Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stack overflow BSOD


  • This topic is locked This topic is locked
15 replies to this topic

#1 Baenwort

Baenwort

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 24 May 2012 - 09:12 PM

I unfortunately don't have the crash logs or kernal dump as I had forgotten to reconfigure Windows 7 to not overwrite them and my machine BSOD on startup due to a bad nVidia driver install.

I've corrected the driver problem but now I'm worried that this may have been caused by something malicious installing itself.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0
Run by Charles at 19:46:15 on 2012-05-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3992.2246 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ChiconyCam\CECAPLF.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Opera\opera.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mythlogic.com
uDefault_Page_URL = hxxp://www.mythlogic.com
mWinlogon: Userinit=userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ShowBatteryBar] "C:\BatteryBar\ShowBatteryBar.exe" show
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
TCP: DhcpNameServer = 4.2.2.4 64.81.159.2
TCP: Interfaces\{512C867B-A8AD-455A-A181-0F6A9CD999A3} : DhcpNameServer = 4.2.2.4 64.81.159.2
TCP: Interfaces\{512C867B-A8AD-455A-A181-0F6A9CD999A3}\55E6964656E647966696564653 : DhcpNameServer = 192.168.1.95 4.2.2.1
TCP: Interfaces\{549DD0F5-87CD-4EAC-BAC0-4F9785522019} : DhcpNameServer = 192.168.1.95 4.2.2.1
TCP: Interfaces\{773AF21D-2167-4A63-8862-C130BC5A6B38} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B4B46BC3-ACBE-410C-85ED-F6B8257D50C2} : DhcpNameServer = 192.168.0.1
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\drivers\iusb3hcs.sys --> C:\Windows\system32\drivers\iusb3hcs.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-1 659976]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-2-21 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-2-21 1104208]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-3-8 135952]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-7 629984]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-5-5 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-5 165144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-24 2458944]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-10 1153368]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-5 362840]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe --> C:\Windows\system32\viakaraokesrv.exe [?]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-4-17 2671376]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-2-21 1304912]
R3 hswpan;WPAN Driver;C:\Windows\system32\drivers\hswpan.sys --> C:\Windows\system32\drivers\hswpan.sys [?]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\system32\DRIVERS\ikbevent.sys --> C:\Windows\system32\DRIVERS\ikbevent.sys [?]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\system32\DRIVERS\imsevent.sys --> C:\Windows\system32\DRIVERS\imsevent.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\drivers\iusb3hub.sys --> C:\Windows\system32\drivers\iusb3hub.sys [?]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\drivers\iusb3xhc.sys --> C:\Windows\system32\drivers\iusb3xhc.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\drivers\iwdbus.sys --> C:\Windows\system32\drivers\iwdbus.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\Netwsw00.sys --> C:\Windows\system32\DRIVERS\Netwsw00.sys [?]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\system32\DRIVERS\RtsBaStor.sys --> C:\Windows\system32\DRIVERS\RtsBaStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 VMfilt;VMfilt;C:\Windows\system32\drivers\VMfilt64.sys --> C:\Windows\system32\drivers\VMfilt64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
S2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2011-2-18 35328]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\system32\drivers\btmaud.sys --> C:\Windows\system32\drivers\btmaud.sys [?]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-5-5 276248]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 ibtfltcoex;ibtfltcoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\system32\drivers\ISCTD64.sys --> C:\Windows\system32\drivers\ISCTD64.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-4-17 273168]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 Spyder2;ColorVision Spyder2;C:\Windows\system32\drivers\Spyder2.sys --> C:\Windows\system32\drivers\Spyder2.sys [?]
S3 Spyder3;Datacolor Spyder3;C:\Windows\system32\drivers\Spyder3.sys --> C:\Windows\system32\drivers\Spyder3.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\system32\drivers\WPRO_41_2001.sys --> C:\Windows\system32\drivers\WPRO_41_2001.sys [?]
S3 X-Rite;X-Rite USB Service;C:\Windows\system32\drivers\XrUsb64.sys --> C:\Windows\system32\drivers\XrUsb64.sys [?]
.
=============== File Associations ===============
.
.txt=Notepad++_file
.
=============== Created Last 30 ================
.
2012-05-25 00:07:49 -------- d-----w- C:\Program Files (x86)\Hotkey
2012-05-24 23:06:42 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF3E78A6-0592-4823-A97A-AE1035797036}\offreg.dll
2012-05-24 23:06:21 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF3E78A6-0592-4823-A97A-AE1035797036}\mpengine.dll
2012-05-24 22:13:48 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-24 22:12:13 -------- d-----w- C:\Windows\SysWow64\NV
2012-05-24 22:12:13 -------- d-----w- C:\Windows\System32\NV
2012-05-24 03:44:19 -------- d-----w- C:\Users\Charles\Heaven
2012-05-23 18:57:01 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-05-23 18:27:07 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-05-23 18:19:17 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-05-23 18:17:00 -------- d-----w- C:\Program Files (x86)\Phyxion.net
2012-05-23 16:36:13 -------- d-----w- C:\Program Files\CCleaner
2012-05-23 04:10:25 -------- d-----w- C:\Users\Charles\AppData\Local\Microsoft Research
2012-05-23 04:10:11 -------- d-----w- C:\Program Files (x86)\Microsoft Research
2012-05-23 03:44:22 -------- d-----w- C:\Users\Charles\AppData\Roaming\BatteryBar
2012-05-23 03:44:22 -------- d-----w- C:\BatteryBar
2012-05-22 21:45:49 -------- d-----w- C:\Users\Charles\AppData\Local\CrashDumps
2012-05-19 15:07:26 -------- d-----w- C:\Users\Charles\AppData\Roaming\Foxit Software
2012-05-19 12:42:51 27648 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\sugg1pc.dll
2012-05-18 04:04:23 -------- d-----w- C:\Users\Charles\AppData\Local\PassMark
2012-05-18 04:03:42 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2012-05-18 04:03:42 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2012-05-18 04:03:41 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2012-05-18 04:03:30 -------- d-----w- C:\ProgramData\Passmark
2012-05-18 03:41:25 -------- d-----w- C:\Users\Charles\AppData\Roaming\MAXON
2012-05-17 23:55:02 -------- d-----w- C:\Windows\pss
2012-05-17 13:54:47 -------- d-----w- C:\Program Files (x86)\MSI Kombustor 2.3
2012-05-17 13:45:03 -------- d--h--w- C:\Windows\msdownld.tmp
2012-05-17 13:45:03 -------- d-----w- C:\Windows\SysWow64\directx
2012-05-17 13:44:55 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2012-05-15 01:42:35 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-05-14 03:51:01 -------- d-----w- C:\Users\Charles\AppData\Local\goonmetrics
2012-05-13 14:09:56 -------- d-----w- C:\Users\Charles\AppData\Local\My Games
2012-05-13 14:09:56 -------- d-----w- C:\Users\Charles\AppData\Local\Irrational Games
2012-05-12 04:22:54 -------- d-----w- C:\Users\Charles\AppData\Local\Orekaria
2012-05-12 03:04:53 -------- d-----w- C:\Users\Charles\AppData\Roaming\Malwarebytes
2012-05-12 03:04:48 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-12 03:04:48 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-12 03:04:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-12 00:22:34 -------- d-----w- C:\Windows\WindowsMobile
2012-05-11 16:36:50 -------- d-----w- C:\Users\Charles\AppData\Local\OCCT
2012-05-11 16:31:52 -------- d-----w- C:\Program Files\HashTab Shell Extension
2012-05-11 16:30:33 -------- d-----w- C:\Program Files (x86)\Foxit Software
2012-05-11 16:29:37 86608 ----a-w- C:\Windows\System32\cpwmon64.dll
2012-05-11 16:29:37 -------- d-----w- C:\Program Files (x86)\Acro Software
2012-05-11 16:28:45 -------- d-----w- C:\Program Files (x86)\GPLGS
2012-05-11 14:56:46 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-05-11 14:23:52 -------- d-----w- C:\Users\Charles\AppData\Roaming\enchant
2012-05-11 14:23:10 -------- d-----w- C:\Users\Charles\AppData\Roaming\GTS
2012-05-11 14:22:36 -------- d-----w- C:\Users\Charles\AppData\Roaming\EVEMon
2012-05-11 13:57:59 -------- d-----w- C:\Users\Charles\AppData\Roaming\Mumble
2012-05-11 13:56:49 -------- d-----w- C:\Users\Charles\AppData\Roaming\.purple
2012-05-11 13:56:49 -------- d-----w- C:\Users\Charles\AppData\Local\DOSBox
2012-05-11 13:52:56 -------- d-----w- C:\Opera
2012-05-11 04:24:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-11 04:24:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-11 03:58:29 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-05-11 03:57:52 53248 ----a-r- C:\Users\Charles\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-11 03:56:29 -------- d-----w- C:\Users\Charles\AppData\Roaming\Logishrd
2012-05-11 03:47:26 -------- d-----w- C:\Program Files (x86)\Cisco
2012-05-11 00:50:14 -------- d-----w- C:\Users\Charles\AppData\Local\Google
2012-05-11 00:49:37 -------- d-----w- C:\Users\Charles\AppData\Local\Deployment
2012-05-11 00:49:37 -------- d-----w- C:\Users\Charles\AppData\Local\Apps
2012-05-11 00:41:08 -------- d-----w- C:\ProgramData\CCP
2012-05-11 00:30:48 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-05-11 00:30:02 -------- d-----w- C:\Users\Charles\AppData\Local\CCP
2012-05-10 19:40:54 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2012-05-10 19:19:14 -------- d-----w- C:\Users\Charles\AppData\Local\Diagnostics
2012-05-10 18:26:19 -------- d-----w- C:\Program Files (x86)\EVEMon
2012-05-10 17:37:09 -------- d-----w- C:\Users\Charles\AppData\Local\ElevatedDiagnostics
2012-05-10 17:15:37 -------- d-----w- C:\OldCD
2012-05-10 17:15:35 -------- d-----w- C:\DOSBox
2012-05-10 17:14:35 -------- d-----w- C:\Desktops
2012-05-10 17:13:14 -------- d-----w- C:\Program Files (x86)\Garpa Topographical Survey
2012-05-10 17:13:09 -------- d-----w- C:\Steam
2012-05-10 17:12:22 -------- d-----w- C:\Program Files (x86)\Mumble
2012-05-10 17:10:54 -------- d-----w- C:\Program Files (x86)\Pidgin
2012-05-10 17:08:40 -------- d-----w- C:\OldGames
2012-05-10 17:07:35 -------- d-----w- C:\Indie Games
2012-05-10 17:04:05 -------- d-----w- C:\Users\Charles\AppData\Local\Opera
2012-05-10 15:55:17 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-05-10 15:54:28 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-10 15:52:50 -------- d-----w- C:\Windows\System32\appmgmt
2012-05-09 01:45:18 -------- d-----w- C:\ProgramData\tmp
2012-05-09 01:28:42 -------- d-----w- C:\ProgramData\ICS
2012-05-09 01:28:36 -------- d-----w- C:\ProgramData\ICC
2012-05-09 01:27:19 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry
2012-05-09 00:25:14 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-09 00:25:13 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 00:25:13 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-09 00:25:13 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-09 00:25:13 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 00:25:13 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-09 00:24:42 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 00:24:31 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-09 00:24:28 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 00:24:28 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 00:24:28 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 00:24:28 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-09 00:24:28 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 20:35:56 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-08 06:33:13 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63800F51-C866-4145-8B50-6ADE5D314C7F}\gapaengine.dll
