 18:50 - 2012-04-08 23:18 - 0000000 ____D C:\Users\Zee\Desktop\Rear Roll center
2012-04-02 15:49 - 2012-04-14 04:02 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-02 15:49 - 2012-04-02 15:49 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-01 10:20 - 2012-04-01 10:20 - 0009544 ____A C:\Users\Zee\Desktop\MC location.txt
2012-03-31 14:57 - 2012-03-31 14:57 - 0000000 ____D C:\Users\Zee\Desktop\Jimm
2012-03-31 10:25 - 2012-03-31 10:26 - 0001504 ____A C:\Users\Zee\Desktop\Steering Gearbox adjustment.txt
2012-03-29 15:29 - 2012-04-03 22:38 - 0000000 ____D C:\Users\Zee\Desktop\Carbs
2012-03-28 23:54 - 2012-03-28 23:56 - 0003981 ____A C:\Users\Zee\Desktop\Steering boxes part numbers.txt
2012-03-28 17:14 - 2012-03-28 17:14 - 0005661 ____A C:\Users\Zee\Desktop\Steering boxes.txt
2012-03-27 22:17 - 2012-03-27 22:17 - 0000486 ____A C:\Users\Zee\Desktop\Race car suspension Class - Page 15.url
2012-03-27 21:41 - 2012-03-27 22:34 - 0016035 ____A C:\Users\Zee\Desktop\Roll Center ...Good read.txt
2012-03-27 16:33 - 2012-03-27 16:18 - 42439200 ____A C:\Users\Zee\Documents\LeftHander Chassis.PDF
2012-03-25 22:10 - 2012-03-25 22:10 - 0000191 ____A C:\Users\Zee\Desktop\New Text Document (3).txt
2012-03-24 19:18 - 2012-03-24 19:20 - 0004961 ____A C:\Users\Zee\Desktop\Bump steer and correction.txt
2012-03-24 16:31 - 2012-03-24 16:31 - 0000000 ____D C:\Users\Zee\Desktop\saved chassis file
2012-03-24 12:02 - 2012-03-24 12:02 - 0009224 ____A C:\Users\Zee\Desktop\Caster camber.txt
2012-03-21 19:57 - 2012-03-21 19:57 - 384857431 ____A C:\Users\Zee\Downloads\ti0321_3-clip-2012-3-21-14-59-30.mp4
2012-03-21 19:01 - 2012-03-21 19:01 - 401844184 ____A C:\Users\Zee\Downloads\ti0321_1-clip-2012-3-21-15-0-5.mp4
2012-03-18 14:40 - 2012-03-18 14:43 - 0000000 ____D C:\Users\Zee\Desktop\New front end pics