2012-05-08 06:32:13 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-08 05:45:33 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-08 05:45:33 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-08 05:45:18 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-08 05:45:13 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-08 05:44:14 -------- d-----w- C:\ProgramData\EA Logs
2012-05-08 05:44:14 -------- d-----w- C:\ProgramData\EA Core
2012-05-08 05:42:22 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2012-05-08 05:38:40 -------- d-----w- C:\ProgramData\Origin
2012-05-08 05:38:40 -------- d-----w- C:\ProgramData\Electronic Arts
2012-05-08 04:45:29 -------- d--h--w- C:\Program Files (x86)\Zero G Registry
2012-05-06 23:00:47 -------- d-----w- C:\ProgramData\Futuremark
2012-05-06 22:58:20 -------- d-----w- C:\Program Files\SiSoftware
2012-05-06 21:35:01 -------- d-----w- C:\Windows\SysWow64\Wat
2012-05-06 21:35:01 -------- d-----w- C:\Windows\System32\Wat
2012-05-06 21:18:08 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-06 21:18:08 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-06 21:18:08 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-06 21:18:08 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-06 21:18:08 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-06 21:18:08 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-06 21:18:08 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-06 21:15:29 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-06 21:15:29 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-06 21:15:29 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-05-06 21:13:28 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2012-05-06 20:59:49 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-05-06 20:59:47 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FED848E7-3BAE-4E61-8DFD-D58359190C1A}\mpengine.dll
2012-05-05 22:51:13 -------- d-----w- C:\Windows\Panther
2012-05-05 22:51:01 -------- d-sh--w- C:\Boot
2012-05-05 22:50:23 -------- d-----w- C:\Windows\System32\OEM
2012-05-05 22:28:18 -------- d-----w- C:\Program Files (x86)\Symantec
2012-05-05 22:24:57 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-05-05 22:24:57 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-05-05 22:24:56 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2012-05-05 22:22:09 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2012-05-05 22:22:04 -------- d-----w- C:\Program Files\WPAN Driver
2012-05-05 22:21:46 -------- d-----w- C:\Program Files\Intel Corporation
2012-05-05 22:21:46 -------- d-----w- C:\Program Files\Common Files\Intel Corporation
2012-05-05 22:18:04 90112 ------w- C:\Windows\Updreg.EXE
2012-05-05 22:18:02 25600 ------w- C:\Windows\System32\THXCfg64.dll
2012-05-05 22:18:02 141312 ------w- C:\Windows\System32\THXCfg64.exe
2012-05-05 22:18:02 11264 ------w- C:\Windows\SysWow64\ResDefA.exe
2012-05-05 22:18:01 89088 ----a-w- C:\Windows\System32\CmdRtr64.DLL
2012-05-05 22:18:01 73728 ----a-w- C:\Windows\SysWow64\CmdRtr.DLL
2012-05-05 22:18:01 241152 ----a-w- C:\Windows\System32\APOMgr64.DLL
2012-05-05 22:18:01 185856 ----a-w- C:\Windows\SysWow64\APOMngr.DLL
2012-05-05 22:17:38 -------- d-----w- C:\Program Files (x86)\Creative
2012-05-05 22:17:32 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2012-05-05 22:17:31 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-05-05 22:17:30 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-05-05 22:17:30 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-05-05 22:17:30 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-05-05 22:17:30 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-05-05 22:17:30 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-05-05 22:17:30 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-05-05 22:17:30 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-05-05 22:15:07 -------- d-----w- C:\Program Files\Synaptics
2012-05-05 22:14:50 -------- d-----w- C:\Program Files (x86)\ChiconyCam
2012-05-05 22:13:02 -------- d--h--w- C:\Windows\System32\WLANProfiles
2012-05-05 22:12:48 -------- d-----w- C:\ProgramData\Roaming
2012-05-05 22:10:02 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll
2012-05-05 22:08:45 -------- d-----w- C:\Program Files (x86)\VIA
2012-05-05 22:08:23 -------- d-----w- C:\Windows\SysWow64\sda
2012-05-05 22:08:17 9888872 ----a-w- C:\Windows\SysWow64\RtsBaStorIcon.dll
2012-05-05 22:08:17 292968 ----a-w- C:\Windows\System32\drivers\RtsBaStor.sys
2012-05-05 22:08:17 -------- d-----w- C:\Program Files (x86)\Realtek
2012-05-05 22:07:52 15128 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2012-05-05 22:07:18 -------- d-sh--w- C:\Windows\Installer
2012-05-05 22:07:15 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-05-05 21:57:37 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-05 21:57:37 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-05 21:57:37 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-05 21:57:37 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-05-05 21:57:37 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-05-05 21:57:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-05 21:57:37 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-05-05 21:54:52 -------- d-----w- C:\Drivers
2012-05-05 21:53:38 -------- d-sh--w- C:\Recovery
2012-05-05 21:52:02 -------- d-----w- C:\Program Files\Common Files\Intel
2012-05-05 21:52:01 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-05-05 21:52:01 -------- d-----w- C:\Intel
2012-05-02 00:47:28 789272 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2012-05-02 00:47:28 356632 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2012-05-02 00:47:28 19224 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2012-05-02 00:46:07 400168 ----a-w- C:\Windows\System32\SynCOM.dll
2012-05-02 00:46:07 272168 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-05-02 00:46:07 221480 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-05-02 00:46:07 218408 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-05-02 00:46:07 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-05-02 00:46:07 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2012-05-02 00:46:07 1393200 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-05-02 00:46:07 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
.
==================== Find3M ====================
.
2012-05-21 12:28:00 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-21 12:28:00 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-10 15:55:13 839112 ----a-w- C:\Windows\System32\deployJava1.dll
2012-05-08 06:27:16 6656 ----a-w- C:\Windows\System32\lpcio.dll
2012-04-17 23:49:26 4246016 ----a-w- C:\Windows\System32\wlihvui.dll
2012-04-17 23:45:22 2463744 ----a-w- C:\Windows\System32\iwmssvc.dll
2012-04-04 23:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-30 22:43:34 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-03-30 22:43:28 170264 ----a-w- C:\Windows\System32\igfxtray.exe
2012-03-30 22:43:26 509720 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-03-30 22:43:24 439064 ----a-w- C:\Windows\System32\igfxpers.exe
2012-03-30 22:43:21 250136 ----a-w- C:\Windows\System32\igfxext.exe
2012-03-30 22:43:19 398616 ----a-w- C:\Windows\System32\hkcmd.exe
2012-03-30 22:43:17 5888792 ----a-w- C:\Windows\System32\GfxUI.exe
2012-03-30 22:43:14 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-03-27 02:25:19 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2712.dll
2012-03-27 02:19:10 755188 ----a-w- C:\Windows\SysWow64\igkrng700.bin
2012-03-27 02:19:10 755188 ----a-w- C:\Windows\System32\igkrng700.bin
2012-03-27 02:19:09 561508 ----a-w- C:\Windows\SysWow64\igfcg700m.bin
2012-03-27 02:19:09 561508 ----a-w- C:\Windows\System32\igfcg700m.bin
2012-03-27 02:09:59 8087040 ----a-w- C:\Windows\System32\igdumd64.dll
2012-03-27 02:09:54 14748416 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-03-27 02:08:39 79360 ----a-w- C:\Windows\System32\igdde64.dll
2012-03-27 02:05:01 6121472 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-03-27 02:03:46 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
2012-03-27 01:58:59 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-03-27 01:47:04 7795200 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-03-27 01:38:00 3749888 ----a-w- C:\Windows\System32\igdbcl64.dll
2012-03-27 01:37:45 591872 ----a-w- C:\Windows\System32\igdrcl64.dll
2012-03-27 01:37:35 236544 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
2012-03-27 01:36:04 2866688 ----a-w- C:\Windows\SysWow64\igdbcl32.dll
2012-03-27 01:36:01 518144 ----a-w- C:\Windows\SysWow64\igdrcl32.dll
2012-03-27 01:35:41 188416 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
2012-03-27 01:31:24 28992000 ----a-w- C:\Windows\System32\igdfcl64.dll
2012-03-27 01:19:14 23460864 ----a-w- C:\Windows\SysWow64\igdfcl32.dll
2012-03-27 01:08:11 17226240 ----a-w- C:\Windows\System32\ig7icd64.dll
2012-03-27 00:53:43 13024768 ----a-w- C:\Windows\SysWow64\ig7icd32.dll
2012-03-27 00:39:33 386560 ----a-w- C:\Windows\System32\igfxpph.dll
2012-03-27 00:39:30 410624 ----a-w- C:\Windows\System32\igfxTMM.dll
2012-03-27 00:39:24 28672 ----a-w- C:\Windows\System32\igfxexps.dll
2012-03-27 00:39:11 63488 ----a-w- C:\Windows\System32\igfxsrvc.dll
2012-03-27 00:38:41 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-03-27 00:38:32 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-03-27 00:38:32 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-03-27 00:38:31 434688 ----a-w- C:\Windows\System32\igfxdev.dll
2012-03-27 00:37:50 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-03-27 00:37:45 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-03-27 00:37:44 9007616 ----a-w- C:\Windows\System32\igfxress.dll
2012-03-27 00:36:19 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-03-27 00:35:31 325120 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-03-27 00:33:34 52736 ----a-w- C:\Windows\System32\OpenCL.dll
2012-03-27 00:33:34 51200 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-27 00:33:29 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll
2012-03-27 00:33:29 524800 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-03-27 00:33:29 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-03-27 00:33:29 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-03-27 00:33:29 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-03-27 00:33:29 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-03-27 00:33:29 213504 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-03-27 00:33:29 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-03-27 00:33:29 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-12 19:06:46 11471872 ----a-w- C:\Windows\System32\drivers\Netwsw00.sys
2012-03-09 09:41:16 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-03-09 09:41:16 685160 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-03-09 09:41:16 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-03-07 08:40:52 1536 ----a-w- C:\Windows\SysWow64\IusEventLog.dll
2012-03-01 15:55:26 195584 ----a-w- C:\Windows\System32\drivers\AmpPal.sys
2012-02-29 00:59:50 34232 ----a-w- C:\Windows\System32\drivers\intelaud.sys
2012-02-29 00:59:50 25496 ----a-w- C:\Windows\System32\drivers\iwdbus.sys
2012-02-29 00:59:04 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 19:46:35.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 PM