============ 3 Months Modified Files and Folders =============

2012-04-16 02:51 - 2012-04-16 02:50 - 0000000 ____D C:\FRST
2012-04-16 00:21 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-04-15 23:45 - 2005-01-01 00:37 - 2129227776 __ASH C:\hiberfil.sys
2012-04-15 03:37 - 2012-04-15 00:12 - 0000000 ____D C:\BM virus killer
2012-04-14 11:56 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-14 04:11 - 2012-04-13 17:37 - 0088173 ____A C:\Windows\WindowsUpdate.log
2012-04-14 04:11 - 2012-04-13 17:08 - 0086016 ____A C:\Users\All Users\abbfecfbbbcadct.exe
2012-04-14 04:11 - 2012-04-13 17:08 - 0086016 ____A C:\ProgramData\abbfecfbbbcadct.exe
2012-04-14 04:09 - 2011-11-13 23:19 - 0950007 ____A C:\Users\Zee\AppData\Local\census.cache
2012-04-14 04:09 - 2009-07-13 20:45 - 0023296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-14 04:09 - 2009-07-13 20:45 - 0023296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-14 04:08 - 2011-11-13 23:19 - 0074088 ____A C:\Users\Zee\AppData\Local\ars.cache
2012-04-14 04:08 - 2009-07-13 21:13 - 0730320 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-14 04:03 - 2012-04-13 17:09 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-14 04:02 - 2012-04-13 19:31 - 0000616 ____A C:\Windows\setupact.log
2012-04-14 04:02 - 2012-04-02 15:49 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-14 04:02 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-14 03:56 - 2009-07-13 18:34 - 0000826 ___RH C:\Windows\System32\Drivers\etc\hosts
2012-04-14 03:52 - 2012-04-14 03:51 - 0000178 ____A C:\Users\Zee\Desktop\hjt.url
2012-04-14 03:49 - 2012-04-14 03:48 - 0002867 ____A C:\rapport.txt
2012-04-14 03:48 - 2012-04-14 03:48 - 0000678 ____A C:\Windows\SysWOW64\tmp.reg
2012-04-14 03:48 - 2012-04-14 03:48 - 0000000 ____A C:\Windows\SysWOW64\tmp.txt
2012-04-13 20:16 - 2012-04-13 19:49 - 0000892 ____A C:\Windows\PFRO.log
2012-04-13 20:01 - 2011-11-12 17:49 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-13 19:59 - 2012-04-13 19:58 - 0041272 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2012-04-13 19:50 - 2011-07-27 17:10 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-13 19:31 - 2012-04-13 19:31 - 0000000 ____A C:\Windows\setuperr.log
2012-04-13 17:08 - 2012-04-13 17:08 - 0000000 ____D C:\Windows\system64
2012-04-12 11:08 - 2012-04-12 11:08 - 0014377 ____A C:\Users\Zee\Desktop\Balancing teaching.txt
2012-04-12 10:50 - 2012-01-31 23:16 - 0000000 ____D C:\Users\Zee\Documents\Chassis calculators
2012-04-11 23:38 - 2012-04-11 23:21 - 0002149 ____A C:\Users\Zee\Desktop\angles.txt
2012-04-11 01:31 - 2012-04-11 01:30 - 0017266 ____A C:\Users\Zee\Desktop\Handling Problems.txt
2012-04-10 15:34 - 2012-04-10 15:34 - 0005219 ____A C:\Users\Zee\Desktop\Metric rear roll center ( achieve this).txt
2012-04-10 11:05 - 2012-04-10 11:04 - 0015584 ____A C:\Users\Zee\Desktop\Tips.txt
2012-04-10 10:59 - 2012-04-10 10:59 - 0000180 ____A C:\Users\Zee\Desktop\RaceWise Dirt Track Chassis School By Mark Bush Official Site.url
2012-04-10 10:53 - 2012-04-10 10:52 - 0017838 ____A C:\Users\Zee\Desktop\Asphalt chassis setup.txt
2012-04-09 17:55 - 2012-03-14 19:04 - 0000000 ____D C:\Users\Zee\Desktop\Chassis-Rear
2012-04-09 17:00 - 2012-04-09 16:59 - 0007170 ____A C:\Users\Zee\Desktop\Rear Metric Bars.txt
2012-04-08 23:18 - 2012-04-02 18:50 - 0000000 ____D C:\Users\Zee\Desktop\Rear Roll center
2012-04-07 22:39 - 2012-04-07 22:18 - 0002386 ____A C:\Users\Zee\Desktop\Unhooking metric upper mount.txt
2012-04-07 21:59 - 2012-04-07 21:59 - 0003370 ____A C:\Users\Zee\Desktop\Pinion angle.txt
2012-04-07 13:38 - 2012-04-07 13:37 - 0000000 ____D C:\Users\Zee\Desktop\Jimmys Rearend
2012-04-05 22:49 - 2012-04-05 22:48 - 0003718 ____A C:\Users\Zee\Desktop\Dale Earnhardt.txt
2012-04-04 12:56 - 2011-11-12 17:49 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 22:38 - 2012-03-29 15:29 - 0000000 ____D C:\Users\Zee\Desktop\Carbs
2012-04-03 15:52 - 2012-04-03 15:52 - 520349696 ____A C:\Users\Zee\Downloads\ophcrack-vista-livecd-2.3.1.iso
2012-04-02 19:28 - 2012-04-02 19:28 - 0000000 ____D C:\Users\Zee\Desktop\Brackets
2012-04-02 19:20 - 2012-02-03 16:35 - 0000000 ____D C:\Users\Zee\Desktop\Steering Box
2012-04-02 15:49 - 2012-04-02 15:49 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-02 15:49 - 2011-06-06 19:46 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-01 10:20 - 2012-04-01 10:20 - 0009544 ____A C:\Users\Zee\Desktop\MC location.txt
2012-03-31 14:58 - 2012-02-19 17:11 - 0000000 ____D C:\Users\Zee\Desktop\Jimmys front end2
2012-03-31 14:57 - 2012-03-31 14:57 - 0000000 ____D C:\Users\Zee\Desktop\Jimm
2012-03-31 10:26 - 2012-03-31 10:25 - 0001504 ____A C:\Users\Zee\Desktop\Steering Gearbox adjustment.txt
2012-03-29 23:12 - 2011-05-23 18:23 - 0000000 ____D C:\Users\Zee\Desktop\MY Junk
2012-03-29 22:48 - 2012-02-10 18:21 - 0004241 ____A C:\Users\Zee\Desktop\GM steering box.txt
2012-03-29 15:32 - 2012-01-22 13:51 - 0000000 ____D C:\Users\Zee\Desktop\Heads
2012-03-29 15:32 - 2012-01-22 13:50 - 0000000 ____D C:\Users\Zee\Desktop\Brakes
2012-03-29 15:30 - 2011-12-04 18:11 - 0000000 ____D C:\Users\Zee\Desktop\Racing
2012-03-28 23:56 - 2012-03-28 23:54 - 0003981 ____A C:\Users\Zee\Desktop\Steering boxes part numbers.txt
2012-03-28 17:14 - 2012-03-28 17:14 - 0005661 ____A C:\Users\Zee\Desktop\Steering boxes.txt
2012-03-27 22:34 - 2012-03-27 21:41 - 0016035 ____A C:\Users\Zee\Desktop\Roll Center ...Good read.txt
2012-03-27 22:17 - 2012-03-27 22:17 - 0000486 ____A C:\Users\Zee\Desktop\Race car suspension Class - Page 15.url
2012-03-27 16:18 - 2012-03-27 16:33 - 42439200 ____A C:\Users\Zee\Documents\LeftHander Chassis.PDF
2012-03-25 22:10 - 2012-03-25 22:10 - 0000191 ____A C:\Users\Zee\Desktop\New Text Document (3).txt
2012-03-24 19:20 - 2012-03-24 19:18 - 0004961 ____A C:\Users\Zee\Desktop\Bump steer and correction.txt
2012-03-24 18:42 - 2012-02-05 16:35 - 0000000 ____D C:\Program Files (x86)\CCS20
2012-03-24 16:31 - 2012-03-24 16:31 - 0000000 ____D C:\Users\Zee\Desktop\saved chassis file
2012-03-24 12:02 - 2012-03-24 12:02 - 0009224 ____A C:\Users\Zee\Desktop\Caster camber.txt
2012-03-21 19:57 - 2012-03-21 19:57 - 384857431 ____A C:\Users\Zee\Downloads\ti0321_3-clip-2012-3-21-14-59-30.mp4
2012-03-21 19:01 - 2012-03-21 19:01 - 401844184 ____A C:\Users\Zee\Downloads\ti0321_1-clip-2012-3-21-15-0-5.mp4
2012-03-18 14:43 - 2012-03-18 14:40 - 0000000 ____D C:\Users\Zee\Desktop\New front end pics
2012-03-17 08:20 - 2009-07-13 21:08 - 0032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-16 23:47 - 2012-03-16 23:45 - 0009814 ____A C:\Users\Zee\Desktop\Scrub radius Caster angle.txt
2012-03-15 23:26 - 2012-03-15 23:25 - 0000000 ____D C:\Users\Zee\Desktop\Chassis set- ups
2012-03-14 19:07 - 2012-03-14 19:03 - 0000000 ____D C:\Users\Zee\Desktop\Chassis- Front
2012-03-14 17:59 - 2012-03-14 17:59 - 0000000 ____D C:\Users\Zee\Desktop\Pitman arm
2012-03-12 23:05 - 2012-03-12 23:05 - 0007333 ____A C:\Users\Zee\Desktop\Stagger.txt
2012-03-12 10:40 - 2012-03-12 10:40 - 0008144 ____A C:\Users\Zee\Desktop\Camber Change.txt
2012-03-12 05:40 - 2009-07-13 20:45 - 0416024 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-11 22:23 - 2012-03-11 22:23 - 0014429 ____A C:\Users\Zee\Desktop\traction principals.txt
2012-03-11 22:21 - 2012-03-11 22:21 - 0001323 ____A C:\Users\Zee\Desktop\Banking falling off.txt
2012-03-11 22:04 - 2012-03-11 22:04 - 0003363 ____A C:\Users\Zee\Desktop\MC TIPS 2.txt
2012-03-11 21:06 - 2012-03-11 20:28 - 0002064 ____A C:\Users\Zee\Desktop\MC changes.txt
2012-03-11 21:04 - 2012-03-11 21:04 - 0009475 ____A C:\Users\Zee\Desktop\Moment center and location part 2.txt
2012-03-11 20:05 - 2012-03-11 20:05 - 0011332 ____A C:\Users\Zee\Desktop\Moment center and location.txt
2012-03-11 18:50 - 2012-03-11 18:50 - 0497723 ____A C:\Users\Zee\Documents\~res-x64_0000 after name uploaded suspension anylizer.txt
2012-03-11 18:17 - 2012-03-11 18:17 - 0002157 ____A C:\Users\Public\Desktop\Circle Track Analyzer v3.6.lnk
2012-03-11 18:16 - 2012-03-11 18:16 - 0000000 ____D C:\Users\Zee\Downloads\v5_regshot_1.8.3_beta1_win32_x64_src_bin_v5
2012-03-11 18:05 - 2012-03-11 17:53 - 0000000 ____D C:\Program Files (x86)\SpyMe Tools
2012-03-11 17:49 - 2011-07-03 17:13 - 0000000 ____D C:\Program Files (x86)\Net Tools
2012-03-11 17:49 - 2011-06-18 18:28 - 0000000 ____D C:\WINDOWS.0
2012-03-11 17:34 - 2012-03-11 17:13 - 0000000 ____D C:\Program Files (x86)\Your Uninstaller 2008
2012-03-11 17:13 - 2012-03-11 17:13 - 0000000 ____D C:\Users\Zee\AppData\Roaming\URSoft
2012-03-11 17:10 - 2012-02-02 16:57 - 0000000 ____D C:\Users\Zee\Desktop\backup
2012-03-05 22:48 - 2011-08-28 16:50 - 0000000 ____D C:\Users\Zee\Desktop\racing PICTURES
2012-03-05 21:49 - 2012-03-05 21:49 - 200305696 ____A C:\Users\Zee\Documents\copy of registry before suspension analizer expired.reg
2012-03-04 20:06 - 2012-03-04 20:06 - 0009475 ____A C:\Users\Zee\Desktop\Moment center Chassis mounts.txt
2012-03-04 15:24 - 2012-03-04 15:23 - 0002176 ____A C:\Users\Zee\Desktop\Rebco caster camber Guage.txt
2012-03-04 10:43 - 2012-03-04 10:43 - 0008487 ____A C:\Users\Zee\Desktop\Stock class handling.txt
2012-03-03 22:33 - 2012-03-03 22:34 - 0952765 ____A C:\Users\Zee\Documents\Belts_Pulleys-brackets.PDF