Posted 24 May 2012 - 11:41 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Baenwort

Baenwort
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 25 May 2012 - 06:08 PM

Here is the Security Check results:

Results of screen317's Security Check version 0.99.38
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 7 Update 4
````````````````````````````````
Process Check:
objlist.exe by Laurent

Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Spybot Teatimer.exe is disabled!
``````````End of Log````````````


I will be back with the combofix results later this evening as we are having guests over soon.

As far as problems the only one so far was the stack overflow BSOD that windows generated that mentioned that this is typically caused by a malware attack. This was then followed by a bad driver BSOD from the nVidia drivers I was installing from LaptopVideo2go.com which I had to safe mode remove to be able to return to regular windows.

#4 Baenwort

Baenwort
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 25 May 2012 - 07:44 PM

And the combofix:

ComboFix 12-05-25.03 - Charles 05/25/2012 19:25:26.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3992.2596 [GMT -5:00]
Running from: c:\users\Charles\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-26 00:28 . 2012-05-26 00:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-25 22:36 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2790FB64-FF92-44C4-A854-1153ED264C3A}\mpengine.dll
2012-05-25 00:07 . 2012-05-25 00:07 -------- d-----w- c:\program files (x86)\Hotkey
2012-05-24 23:06 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-24 22:12 . 2012-05-24 22:18 -------- d-----w- c:\windows\SysWow64\NV
2012-05-24 22:12 . 2012-05-24 22:18 -------- d-----w- c:\windows\system32\NV
2012-05-24 22:07 . 2012-05-24 22:12 -------- d-----w- c:\programdata\NVIDIA
2012-05-24 04:53 . 2012-05-24 04:53 -------- d-----w- c:\program files\DIFX
2012-05-23 18:57 . 2012-01-15 09:06 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-05-23 18:27 . 2012-05-24 22:07 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-05-23 18:19 . 2012-05-24 22:07 -------- d-----w- c:\program files\NVIDIA Corporation
2012-05-23 18:17 . 2012-05-23 18:17 -------- d-----w- c:\program files (x86)\Phyxion.net
2012-05-23 16:36 . 2012-05-23 16:36 -------- d-----w- c:\program files\CCleaner
2012-05-23 04:10 . 2012-05-23 04:10 -------- d-----w- c:\program files (x86)\Microsoft Research
2012-05-23 03:44 . 2012-05-23 03:44 -------- d-----w- C:\BatteryBar
2012-05-19 12:42 . 2006-12-09 09:55 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\sugg1pc.dll
2012-05-18 04:03 . 2008-07-12 13:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-05-18 04:03 . 2008-07-12 13:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-05-18 04:03 . 2008-07-12 13:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-05-18 04:03 . 2012-05-18 04:03 -------- d-----w- c:\programdata\Passmark
2012-05-17 13:54 . 2012-05-17 13:54 -------- d-----w- c:\program files (x86)\MSI Kombustor 2.3
2012-05-17 13:45 . 2012-05-17 13:45 -------- d--h--w- c:\windows\msdownld.tmp
2012-05-17 13:44 . 2012-05-24 04:09 -------- d-----w- c:\program files (x86)\MSI Afterburner
2012-05-15 01:42 . 2012-05-15 01:42 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-05-15 01:41 . 2012-05-15 03:07 -------- d-----w- c:\program files\Common Files\Adobe
2012-05-15 01:40 . 2012-05-15 01:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-05-15 01:40 . 2012-05-15 01:41 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-05-12 03:04 . 2012-05-12 03:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-12 03:04 . 2012-05-12 03:04 -------- d-----w- c:\programdata\Malwarebytes
2012-05-12 03:04 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-12 00:22 . 2012-05-12 00:22 -------- d-----w- c:\windows\WindowsMobile
2012-05-11 16:32 . 2012-05-11 16:32 -------- d-----w- c:\program files (x86)\Notepad++
2012-05-11 16:31 . 2012-05-11 16:31 -------- d-----w- c:\program files\HashTab Shell Extension
2012-05-11 16:30 . 2012-05-11 16:30 -------- d-----w- c:\program files (x86)\Foxit Software
2012-05-11 16:29 . 2012-05-11 16:29 -------- d-----w- c:\program files (x86)\Acro Software
2012-05-11 16:29 . 2012-03-11 19:56 86608 ----a-w- c:\windows\system32\cpwmon64.dll
2012-05-11 16:28 . 2012-05-11 16:28 -------- d-----w- c:\program files (x86)\GPLGS
2012-05-11 14:58 . 2012-05-11 14:58 -------- d-----w- c:\programdata\Yahoo!
2012-05-11 14:56 . 2012-05-11 14:58 -------- d-----w- c:\program files (x86)\Yahoo!
2012-05-11 13:52 . 2012-05-25 00:54 -------- d-----w- C:\Opera
2012-05-11 13:27 . 2012-05-11 13:27 -------- d-----w- c:\programdata\Logitech
2012-05-11 04:26 . 2012-05-11 04:26 -------- d-----w- c:\program files\7-Zip
2012-05-11 04:24 . 2012-05-23 19:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-11 04:24 . 2012-05-11 04:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-11 03:58 . 2012-05-23 16:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-11 03:57 . 2012-05-11 03:57 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-05-11 03:57 . 2012-05-11 03:58 -------- d-----w- c:\programdata\Logishrd
2012-05-11 03:57 . 2012-05-11 03:57 -------- d-----w- c:\program files\Logitech
2012-05-11 03:57 . 2012-05-11 03:57 -------- d-----w- c:\program files\Common Files\Logishrd
2012-05-11 03:47 . 2012-05-11 03:47 -------- d-----w- c:\program files (x86)\Cisco
2012-05-11 00:41 . 2012-05-11 00:41 -------- d-----w- c:\programdata\CCP
2012-05-11 00:30 . 2012-05-20 13:13 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-05-10 19:40 . 2012-05-10 19:40 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-05-10 18:26 . 2012-05-10 18:26 -------- d-----w- c:\program files (x86)\EVEMon
2012-05-10 17:15 . 2012-05-10 17:15 -------- d-----w- C:\OldCD
2012-05-10 17:15 . 2012-05-11 13:54 -------- d-----w- C:\DOSBox
2012-05-10 17:14 . 2012-05-10 17:15 -------- d-----w- C:\Desktops
2012-05-10 17:13 . 2012-05-10 17:13 -------- d-----w- c:\program files (x86)\Garpa Topographical Survey
2012-05-10 17:13 . 2012-05-25 14:35 -------- d-----w- C:\Steam
2012-05-10 17:12 . 2012-05-10 17:12 -------- d-----w- c:\program files (x86)\Mumble
2012-05-10 17:10 . 2012-05-11 14:26 -------- d-----w- c:\program files (x86)\Pidgin
2012-05-10 17:08 . 2012-05-10 17:14 -------- d-----w- C:\OldGames
2012-05-10 17:07 . 2012-05-14 03:50 -------- d-----w- C:\Indie Games
2012-05-10 17:04 . 2012-05-11 00:48 -------- d-----w- c:\program files (x86)\Opera
2012-05-10 15:59 . 2012-05-10 15:59 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-10 15:59 . 2012-05-10 15:59 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-10 15:55 . 2012-05-10 15:55 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-10 15:54 . 2012-05-10 15:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-10 15:54 . 2012-04-04 23:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-10 15:52 . 2012-05-11 00:47 -------- d-----w- c:\windows\system32\appmgmt
2012-05-09 02:20 . 2012-05-24 15:59 -------- d-----w- c:\users\Charles
2012-05-09 01:45 . 2012-05-09 01:45 -------- d-----w- c:\programdata\tmp
2012-05-09 01:28 . 2012-05-09 01:28 -------- d-----w- c:\programdata\ICS
2012-05-09 01:28 . 2012-05-09 01:29 -------- d-----w- c:\programdata\ICC
2012-05-09 01:27 . 2012-05-09 01:48 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
2012-05-09 01:25 . 2006-11-17 00:26 19248 ----a-w- c:\windows\system32\drivers\pdiports.sys
2012-05-09 01:25 . 2012-05-09 01:25 -------- d-----w- c:\program files (x86)\Common Files\Portrait Displays
2012-05-09 01:25 . 2012-05-09 01:48 -------- d-----w- c:\windows\SysWow64\drivers\color
2012-05-09 01:25 . 2007-12-12 16:11 15360 ----a-w- c:\windows\system32\drivers\Spyder3.sys
2012-05-09 01:25 . 2007-01-29 13:01 33600 ----a-w- c:\windows\system32\drivers\XrUsb64.sys
2012-05-09 01:25 . 2007-01-17 17:32 15360 ----a-w- c:\windows\system32\drivers\Spyder2.sys
2012-05-09 01:25 . 2006-04-20 06:03 1912800 ----a-w- c:\windows\system32\WdfCoInstaller01001.dll
2012-05-09 00:25 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 00:25 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 00:25 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 00:25 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 00:25 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 00:25 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 00:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 00:24 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 00:24 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 00:24 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 00:24 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 00:24 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 00:24 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 20:35 . 2012-05-08 20:35 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-08 06:33 . 2012-05-08 06:33 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63800F51-C866-4145-8B50-6ADE5D314C7F}\gapaengine.dll
2012-05-08 06:32 . 2012-05-08 20:36 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-08 05:45 . 2012-05-08 05:49 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-08 05:45 . 2012-05-08 05:45 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-08 05:45 . 2012-05-08 05:49 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-08 05:45 . 2012-05-08 05:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-08 05:44 . 2012-05-08 05:45 -------- d-----w- c:\programdata\EA Logs
2012-05-08 05:44 . 2012-05-08 05:44 -------- d-----w- c:\programdata\EA Core
2012-05-08 05:42 . 2012-05-08 06:28 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-05-08 05:38 . 2012-05-09 01:49 -------- d-----w- c:\programdata\Origin
2012-05-08 05:38 . 2012-05-08 05:44 -------- d-----w- c:\programdata\Electronic Arts
2012-05-08 04:45 . 2012-05-08 04:45 -------- d--h--w- c:\program files (x86)\Zero G Registry
2012-05-06 23:00 . 2012-05-07 20:44 -------- d-----w- c:\programdata\Futuremark
2012-05-06 22:58 . 2012-05-06 22:58 -------- d-----w- c:\program files\SiSoftware
2012-05-06 21:35 . 2012-05-06 21:35 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-06 21:35 . 2012-05-06 21:35 -------- d-----w- c:\windows\system32\Wat
2012-05-06 21:18 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-06 21:18 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-06 21:18 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-06 21:18 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-06 21:18 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-06 21:18 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-06 21:18 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-06 21:15 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-05-06 21:15 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-06 21:15 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-06 21:14 . 2012-05-23 16:48 -------- d-----w- c:\users\UpdatusUser
2012-05-06 21:13 . 2012-05-12 14:05 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2012-05-06 20:59 . 2012-04-18 10:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FED848E7-3BAE-4E61-8DFD-D58359190C1A}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 23:49 . 2012-04-17 23:49 4246016 ----a-w- c:\windows\system32\wlihvui.dll
2012-04-17 23:45 . 2012-04-17 23:45 2463744 ----a-w- c:\windows\system32\iwmssvc.dll
2012-03-21 03:44 . 2011-04-27 22:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2011-04-18 20:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-12 19:06 . 2012-03-12 19:06 11471872 ----a-w- c:\windows\system32\drivers\Netwsw00.sys
2012-03-07 08:40 . 2012-03-07 08:40 1536 ----a-w- c:\windows\SysWow64\IusEventLog.dll
2012-03-01 15:55 . 2012-03-01 15:55 195584 ----a-w- c:\windows\system32\drivers\AmpPal.sys
2012-02-29 00:59 . 2012-02-29 00:59 34232 ----a-w- c:\windows\system32\drivers\intelaud.sys
2012-02-29 00:59 . 2012-02-29 00:59 25496 ----a-w- c:\windows\system32\drivers\iwdbus.sys
2012-02-29 00:59 . 2012-02-29 00:59 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowBatteryBar"="c:\batterybar\ShowBatteryBar.exe" [2009-05-28 89600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-12 5025904]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2012-4-11 4727296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-30 276248]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Charles\AppData\Local\Temp\GPU-Z.sys [x]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\drivers\ISCTD64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-04-18 273168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [x]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [x]
R3 X-Rite;X-Rite USB Service;c:\windows\system32\drivers\XrUsb64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-01 659976]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-02-22 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-02-22 1104208]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-03-08 135952]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-03-07 629984]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-03-22 128280]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-03-29 165144]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-22 2458944]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-18 35328]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-03-14 362840]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-04-18 2671376]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-02-22 1304912]
S3 hswpan;WPAN Driver;c:\windows\system32\drivers\hswpan.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\Netwsw00.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3350622174-2860387809-107853704-1002Core.job
- c:\users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 15:34]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3350622174-2860387809-107853704-1002UA.job
- c:\users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 15:34]
.
2012-05-26 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-27 03:24]
.
2012-05-25 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-27 03:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-22 11406608]
"CECAPLF"="c:\program files (x86)\ChiconyCam\CECAPLF.exe" [2011-07-06 121456]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-30 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-30 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-30 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.mythlogic.com
mLocal Page = c:\windows\SysWOW64\blank.htm
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-igfxcui - (no file)
Notify-LBTWlgn - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-25 19:29:13
ComboFix-quarantined-files.txt 2012-05-26 00:29
.
Pre-Run: 88,287,293,440 bytes free
Post-Run: 87,715,598,336 bytes free
.
- - End Of File - - DEDDF4B9167674FFFB8B1231CFBFFAD6

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 PM

Posted 26 May 2012 - 01:15 PM

Greetings

So far that looks pretty good

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Baenwort

Baenwort
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 26 May 2012 - 04:42 PM

The TDSSKiller Report:

13:50:59.0764 3116 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
13:51:00.0017 3116 ============================================================
13:51:00.0019 3116 Current date / time: 2012/05/26 13:51:00.0017
13:51:00.0019 3116 SystemInfo:
13:51:00.0019 3116
13:51:00.0019 3116 OS Version: 6.1.7601 ServicePack: 1.0
13:51:00.0019 3116 Product type: Workstation
13:51:00.0019 3116 ComputerName: MYTHOLOGICAL
13:51:00.0019 3116 UserName: Charles
13:51:00.0019 3116 Windows directory: C:\Windows
13:51:00.0019 3116 System windows directory: C:\Windows
13:51:00.0019 3116 Running under WOW64
13:51:00.0019 3116 Processor architecture: Intel x64
13:51:00.0019 3116 Number of processors: 8
13:51:00.0019 3116 Page size: 0x1000
13:51:00.0019 3116 Boot type: Normal boot
13:51:00.0019 3116 ============================================================
13:51:00.0207 3116 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:51:00.0207 3116 ============================================================
13:51:00.0207 3116 \Device\Harddisk0\DR0:
13:51:00.0207 3116 MBR partitions:
13:51:00.0207 3116 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x11A13800
13:51:00.0207 3116 ============================================================
13:51:00.0207 3116 C: <-> \Device\Harddisk0\DR0\Partition0
13:51:00.0207 3116 ============================================================
13:51:00.0207 3116 Initialize success
13:51:00.0207 3116 ============================================================
13:51:54.0267 5976 ============================================================
13:51:54.0267 5976 Scan started
13:51:54.0267 5976 Mode: Manual;
13:51:54.0267 5976 ============================================================
13:51:54.0407 5976 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:51:54.0407 5976 1394ohci - ok
13:51:54.0423 5976 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:51:54.0423 5976 ACPI - ok
13:51:54.0423 5976 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:51:54.0423 5976 AcpiPmi - ok
13:51:54.0438 5976 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:51:54.0454 5976 adp94xx - ok
13:51:54.0454 5976 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:51:54.0470 5976 adpahci - ok
13:51:54.0470 5976 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:51:54.0485 5976 adpu320 - ok
13:51:54.0485 5976 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:51:54.0501 5976 AeLookupSvc - ok
13:51:54.0516 5976 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:51:54.0516 5976 AFD - ok
13:51:54.0532 5976 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:51:54.0532 5976 agp440 - ok
13:51:54.0548 5976 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:51:54.0548 5976 ALG - ok
13:51:54.0548 5976 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:51:54.0548 5976 aliide - ok
13:51:54.0548 5976 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:51:54.0563 5976 amdide - ok
13:51:54.0563 5976 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:51:54.0563 5976 AmdK8 - ok
13:51:54.0579 5976 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:51:54.0579 5976 AmdPPM - ok
13:51:54.0594 5976 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:51:54.0594 5976 amdsata - ok
13:51:54.0610 5976 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:51:54.0610 5976 amdsbs - ok
13:51:54.0610 5976 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:51:54.0610 5976 amdxata - ok
13:51:54.0626 5976 AMPPAL (b147910d07f862f1f5b7b80bf5d800bf) C:\Windows\system32\DRIVERS\AMPPAL.sys
13:51:54.0641 5976 AMPPAL - ok
13:51:54.0657 5976 AMPPALP (b147910d07f862f1f5b7b80bf5d800bf) C:\Windows\system32\DRIVERS\amppal.sys
13:51:54.0657 5976 AMPPALP - ok
13:51:54.0672 5976 AMPPALR3 (86dc20ff914596983023e9e4544667ee) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
13:51:54.0672 5976 AMPPALR3 - ok
13:51:54.0688 5976 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:51:54.0688 5976 AppID - ok
13:51:54.0688 5976 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:51:54.0688 5976 AppIDSvc - ok
13:51:54.0704 5976 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:51:54.0704 5976 Appinfo - ok
13:51:54.0719 5976 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:51:54.0719 5976 AppMgmt - ok
13:51:54.0737 5976 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:51:54.0737 5976 arc - ok
13:51:54.0742 5976 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:51:54.0745 5976 arcsas - ok
13:51:54.0762 5976 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:51:54.0767 5976 aspnet_state - ok
13:51:54.0772 5976 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:51:54.0772 5976 AsyncMac - ok
13:51:54.0777 5976 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:51:54.0777 5976 atapi - ok
13:51:54.0802 5976 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:51:54.0812 5976 AudioEndpointBuilder - ok
13:51:54.0817 5976 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:51:54.0820 5976 AudioSrv - ok
13:51:54.0827 5976 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:51:54.0827 5976 AxInstSV - ok
13:51:54.0840 5976 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:51:54.0847 5976 b06bdrv - ok
13:51:54.0860 5976 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:51:54.0865 5976 b57nd60a - ok
13:51:54.0880 5976 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:51:54.0882 5976 BDESVC - ok
13:51:54.0885 5976 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:51:54.0885 5976 Beep - ok
13:51:54.0905 5976 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:51:54.0915 5976 BFE - ok
13:51:54.0937 5976 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:51:54.0952 5976 BITS - ok
13:51:54.0962 5976 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
13:51:54.0965 5976 blbdrive - ok
13:51:54.0992 5976 Bluetooth Device Monitor (a52ea1d8c2900055323c93ddb252a3da) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
13:51:55.0005 5976 Bluetooth Device Monitor - ok
13:51:55.0040 5976 Bluetooth Media Service (091210450ca7ced08f360d9d7fec5d11) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
13:51:55.0055 5976 Bluetooth Media Service - ok
13:51:55.0085 5976 Bluetooth OBEX Service (392450754e17ff778cbc5b9d20583ad1) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
13:51:55.0097 5976 Bluetooth OBEX Service - ok
13:51:55.0145 5976 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:51:55.0145 5976 bowser - ok
13:51:55.0150 5976 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:51:55.0150 5976 BrFiltLo - ok
13:51:55.0152 5976 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:51:55.0155 5976 BrFiltUp - ok
13:51:55.0167 5976 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:51:55.0170 5976 BridgeMP - ok
13:51:55.0185 5976 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:51:55.0187 5976 Browser - ok
13:51:55.0200 5976 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:51:55.0202 5976 Brserid - ok
13:51:55.0210 5976 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:51:55.0212 5976 BrSerWdm - ok
13:51:55.0215 5976 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:51:55.0217 5976 BrUsbMdm - ok
13:51:55.0220 5976 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:51:55.0220 5976 BrUsbSer - ok
13:51:55.0227 5976 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
13:51:55.0227 5976 BthEnum - ok
13:51:55.0240 5976 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:51:55.0242 5976 BTHMODEM - ok
13:51:55.0247 5976 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:51:55.0250 5976 BthPan - ok
13:51:55.0262 5976 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
13:51:55.0270 5976 BTHPORT - ok
13:51:55.0282 5976 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:51:55.0282 5976 bthserv - ok
13:51:55.0290 5976 BTHSSecurityMgr (34c60d1f16d8fe67277dbb9d7e59f89d) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
13:51:55.0292 5976 BTHSSecurityMgr - ok
13:51:55.0297 5976 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
13:51:55.0297 5976 BTHUSB - ok
13:51:55.0307 5976 btmaudio (be9931e1c340441a1103da3ccaef6e96) C:\Windows\system32\drivers\btmaud.sys
13:51:55.0307 5976 btmaudio - ok
13:51:55.0317 5976 btmaux (988cc6cc49303665d3b2435c51505c3f) C:\Windows\system32\DRIVERS\btmaux.sys
13:51:55.0320 5976 btmaux - ok
13:51:55.0342 5976 btmhsf (2b4b508afac2a563931af1fe875a5b16) C:\Windows\system32\DRIVERS\btmhsf.sys
13:51:55.0352 5976 btmhsf - ok
13:51:55.0362 5976 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:51:55.0365 5976 cdfs - ok
13:51:55.0372 5976 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:51:55.0375 5976 cdrom - ok
13:51:55.0380 5976 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:51:55.0380 5976 CertPropSvc - ok
13:51:55.0395 5976 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:51:55.0395 5976 circlass - ok
13:51:55.0411 5976 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:51:55.0411 5976 CLFS - ok
13:51:55.0432 5976 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:51:55.0434 5976 clr_optimization_v2.0.50727_32 - ok
13:51:55.0447 5976 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:51:55.0449 5976 clr_optimization_v2.0.50727_64 - ok
13:51:55.0469 5976 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:51:55.0479 5976 clr_optimization_v4.0.30319_32 - ok
13:51:55.0499 5976 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:51:55.0504 5976 clr_optimization_v4.0.30319_64 - ok
13:51:55.0507 5976 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:51:55.0509 5976 CmBatt - ok
13:51:55.0512 5976 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:51:55.0514 5976 cmdide - ok
13:51:55.0532 5976 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:51:55.0537 5976 CNG - ok
13:51:55.0542 5976 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:51:55.0544 5976 Compbatt - ok
13:51:55.0549 5976 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:51:55.0552 5976 CompositeBus - ok
13:51:55.0554 5976 COMSysApp - ok
13:51:55.0594 5976 cphs (236172c3a418b9a0f26b416a72f5a556) C:\Windows\SysWow64\IntelCpHeciSvc.exe
13:51:55.0599 5976 cphs - ok
13:51:55.0602 5976 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:51:55.0604 5976 crcdisk - ok
13:51:55.0619 5976 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:51:55.0622 5976 CryptSvc - ok
13:51:55.0642 5976 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:51:55.0649 5976 CSC - ok
13:51:55.0669 5976 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:51:55.0679 5976 CscService - ok
13:51:55.0694 5976 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:51:55.0702 5976 DcomLaunch - ok
13:51:55.0714 5976 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:51:55.0717 5976 defragsvc - ok
13:51:55.0732 5976 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:51:55.0734 5976 DfsC - ok
13:51:55.0749 5976 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:51:55.0754 5976 Dhcp - ok
13:51:55.0762 5976 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:51:55.0762 5976 discache - ok
13:51:55.0767 5976 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:51:55.0769 5976 Disk - ok
13:51:55.0779 5976 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
13:51:55.0782 5976 dmvsc - ok
13:51:55.0792 5976 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:51:55.0794 5976 Dnscache - ok
13:51:55.0807 5976 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:51:55.0812 5976 dot3svc - ok
13:51:55.0819 5976 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:51:55.0824 5976 DPS - ok
13:51:55.0827 5976 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:51:55.0827 5976 drmkaud - ok
13:51:55.0854 5976 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:51:55.0867 5976 DXGKrnl - ok
13:51:55.0877 5976 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:51:55.0879 5976 EapHost - ok
13:51:55.0952 5976 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:51:55.0983 5976 ebdrv - ok
13:51:56.0030 5976 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:51:56.0030 5976 EFS - ok
13:51:56.0046 5976 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:51:56.0061 5976 ehRecvr - ok
13:51:56.0077 5976 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:51:56.0077 5976 ehSched - ok
13:51:56.0093 5976 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:51:56.0093 5976 elxstor - ok
13:51:56.0108 5976 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:51:56.0108 5976 ErrDev - ok
13:51:56.0124 5976 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:51:56.0124 5976 EventSystem - ok
13:51:56.0155 5976 EvtEng (3a65d4af876f6cd47b22aa93a31e4646) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:51:56.0155 5976 EvtEng - ok
13:51:56.0171 5976 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:51:56.0171 5976 exfat - ok
13:51:56.0186 5976 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:51:56.0186 5976 fastfat - ok
13:51:56.0217 5976 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:51:56.0217 5976 Fax - ok
13:51:56.0233 5976 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:51:56.0233 5976 fdc - ok
13:51:56.0233 5976 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:51:56.0233 5976 fdPHost - ok
13:51:56.0233 5976 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:51:56.0249 5976 FDResPub - ok
13:51:56.0249 5976 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:51:56.0249 5976 FileInfo - ok
13:51:56.0264 5976 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:51:56.0264 5976 Filetrace - ok
13:51:56.0295 5976 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:51:56.0295 5976 FLEXnet Licensing Service - ok
13:51:56.0311 5976 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:51:56.0311 5976 flpydisk - ok
13:51:56.0327 5976 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:51:56.0327 5976 FltMgr - ok
13:51:56.0358 5976 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:51:56.0373 5976 FontCache - ok
13:51:56.0373 5976 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:51:56.0373 5976 FontCache3.0.0.0 - ok
13:51:56.0399 5976 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:51:56.0401 5976 FsDepends - ok
13:51:56.0404 5976 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:51:56.0406 5976 Fs_Rec - ok
13:51:56.0419 5976 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:51:56.0421 5976 fvevol - ok
13:51:56.0429 5976 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:51:56.0429 5976 gagp30kx - ok
13:51:56.0456 5976 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:51:56.0464 5976 gpsvc - ok
13:51:56.0474 5976 GPU-Z - ok
13:51:56.0481 5976 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:51:56.0484 5976 hcw85cir - ok
13:51:56.0501 5976 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:51:56.0506 5976 HdAudAddService - ok
13:51:56.0519 5976 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:51:56.0521 5976 HDAudBus - ok
13:51:56.0526 5976 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:51:56.0526 5976 HidBatt - ok
13:51:56.0541 5976 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:51:56.0541 5976 HidBth - ok
13:51:56.0549 5976 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:51:56.0551 5976 HidIr - ok
13:51:56.0556 5976 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:51:56.0556 5976 hidserv - ok
13:51:56.0561 5976 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:51:56.0564 5976 HidUsb - ok
13:51:56.0574 5976 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:51:56.0576 5976 hkmsvc - ok
13:51:56.0589 5976 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:51:56.0594 5976 HomeGroupListener - ok
13:51:56.0606 5976 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:51:56.0609 5976 HomeGroupProvider - ok
13:51:56.0619 5976 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:51:56.0621 5976 HpSAMD - ok
13:51:56.0634 5976 hswpan (436819f9b8b0032791400bd5b4934fab) C:\Windows\system32\drivers\hswpan.sys
13:51:56.0634 5976 hswpan - ok
13:51:56.0656 5976 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:51:56.0666 5976 HTTP - ok
13:51:56.0669 5976 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:51:56.0669 5976 hwpolicy - ok
13:51:56.0681 5976 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:51:56.0681 5976 i8042prt - ok
13:51:56.0704 5976 iaStor (d1753c06ee17e29352b065eacf3f10d0) C:\Windows\system32\drivers\iaStor.sys
13:51:56.0706 5976 iaStor - ok
13:51:56.0721 5976 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:51:56.0726 5976 iaStorV - ok
13:51:56.0736 5976 ibtfltcoex (60cc7ae9aedb4d1e7923bd053b176d97) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
13:51:56.0739 5976 ibtfltcoex - ok
13:51:56.0764 5976 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:51:56.0776 5976 idsvc - ok
13:51:57.0065 5976 igfx (3fb253e8059a1aac3a8b83a31d094cc5) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:51:57.0217 5976 igfx - ok
13:51:57.0262 5976 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:51:57.0262 5976 iirsp - ok
13:51:57.0267 5976 ikbevent (67999a9d34a0b2479381e7a61afc37ab) C:\Windows\system32\DRIVERS\ikbevent.sys
13:51:57.0274 5976 ikbevent - ok
13:51:57.0299 5976 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:51:57.0309 5976 IKEEXT - ok