2012-03-03 21:33 - 2012-03-03 21:30 - 0015153 ____A C:\Users\Zee\Desktop\solving Exit Handling Problems.txt
2012-03-03 21:24 - 2012-03-03 21:24 - 0012304 ____A C:\Users\Zee\Desktop\How to get more Traction.txt
2012-03-03 21:01 - 2012-03-03 21:00 - 0014390 ____A C:\Users\Zee\Desktop\Crossweight Discoveries.txt
2012-03-03 20:16 - 2012-03-03 20:15 - 0016001 ____A C:\Users\Zee\Desktop\Dirt MC location Driver tips.txt
2012-03-03 20:16 - 2011-05-22 19:13 - 0109216 ____A C:\Users\Zee\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-03 17:54 - 2012-03-03 17:53 - 0000000 ____D C:\Users\Zee\Documents\700R4
2012-03-02 23:36 - 2012-03-02 23:36 - 0000202 ____A C:\Users\Zee\Desktop\High Velocity Heads - Advantages.url
2012-03-02 23:27 - 2012-03-02 23:27 - 0000186 ____A C:\Users\Zee\Desktop\AED 6070 Holley Booster Installation Tool.url
2012-03-02 22:44 - 2012-03-02 22:44 - 0000348 ____A C:\Users\Zee\Desktop\google roll center.url
2012-03-02 22:43 - 2012-03-02 22:43 - 0000149 ____A C:\Users\Zee\Desktop\Roll center read this.url
2012-03-02 22:38 - 2012-03-02 22:38 - 0002310 ____A C:\Users\Zee\Desktop\Chassis Handling Tips - Fixes For Common Race Car Handling Problems - Circle Track Magazine.url
2012-03-02 20:15 - 2012-02-05 16:35 - 0002701 ____A C:\Users\Public\Desktop\Computerized Chassis Setup 2.0.lnk
2012-03-02 19:59 - 2012-03-02 19:59 - 0000296 ____A C:\Users\Zee\Desktop\Dynatech Stock Clip Headers - Full Length - '78-'87 GM G-Body - Painted Black at skspeed.url
2012-03-02 19:53 - 2012-03-02 19:53 - 0002085 ____A C:\Users\Zee\Desktop\Race Car Chassis Frame Photo 1.url
2012-03-02 19:24 - 2012-03-02 19:24 - 0000602 ____A C:\Users\Zee\Desktop\AEM DIGITAL WIDEBAND UEGO CONTROLLER FREE WORLD SHIP eBay.url
2012-03-02 19:11 - 2012-03-02 19:11 - 0000351 ____A C:\Users\Zee\Desktop\10.5 Ultra Lite Stock Appearing Assembly.url
2012-03-02 17:58 - 2012-03-02 17:58 - 0001066 ____A C:\Users\Zee\Desktop\Control-Arms-Bushings.url
2012-03-02 17:57 - 2012-01-19 16:39 - 0000000 ____D C:\Users\Zee\Desktop\Intake system
2012-03-02 17:42 - 2012-03-02 17:42 - 0001297 ____A C:\Users\Zee\Desktop\New Quarter Master Bellhousing Approved For Use In All IMCA Division - OneDirt.url
2012-03-02 16:25 - 2012-03-02 16:21 - 0000000 ____D C:\Users\Zee\Desktop\sus analizer files
2012-03-01 18:32 - 2012-03-01 18:32 - 0000665 ____A C:\Users\Zee\Desktop\Fast Ratio Pitman Arm SS-790 - Google Search.url
2012-03-01 18:32 - 2012-03-01 18:32 - 0000421 ____A C:\Users\Zee\Desktop\Camaro Pitman Arm, Quick Ratio, 5-3-4, For Cars With Manual Steering, 1967-1969 - Rick's Camaro Parts.url
2012-03-01 18:28 - 2012-03-01 18:23 - 0000229 ____A C:\Users\Zee\Desktop\Pitman arm.txt
2012-03-01 11:49 - 2012-03-01 11:48 - 0000000 ____D C:\Users\Zee\Desktop\Lower ball joint
2012-02-29 22:19 - 2012-02-29 22:33 - 5437639 ____A C:\Users\Zee\Documents\ROLLER_TIMKEN.pdf
2012-02-29 21:50 - 2012-02-29 21:50 - 0001351 ____A C:\Users\Zee\Desktop\2.0 Ballistic Joint.url
2012-02-29 21:05 - 2012-02-29 21:05 - 0001393 ____A C:\Users\Zee\Desktop\Ballistic Heavy Duty Arbor Plate.url
2012-02-28 23:54 - 2012-02-28 23:54 - 0000295 ____A C:\Users\Zee\Desktop\Dirt Stocks - Page 2.url
2012-02-28 23:54 - 2012-02-28 23:47 - 0000777 ____A C:\Users\Zee\Desktop\rear metric forward bite.txt
2012-02-27 17:17 - 2012-02-26 15:17 - 0000000 ____D C:\Users\Zee\AppData\Roaming\BitTorrent
2012-02-26 23:03 - 2011-07-27 16:49 - 0000000 ____D C:\Users\Zee\AppData\Roaming\Free Download Manager
2012-02-26 18:25 - 2012-02-26 18:24 - 0249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2012-02-26 18:25 - 2012-02-26 18:24 - 0073216 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2012-02-26 18:24 - 2012-02-26 18:19 - 0000000 ____D C:\Users\Zee\Desktop\free trial extension
2012-02-26 18:21 - 2012-02-26 15:24 - 0000000 ____D C:\Users\Zee\Desktop\Chassis analizers
2012-02-26 15:21 - 2012-02-26 15:19 - 0000000 ____D C:\Users\Zee\AppData\Local\Conduit
2012-02-26 15:21 - 2011-05-22 18:43 - 0000000 ____D C:\Users\Zee\AppData\LocalLow
2012-02-26 15:19 - 2012-02-26 15:19 - 0000000 ____D C:\Program Files (x86)\Conduit
2012-02-26 15:19 - 2011-05-23 18:48 - 0000000 ____D C:\Users\Zee\AppData\Roaming\Mozilla
2012-02-26 15:17 - 2012-02-26 15:17 - 0000000 ____D C:\Users\Zee\Desktop\Bit torrent
2012-02-26 12:42 - 2012-02-26 12:52 - 14201110 ____A C:\Users\Zee\Documents\Headers Patriot_2010.PDF
2012-02-26 01:44 - 2012-02-26 01:41 - 0000000 ____D C:\Users\Zee\AppData\Roaming\Media Finder
2012-02-26 00:28 - 2012-02-26 00:28 - 0000679 ____A C:\Users\Zee\Desktop\upper control arm mounts paralell with centerline chassis - Google Search.url
2012-02-26 00:28 - 2012-02-26 00:28 - 0000547 ____A C:\Users\Zee\Desktop\anti dive metric chassis - Google Search.url
2012-02-25 19:25 - 2012-02-25 19:43 - 0062750 ____A C:\Users\Zee\Documents\suspension.pdf
2012-02-25 10:21 - 2012-02-25 13:41 - 6812866 ____A C:\Users\Zee\Documents\Quick fuel carbs and parts jetting.PDF
2012-02-25 09:43 - 2012-02-25 09:43 - 0000668 ____A C:\Users\Zee\Desktop\Holley QFT AED Billet Metering Block Kit 750 CFM Calibration 4 Hole Emulsion eBay.url
2012-02-25 07:35 - 2012-02-25 07:35 - 0000184 ____A C:\Users\Zee\Desktop\Midwest Motor Sports Inc.url
2012-02-22 23:12 - 2012-02-22 23:12 - 0000564 ____A C:\Users\Zee\Desktop\New Race Proven Tilton SBC Mini Race Starter eBay.url
2012-02-22 23:10 - 2012-02-22 23:10 - 0000413 ____A C:\Users\Zee\Desktop\ovalspeed eBay.url
2012-02-22 20:31 - 2012-02-22 20:31 - 0000568 ____A C:\Users\Zee\Desktop\HSPN News.url
2012-02-20 22:41 - 2012-02-20 22:41 - 0000407 ____A C:\Users\Zee\Desktop\sbc alternator mount aluminum eBay.url
2012-02-20 18:03 - 2012-02-20 18:03 - 0000000 ____D C:\Users\Zee\Desktop\good front end read
2012-02-20 00:03 - 2012-02-20 00:03 - 0135894 ____A C:\Users\Zee\Documents\Bump_Steer correction.PDF
2012-02-19 23:26 - 2012-02-19 23:26 - 0000341 ____A C:\Users\Zee\Desktop\raceprovenparts eBay.url
2012-02-19 23:13 - 2012-02-19 23:13 - 0000560 ____A C:\Users\Zee\Desktop\USED COIL SPRING RACING 9.5 5 O.D. RATE 825 # eBay.url
2012-02-19 11:01 - 2012-01-21 21:48 - 0000000 ____D C:\Users\Zee\Desktop\Transmission Muncie 2 speed
2012-02-19 01:26 - 2012-02-19 01:26 - 0001364 ____A C:\Users\Zee\Desktop\3400lb metric spring setup - Page 2.url
2012-02-18 23:59 - 2012-02-18 23:59 - 0000634 ____A C:\Users\Zee\Desktop\eBay - New & used electronics, cars, apparel, collectibles, sporting goods & more at low prices.url
2012-02-18 20:20 - 2012-02-18 14:19 - 0000000 ____D C:\Users\Zee\Desktop\Sparkplugs
2012-02-18 20:10 - 2012-02-18 20:10 - 0000584 ____A C:\Users\Zee\Desktop\Wego III, Air-Fuel Ratio Metering System eBay.url
2012-02-18 20:06 - 2012-02-18 20:06 - 0000216 ____A C:\Users\Zee\Desktop\Widebandcommander Product Information.url
2012-02-18 19:48 - 2012-02-18 19:48 - 0000403 ____A C:\Users\Zee\Desktop\Batesville Feature 9-17-11 Street Stock - YouTube.url
2012-02-18 19:48 - 2012-02-18 19:06 - 0000000 ____D C:\Users\Zee\Desktop\2-18-2012 video
2012-02-18 17:32 - 2012-02-18 17:32 - 0000656 ____A C:\Users\Zee\Desktop\NASCAR JESEL CHEVY BELT DRIVE PARTS ARCA, SBC-BBC ARCA comp cloyes nhra drag cv eBay.url
2012-02-18 14:50 - 2012-02-18 14:50 - 0000580 ____A C:\Users\Zee\Desktop\Wego II 2 Air Fuel Monitoring System Methanol Tuning eBay.url
2012-02-18 13:55 - 2012-02-18 13:55 - 0000632 ____A C:\Users\Zee\Desktop\AUTOMETER ULTRA LITE II WIDEBAND ANALOG AIR FUEL RATIO KIT eBay.url
2012-02-18 13:10 - 2012-02-18 13:09 - 0000000 ____D C:\Users\Zee\Desktop\IP4_0
2012-02-18 01:31 - 2012-02-18 01:31 - 0000186 ____A C:\Users\Zee\Desktop\Welcome to Warren Motorsports WWW.NYRACER.COM.url
2012-02-17 22:11 - 2012-02-17 22:11 - 0000261 ____A C:\Users\Zee\Desktop\metric spring help [Archive] - 4m.net - The Most Opinionated Racing Message Board In The Universe.url
2012-02-17 22:10 - 2012-02-17 22:10 - 0001386 ____A C:\Users\Zee\Desktop\Impala spindles Vs. Metric spindles.url
2012-02-17 00:35 - 2012-02-17 00:35 - 0000662 ____A C:\Users\Zee\Desktop\Race Proven 1 Wire Alternator with Serpentine Pulley NASCAR ARCA SCCA IMCA UMP eBay.url
2012-02-17 00:08 - 2012-02-17 00:08 - 0000272 ____A C:\Users\Zee\Desktop\Auto-Ware.url
2012-02-16 00:23 - 2012-02-16 00:23 - 0000883 ____A C:\Users\Zee\Desktop\Building Engines for the Street and Strip Engine Builder.url
2012-02-14 22:50 - 2011-05-22 18:43 - 0000174 ___SH C:\Users\Zee\Start Menu\Programs\Startup\desktop.ini
2012-02-14 22:50 - 2011-05-22 18:43 - 0000174 ___SH C:\Users\Zee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-14 22:17 - 2011-07-27 23:14 - 0000115 ____A C:\Windows\ANS2000.INI
2012-02-14 22:17 - 2009-07-13 18:34 - 0000643 ____A C:\Windows\win.ini
2012-02-14 22:16 - 2012-02-14 22:16 - 0000677 ____A C:\Users\Zee\Desktop\Allstar Performance ALL56119 - Allstar Performance Adjustable Spring Spacers - Overview - SummitRacing.com.url
2012-02-14 22:07 - 2012-02-14 22:07 - 0000376 ____A C:\Users\Zee\Desktop\Buy Spring Spacer Adjustable at Bryke Racing Parts.url
2012-02-14 21:21 - 2012-02-14 21:21 - 0000586 ____A C:\Users\Zee\Desktop\NMB SPHERICAL BEARINGS - ABWT9V - 9-16 BORE - LOT OF 3 - NEW OTHER eBay.url
2012-02-13 21:16 - 2012-02-13 21:16 - 0008115 ____A C:\Users\Zee\Desktop\Distributor Tuning.txt
2012-02-13 20:49 - 2012-02-13 20:49 - 0000260 ____A C:\Users\Zee\Desktop\Sparkplugs.com - Spark Plug 411.url
2012-02-13 00:06 - 2012-02-13 00:06 - 0000192 ____A C:\Users\Zee\Desktop\balljoints.url
2012-02-12 01:08 - 2012-02-12 01:08 - 0000390 ____A C:\Users\Zee\Desktop\CircleTrackSupply.com - The OneStop shop for all your race car parts and equipment. (2).url
2012-02-11 23:51 - 2012-02-11 23:55 - 0148235 ____A C:\Users\Zee\Documents\Mustang rotors gm spindles.PDF
2012-02-11 16:46 - 2012-02-11 16:27 - 0000000 ____D C:\Users\Zee\Desktop\Jimmys front end Pictures
2012-02-11 16:25 - 2012-01-24 18:12 - 0000000 ____D C:\Users\Zee\Desktop\latest pictures
2012-02-11 12:27 - 2012-02-11 12:27 - 0002139 ____A C:\Users\Zee\Desktop\Metric Chassis Dynamics - Front Suspension Movement - Stock Car Racing Magazine.url
2012-02-11 09:53 - 2012-02-11 09:53 - 0000420 ____A C:\Users\Zee\Desktop\Sweet Sportsman Steering Box - 81 Ratio Designed for use with Pinto and Impala Spindles .url
2012-02-11 00:36 - 2012-02-10 18:21 - 0001568 ____A C:\Users\Zee\Desktop\Anti-Squat.txt
2012-02-09 22:40 - 2012-02-09 22:38 - 0009552 ____A C:\Users\Zee\Desktop\Remember.txt
2012-02-08 21:47 - 2012-02-06 19:02 - 0000290 ____A C:\Users\Zee\Desktop\WAR Tech Board - Message Index (2).url
2012-02-08 17:56 - 2012-02-08 17:56 - 0001202 ____A C:\Users\Zee\Desktop\antidive.txt
2012-02-08 17:46 - 2012-02-08 17:46 - 0002060 ____A C:\Users\Zee\Desktop\antidive2.txt
2012-02-08 17:36 - 2012-02-08 17:35 - 0000669 ____A C:\Users\Zee\Desktop\Correct- bumpsteer.txt
2012-02-08 17:30 - 2012-02-08 17:30 - 0001286 ____A C:\Users\Zee\Desktop\Automobile Ride, Handling, and Suspension.url
2012-02-08 17:22 - 2012-02-08 17:21 - 0004103 ____A C:\Users\Zee\Desktop\ANTI- DIVE PRO DIVE.txt
2012-02-08 00:57 - 2012-02-08 00:57 - 0000479 ____A C:\Users\Zee\Desktop\g body metric use a body rear end - Google Search.url
2012-02-06 21:38 - 2012-02-06 21:19 - 0000000 ____D C:\Users\Zee\Desktop\Chassis new setup
2012-02-06 21:36 - 2012-02-06 21:35 - 0000000 ____D C:\Users\Zee\Desktop\Starter
2012-02-06 21:28 - 2012-01-22 14:29 - 0000184 ____A C:\Users\Zee\Desktop\top loaders.url
2012-02-06 18:19 - 2012-02-06 18:19 - 0000000 ____D C:\Users\Zee\Desktop\E-85 fuel
2012-02-06 18:17 - 2012-02-06 18:17 - 0000260 ____A C:\Users\Zee\Desktop\WAR Tech Board - Message Index.url
2012-02-05 16:48 - 2012-02-05 16:48 - 0000000 ____D C:\Users\Zee\AppData\Local\Racing_Software_Technolog
2012-02-05 00:24 - 2012-02-05 00:24 - 0000591 ____A C:\Users\Zee\Desktop\metric control arms rear degrees - Google Search.url
2012-02-04 09:32 - 2012-02-04 09:48 - 1650078 ____A C:\Users\Zee\Documents\STAHL Headers.PDF
2012-02-04 00:39 - 2012-02-04 00:39 - 0000303 ____A C:\Users\Zee\Desktop\Turn One - Performance Plus Steering Gear.url
2012-02-04 00:39 - 2012-02-04 00:39 - 0000190 ____A C:\Users\Zee\Desktop\CJR Products - 600 Series Gear.url
2012-02-03 17:13 - 2012-02-03 17:13 - 7669365 ____A C:\Users\Zee\Documents\C and S carburators.PDF
2012-02-03 16:56 - 2012-02-03 16:56 - 0000381 ____A C:\Users\Zee\Desktop\cjr 600 box eBay.url
2012-02-02 12:13 - 2012-02-02 12:12 - 0000219 ____A C:\Users\Zee\Desktop\Dia calculator.url
2012-02-01 23:12 - 2012-01-10 22:30 - 0000000 ____D C:\Users\Zee\Desktop\Spindles
2012-02-01 22:53 - 2012-02-01 22:53 - 0000263 ____A C:\Users\Zee\Desktop\Tech Talk.url
2012-02-01 19:13 - 2012-02-01 19:13 - 0251349 ____A C:\Users\Zee\Downloads\v5_regshot_1.8.3_beta1_win32_x64_src_bin_v5.zip
2012-02-01 19:08 - 2012-03-11 17:50 - 0000000 ____D C:\Program Files (x86)\Performance Trends
2012-02-01 19:08 - 2011-05-22 20:13 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-01-31 23:41 - 2012-01-31 23:41 - 0000493 ____A C:\Users\Zee\Desktop\metric fourlink - Google Search.url
2012-01-31 22:51 - 2012-01-31 22:46 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-01-31 22:51 - 2012-01-31 22:46 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-31 22:50 - 2012-01-31 22:50 - 0000000 ____D C:\Program Files\Common Files\DESIGNER
2012-01-31 22:50 - 2012-01-31 22:47 - 0000000 ____D C:\Windows\SHELLNEW
2012-01-31 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-01-31 22:49 - 2012-01-31 22:49 - 0000000 ____D C:\Windows\PCHEALTH
2012-01-31 22:49 - 2012-01-31 22:49 - 0000000 ____D C:\Program Files\Microsoft Synchronization Services
2012-01-31 22:49 - 2012-01-31 22:49 - 0000000 ____D C:\Program Files\Microsoft Sync Framework
2012-01-31 22:49 - 2012-01-31 22:49 - 0000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2012-01-31 22:49 - 2012-01-31 22:46 - 0000000 ____D C:\Program Files\Microsoft Office
2012-01-31 22:49 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-01-31 22:47 - 2012-01-31 22:47 - 0000000 ____D C:\Program Files\Microsoft Analysis Services
2012-01-31 22:47 - 2012-01-31 22:47 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-01-31 22:47 - 2012-01-31 22:47 - 0000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-01-31 22:46 - 2012-01-31 22:46 - 0000000 __RHD C:\MSOCache
2012-01-31 22:46 - 2012-01-31 22:46 - 0000000 ____D C:\Users\Zee\AppData\Local\Microsoft Help
2012-01-31 22:46 - 2012-01-31 22:46 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-01-29 03:10 - 2010-11-20 19:27 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-29 00:28 - 2012-01-29 00:23 - 0000000 ____D C:\Users\Zee\Desktop\Sport mods
2012-01-29 00:25 - 2012-01-29 00:23 - 0000000 ____D C:\Users\Zee\Desktop\IMCA Modifieds
2012-01-28 16:30 - 2012-01-28 16:32 - 0441535 ____A C:\Users\Zee\Documents\2012-south-sportmod2.pdf
2012-01-27 23:44 - 2012-01-27 23:44 - 0005034 ____A C:\Users\Zee\Documents\cc_20120128_014413.reg
2012-01-27 00:42 - 2012-01-27 00:28 - 0000000 ____D C:\Users\Zee\Desktop\Impala arms
2012-01-27 00:34 - 2012-01-27 00:34 - 0000397 ____A C:\Users\Zee\Desktop\allamericanclassics eBay.url
2012-01-27 00:28 - 2012-01-27 00:28 - 0000290 ____A C:\Users\Zee\Desktop\Impala Parts 1958-1964 1958-64 UPPER CONTROL ARM LEFT HAND Classic Industries.url
2012-01-26 23:32 - 2012-01-26 23:29 - 0000000 ____D C:\Users\Zee\Desktop\Jimmy's chassis
2012-01-26 22:41 - 2011-05-22 22:27 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-25 21:54 - 2012-01-25 21:54 - 0000935 ____A C:\Users\Zee\Desktop\Ram Chevy Lightweight Billet Steel Flywheel - Speedway Motors, America's Oldest Speed Shop.url
2012-01-25 12:59 - 2012-01-25 12:59 - 0000555 ____A C:\Users\Zee\Desktop\Evacuation Kit crank case pump - Google Search.url
2012-01-25 12:58 - 2012-01-25 12:58 - 0000276 ____A C:\Users\Zee\Desktop\Racing Vacuum Pump Application Guide and FAQ.url
2012-01-25 00:21 - 2012-01-25 00:21 - 0000000 ____D C:\Users\Zee\Desktop\new street stock video
2012-01-25 00:18 - 2012-01-24 23:46 - 0000000 ____D C:\Users\Zee\Desktop\Rodney sanders
2012-01-23 23:39 - 2012-01-23 23:39 - 0000261 ____A C:\Users\Zee\Desktop\AFCO & Dynatech shirts.url
2012-01-23 23:34 - 2012-01-23 23:34 - 0000267 ____A C:\Users\Zee\Desktop\RPM Net Tech Articles Four Link Suspension - Powered by AFCO.url
2012-01-23 23:28 - 2012-01-23 23:28 - 0000186 ____A C:\Users\Zee\Desktop\4 (four) Link Software Program for Drag Racing Suspension.url
2012-01-23 23:23 - 2012-01-23 23:23 - 0002241 ____A C:\Users\Zee\Desktop\Metric Four-Link Suspension Design - Circle Track Magazine.url
2012-01-23 21:45 - 2012-01-23 21:45 - 0000174 ____A C:\Users\Zee\Desktop\Warren Motorsports Racers Resources Page.url
2012-01-23 19:04 - 2012-01-23 19:04 - 0000551 ____A C:\Users\Zee\Desktop\metric chassis setup sheet - Google Search.url
2012-01-23 19:04 - 2012-01-23 19:04 - 0000176 ____A C:\Users\Zee\Desktop\Welcome to Penatrator Chassis HomePage.url
2012-01-23 19:03 - 2012-01-23 19:03 - 0003282 ____A C:\Users\Zee\Desktop\Metric Chassis Steering Upgrade - Installing Stock Appearing Parts in Our '88 Monte Carlo - Circle Track Magazine.url
2012-01-23 19:03 - 2012-01-23 19:03 - 0000569 ____A C:\Users\Zee\Desktop\tall metric lowwer ball joints - Google Search.url
2012-01-23 19:03 - 2012-01-23 19:03 - 0000261 ____A C:\Users\Zee\Desktop\Lefthander Chassis - DEI - Exhaust Wrap.url
2012-01-23 19:03 - 2012-01-23 17:47 - 0001876 ____A C:\Users\Zee\Desktop\Metric Rear Four link.txt
2012-01-22 12:47 - 2012-01-22 12:42 - 0000461 ____A C:\Users\Zee\Desktop\Heads.txt
2012-01-22 12:33 - 2012-01-22 12:33 - 0001464 ____A C:\Users\Zee\Desktop\A Guide to Vortec vs OE Small Block Chevy Heads - Onedirt.com.url
2012-01-22 00:41 - 2012-01-22 00:41 - 0000248 ____A C:\Users\Zee\Desktop\IMCA Heads Engine Quest Automotive Racing.url
2012-01-22 00:33 - 2012-01-22 00:33 - 0000226 ____A C:\Users\Zee\Desktop\Engines.url
2012-01-21 23:37 - 2009-10-28 13:06 - 5575203 ___RA C:\Users\Zee\Documents\EQ_2010_2011Catalog_sm.pdf
2012-01-21 22:53 - 2012-01-21 22:53 - 0000267 ____A C:\Users\Zee\Desktop\Feedback.url
2012-01-21 22:09 - 2012-01-21 22:09 - 0000196 ____A C:\Users\Zee\Desktop\Performance Accessories - Magnus Racing Products.url
2012-01-21 15:31 - 2012-01-21 15:34 - 1449014 ____A C:\Users\Zee\Documents\master built chassis tune setup.PDF
2012-01-20 23:05 - 2012-01-20 22:28 - 0000000 ____D C:\Users\Zee\Desktop\Labor Laws
2012-01-19 16:39 - 2012-01-19 16:38 - 0000000 ____D C:\Users\Zee\Desktop\Differential
2012-01-18 16:31 - 2012-01-18 16:30 - 0001672 ____A C:\Users\Zee\Desktop\Mechwarrior EXPLOITS.txt