13:51:57.0314 5976 imsevent (ddae90dd5bdac53c8c5cd5b82fc1f1b4) C:\Windows\system32\DRIVERS\imsevent.sys
13:51:57.0322 5976 imsevent - ok
13:51:57.0329 5976 intaud_WaveExtensible (a387d6de360c3b2284b23000b212910a) C:\Windows\system32\drivers\intelaud.sys
13:51:57.0329 5976 intaud_WaveExtensible - ok
13:51:57.0342 5976 IntcDAud (6c9fffeca9fed31347d211c5d1ffbd2d) C:\Windows\system32\DRIVERS\IntcDAud.sys
13:51:57.0354 5976 IntcDAud - ok
13:51:57.0379 5976 Intel® Capability Licensing Service Interface (0043ec20c06fd9fe339b5d37474b731e) C:\Program Files\Intel\iCLS Client\HeciServer.exe
13:51:57.0379 5976 Intel® Capability Licensing Service Interface - ok
13:51:57.0395 5976 Intel® ME Service (f68bcf46f65739ad772516557e0a5d09) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
13:51:57.0395 5976 Intel® ME Service - ok
13:51:57.0395 5976 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:51:57.0395 5976 intelide - ok
13:51:57.0411 5976 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
13:51:57.0411 5976 intelppm - ok
13:51:57.0426 5976 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:51:57.0426 5976 IPBusEnum - ok
13:51:57.0426 5976 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:51:57.0442 5976 IpFilterDriver - ok
13:51:57.0442 5976 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:51:57.0457 5976 iphlpsvc - ok
13:51:57.0457 5976 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:51:57.0457 5976 IPMIDRV - ok
13:51:57.0473 5976 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:51:57.0473 5976 IPNAT - ok
13:51:57.0473 5976 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:51:57.0473 5976 IRENUM - ok
13:51:57.0489 5976 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:51:57.0489 5976 isapnp - ok
13:51:57.0489 5976 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:51:57.0504 5976 iScsiPrt - ok
13:51:57.0504 5976 ISCT (970995b7c36f4408ed31c3bf204fe1f5) C:\Windows\system32\drivers\ISCTD64.sys
13:51:57.0504 5976 ISCT - ok
13:51:57.0520 5976 ISCTAgent (6f60b7ad044924b8c1e32d692c593612) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
13:51:57.0520 5976 ISCTAgent - ok
13:51:57.0520 5976 iusb3hcs (b2381712638b0b714d0eeab9a1f7c640) C:\Windows\system32\drivers\iusb3hcs.sys
13:51:57.0520 5976 iusb3hcs - ok
13:51:57.0535 5976 iusb3hub (fd2c6457232e95c014dad21debc64867) C:\Windows\system32\drivers\iusb3hub.sys
13:51:57.0535 5976 iusb3hub - ok
13:51:57.0567 5976 iusb3xhc (f6a2b5d030be7edf8adc12c9a40825a8) C:\Windows\system32\drivers\iusb3xhc.sys
13:51:57.0567 5976 iusb3xhc - ok
13:51:57.0582 5976 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\drivers\iwdbus.sys
13:51:57.0582 5976 iwdbus - ok
13:51:57.0598 5976 jhi_service (e1d34505311721fc4649af2c864653f4) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
13:51:57.0598 5976 jhi_service - ok
13:51:57.0598 5976 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:51:57.0598 5976 kbdclass - ok
13:51:57.0613 5976 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:51:57.0613 5976 kbdhid - ok
13:51:57.0613 5976 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:51:57.0613 5976 KeyIso - ok
13:51:57.0629 5976 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:51:57.0629 5976 KSecDD - ok
13:51:57.0645 5976 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:51:57.0645 5976 KSecPkg - ok
13:51:57.0645 5976 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:51:57.0645 5976 ksthunk - ok
13:51:57.0660 5976 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:51:57.0660 5976 KtmRm - ok
13:51:57.0676 5976 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:51:57.0676 5976 LanmanServer - ok
13:51:57.0691 5976 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:51:57.0691 5976 LanmanWorkstation - ok
13:51:57.0712 5976 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
13:51:57.0717 5976 LBTServ - ok
13:51:57.0732 5976 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
13:51:57.0734 5976 LEqdUsb - ok
13:51:57.0737 5976 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
13:51:57.0739 5976 LHidEqd - ok
13:51:57.0752 5976 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:51:57.0752 5976 LHidFilt - ok
13:51:57.0762 5976 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:51:57.0764 5976 lltdio - ok
13:51:57.0777 5976 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:51:57.0782 5976 lltdsvc - ok
13:51:57.0787 5976 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:51:57.0789 5976 lmhosts - ok
13:51:57.0799 5976 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:51:57.0799 5976 LMouFilt - ok
13:51:57.0809 5976 LMS (bd9457699ac9c1a0fe43398043617279) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:51:57.0814 5976 LMS - ok
13:51:57.0827 5976 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:51:57.0829 5976 LSI_FC - ok
13:51:57.0839 5976 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:51:57.0842 5976 LSI_SAS - ok
13:51:57.0852 5976 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:51:57.0854 5976 LSI_SAS2 - ok
13:51:57.0862 5976 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:51:57.0864 5976 LSI_SCSI - ok
13:51:57.0874 5976 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:51:57.0877 5976 luafv - ok
13:51:57.0889 5976 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:51:57.0892 5976 Mcx2Svc - ok
13:51:57.0897 5976 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:51:57.0897 5976 megasas - ok
13:51:57.0909 5976 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:51:57.0912 5976 MegaSR - ok
13:51:57.0924 5976 MEIx64 (6b01b7414a105b9e51652089a03027cf) C:\Windows\system32\DRIVERS\HECIx64.sys
13:51:57.0924 5976 MEIx64 - ok
13:51:57.0937 5976 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:51:57.0939 5976 MMCSS - ok
13:51:57.0944 5976 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:51:57.0947 5976 Modem - ok
13:51:57.0952 5976 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:51:57.0952 5976 monitor - ok
13:51:57.0962 5976 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:51:57.0962 5976 mouclass - ok
13:51:57.0967 5976 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:51:57.0969 5976 mouhid - ok
13:51:57.0982 5976 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:51:57.0984 5976 mountmgr - ok
13:51:57.0992 5976 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
13:51:57.0994 5976 MpFilter - ok
13:51:58.0004 5976 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:51:58.0007 5976 mpio - ok
13:51:58.0019 5976 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:51:58.0022 5976 mpsdrv - ok
13:51:58.0049 5976 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:51:58.0059 5976 MpsSvc - ok
13:51:58.0072 5976 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:51:58.0074 5976 MRxDAV - ok
13:51:58.0087 5976 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:51:58.0089 5976 mrxsmb - ok
13:51:58.0104 5976 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:51:58.0107 5976 mrxsmb10 - ok
13:51:58.0119 5976 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:51:58.0119 5976 mrxsmb20 - ok
13:51:58.0124 5976 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:51:58.0127 5976 msahci - ok
13:51:58.0137 5976 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:51:58.0139 5976 msdsm - ok
13:51:58.0154 5976 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:51:58.0157 5976 MSDTC - ok
13:51:58.0164 5976 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:51:58.0167 5976 Msfs - ok
13:51:58.0169 5976 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:51:58.0169 5976 mshidkmdf - ok
13:51:58.0169 5976 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:51:58.0169 5976 msisadrv - ok
13:51:58.0185 5976 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:51:58.0185 5976 MSiSCSI - ok
13:51:58.0185 5976 msiserver - ok
13:51:58.0185 5976 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:51:58.0185 5976 MSKSSRV - ok
13:51:58.0201 5976 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:51:58.0201 5976 MsMpSvc - ok
13:51:58.0201 5976 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:51:58.0201 5976 MSPCLOCK - ok
13:51:58.0201 5976 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:51:58.0201 5976 MSPQM - ok
13:51:58.0216 5976 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:51:58.0216 5976 MsRPC - ok
13:51:58.0232 5976 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:51:58.0232 5976 mssmbios - ok
13:51:58.0232 5976 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:51:58.0232 5976 MSTEE - ok
13:51:58.0232 5976 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:51:58.0232 5976 MTConfig - ok
13:51:58.0247 5976 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:51:58.0247 5976 Mup - ok
13:51:58.0263 5976 MyWiFiDHCPDNS (22299bbed2fd0dffc0fa1d46496c6d19) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:51:58.0294 5976 MyWiFiDHCPDNS - ok
13:51:58.0310 5976 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:51:58.0325 5976 napagent - ok
13:51:58.0341 5976 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:51:58.0344 5976 NativeWifiP - ok
13:51:58.0369 5976 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:51:58.0379 5976 NDIS - ok
13:51:58.0384 5976 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:51:58.0386 5976 NdisCap - ok
13:51:58.0391 5976 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:51:58.0391 5976 NdisTapi - ok
13:51:58.0401 5976 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:51:58.0401 5976 Ndisuio - ok
13:51:58.0411 5976 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:51:58.0414 5976 NdisWan - ok
13:51:58.0416 5976 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:51:58.0416 5976 NDProxy - ok
13:51:58.0432 5976 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:51:58.0432 5976 NetBIOS - ok
13:51:58.0432 5976 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:51:58.0447 5976 NetBT - ok
13:51:58.0447 5976 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:51:58.0447 5976 Netlogon - ok
13:51:58.0463 5976 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:51:58.0463 5976 Netman - ok
13:51:58.0494 5976 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:51:58.0494 5976 NetMsmqActivator - ok
13:51:58.0494 5976 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:51:58.0494 5976 NetPipeActivator - ok
13:51:58.0510 5976 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:51:58.0525 5976 netprofm - ok
13:51:58.0525 5976 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:51:58.0525 5976 NetTcpActivator - ok
13:51:58.0525 5976 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:51:58.0525 5976 NetTcpPortSharing - ok
13:51:58.0775 5976 NETwNs64 (262225f08b891fd7f16b3b93a3177c1f) C:\Windows\system32\DRIVERS\Netwsw00.sys
13:51:58.0872 5976 NETwNs64 - ok
13:51:58.0910 5976 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:51:58.0910 5976 nfrd960 - ok
13:51:58.0925 5976 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:51:58.0925 5976 NisDrv - ok
13:51:58.0941 5976 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
13:51:58.0941 5976 NisSrv - ok
13:51:58.0956 5976 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:51:58.0956 5976 NlaSvc - ok
13:51:58.0956 5976 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:51:58.0972 5976 Npfs - ok
13:51:58.0972 5976 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:51:58.0972 5976 nsi - ok
13:51:58.0972 5976 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:51:58.0972 5976 nsiproxy - ok
13:51:59.0026 5976 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:51:59.0043 5976 Ntfs - ok
13:51:59.0083 5976 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:51:59.0083 5976 Null - ok
13:51:59.0381 5976 nvlddmkm (a68c95f8e17a4cfcb99f2139d73f552b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:51:59.0508 5976 nvlddmkm - ok
13:51:59.0551 5976 nvpciflt (7b4bd86b22dfe63fc08e5f4e24b54438) C:\Windows\system32\DRIVERS\nvpciflt.sys
13:51:59.0553 5976 nvpciflt - ok
13:51:59.0563 5976 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:51:59.0566 5976 nvraid - ok
13:51:59.0576 5976 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:51:59.0578 5976 nvstor - ok
13:51:59.0598 5976 nvsvc (bd1cec4d0cacabcfd93a07b2cc46c9eb) C:\Windows\system32\nvvsvc.exe
13:51:59.0608 5976 nvsvc - ok
13:51:59.0668 5976 nvUpdatusService (82205275bdb35b0ac8750fa8d0a21a5b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:51:59.0696 5976 nvUpdatusService - ok
13:51:59.0743 5976 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:51:59.0746 5976 nv_agp - ok
13:51:59.0758 5976 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:51:59.0761 5976 ohci1394 - ok
13:51:59.0773 5976 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:51:59.0778 5976 p2pimsvc - ok
13:51:59.0798 5976 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:51:59.0806 5976 p2psvc - ok
13:51:59.0816 5976 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:51:59.0818 5976 Parport - ok
13:51:59.0831 5976 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:51:59.0831 5976 partmgr - ok
13:51:59.0843 5976 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:51:59.0846 5976 PcaSvc - ok
13:51:59.0856 5976 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:51:59.0858 5976 pci - ok
13:51:59.0861 5976 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:51:59.0863 5976 pciide - ok
13:51:59.0873 5976 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:51:59.0876 5976 pcmcia - ok
13:51:59.0886 5976 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:51:59.0886 5976 pcw - ok
13:51:59.0891 5976 PdiPorts (117eb9a45636991a3d88eabc12111f3f) C:\Windows\system32\DRIVERS\PdiPorts.sys
13:51:59.0896 5976 PdiPorts - ok
13:51:59.0911 5976 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:51:59.0918 5976 PEAUTH - ok
13:51:59.0948 5976 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:51:59.0963 5976 PeerDistSvc - ok
13:51:59.0996 5976 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:51:59.0996 5976 PerfHost - ok
13:52:00.0067 5976 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:52:00.0083 5976 pla - ok
13:52:00.0098 5976 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:52:00.0114 5976 PlugPlay - ok
13:52:00.0114 5976 PnkBstrA - ok
13:52:00.0114 5976 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:52:00.0114 5976 PNRPAutoReg - ok
13:52:00.0142 5976 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:52:00.0144 5976 PNRPsvc - ok
13:52:00.0162 5976 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:52:00.0169 5976 PolicyAgent - ok
13:52:00.0177 5976 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:52:00.0179 5976 Power - ok
13:52:00.0187 5976 PowerBiosServer (1045551441ece5532755da637be7bb94) C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
13:52:00.0189 5976 PowerBiosServer - ok
13:52:00.0204 5976 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:52:00.0204 5976 PptpMiniport - ok
13:52:00.0204 5976 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:52:00.0220 5976 Processor - ok
13:52:00.0220 5976 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:52:00.0220 5976 ProfSvc - ok
13:52:00.0236 5976 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:52:00.0236 5976 ProtectedStorage - ok
13:52:00.0251 5976 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:52:00.0251 5976 Psched - ok
13:52:00.0282 5976 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:52:00.0298 5976 ql2300 - ok
13:52:00.0345 5976 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:52:00.0345 5976 ql40xx - ok
13:52:00.0360 5976 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:52:00.0360 5976 QWAVE - ok
13:52:00.0376 5976 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:52:00.0376 5976 QWAVEdrv - ok
13:52:00.0392 5976 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
13:52:00.0392 5976 RapiMgr - ok
13:52:00.0392 5976 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:52:00.0392 5976 RasAcd - ok
13:52:00.0407 5976 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:52:00.0407 5976 RasAgileVpn - ok
13:52:00.0423 5976 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:52:00.0423 5976 RasAuto - ok
13:52:00.0438 5976 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:52:00.0438 5976 Rasl2tp - ok
13:52:00.0454 5976 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:52:00.0461 5976 RasMan - ok
13:52:00.0474 5976 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:52:00.0474 5976 RasPppoe - ok
13:52:00.0484 5976 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:52:00.0486 5976 RasSstp - ok
13:52:00.0499 5976 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:52:00.0501 5976 rdbss - ok
13:52:00.0506 5976 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
13:52:00.0506 5976 rdpbus - ok
13:52:00.0509 5976 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:52:00.0511 5976 RDPCDD - ok
13:52:00.0521 5976 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:52:00.0524 5976 RDPDR - ok
13:52:00.0526 5976 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:52:00.0526 5976 RDPENCDD - ok
13:52:00.0529 5976 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:52:00.0531 5976 RDPREFMP - ok
13:52:00.0541 5976 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:52:00.0544 5976 RDPWD - ok