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8168.79 MB
Available physical RAM: 7384.55 MB
Total Pagefile: 8166.99 MB
Available Pagefile: 7370.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:71.04 GB) NTFS
3 Drive f: () (Removable) (Total:7.45 GB) (Free:7.41 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 0 B
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 111 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 7633 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2011-11-01 16:53

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:24 PM

Posted 16 April 2012 - 03:51 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 ZDCNDIS5; C:\Windows\System32\s616obex.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\s616obex.dll 
NETSVC: ZDCNDIS5


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 zeecam

zeecam
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 16 April 2012 - 06:22 PM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-16 18:20:39 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
ZDCNDIS5 service deleted successfully.
C:\Windows\System32\s616obex.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ZDCNDIS5 Deleted successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:24 PM

Posted 16 April 2012 - 09:23 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 zeecam

zeecam
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 17 April 2012 - 12:29 AM

ComboFix 12-04-16.02 - Zee 04/17/2012 0:21.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8169.7034 [GMT -5:00]
Running from: E:\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinPCap
c:\program files (x86)\WinPCap\daemon_mgm.exe
c:\program files (x86)\WinPCap\INSTALL.LOG
c:\program files (x86)\WinPCap\npf_mgm.exe
c:\program files (x86)\WinPCap\rpcapd.exe
c:\program files (x86)\WinPCap\Uninstall.exe
c:\programdata\abbfecfbbbcadct.exe
c:\programdata\ntuser.dat
c:\users\Zee\AppData\Local\bonus.exe
c:\users\Zee\AppData\Local\Setup.exe
c:\users\Zee\AppData\Local\updater.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\dds_trash_log.cmd
c:\windows\SysWow64\drivers\npf.sys
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\wpcap.dll
c:\windows\SysWow64\WS2Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 05:22 . 2012-04-17 05:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 10:50 . 2012-04-16 10:51 -------- d-----w- C:\FRST
2012-04-15 08:12 . 2012-04-15 11:37 -------- d-----w- C:\BM virus killer
2012-04-14 03:58 . 2012-04-14 03:59 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-04-14 01:08 . 2012-04-14 01:08 -------- d-----we c:\windows\system64
2012-04-02 23:49 . 2012-04-02 23:49 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 20:56 . 2011-11-13 01:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 23:49 . 2011-06-07 03:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-27 02:25 . 2012-02-27 02:24 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-02-27 02:25 . 2012-02-27 02:24 249856 ------w- c:\windows\Setup1.exe
2012-01-29 11:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-09-28 252544]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 253600]
R3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-11-10 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 23:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"combofix"="c:\combofix\CF32261.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-abbfecfbbbcadct - c:\programdata\abbfecfbbbcadct.exe
WebBrowser-{656461EF-40F6-4115-9FF1-BCED9812CCBB} - (no file)
AddRemove-HijackThis - f:\my stuff\hijack tool\hijackthis\HijackThis.exe
AddRemove-WinPcapInst - c:\program files (x86)\WinPcap\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
.
**************************************************************************
.
Completion time: 2012-04-17 00:24:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 05:24
.
Pre-Run: 76,153,847,808 bytes free
Post-Run: 75,911,692,288 bytes free
.
- - End Of File - - DC9C99FCF25E247E31D75EF053AB9CFF