13:52:00.0556 5976 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:52:00.0559 5976 rdyboost - ok
13:52:00.0569 5976 RegSrvc (b29f5bd169cddee1049015255e7e3fbd) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:52:00.0571 5976 RegSrvc - ok
13:52:00.0584 5976 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:52:00.0586 5976 RemoteAccess - ok
13:52:00.0596 5976 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:52:00.0601 5976 RemoteRegistry - ok
13:52:00.0614 5976 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:52:00.0616 5976 RFCOMM - ok
13:52:00.0626 5976 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:52:00.0629 5976 RpcEptMapper - ok
13:52:00.0631 5976 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:52:00.0631 5976 RpcLocator - ok
13:52:00.0644 5976 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:52:00.0649 5976 RpcSs - ok
13:52:00.0666 5976 RSBASTOR (7d9a999ccbb82020321bccfeb9bb3c91) C:\Windows\system32\DRIVERS\RtsBaStor.sys
13:52:00.0671 5976 RSBASTOR - ok
13:52:00.0684 5976 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:52:00.0684 5976 rspndr - ok
13:52:00.0706 5976 RTL8167 (c5cd940effade1f6246730bca14e9fe6) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:52:00.0716 5976 RTL8167 - ok
13:52:00.0719 5976 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:52:00.0721 5976 s3cap - ok
13:52:00.0726 5976 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:52:00.0729 5976 SamSs - ok
13:52:00.0731 5976 SANDRA - ok
13:52:00.0744 5976 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:52:00.0744 5976 sbp2port - ok
13:52:00.0776 5976 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
13:52:00.0786 5976 SBSDWSCService - ok
13:52:00.0799 5976 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:52:00.0801 5976 SCardSvr - ok
13:52:00.0811 5976 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:52:00.0811 5976 scfilter - ok
13:52:00.0836 5976 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:52:00.0846 5976 Schedule - ok
13:52:00.0859 5976 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:52:00.0859 5976 SCPolicySvc - ok
13:52:00.0871 5976 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:52:00.0874 5976 SDRSVC - ok
13:52:00.0881 5976 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:52:00.0881 5976 secdrv - ok
13:52:00.0886 5976 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:52:00.0889 5976 seclogon - ok
13:52:00.0899 5976 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:52:00.0899 5976 SENS - ok
13:52:00.0904 5976 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:52:00.0906 5976 SensrSvc - ok
13:52:00.0911 5976 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:52:00.0911 5976 Serenum - ok
13:52:00.0924 5976 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:52:00.0926 5976 Serial - ok
13:52:00.0929 5976 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:52:00.0931 5976 sermouse - ok
13:52:00.0949 5976 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:52:00.0951 5976 SessionEnv - ok
13:52:00.0954 5976 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:52:00.0956 5976 sffdisk - ok
13:52:00.0959 5976 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:52:00.0959 5976 sffp_mmc - ok
13:52:00.0964 5976 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:52:00.0964 5976 sffp_sd - ok
13:52:00.0966 5976 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:52:00.0969 5976 sfloppy - ok
13:52:00.0981 5976 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:52:00.0986 5976 SharedAccess - ok
13:52:01.0004 5976 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:52:01.0009 5976 ShellHWDetection - ok
13:52:01.0016 5976 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:52:01.0019 5976 SiSRaid2 - ok
13:52:01.0029 5976 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:52:01.0031 5976 SiSRaid4 - ok
13:52:01.0041 5976 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:52:01.0044 5976 Smb - ok
13:52:01.0049 5976 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:52:01.0051 5976 SNMPTRAP - ok
13:52:01.0054 5976 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:52:01.0056 5976 spldr - ok
13:52:01.0074 5976 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:52:01.0081 5976 Spooler - ok
13:52:01.0161 5976 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:52:01.0199 5976 sppsvc - ok
13:52:01.0239 5976 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:52:01.0241 5976 sppuinotify - ok
13:52:01.0249 5976 Spyder2 (b9413b99dbb704e0f5824775a1118cc7) C:\Windows\system32\drivers\Spyder2.sys
13:52:01.0249 5976 Spyder2 - ok
13:52:01.0254 5976 Spyder3 (d8b882c520fc83547e22014ff5ec66d7) C:\Windows\system32\drivers\Spyder3.sys
13:52:01.0254 5976 Spyder3 - ok
13:52:01.0274 5976 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:52:01.0281 5976 srv - ok
13:52:01.0296 5976 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:52:01.0301 5976 srv2 - ok
13:52:01.0319 5976 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:52:01.0321 5976 srvnet - ok
13:52:01.0334 5976 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:52:01.0336 5976 SSDPSRV - ok
13:52:01.0349 5976 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:52:01.0354 5976 SstpSvc - ok
13:52:01.0356 5976 Steam Client Service - ok
13:52:01.0364 5976 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:52:01.0364 5976 stexstor - ok
13:52:01.0384 5976 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:52:01.0394 5976 stisvc - ok
13:52:01.0401 5976 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:52:01.0404 5976 storflt - ok
13:52:01.0409 5976 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:52:01.0411 5976 StorSvc - ok
13:52:01.0416 5976 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:52:01.0419 5976 storvsc - ok
13:52:01.0421 5976 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:52:01.0424 5976 swenum - ok
13:52:01.0429 5976 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:52:01.0445 5976 SwitchBoard - ok
13:52:01.0468 5976 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:52:01.0475 5976 swprv - ok
13:52:01.0510 5976 SynTP (f4db1d9e6a42d491f0f8e21854301c0b) C:\Windows\system32\drivers\SynTP.sys
13:52:01.0530 5976 SynTP - ok
13:52:01.0608 5976 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:52:01.0630 5976 SysMain - ok
13:52:01.0678 5976 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:52:01.0680 5976 TabletInputService - ok
13:52:01.0698 5976 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:52:01.0703 5976 TapiSrv - ok
13:52:01.0715 5976 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:52:01.0718 5976 TBS - ok
13:52:01.0768 5976 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:52:01.0790 5976 Tcpip - ok
13:52:01.0883 5976 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:52:01.0895 5976 TCPIP6 - ok
13:52:01.0941 5976 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:52:01.0941 5976 tcpipreg - ok
13:52:01.0941 5976 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:52:01.0941 5976 TDPIPE - ok
13:52:01.0957 5976 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:52:01.0957 5976 TDTCP - ok
13:52:01.0973 5976 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:52:01.0973 5976 tdx - ok
13:52:01.0988 5976 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:52:01.0988 5976 TermDD - ok
13:52:02.0004 5976 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:52:02.0019 5976 TermService - ok
13:52:02.0019 5976 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:52:02.0035 5976 Themes - ok
13:52:02.0035 5976 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:52:02.0051 5976 THREADORDER - ok
13:52:02.0051 5976 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:52:02.0066 5976 TrkWks - ok
13:52:02.0066 5976 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:52:02.0082 5976 TrustedInstaller - ok
13:52:02.0082 5976 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:52:02.0082 5976 tssecsrv - ok
13:52:02.0097 5976 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:52:02.0097 5976 TsUsbFlt - ok
13:52:02.0097 5976 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:52:02.0113 5976 TsUsbGD - ok
13:52:02.0113 5976 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:52:02.0129 5976 tunnel - ok
13:52:02.0129 5976 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:52:02.0129 5976 uagp35 - ok
13:52:02.0144 5976 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:52:02.0160 5976 udfs - ok
13:52:02.0160 5976 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:52:02.0160 5976 UI0Detect - ok
13:52:02.0175 5976 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:52:02.0175 5976 uliagpkx - ok
13:52:02.0191 5976 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:52:02.0201 5976 umbus - ok
13:52:02.0203 5976 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:52:02.0206 5976 UmPass - ok
13:52:02.0218 5976 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:52:02.0223 5976 UmRdpService - ok
13:52:02.0241 5976 UNS (f76057596ef65049869098677ab72c30) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:52:02.0246 5976 UNS - ok
13:52:02.0263 5976 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:52:02.0271 5976 upnphost - ok
13:52:02.0281 5976 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:52:02.0293 5976 usbccgp - ok
13:52:02.0308 5976 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:52:02.0308 5976 usbcir - ok
13:52:02.0318 5976 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:52:02.0318 5976 usbehci - ok
13:52:02.0333 5976 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
13:52:02.0338 5976 usbhub - ok
13:52:02.0343 5976 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:52:02.0346 5976 usbohci - ok
13:52:02.0348 5976 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
13:52:02.0351 5976 usbprint - ok
13:52:02.0361 5976 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:52:02.0371 5976 USBSTOR - ok
13:52:02.0376 5976 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:52:02.0376 5976 usbuhci - ok
13:52:02.0386 5976 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
13:52:02.0388 5976 usbvideo - ok
13:52:02.0393 5976 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
13:52:02.0401 5976 usb_rndisx - ok
13:52:02.0406 5976 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:52:02.0408 5976 UxSms - ok
13:52:02.0413 5976 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:52:02.0413 5976 VaultSvc - ok
13:52:02.0421 5976 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:52:02.0421 5976 vdrvroot - ok
13:52:02.0441 5976 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:52:02.0448 5976 vds - ok
13:52:02.0453 5976 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:52:02.0458 5976 vga - ok
13:52:02.0463 5976 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:52:02.0466 5976 VgaSave - ok
13:52:02.0476 5976 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:52:02.0481 5976 vhdmp - ok
13:52:02.0528 5976 VIAHdAudAddService (e8af45c4fe2457d003e1842806f38748) C:\Windows\system32\drivers\viahduaa.sys
13:52:02.0551 5976 VIAHdAudAddService - ok
13:52:02.0596 5976 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:52:02.0596 5976 viaide - ok
13:52:02.0603 5976 VIAKaraokeService (05d6657a9ccfd269d05d41bffdce9498) C:\Windows\system32\viakaraokesrv.exe
13:52:02.0606 5976 VIAKaraokeService - ok
13:52:02.0616 5976 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:52:02.0618 5976 vmbus - ok
13:52:02.0626 5976 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:52:02.0626 5976 VMBusHID - ok
13:52:02.0633 5976 VMfilt (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\VMfilt64.sys
13:52:02.0633 5976 VMfilt - ok
13:52:02.0646 5976 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:52:02.0646 5976 volmgr - ok
13:52:02.0661 5976 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:52:02.0666 5976 volmgrx - ok
13:52:02.0678 5976 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:52:02.0683 5976 volsnap - ok
13:52:02.0696 5976 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:52:02.0698 5976 vsmraid - ok
13:52:02.0741 5976 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:52:02.0756 5976 VSS - ok
13:52:02.0798 5976 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:52:02.0798 5976 vwifibus - ok
13:52:02.0811 5976 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:52:02.0811 5976 vwififlt - ok
13:52:02.0816 5976 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:52:02.0818 5976 vwifimp - ok
13:52:02.0833 5976 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:52:02.0841 5976 W32Time - ok
13:52:02.0848 5976 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:52:02.0851 5976 WacomPen - ok
13:52:02.0863 5976 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:52:02.0866 5976 WANARP - ok
13:52:02.0866 5976 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:52:02.0868 5976 Wanarpv6 - ok
13:52:02.0906 5976 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:52:02.0921 5976 WatAdminSvc - ok
13:52:02.0961 5976 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:52:02.0981 5976 wbengine - ok
13:52:03.0033 5976 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:52:03.0036 5976 WbioSrvc - ok
13:52:03.0046 5976 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
13:52:03.0046 5976 WcesComm - ok
13:52:03.0062 5976 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:52:03.0080 5976 wcncsvc - ok
13:52:03.0085 5976 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:52:03.0087 5976 WcsPlugInService - ok
13:52:03.0095 5976 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:52:03.0097 5976 Wd - ok
13:52:03.0115 5976 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:52:03.0125 5976 Wdf01000 - ok
13:52:03.0137 5976 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:52:03.0140 5976 WdiServiceHost - ok
13:52:03.0142 5976 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:52:03.0142 5976 WdiSystemHost - ok
13:52:03.0157 5976 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:52:03.0162 5976 WebClient - ok
13:52:03.0170 5976 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:52:03.0175 5976 Wecsvc - ok
13:52:03.0187 5976 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:52:03.0190 5976 wercplsupport - ok
13:52:03.0205 5976 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:52:03.0207 5976 WerSvc - ok
13:52:03.0215 5976 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:52:03.0217 5976 WfpLwf - ok
13:52:03.0222 5976 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:52:03.0222 5976 WIMMount - ok
13:52:03.0227 5976 WinDefend - ok
13:52:03.0232 5976 WinHttpAutoProxySvc - ok
13:52:03.0252 5976 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:52:03.0255 5976 Winmgmt - ok
13:52:03.0307 5976 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:52:03.0330 5976 WinRM - ok
13:52:03.0380 5976 WINUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.SYS
13:52:03.0380 5976 WINUSB - ok
13:52:03.0411 5976 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:52:03.0427 5976 Wlansvc - ok
13:52:03.0427 5976 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:52:03.0427 5976 WmiAcpi - ok
13:52:03.0443 5976 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:52:03.0443 5976 wmiApSrv - ok
13:52:03.0458 5976 WMPNetworkSvc - ok
13:52:03.0458 5976 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:52:03.0458 5976 WPCSvc - ok
13:52:03.0474 5976 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:52:03.0474 5976 WPDBusEnum - ok
13:52:03.0474 5976 WPRO_41_2001 (7ca09731eb7fc99b910c7f239e57720f) C:\Windows\system32\drivers\WPRO_41_2001.sys
13:52:03.0489 5976 WPRO_41_2001 - ok
13:52:03.0489 5976 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:52:03.0489 5976 ws2ifsl - ok
13:52:03.0505 5976 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:52:03.0505 5976 wscsvc - ok
13:52:03.0521 5976 WSearch - ok
13:52:03.0574 5976 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:52:03.0601 5976 wuauserv - ok
13:52:03.0651 5976 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:52:03.0654 5976 WudfPf - ok
13:52:03.0669 5976 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:52:03.0671 5976 WUDFRd - ok
13:52:03.0684 5976 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:52:03.0686 5976 wudfsvc - ok
13:52:03.0701 5976 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:52:03.0706 5976 WwanSvc - ok
13:52:03.0714 5976 X-Rite (1d9d643cb69654973a0551c17312034f) C:\Windows\system32\drivers\XrUsb64.sys
13:52:03.0721 5976 X-Rite - ok
13:52:03.0789 5976 ZeroConfigService (9e35c40b0952f27e3f57e8f1d449f0a0) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
13:52:03.0816 5976 ZeroConfigService - ok
13:52:03.0829 5976 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:52:03.0909 5976 \Device\Harddisk0\DR0 - ok
13:52:03.0911 5976 Boot (0x1200) (970eb9e963884bd88f332304b07b9244) \Device\Harddisk0\DR0\Partition0
13:52:03.0914 5976 \Device\Harddisk0\DR0\Partition0 - ok
13:52:03.0914 5976 ============================================================
13:52:03.0914 5976 Scan finished
13:52:03.0914 5976 ============================================================
13:52:03.0924 5484 Detected object count: 0
13:52:03.0924 5484 Actual detected object count: 0