#8 zeecam

zeecam
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 17 April 2012 - 12:40 AM

PC is booting again. I went to disable windows firewall before running combofix and recieved error code 0x80070424 when I try to change settings and firewall was not responding. After combo fix the firewall is running again normally. I connected it back to the internet and I am still getting the Google redirects to odd pages.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:24 PM

Posted 17 April 2012 - 12:58 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 zeecam

zeecam
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 17 April 2012 - 01:12 AM

01:07:18.0699 3772 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
01:07:19.0089 3772 ============================================================
01:07:19.0089 3772 Current date / time: 2012/04/17 01:07:19.0089
01:07:19.0089 3772 SystemInfo:
01:07:19.0089 3772
01:07:19.0089 3772 OS Version: 6.1.7601 ServicePack: 1.0
01:07:19.0089 3772 Product type: Workstation
01:07:19.0089 3772 ComputerName: ZEE-PC
01:07:19.0089 3772 UserName: Zee
01:07:19.0089 3772 Windows directory: C:\Windows
01:07:19.0089 3772 System windows directory: C:\Windows
01:07:19.0089 3772 Running under WOW64
01:07:19.0089 3772 Processor architecture: Intel x64
01:07:19.0089 3772 Number of processors: 4
01:07:19.0089 3772 Page size: 0x1000
01:07:19.0089 3772 Boot type: Normal boot
01:07:19.0089 3772 ============================================================
01:07:19.0230 3772 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:07:19.0230 3772 \Device\Harddisk0\DR0:
01:07:19.0230 3772 MBR used
01:07:19.0230 3772 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:07:19.0230 3772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
01:07:19.0230 3772 Initialize success
01:07:19.0230 3772 ============================================================
01:07:22.0225 1792 ============================================================
01:07:22.0225 1792 Scan started
01:07:22.0225 1792 Mode: Manual;
01:07:22.0225 1792 ============================================================
01:07:22.0319 1792 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
01:07:22.0319 1792 !SASCORE - ok
01:07:22.0334 1792 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
01:07:22.0334 1792 1394ohci - ok
01:07:22.0350 1792 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:07:22.0350 1792 ACPI - ok
01:07:22.0350 1792 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:07:22.0350 1792 AcpiPmi - ok
01:07:22.0365 1792 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:07:22.0365 1792 AdobeFlashPlayerUpdateSvc - ok
01:07:22.0365 1792 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
01:07:22.0381 1792 adp94xx - ok
01:07:22.0381 1792 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
01:07:22.0381 1792 adpahci - ok
01:07:22.0397 1792 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
01:07:22.0397 1792 adpu320 - ok
01:07:22.0397 1792 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:07:22.0397 1792 AeLookupSvc - ok
01:07:22.0412 1792 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:07:22.0412 1792 AFD - ok
01:07:22.0428 1792 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:07:22.0428 1792 agp440 - ok
01:07:22.0428 1792 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:07:22.0428 1792 ALG - ok
01:07:22.0443 1792 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:07:22.0443 1792 aliide - ok
01:07:22.0443 1792 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
01:07:22.0443 1792 AMD External Events Utility - ok
01:07:22.0459 1792 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:07:22.0459 1792 amdide - ok
01:07:22.0459 1792 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
01:07:22.0459 1792 AmdK8 - ok
01:07:22.0537 1792 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
01:07:22.0584 1792 amdkmdag - ok
01:07:22.0599 1792 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
01:07:22.0599 1792 amdkmdap - ok
01:07:22.0615 1792 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
01:07:22.0615 1792 AmdPPM - ok
01:07:22.0615 1792 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:07:22.0615 1792 amdsata - ok
01:07:22.0615 1792 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
01:07:22.0631 1792 amdsbs - ok
01:07:22.0631 1792 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:07:22.0631 1792 amdxata - ok
01:07:22.0631 1792 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:07:22.0631 1792 AppID - ok
01:07:22.0646 1792 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:07:22.0646 1792 AppIDSvc - ok
01:07:22.0646 1792 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:07:22.0646 1792 Appinfo - ok
01:07:22.0662 1792 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
01:07:22.0662 1792 AppMgmt - ok
01:07:22.0662 1792 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
01:07:22.0662 1792 arc - ok
01:07:22.0677 1792 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
01:07:22.0677 1792 arcsas - ok
01:07:22.0677 1792 asComSvc (fb03a917c1294d3e6d671f24722e1ba3) C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
01:07:22.0693 1792 asComSvc - ok
01:07:22.0693 1792 asHmComSvc (a63173897ea1a73a75d0e65036de5b15) C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
01:07:22.0693 1792 asHmComSvc - ok
01:07:22.0709 1792 AsIO (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
01:07:22.0709 1792 AsIO - ok
01:07:22.0709 1792 AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
01:07:22.0709 1792 AsSysCtrlService - ok
01:07:22.0724 1792 AsUpIO (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys
01:07:22.0724 1792 AsUpIO - ok
01:07:22.0724 1792 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:07:22.0724 1792 AsyncMac - ok
01:07:22.0740 1792 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:07:22.0740 1792 atapi - ok
01:07:22.0740 1792 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:07:22.0755 1792 AudioEndpointBuilder - ok
01:07:22.0755 1792 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:07:22.0755 1792 AudioSrv - ok
01:07:22.0771 1792 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:07:22.0771 1792 AxInstSV - ok
01:07:22.0771 1792 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
01:07:22.0787 1792 b06bdrv - ok
01:07:22.0787 1792 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:07:22.0787 1792 b57nd60a - ok
01:07:22.0802 1792 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:07:22.0802 1792 BDESVC - ok
01:07:22.0802 1792 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:07:22.0802 1792 Beep - ok
01:07:22.0818 1792 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
01:07:22.0818 1792 BFE - ok
01:07:22.0833 1792 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
01:07:22.0833 1792 BITS - ok
01:07:22.0849 1792 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:07:22.0849 1792 blbdrive - ok
01:07:22.0849 1792 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:07:22.0849 1792 bowser - ok
01:07:22.0849 1792 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
01:07:22.0849 1792 BrFiltLo - ok
01:07:22.0865 1792 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
01:07:22.0865 1792 BrFiltUp - ok
01:07:22.0865 1792 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:07:22.0865 1792 BridgeMP - ok
01:07:22.0880 1792 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:07:22.0880 1792 Browser - ok
01:07:22.0880 1792 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:07:22.0880 1792 Brserid - ok
01:07:22.0896 1792 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:07:22.0896 1792 BrSerWdm - ok
01:07:22.0896 1792 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:07:22.0896 1792 BrUsbMdm - ok
01:07:22.0896 1792 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:07:22.0896 1792 BrUsbSer - ok
01:07:22.0911 1792 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
01:07:22.0911 1792 BTHMODEM - ok
01:07:22.0911 1792 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:07:22.0911 1792 bthserv - ok
01:07:22.0911 1792 catchme - ok
01:07:22.0927 1792 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:07:22.0927 1792 cdfs - ok
01:07:22.0927 1792 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:07:22.0927 1792 cdrom - ok
01:07:22.0943 1792 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:07:22.0943 1792 CertPropSvc - ok
01:07:22.0943 1792 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
01:07:22.0943 1792 circlass - ok
01:07:22.0958 1792 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:07:22.0958 1792 CLFS - ok
01:07:22.0958 1792 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:07:22.0958 1792 clr_optimization_v2.0.50727_32 - ok
01:07:22.0958 1792 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:07:22.0974 1792 clr_optimization_v2.0.50727_64 - ok
01:07:22.0974 1792 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:07:22.0974 1792 clr_optimization_v4.0.30319_32 - ok
01:07:22.0989 1792 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:07:22.0989 1792 clr_optimization_v4.0.30319_64 - ok
01:07:22.0989 1792 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
01:07:22.0989 1792 CmBatt - ok
01:07:22.0989 1792 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:07:22.0989 1792 cmdide - ok
01:07:23.0005 1792 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
01:07:23.0005 1792 CNG - ok
01:07:23.0021 1792 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
01:07:23.0021 1792 Compbatt - ok
01:07:23.0021 1792 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
01:07:23.0021 1792 CompositeBus - ok
01:07:23.0021 1792 COMSysApp - ok
01:07:23.0021 1792 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
01:07:23.0021 1792 crcdisk - ok
01:07:23.0036 1792 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
01:07:23.0036 1792 CryptSvc - ok
01:07:23.0052 1792 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
01:07:23.0052 1792 CSC - ok
01:07:23.0067 1792 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
01:07:23.0067 1792 CscService - ok
01:07:23.0067 1792 ctgame (9951089900a003cde62ec7b6ee66a316) C:\Windows\system32\DRIVERS\ctgame.sys
01:07:23.0067 1792 ctgame - ok
01:07:23.0083 1792 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:07:23.0083 1792 DcomLaunch - ok
01:07:23.0099 1792 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:07:23.0099 1792 defragsvc - ok
01:07:23.0099 1792 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:07:23.0099 1792 DfsC - ok
01:07:23.0114 1792 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:07:23.0114 1792 Dhcp - ok
01:07:23.0114 1792 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:07:23.0114 1792 discache - ok
01:07:23.0130 1792 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
01:07:23.0130 1792 Disk - ok
01:07:23.0130 1792 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
01:07:23.0130 1792 dmvsc - ok
01:07:23.0145 1792 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:07:23.0145 1792 Dnscache - ok
01:07:23.0145 1792 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:07:23.0145 1792 dot3svc - ok
01:07:23.0161 1792 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:07:23.0161 1792 DPS - ok
01:07:23.0161 1792 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:07:23.0161 1792 drmkaud - ok
01:07:23.0177 1792 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:07:23.0177 1792 DXGKrnl - ok
01:07:23.0192 1792 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
01:07:23.0192 1792 e1cexpress - ok
01:07:23.0192 1792 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:07:23.0192 1792 EapHost - ok
01:07:23.0223 1792 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
01:07:23.0239 1792 ebdrv - ok
01:07:23.0255 1792 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:07:23.0255 1792 EFS - ok
01:07:23.0255 1792 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:07:23.0270 1792 ehRecvr - ok
01:07:23.0270 1792 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:07:23.0270 1792 ehSched - ok
01:07:23.0286 1792 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
01:07:23.0286 1792 elxstor - ok
01:07:23.0286 1792 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:07:23.0286 1792 ErrDev - ok
01:07:23.0301 1792 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:07:23.0301 1792 EventSystem - ok
01:07:23.0301 1792 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:07:23.0301 1792 exfat - ok
01:07:23.0317 1792 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:07:23.0317 1792 fastfat - ok
01:07:23.0333 1792 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:07:23.0333 1792 Fax - ok
01:07:23.0333 1792 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
01:07:23.0333 1792 fdc - ok
01:07:23.0348 1792 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:07:23.0348 1792 fdPHost - ok
01:07:23.0348 1792 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:07:23.0348 1792 FDResPub - ok
01:07:23.0348 1792 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:07:23.0364 1792 FileInfo - ok
01:07:23.0364 1792 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:07:23.0364 1792 Filetrace - ok
01:07:23.0364 1792 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
01:07:23.0364 1792 flpydisk - ok
01:07:23.0379 1792 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:07:23.0379 1792 FltMgr - ok
01:07:23.0395 1792 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:07:23.0395 1792 FontCache - ok
01:07:23.0411 1792 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:07:23.0411 1792 FontCache3.0.0.0 - ok
01:07:23.0411 1792 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:07:23.0411 1792 FsDepends - ok
01:07:23.0411 1792 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
01:07:23.0411 1792 Fs_Rec - ok
01:07:23.0426 1792 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:07:23.0426 1792 fvevol - ok
01:07:23.0426 1792 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
01:07:23.0426 1792 gagp30kx - ok
01:07:23.0442 1792 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:07:23.0442 1792 gpsvc - ok
01:07:23.0457 1792 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:07:23.0457 1792 hcw85cir - ok
01:07:23.0457 1792 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:07:23.0457 1792 HdAudAddService - ok
01:07:23.0473 1792 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:07:23.0473 1792 HDAudBus - ok
01:07:23.0473 1792 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
01:07:23.0473 1792 HidBatt - ok
01:07:23.0489 1792 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
01:07:23.0489 1792 HidBth - ok
01:07:23.0489 1792 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
01:07:23.0489 1792 HidIr - ok
01:07:23.0489 1792 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
01:07:23.0489 1792 hidserv - ok
01:07:23.0504 1792 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:07:23.0504 1792 HidUsb - ok
01:07:23.0504 1792 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:07:23.0504 1792 hkmsvc - ok
01:07:23.0520 1792 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:07:23.0520 1792 HomeGroupListener - ok
01:07:23.0520 1792 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:07:23.0520 1792 HomeGroupProvider - ok
01:07:23.0535 1792 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:07:23.0535 1792 HpSAMD - ok
01:07:23.0551 1792 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:07:23.0551 1792 HTTP - ok
01:07:23.0551 1792 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:07:23.0551 1792 hwpolicy - ok
01:07:23.0567 1792 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
01:07:23.0567 1792 i8042prt - ok
01:07:23.0567 1792 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
01:07:23.0567 1792 iaStor - ok
01:07:23.0582 1792 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
01:07:23.0582 1792 IAStorDataMgrSvc - ok
01:07:23.0582 1792 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:07:23.0582 1792 iaStorV - ok
01:07:23.0598 1792 ICCWDT (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
01:07:23.0598 1792 ICCWDT - ok
01:07:23.0613 1792 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:07:23.0613 1792 idsvc - ok
01:07:23.0613 1792 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
01:07:23.0613 1792 iirsp - ok
01:07:23.0629 1792 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:07:23.0629 1792 IKEEXT - ok
01:07:23.0676 1792 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
01:07:23.0691 1792 IntcAzAudAddService - ok
01:07:23.0691 1792 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:07:23.0691 1792 intelide - ok
01:07:23.0691 1792 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:07:23.0691 1792 intelppm - ok
01:07:23.0707 1792 Intel® PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe
01:07:23.0707 1792 Intel® PROSet Monitoring Service - ok
01:07:23.0707 1792 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:07:23.0707 1792 IPBusEnum - ok
01:07:23.0723 1792 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:07:23.0723 1792 IpFilterDriver - ok
01:07:23.0738 1792 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
01:07:23.0738 1792 iphlpsvc - ok
01:07:23.0738 1792 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:07:23.0738 1792 IPMIDRV - ok
01:07:23.0754 1792 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:07:23.0754 1792 IPNAT - ok
01:07:23.0754 1792 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:07:23.0754 1792 IRENUM - ok
01:07:23.0754 1792 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:07:23.0769 1792 isapnp - ok
01:07:23.0769 1792 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:07:23.0769 1792 iScsiPrt - ok
01:07:23.0785 1792 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:07:23.0785 1792 kbdclass - ok
01:07:23.0785 1792 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
01:07:23.0785 1792 kbdhid - ok
01:07:23.0785 1792 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:07:23.0785 1792 KeyIso - ok
01:07:23.0801 1792 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
01:07:23.0801 1792 KSecDD - ok
01:07:23.0801 1792 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
01:07:23.0801 1792 KSecPkg - ok
01:07:23.0801 1792 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:07:23.0801 1792 ksthunk - ok
01:07:23.0816 1792 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:07:23.0816 1792 KtmRm - ok
01:07:23.0816 1792 kxwdmdrv - ok
01:07:23.0832 1792 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
01:07:23.0832 1792 LanmanServer - ok
01:07:23.0847 1792 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:07:23.0847 1792 LanmanWorkstation - ok
01:07:23.0847 1792 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:07:23.0847 1792 lltdio - ok
01:07:23.0863 1792 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:07:23.0863 1792 lltdsvc - ok
01:07:23.0863 1792 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:07:23.0863 1792 lmhosts - ok
01:07:23.0879 1792 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
01:07:23.0879 1792 LSI_FC - ok
01:07:23.0879 1792 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
01:07:23.0879 1792 LSI_SAS - ok
01:07:23.0894 1792 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
01:07:23.0894 1792 LSI_SAS2 - ok
01:07:23.0894 1792 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
01:07:23.0894 1792 LSI_SCSI - ok
01:07:23.0894 1792 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:07:23.0894 1792 luafv - ok
01:07:23.0910 1792 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
01:07:23.0910 1792 MBAMProtector - ok
01:07:23.0925 1792 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:07:23.0925 1792 MBAMService - ok
01:07:23.0925 1792 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:07:23.0925 1792 Mcx2Svc - ok
01:07:23.0941 1792 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
01:07:23.0941 1792 megasas - ok
01:07:23.0941 1792 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
01:07:23.0941 1792 MegaSR - ok
01:07:23.0957 1792 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
01:07:23.0957 1792 MEIx64 - ok
01:07:23.0957 1792 Microsoft SharePoint Workspace Audit Service - ok
01:07:23.0972 1792 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:07:23.0972 1792 MMCSS - ok
01:07:23.0972 1792 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:07:23.0972 1792 Modem - ok
01:07:23.0972 1792 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:07:23.0972 1792 monitor - ok
01:07:23.0988 1792 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:07:23.0988 1792 mouclass - ok
01:07:23.0988 1792 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:07:23.0988 1792 mouhid - ok
01:07:23.0988 1792 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:07:23.0988 1792 mountmgr - ok
01:07:24.0003 1792 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:07:24.0003 1792 mpio - ok
01:07:24.0003 1792 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:07:24.0003 1792 mpsdrv - ok
01:07:24.0019 1792 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
01:07:24.0019 1792 MpsSvc - ok
01:07:24.0035 1792 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:07:24.0035 1792 MRxDAV - ok
01:07:24.0050 1792 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:07:24.0050 1792 mrxsmb - ok
01:07:24.0050 1792 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:07:24.0050 1792 mrxsmb10 - ok
01:07:24.0066 1792 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:07:24.0066 1792 mrxsmb20 - ok
01:07:24.0066 1792 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:07:24.0066 1792 msahci - ok
01:07:24.0081 1792 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:07:24.0081 1792 msdsm - ok
01:07:24.0081 1792 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:07:24.0081 1792 MSDTC - ok
01:07:24.0097 1792 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:07:24.0097 1792 Msfs - ok
01:07:24.0097 1792 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:07:24.0097 1792 mshidkmdf - ok
01:07:24.0097 1792 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:07:24.0097 1792 msisadrv - ok
01:07:24.0113 1792 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:07:24.0113 1792 MSiSCSI - ok
01:07:24.0113 1792 msiserver - ok
01:07:24.0113 1792 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:07:24.0128 1792 MSKSSRV - ok
01:07:24.0128 1792 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:07:24.0128 1792 MSPCLOCK - ok
01:07:24.0128 1792 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:07:24.0128 1792 MSPQM - ok
01:07:24.0144 1792 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:07:24.0144 1792 MsRPC - ok
01:07:24.0144 1792 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
01:07:24.0144 1792 mssmbios - ok
01:07:24.0159 1792 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:07:24.0159 1792 MSTEE - ok
01:07:24.0159 1792 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
01:07:24.0159 1792 MTConfig - ok