The aswMBR report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-26 13:53:17
-----------------------------
13:53:17.639 OS Version: Windows x64 6.1.7601 Service Pack 1
13:53:17.639 Number of processors: 8 586 0x3A09
13:53:17.639 ComputerName: MYTHOLOGICAL UserName: Charles
13:53:17.795 Initialize success
13:53:51.864 AVAST engine defs: 12052601
13:54:31.236 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:54:31.239 Disk 0 Vendor: INTEL_SS 4PC1 Size: 152627MB BusType: 3
13:54:31.241 Disk 0 MBR read successfully
13:54:31.244 Disk 0 MBR scan
13:54:31.289 Disk 0 Windows 7 default MBR code
13:54:31.291 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 144423 MB offset 2048
13:54:31.309 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 8202 MB offset 295780352
13:54:31.344 Disk 0 scanning C:\Windows\system32\drivers
13:54:35.749 Service scanning
13:54:53.757 Modules scanning
13:54:53.762 Disk 0 trace - called modules:
13:54:53.767 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
13:54:53.769 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a41790]
13:54:54.097 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa80044024e0]
13:54:54.099 5 ACPI.sys[fffff88000f317a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004403050]
13:54:54.259 AVAST engine scan C:\Windows
13:54:55.594 AVAST engine scan C:\Windows\system32
13:56:50.139 AVAST engine scan C:\Windows\system32\drivers
13:56:55.621 AVAST engine scan C:\Users\Charles
14:01:42.115 AVAST engine scan C:\ProgramData
14:02:57.895 Scan finished successfully
16:40:32.000 Disk 0 MBR has been saved successfully to "C:\Users\Charles\Desktop\MBR.dat"
16:40:32.031 The log file has been saved successfully to "C:\Users\Charles\Desktop\aswMBR.txt"