01:07:24.0159 1792 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:07:24.0159 1792 Mup - ok
01:07:24.0175 1792 mv91cons (e53d9ab63917338d7ffe12e85310a636) C:\Windows\system32\DRIVERS\mv91cons.sys
01:07:24.0175 1792 mv91cons - ok
01:07:24.0175 1792 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
01:07:24.0175 1792 mv91xx - ok
01:07:24.0191 1792 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:07:24.0191 1792 napagent - ok
01:07:24.0206 1792 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:07:24.0206 1792 NativeWifiP - ok
01:07:24.0222 1792 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:07:24.0222 1792 NDIS - ok
01:07:24.0222 1792 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:07:24.0222 1792 NdisCap - ok
01:07:24.0237 1792 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:07:24.0237 1792 NdisTapi - ok
01:07:24.0237 1792 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:07:24.0237 1792 Ndisuio - ok
01:07:24.0253 1792 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:07:24.0253 1792 NdisWan - ok
01:07:24.0253 1792 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:07:24.0253 1792 NDProxy - ok
01:07:24.0253 1792 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:07:24.0253 1792 NetBIOS - ok
01:07:24.0269 1792 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:07:24.0269 1792 NetBT - ok
01:07:24.0269 1792 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:07:24.0269 1792 Netlogon - ok
01:07:24.0284 1792 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:07:24.0284 1792 Netman - ok
01:07:24.0300 1792 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:07:24.0300 1792 netprofm - ok
01:07:24.0300 1792 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:07:24.0300 1792 NetTcpPortSharing - ok
01:07:24.0315 1792 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
01:07:24.0315 1792 nfrd960 - ok
01:07:24.0315 1792 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:07:24.0315 1792 NlaSvc - ok
01:07:24.0331 1792 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:07:24.0331 1792 Npfs - ok
01:07:24.0331 1792 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:07:24.0331 1792 nsi - ok
01:07:24.0331 1792 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:07:24.0331 1792 nsiproxy - ok
01:07:24.0362 1792 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:07:24.0362 1792 Ntfs - ok
01:07:24.0362 1792 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:07:24.0362 1792 Null - ok
01:07:24.0378 1792 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
01:07:24.0378 1792 nusb3hub - ok
01:07:24.0378 1792 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
01:07:24.0378 1792 nusb3xhc - ok
01:07:24.0393 1792 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:07:24.0393 1792 nvraid - ok
01:07:24.0393 1792 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:07:24.0393 1792 nvstor - ok
01:07:24.0409 1792 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:07:24.0409 1792 nv_agp - ok
01:07:24.0409 1792 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:07:24.0409 1792 ohci1394 - ok
01:07:24.0425 1792 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:07:24.0425 1792 ose64 - ok
01:07:24.0456 1792 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:07:24.0487 1792 osppsvc - ok
01:07:24.0487 1792 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:07:24.0503 1792 p2pimsvc - ok
01:07:24.0503 1792 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:07:24.0503 1792 p2psvc - ok
01:07:24.0518 1792 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
01:07:24.0518 1792 Parport - ok
01:07:24.0518 1792 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
01:07:24.0518 1792 partmgr - ok
01:07:24.0534 1792 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:07:24.0534 1792 PcaSvc - ok
01:07:24.0534 1792 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:07:24.0534 1792 pci - ok
01:07:24.0549 1792 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:07:24.0549 1792 pciide - ok
01:07:24.0549 1792 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
01:07:24.0549 1792 pcmcia - ok
01:07:24.0565 1792 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:07:24.0565 1792 pcw - ok
01:07:24.0565 1792 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:07:24.0581 1792 PEAUTH - ok
01:07:24.0596 1792 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
01:07:24.0596 1792 PeerDistSvc - ok
01:07:24.0612 1792 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:07:24.0612 1792 PerfHost - ok
01:07:24.0627 1792 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:07:24.0627 1792 pla - ok
01:07:24.0643 1792 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:07:24.0643 1792 PlugPlay - ok
01:07:24.0643 1792 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:07:24.0659 1792 PNRPAutoReg - ok
01:07:24.0659 1792 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:07:24.0659 1792 PNRPsvc - ok
01:07:24.0674 1792 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:07:24.0674 1792 PolicyAgent - ok
01:07:24.0674 1792 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:07:24.0690 1792 Power - ok
01:07:24.0690 1792 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:07:24.0690 1792 PptpMiniport - ok
01:07:24.0690 1792 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
01:07:24.0690 1792 Processor - ok
01:07:24.0705 1792 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
01:07:24.0705 1792 ProfSvc - ok
01:07:24.0705 1792 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:07:24.0705 1792 ProtectedStorage - ok
01:07:24.0721 1792 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
01:07:24.0737 1792 ql2300 - ok
01:07:24.0737 1792 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
01:07:24.0752 1792 ql40xx - ok
01:07:24.0752 1792 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:07:24.0752 1792 QWAVE - ok
01:07:24.0752 1792 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:07:24.0768 1792 QWAVEdrv - ok
01:07:24.0768 1792 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:07:24.0768 1792 RasAcd - ok
01:07:24.0768 1792 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:07:24.0768 1792 RasAgileVpn - ok
01:07:24.0783 1792 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:07:24.0783 1792 RasAuto - ok
01:07:24.0783 1792 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:07:24.0783 1792 Rasl2tp - ok
01:07:24.0799 1792 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:07:24.0799 1792 RasMan - ok
01:07:24.0799 1792 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:07:24.0799 1792 RasPppoe - ok
01:07:24.0815 1792 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:07:24.0815 1792 RasSstp - ok
01:07:24.0815 1792 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:07:24.0815 1792 rdbss - ok
01:07:24.0830 1792 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:07:24.0830 1792 rdpbus - ok
01:07:24.0830 1792 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:07:24.0830 1792 RDPCDD - ok
01:07:24.0846 1792 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
01:07:24.0846 1792 RDPDR - ok
01:07:24.0846 1792 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:07:24.0846 1792 RDPENCDD - ok
01:07:24.0861 1792 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:07:24.0861 1792 RDPREFMP - ok
01:07:24.0861 1792 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
01:07:24.0861 1792 RdpVideoMiniport - ok
01:07:24.0861 1792 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
01:07:24.0877 1792 RDPWD - ok
01:07:24.0877 1792 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:07:24.0877 1792 rdyboost - ok
01:07:24.0877 1792 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:07:24.0893 1792 RemoteAccess - ok
01:07:24.0893 1792 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:07:24.0893 1792 RemoteRegistry - ok
01:07:24.0893 1792 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:07:24.0893 1792 RpcEptMapper - ok
01:07:24.0908 1792 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:07:24.0908 1792 RpcLocator - ok
01:07:24.0908 1792 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:07:24.0908 1792 RpcSs - ok
01:07:24.0924 1792 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:07:24.0924 1792 rspndr - ok
01:07:24.0924 1792 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\Windows\system32\DRIVERS\Rt64win7.sys
01:07:24.0939 1792 RTL8167 - ok
01:07:24.0939 1792 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
01:07:24.0939 1792 s3cap - ok
01:07:24.0939 1792 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:07:24.0939 1792 SamSs - ok
01:07:24.0955 1792 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
01:07:24.0955 1792 SASDIFSV - ok
01:07:24.0955 1792 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
01:07:24.0955 1792 SASKUTIL - ok
01:07:24.0955 1792 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:07:24.0955 1792 sbp2port - ok
01:07:24.0971 1792 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:07:24.0971 1792 SCardSvr - ok
01:07:24.0971 1792 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:07:24.0971 1792 scfilter - ok
01:07:24.0986 1792 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:07:25.0002 1792 Schedule - ok
01:07:25.0002 1792 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:07:25.0002 1792 SCPolicySvc - ok
01:07:25.0002 1792 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:07:25.0002 1792 SDRSVC - ok
01:07:25.0017 1792 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:07:25.0017 1792 secdrv - ok
01:07:25.0017 1792 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:07:25.0017 1792 seclogon - ok
01:07:25.0033 1792 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
01:07:25.0033 1792 SENS - ok
01:07:25.0033 1792 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:07:25.0033 1792 SensrSvc - ok
01:07:25.0033 1792 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:07:25.0033 1792 Serenum - ok
01:07:25.0049 1792 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:07:25.0049 1792 Serial - ok
01:07:25.0049 1792 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
01:07:25.0049 1792 sermouse - ok
01:07:25.0064 1792 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:07:25.0064 1792 SessionEnv - ok
01:07:25.0064 1792 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:07:25.0064 1792 sffdisk - ok
01:07:25.0080 1792 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:07:25.0080 1792 sffp_mmc - ok
01:07:25.0080 1792 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:07:25.0080 1792 sffp_sd - ok
01:07:25.0080 1792 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
01:07:25.0080 1792 sfloppy - ok
01:07:25.0095 1792 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
01:07:25.0095 1792 SharedAccess - ok
01:07:25.0111 1792 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:07:25.0111 1792 ShellHWDetection - ok
01:07:25.0111 1792 simptcp (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe
01:07:25.0111 1792 simptcp - ok
01:07:25.0111 1792 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
01:07:25.0111 1792 SiSRaid2 - ok
01:07:25.0127 1792 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
01:07:25.0127 1792 SiSRaid4 - ok
01:07:25.0127 1792 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:07:25.0127 1792 Smb - ok
01:07:25.0142 1792 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:07:25.0142 1792 SNMPTRAP - ok
01:07:25.0142 1792 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:07:25.0142 1792 spldr - ok
01:07:25.0158 1792 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:07:25.0158 1792 Spooler - ok
01:07:25.0189 1792 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:07:25.0205 1792 sppsvc - ok
01:07:25.0220 1792 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:07:25.0220 1792 sppuinotify - ok
01:07:25.0220 1792 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:07:25.0220 1792 srv - ok
01:07:25.0236 1792 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:07:25.0236 1792 srv2 - ok
01:07:25.0251 1792 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:07:25.0251 1792 srvnet - ok
01:07:25.0251 1792 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:07:25.0251 1792 SSDPSRV - ok
01:07:25.0267 1792 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:07:25.0267 1792 SstpSvc - ok
01:07:25.0267 1792 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
01:07:25.0267 1792 stexstor - ok
01:07:25.0283 1792 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:07:25.0283 1792 stisvc - ok
01:07:25.0298 1792 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
01:07:25.0298 1792 storflt - ok
01:07:25.0298 1792 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
01:07:25.0298 1792 storvsc - ok
01:07:25.0298 1792 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
01:07:25.0298 1792 swenum - ok
01:07:25.0314 1792 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:07:25.0314 1792 swprv - ok
01:07:25.0329 1792 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
01:07:25.0329 1792 Synth3dVsc - ok
01:07:25.0345 1792 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:07:25.0361 1792 SysMain - ok
01:07:25.0361 1792 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:07:25.0361 1792 TabletInputService - ok
01:07:25.0376 1792 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:07:25.0376 1792 TapiSrv - ok
01:07:25.0376 1792 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:07:25.0376 1792 TBS - ok
01:07:25.0407 1792 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
01:07:25.0407 1792 Tcpip - ok
01:07:25.0423 1792 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
01:07:25.0439 1792 TCPIP6 - ok
01:07:25.0439 1792 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:07:25.0439 1792 tcpipreg - ok
01:07:25.0454 1792 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:07:25.0454 1792 TDPIPE - ok
01:07:25.0454 1792 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
01:07:25.0454 1792 TDTCP - ok
01:07:25.0454 1792 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:07:25.0454 1792 tdx - ok
01:07:25.0470 1792 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
01:07:25.0470 1792 TermDD - ok
01:07:25.0470 1792 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
01:07:25.0470 1792 terminpt - ok
01:07:25.0485 1792 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:07:25.0485 1792 TermService - ok
01:07:25.0485 1792 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
01:07:25.0501 1792 Themes - ok
01:07:25.0501 1792 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:07:25.0501 1792 THREADORDER - ok
01:07:25.0501 1792 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:07:25.0501 1792 TrkWks - ok
01:07:25.0517 1792 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:07:25.0517 1792 TrustedInstaller - ok
01:07:25.0517 1792 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:07:25.0517 1792 tssecsrv - ok
01:07:25.0532 1792 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:07:25.0532 1792 TsUsbFlt - ok
01:07:25.0532 1792 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
01:07:25.0532 1792 TsUsbGD - ok
01:07:25.0532 1792 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
01:07:25.0532 1792 tsusbhub - ok
01:07:25.0548 1792 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:07:25.0548 1792 tunnel - ok
01:07:25.0548 1792 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
01:07:25.0548 1792 uagp35 - ok
01:07:25.0563 1792 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:07:25.0563 1792 udfs - ok
01:07:25.0563 1792 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:07:25.0563 1792 UI0Detect - ok
01:07:25.0579 1792 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:07:25.0579 1792 uliagpkx - ok
01:07:25.0579 1792 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
01:07:25.0579 1792 umbus - ok
01:07:25.0595 1792 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
01:07:25.0595 1792 UmPass - ok
01:07:25.0595 1792 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
01:07:25.0595 1792 UmRdpService - ok
01:07:25.0610 1792 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:07:25.0610 1792 upnphost - ok
01:07:25.0610 1792 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
01:07:25.0610 1792 usbccgp - ok
01:07:25.0626 1792 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:07:25.0626 1792 usbcir - ok
01:07:25.0626 1792 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
01:07:25.0626 1792 usbehci - ok
01:07:25.0641 1792 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:07:25.0641 1792 usbhub - ok
01:07:25.0641 1792 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
01:07:25.0641 1792 usbohci - ok
01:07:25.0657 1792 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
01:07:25.0657 1792 usbprint - ok
01:07:25.0657 1792 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:07:25.0657 1792 USBSTOR - ok
01:07:25.0657 1792 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
01:07:25.0657 1792 usbuhci - ok
01:07:25.0673 1792 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:07:25.0673 1792 UxSms - ok
01:07:25.0673 1792 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:07:25.0673 1792 VaultSvc - ok
01:07:25.0688 1792 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:07:25.0688 1792 vdrvroot - ok
01:07:25.0688 1792 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:07:25.0688 1792 vds - ok
01:07:25.0704 1792 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:07:25.0704 1792 vga - ok
01:07:25.0704 1792 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:07:25.0704 1792 VgaSave - ok
01:07:25.0704 1792 VGPU - ok
01:07:25.0719 1792 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:07:25.0719 1792 vhdmp - ok
01:07:25.0719 1792 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:07:25.0719 1792 viaide - ok
01:07:25.0735 1792 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
01:07:25.0735 1792 vmbus - ok
01:07:25.0735 1792 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
01:07:25.0735 1792 VMBusHID - ok
01:07:25.0751 1792 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:07:25.0751 1792 volmgr - ok
01:07:25.0751 1792 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:07:25.0751 1792 volmgrx - ok
01:07:25.0766 1792 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:07:25.0766 1792 volsnap - ok
01:07:25.0782 1792 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
01:07:25.0782 1792 vsmraid - ok
01:07:25.0797 1792 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:07:25.0797 1792 VSS - ok
01:07:25.0813 1792 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
01:07:25.0813 1792 vwifibus - ok
01:07:25.0813 1792 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:07:25.0829 1792 W32Time - ok
01:07:25.0829 1792 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
01:07:25.0829 1792 WacomPen - ok
01:07:25.0829 1792 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:07:25.0844 1792 WANARP - ok
01:07:25.0844 1792 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:07:25.0844 1792 Wanarpv6 - ok
01:07:25.0860 1792 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
01:07:25.0860 1792 WatAdminSvc - ok
01:07:25.0875 1792 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:07:25.0891 1792 wbengine - ok
01:07:25.0891 1792 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:07:25.0891 1792 WbioSrvc - ok
01:07:25.0907 1792 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:07:25.0907 1792 wcncsvc - ok
01:07:25.0922 1792 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:07:25.0922 1792 WcsPlugInService - ok
01:07:25.0922 1792 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
01:07:25.0922 1792 Wd - ok
01:07:25.0938 1792 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:07:25.0938 1792 Wdf01000 - ok
01:07:25.0938 1792 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:07:25.0938 1792 WdiServiceHost - ok
01:07:25.0938 1792 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:07:25.0953 1792 WdiSystemHost - ok
01:07:25.0953 1792 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:07:25.0953 1792 WebClient - ok
01:07:25.0969 1792 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:07:25.0969 1792 Wecsvc - ok
01:07:25.0969 1792 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:07:25.0969 1792 wercplsupport - ok
01:07:25.0985 1792 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:07:25.0985 1792 WerSvc - ok
01:07:25.0985 1792 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:07:25.0985 1792 WfpLwf - ok
01:07:25.0985 1792 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:07:25.0985 1792 WIMMount - ok
01:07:26.0000 1792 WinDefend - ok
01:07:26.0000 1792 WinHttpAutoProxySvc - ok
01:07:26.0000 1792 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:07:26.0000 1792 Winmgmt - ok
01:07:26.0031 1792 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:07:26.0047 1792 WinRM - ok
01:07:26.0047 1792 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:07:26.0063 1792 Wlansvc - ok
01:07:26.0063 1792 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
01:07:26.0063 1792 WmiAcpi - ok
01:07:26.0078 1792 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:07:26.0078 1792 wmiApSrv - ok
01:07:26.0078 1792 WMPNetworkSvc - ok
01:07:26.0094 1792 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:07:26.0094 1792 WPCSvc - ok
01:07:26.0094 1792 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:07:26.0094 1792 WPDBusEnum - ok
01:07:26.0094 1792 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:07:26.0094 1792 ws2ifsl - ok
01:07:26.0109 1792 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
01:07:26.0109 1792 wscsvc - ok
01:07:26.0109 1792 WSearch - ok
01:07:26.0141 1792 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
01:07:26.0156 1792 wuauserv - ok
01:07:26.0156 1792 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:07:26.0156 1792 WudfPf - ok
01:07:26.0172 1792 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:07:26.0172 1792 WUDFRd - ok
01:07:26.0172 1792 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:07:26.0172 1792 wudfsvc - ok
01:07:26.0187 1792 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:07:26.0187 1792 WwanSvc - ok
01:07:26.0203 1792 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
01:07:26.0203 1792 xnacc - ok
01:07:26.0203 1792 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:07:26.0203 1792 \Device\Harddisk0\DR0 - ok
01:07:26.0203 1792 Boot (0x1200) (a8d62bb21fa8377a57b3aa1002fcb403) \Device\Harddisk0\DR0\Partition0
01:07:26.0203 1792 \Device\Harddisk0\DR0\Partition0 - ok
01:07:26.0203 1792 Boot (0x1200) (f3181ddd0e11429766edee173819f7f4) \Device\Harddisk0\DR0\Partition1
01:07:26.0203 1792 \Device\Harddisk0\DR0\Partition1 - ok
01:07:26.0203 1792 ============================================================
01:07:26.0203 1792 Scan finished
01:07:26.0203 1792 ============================================================
01:07:26.0219 2000 Detected object count: 0
01:07:26.0219 2000 Actual detected object count: 0