Thank you for all the help, please let me know if I have completed any step improperly.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 PM

Posted 26 May 2012 - 04:54 PM

Greetings


you have been doing very well and the reports have been perfect so far


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Baenwort

Baenwort
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 26 May 2012 - 10:27 PM

Here is the output of the log:

ComboFix 12-05-26.02 - Charles 05/26/2012 22:17:59.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3992.1604 [GMT -5:00]
Running from: c:\users\Charles\Desktop\ComboFix.exe
Command switches used :: c:\users\Charles\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 03:20 . 2012-05-27 03:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-26 23:26 . 2012-05-26 23:26 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{261908C4-A347-46B4-AD78-7A0629B6AA71}\offreg.dll
2012-05-26 23:26 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{261908C4-A347-46B4-AD78-7A0629B6AA71}\mpengine.dll
2012-05-26 00:31 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-25 00:07 . 2012-05-25 00:07 -------- d-----w- c:\program files (x86)\Hotkey
2012-05-24 22:12 . 2012-05-24 22:18 -------- d-----w- c:\windows\SysWow64\NV
2012-05-24 22:12 . 2012-05-24 22:18 -------- d-----w- c:\windows\system32\NV
2012-05-24 22:07 . 2012-05-24 22:12 -------- d-----w- c:\programdata\NVIDIA
2012-05-24 04:53 . 2012-05-24 04:53 -------- d-----w- c:\program files\DIFX
2012-05-23 18:57 . 2012-01-15 09:06 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-05-23 18:27 . 2012-05-24 22:07 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-05-23 18:19 . 2012-05-24 22:07 -------- d-----w- c:\program files\NVIDIA Corporation
2012-05-23 18:17 . 2012-05-23 18:17 -------- d-----w- c:\program files (x86)\Phyxion.net
2012-05-23 16:36 . 2012-05-23 16:36 -------- d-----w- c:\program files\CCleaner
2012-05-23 04:10 . 2012-05-23 04:10 -------- d-----w- c:\program files (x86)\Microsoft Research
2012-05-23 03:44 . 2012-05-23 03:44 -------- d-----w- C:\BatteryBar
2012-05-19 12:42 . 2006-12-09 09:55 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\sugg1pc.dll
2012-05-18 04:03 . 2008-07-12 13:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-05-18 04:03 . 2008-07-12 13:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-05-18 04:03 . 2008-07-12 13:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-05-18 04:03 . 2012-05-18 04:03 -------- d-----w- c:\programdata\Passmark
2012-05-17 13:54 . 2012-05-17 13:54 -------- d-----w- c:\program files (x86)\MSI Kombustor 2.3
2012-05-17 13:45 . 2012-05-17 13:45 -------- d--h--w- c:\windows\msdownld.tmp
2012-05-17 13:44 . 2012-05-24 04:09 -------- d-----w- c:\program files (x86)\MSI Afterburner
2012-05-15 01:42 . 2012-05-15 01:42 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-05-15 01:41 . 2012-05-15 03:07 -------- d-----w- c:\program files\Common Files\Adobe
2012-05-15 01:40 . 2012-05-15 01:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-05-15 01:40 . 2012-05-15 01:41 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-05-12 03:04 . 2012-05-12 03:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-12 03:04 . 2012-05-12 03:04 -------- d-----w- c:\programdata\Malwarebytes
2012-05-12 03:04 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-12 00:22 . 2012-05-12 00:22 -------- d-----w- c:\windows\WindowsMobile
2012-05-11 16:32 . 2012-05-11 16:32 -------- d-----w- c:\program files (x86)\Notepad++
2012-05-11 16:31 . 2012-05-11 16:31 -------- d-----w- c:\program files\HashTab Shell Extension
2012-05-11 16:30 . 2012-05-11 16:30 -------- d-----w- c:\program files (x86)\Foxit Software
2012-05-11 16:29 . 2012-05-11 16:29 -------- d-----w- c:\program files (x86)\Acro Software
2012-05-11 16:29 . 2012-03-11 19:56 86608 ----a-w- c:\windows\system32\cpwmon64.dll
2012-05-11 16:28 . 2012-05-11 16:28 -------- d-----w- c:\program files (x86)\GPLGS
2012-05-11 14:58 . 2012-05-11 14:58 -------- d-----w- c:\programdata\Yahoo!
2012-05-11 14:56 . 2012-05-11 14:58 -------- d-----w- c:\program files (x86)\Yahoo!
2012-05-11 13:52 . 2012-05-25 00:54 -------- d-----w- C:\Opera
2012-05-11 13:27 . 2012-05-11 13:27 -------- d-----w- c:\programdata\Logitech
2012-05-11 04:26 . 2012-05-11 04:26 -------- d-----w- c:\program files\7-Zip
2012-05-11 04:24 . 2012-05-23 19:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-11 04:24 . 2012-05-11 04:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-11 03:58 . 2012-05-23 16:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-11 03:57 . 2012-05-11 03:57 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-05-11 03:57 . 2012-05-11 03:58 -------- d-----w- c:\programdata\Logishrd
2012-05-11 03:57 . 2012-05-11 03:57 -------- d-----w- c:\program files\Logitech
2012-05-11 03:57 . 2012-05-11 03:57 -------- d-----w- c:\program files\Common Files\Logishrd
2012-05-11 03:47 . 2012-05-11 03:47 -------- d-----w- c:\program files (x86)\Cisco
2012-05-11 00:41 . 2012-05-11 00:41 -------- d-----w- c:\programdata\CCP
2012-05-11 00:30 . 2012-05-20 13:13 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-05-10 19:40 . 2012-05-10 19:40 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-05-10 18:26 . 2012-05-10 18:26 -------- d-----w- c:\program files (x86)\EVEMon
2012-05-10 17:15 . 2012-05-10 17:15 -------- d-----w- C:\OldCD
2012-05-10 17:15 . 2012-05-11 13:54 -------- d-----w- C:\DOSBox
2012-05-10 17:14 . 2012-05-10 17:15 -------- d-----w- C:\Desktops
2012-05-10 17:13 . 2012-05-10 17:13 -------- d-----w- c:\program files (x86)\Garpa Topographical Survey
2012-05-10 17:13 . 2012-05-26 16:01 -------- d-----w- C:\Steam
2012-05-10 17:12 . 2012-05-10 17:12 -------- d-----w- c:\program files (x86)\Mumble
2012-05-10 17:10 . 2012-05-11 14:26 -------- d-----w- c:\program files (x86)\Pidgin
2012-05-10 17:08 . 2012-05-10 17:14 -------- d-----w- C:\OldGames
2012-05-10 17:07 . 2012-05-14 03:50 -------- d-----w- C:\Indie Games
2012-05-10 17:04 . 2012-05-11 00:48 -------- d-----w- c:\program files (x86)\Opera
2012-05-10 15:59 . 2012-05-10 15:59 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-10 15:59 . 2012-05-10 15:59 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-10 15:55 . 2012-05-10 15:55 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-10 15:54 . 2012-05-10 15:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-10 15:54 . 2012-04-04 23:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-10 15:52 . 2012-05-11 00:47 -------- d-----w- c:\windows\system32\appmgmt
2012-05-09 02:20 . 2012-05-24 15:59 -------- d-----w- c:\users\Charles
2012-05-09 01:45 . 2012-05-09 01:45 -------- d-----w- c:\programdata\tmp
2012-05-09 01:28 . 2012-05-09 01:28 -------- d-----w- c:\programdata\ICS
2012-05-09 01:28 . 2012-05-09 01:29 -------- d-----w- c:\programdata\ICC
2012-05-09 01:27 . 2012-05-09 01:48 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
2012-05-09 01:25 . 2006-11-17 00:26 19248 ----a-w- c:\windows\system32\drivers\pdiports.sys
2012-05-09 01:25 . 2012-05-09 01:25 -------- d-----w- c:\program files (x86)\Common Files\Portrait Displays
2012-05-09 01:25 . 2012-05-09 01:48 -------- d-----w- c:\windows\SysWow64\drivers\color
2012-05-09 01:25 . 2007-12-12 16:11 15360 ----a-w- c:\windows\system32\drivers\Spyder3.sys
2012-05-09 01:25 . 2007-01-29 13:01 33600 ----a-w- c:\windows\system32\drivers\XrUsb64.sys
2012-05-09 01:25 . 2007-01-17 17:32 15360 ----a-w- c:\windows\system32\drivers\Spyder2.sys
2012-05-09 01:25 . 2006-04-20 06:03 1912800 ----a-w- c:\windows\system32\WdfCoInstaller01001.dll
2012-05-09 00:25 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 00:25 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 00:25 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 00:25 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 00:25 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 00:25 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 00:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 00:24 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 00:24 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 00:24 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 00:24 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 00:24 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 00:24 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 20:35 . 2012-05-08 20:35 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-08 06:33 . 2012-05-08 06:33 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63800F51-C866-4145-8B50-6ADE5D314C7F}\gapaengine.dll
2012-05-08 06:32 . 2012-05-08 20:36 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-08 05:45 . 2012-05-08 05:49 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-08 05:45 . 2012-05-08 05:45 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-08 05:45 . 2012-05-08 05:49 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-08 05:45 . 2012-05-08 05:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-08 05:44 . 2012-05-08 05:45 -------- d-----w- c:\programdata\EA Logs
2012-05-08 05:44 . 2012-05-08 05:44 -------- d-----w- c:\programdata\EA Core
2012-05-08 05:42 . 2012-05-08 06:28 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-05-08 05:38 . 2012-05-09 01:49 -------- d-----w- c:\programdata\Origin
2012-05-08 05:38 . 2012-05-08 05:44 -------- d-----w- c:\programdata\Electronic Arts
2012-05-08 04:45 . 2012-05-08 04:45 -------- d--h--w- c:\program files (x86)\Zero G Registry
2012-05-06 23:00 . 2012-05-07 20:44 -------- d-----w- c:\programdata\Futuremark
2012-05-06 22:58 . 2012-05-06 22:58 -------- d-----w- c:\program files\SiSoftware
2012-05-06 21:35 . 2012-05-06 21:35 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-06 21:35 . 2012-05-06 21:35 -------- d-----w- c:\windows\system32\Wat
2012-05-06 21:18 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-06 21:18 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-06 21:18 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-06 21:18 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-06 21:18 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-06 21:18 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-06 21:18 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-06 21:15 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-05-06 21:15 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-06 21:15 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-06 21:14 . 2012-05-23 16:48 -------- d-----w- c:\users\UpdatusUser
2012-05-06 21:13 . 2012-05-12 14:05 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 23:49 . 2012-04-17 23:49 4246016 ----a-w- c:\windows\system32\wlihvui.dll
2012-04-17 23:45 . 2012-04-17 23:45 2463744 ----a-w- c:\windows\system32\iwmssvc.dll
2012-03-21 03:44 . 2011-04-27 22:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2011-04-18 20:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-12 19:06 . 2012-03-12 19:06 11471872 ----a-w- c:\windows\system32\drivers\Netwsw00.sys
2012-03-07 08:40 . 2012-03-07 08:40 1536 ----a-w- c:\windows\SysWow64\IusEventLog.dll
2012-03-01 15:55 . 2012-03-01 15:55 195584 ----a-w- c:\windows\system32\drivers\AmpPal.sys
2012-02-29 00:59 . 2012-02-29 00:59 34232 ----a-w- c:\windows\system32\drivers\intelaud.sys
2012-02-29 00:59 . 2012-02-29 00:59 25496 ----a-w- c:\windows\system32\drivers\iwdbus.sys
2012-02-29 00:59 . 2012-02-29 00:59 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-26_00.28.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-05-26 14:15 43480 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-26 14:15 33294 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-10 15:48 . 2012-05-26 14:15 5284 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3350622174-2860387809-107853704-1002_UserData.bin
- 2012-05-05 21:52 . 2012-05-26 00:22 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-05-05 21:52 . 2012-05-26 12:49 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-05-26 00:23 . 2012-05-26 00:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-26 14:12 . 2012-05-26 14:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-26 00:23 . 2012-05-26 00:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-26 14:12 . 2012-05-26 14:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-07 06:54 . 2012-05-26 16:07 251392 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-05-26 00:27 662446 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-26 14:17 662446 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-26 00:27 122242 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-26 14:17 122242 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-05-26 12:49 314536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-26 00:22 314536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowBatteryBar"="c:\batterybar\ShowBatteryBar.exe" [2009-05-28 89600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-12 5025904]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2012-4-11 4727296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-30 276248]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Charles\AppData\Local\Temp\GPU-Z.sys [x]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\drivers\ISCTD64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-04-18 273168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [x]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [x]
R3 X-Rite;X-Rite USB Service;c:\windows\system32\drivers\XrUsb64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-01 659976]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-02-22 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-02-22 1104208]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-03-08 135952]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-03-07 629984]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-03-22 128280]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-03-29 165144]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-22 2458944]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-18 35328]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-03-14 362840]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-04-18 2671376]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-02-22 1304912]
S3 hswpan;WPAN Driver;c:\windows\system32\drivers\hswpan.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\Netwsw00.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 77112176
*Deregistered* - 77112176
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3350622174-2860387809-107853704-1002Core.job
- c:\users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 15:34]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3350622174-2860387809-107853704-1002UA.job
- c:\users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 15:34]
.
2012-05-26 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-27 03:24]
.
2012-05-26 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-27 03:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-22 11406608]
"CECAPLF"="c:\program files (x86)\ChiconyCam\CECAPLF.exe" [2011-07-06 121456]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-30 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-30 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-30 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.mythlogic.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 4.2.2.4 64.81.159.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-26 22:21:40
ComboFix-quarantined-files.txt 2012-05-27 03:21
.
Pre-Run: 87,738,097,664 bytes free
Post-Run: 87,541,633,024 bytes free
.
- - End Of File - - 35C012ED664CC932F421458B2F636E40


I have not had further stack overflow BSOD and the computer is otherwise functioning normally.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 PM

Posted 27 May 2012 - 07:44 AM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Baenwort

Baenwort
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 28 May 2012 - 01:52 PM

MBAM Log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.28.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Charles :: MYTHOLOGICAL [administrator]

5/28/2012 13:48:38
mbam-log-2012-05-28 (13-48-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258708
Time elapsed: 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:50:08, on 5/28/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ChiconyCam\CECAPLF.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Opera\opera.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mythlogic.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\BatteryBar\ShowBatteryBar.exe" show
O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\Hotkey.exe
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 9293 bytes


As mentioned in the last post no further errors or anomalies have been seen since the first stack overflow BSOD. The computer is otherwise running as normal.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 PM

Posted 28 May 2012 - 02:15 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
      O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Baenwort

Baenwort
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 29 May 2012 - 06:14 PM

I removed the recommended programs.

When I ran the ESET program with the requested checks and was unable to locate the copy to clipboard and I was unable to highlight and copy so I took a screen shot.

Posted Image

The program did not find anything.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 PM

Posted 29 May 2012 - 08:34 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Baenwort

Baenwort
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 31 May 2012 - 05:54 PM

Thank you for the help, I have completed the removal steps in the last post.

The BSOD hasn't repeated but my worry was that it was used to install something. Thank you for all the guidance.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:49 PM

Posted 31 May 2012 - 10:47 PM

you are more than welcome


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users