#11 zeecam

zeecam
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 17 April 2012 - 01:16 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-17 01:12:54
-----------------------------
01:12:54.412 OS Version: Windows x64 6.1.7601 Service Pack 1
01:12:54.412 Number of processors: 4 586 0x2A07
01:12:54.412 ComputerName: ZEE-PC UserName: Zee
01:12:54.552 Initialize success
01:14:09.713 AVAST engine defs: 12041601
01:14:18.730 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:14:18.730 Disk 0 Vendor: INTEL_SS PPG2 Size: 114473MB BusType: 3
01:14:18.730 Disk 0 MBR read successfully
01:14:18.730 Disk 0 MBR scan
01:14:18.730 Disk 0 Windows 7 default MBR code
01:14:18.730 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
01:14:18.746 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
01:14:18.746 Disk 0 scanning C:\Windows\system32\drivers
01:14:20.415 Service scanning
01:14:25.781 Modules scanning
01:14:25.781 Disk 0 trace - called modules:
01:14:25.781 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
01:14:25.797 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009382060]
01:14:25.797 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80074b5050]
01:14:25.984 AVAST engine scan C:\Windows
01:14:26.515 AVAST engine scan C:\Windows\system32
01:14:53.549 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
01:14:53.565 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
01:14:53.674 AVAST engine scan C:\Windows\system32\drivers
01:14:55.765 AVAST engine scan C:\Users\Zee
01:15:10.663 AVAST engine scan C:\ProgramData
01:15:12.706 Scan finished successfully
01:15:38.368 Disk 0 MBR has been saved successfully to "C:\Users\Zee\Downloads\MBR.dat"
01:15:38.368 The log file has been saved successfully to "C:\Users\Zee\Downloads\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:24 PM

Posted 17 April 2012 - 01:26 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Windows\assembly\temp\U

DDS::
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 zeecam

zeecam
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 17 April 2012 - 01:29 AM

do I need to exit out of aswMBR without doing anything or do I Fix MBR?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:24 PM

Posted 17 April 2012 - 01:45 AM

Yes I do not want anything fixed by aswMBR


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 zeecam

zeecam
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 17 April 2012 - 01:52 AM

ComboFix 12-04-16.02 - Zee 04/17/2012 1:40.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8169.6702 [GMT -5:00]
Running from: E:\ComboFix.exe
Command switches used :: c:\users\Zee\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\U
c:\windows\assembly\temp\U\00000001.@
c:\windows\assembly\temp\U\00000002.@
c:\windows\assembly\temp\U\00000004.@
c:\windows\assembly\temp\U\000000c0.@
c:\windows\assembly\temp\U\000000cb.@
c:\windows\assembly\temp\U\000000cf.@
c:\windows\assembly\temp\U\80000000.@
c:\windows\assembly\temp\U\80000004.@
c:\windows\assembly\temp\U\80000032.@
c:\windows\assembly\temp\U\80000064.@
c:\windows\assembly\temp\U\800000c0.@
c:\windows\assembly\temp\U\800000cb.@
c:\windows\assembly\temp\U\800000cf.@
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 06:42 . 2012-04-17 06:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 10:50 . 2012-04-16 10:51 -------- d-----w- C:\FRST
2012-04-15 08:12 . 2012-04-15 11:37 -------- d-----w- C:\BM virus killer
2012-04-14 03:58 . 2012-04-14 03:59 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-04-14 01:08 . 2012-04-14 01:08 -------- d-----we c:\windows\system64
2012-04-02 23:49 . 2012-04-02 23:49 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 20:56 . 2011-11-13 01:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 23:49 . 2011-06-07 03:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-27 02:25 . 2012-02-27 02:24 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-02-27 02:25 . 2012-02-27 02:24 249856 ------w- c:\windows\Setup1.exe
2012-01-29 11:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-17_05.23.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-04-17 05:24 34938 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2005-01-01 08:39 . 2012-04-14 11:51 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-01-01 08:39 . 2012-04-17 06:35 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-01-01 08:39 . 2012-04-17 06:35 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-01 08:39 . 2012-04-14 11:51 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-17 06:35 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-14 11:51 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-04-17 05:24 34938 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2005-01-01 08:39 . 2012-04-14 11:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-01-01 08:39 . 2012-04-17 06:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2005-01-01 08:39 . 2012-04-14 11:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2005-01-01 08:39 . 2012-04-17 06:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-17 06:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-14 11:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-04-17 06:01 82744 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-05-24 02:01 . 2012-04-17 06:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-24 02:01 . 2012-04-17 05:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-24 02:01 . 2012-04-17 06:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-24 02:01 . 2012-04-17 05:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-23 02:48 . 2012-04-17 05:24 5264 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3711565456-1935347355-682958209-1000_UserData.bin
+ 2011-05-23 02:48 . 2012-04-17 05:24 5264 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3711565456-1935347355-682958209-1000_UserData.bin
- 2012-04-17 05:23 . 2012-04-17 05:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-17 06:42 . 2012-04-17 06:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-17 05:22 626844 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-17 05:27 626844 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-17 05:27 107160 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-04-17 05:22 107160 c:\windows\system64\perfc009.dat
+ 2009-07-14 05:12 . 2012-04-17 06:35 262144 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-04-14 11:51 262144 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 02:36 . 2012-04-17 05:22 626844 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-17 05:27 626844 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-17 05:27 107160 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-17 05:22 107160 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-04-14 11:51 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-04-17 06:35 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:45 . 2012-04-17 06:01 7335348 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-02-16 00:15 7335348 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-09-28 252544]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 253600]
R3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-11-10 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 23:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 208.180.83.133 208.180.42.68 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{656461EF-40F6-4115-9FF1-BCED9812CCBB} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
.
**************************************************************************
.
Completion time: 2012-04-17 01:43:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 06:43
ComboFix2.txt 2012-04-17 05:24
.
Pre-Run: 75,869,937,664 bytes free
Post-Run: 75,785,465,856 bytes free
.
- - End Of File - - 8D6B1D39ECC244F53ADD7EE38A6035B4




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users