Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Welcome to Nginx


  • This topic is locked This topic is locked
27 replies to this topic

#1 ohwhymewhymeme

ohwhymewhymeme

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 30 May 2012 - 12:20 AM

Hi, this is my first time post. I today just a few hours ago had a problem where everytime I loaded google or youtube. It would redirect me to welcome to Nginx, or show me a 404. This is on firefox by the way. On Chrome I went onto google fine. What I did then was I cleared my cache and history and everything on firefox, and that seemed to clear it up. However, I'm still unsure if there is anything leftover. What I then did, was run ComboFix. And I will attach a log that it has provided. I noticed that when my aol instant messenger logs in, it opens the aol page (normal, was too lazy to disable that) but I'm signed into an account called "I Hate Google". Which I don't remember doing...anyways, here is my ComboFix log. Although it seems cleared up now, I doubt that clearing my cache and firefox information would completely get rid of it. Maybe ComboFix did?

ComboFix 12-05-29.01 - Bernard 05/29/2012 21:00:53.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2046 [GMT -7:00]
Running from: c:\users\Bernard\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MULTIFRAME\DESKTOP_.INI
c:\programdata\FullRemove.exe
c:\users\Bernard\AppData\Roaming\app
c:\users\Bernard\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Bernard\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\windows\security\Database\tmp.edb
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-30 04:14 . 2012-05-30 04:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-30 04:14 . 2012-05-30 04:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-30 03:52 . 2012-05-30 03:52 -------- d-----w- c:\program files (x86)\Yontoo
2012-05-30 03:52 . 2012-05-30 03:52 -------- d-----w- c:\programdata\Tarma Installer
2012-05-30 03:43 . 2012-05-30 03:43 -------- d-----w- c:\programdata\GFI Software
2012-05-29 07:17 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0176CCA-D28E-47E4-8D9C-9E9434F9C2BE}\mpengine.dll
2012-05-28 13:31 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-23 19:05 . 2012-05-23 19:05 -------- d-----w- c:\users\Bernard\AppData\Roaming\LolClient2
2012-05-23 17:48 . 2012-05-23 17:48 -------- d-----w- c:\users\Bernard\AppData\Roaming\e-academy Inc
2012-05-23 17:48 . 2012-05-23 17:48 -------- d-----w- c:\users\Bernard\AppData\Local\e-academy Inc
2012-05-22 07:22 . 2012-05-22 07:22 -------- d-----w- c:\users\Bernard\AppData\Local\adaware
2012-05-22 07:22 . 2012-05-22 07:22 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-05-22 07:22 . 2012-05-22 07:22 -------- d-----w- c:\programdata\Lavasoft
2012-05-22 07:21 . 2012-05-30 03:46 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-05-22 07:20 . 2012-05-22 22:22 -------- d-----w- c:\users\Bernard\AppData\Roaming\Ad-Aware Antivirus
2012-05-15 04:09 . 2012-05-15 05:22 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-15 04:07 . 2012-05-15 04:07 -------- d-----w- c:\programdata\Battle.net
2012-05-10 07:07 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 07:07 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 07:07 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 07:07 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 07:07 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 07:07 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 07:06 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 07:06 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 07:06 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 07:06 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 07:06 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 07:06 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 07:06 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-05 06:36 . 2012-05-05 06:36 -------- d-----w- c:\users\Bernard\AppData\Roaming\HackSlashLoot
2012-05-04 02:05 . 2012-05-04 02:05 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-04 01:52 . 2012-05-04 01:52 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-04 01:51 . 2012-05-04 01:51 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-02 02:46 . 2012-05-02 02:46 -------- d-----w- c:\users\Bernard\AppData\Roaming\runic games
2012-04-30 23:00 . 2012-04-30 23:00 -------- d-----w- c:\users\Bernard\AppData\Roaming\OpenOffice.org
2012-04-30 22:58 . 2012-04-30 22:58 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-30 03:30 . 2010-09-03 12:47 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-05-30 03:30 . 2011-02-05 03:09 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-05-15 10:48 . 2012-04-27 05:18 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-27 05:18 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-11-17 18:14 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2011-11-17 18:14 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-11-17 18:14 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2010-06-22 17:04 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2010-06-22 17:04 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2010-06-22 17:04 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2010-06-22 17:04 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2010-06-22 17:04 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2010-06-22 17:04 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2010-06-22 19:49 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-06-22 19:49 858944 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-05-15 09:29 . 2010-06-22 19:49 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-06-22 19:49 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-06-22 19:49 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-05-15 09:29 . 2010-06-22 19:49 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2010-06-22 19:49 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2010-06-22 19:49 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-06-22 19:49 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-04 01:51 . 2011-02-10 00:31 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-26 06:32 . 2011-09-26 21:45 2474528 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-04-26 06:26 . 2012-04-26 06:19 111968 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2012-03-21 03:44 . 2011-04-27 22:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2011-04-18 20:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 09:05 . 2012-03-17 09:05 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1E6E9D7-7339-49C0-88C9-4AC866AB20DF}\gapaengine.dll
2012-03-01 21:21 . 2012-03-17 07:24 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC8B5280-BA36-4AC3-8853-D15793D5F084}\mpengine.dll
2012-03-01 06:46 . 2012-04-13 20:20 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-13 20:20 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-13 20:20 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-13 20:20 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-13 20:20 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-13 20:20 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 20:20 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-02-29 4321112]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-03 1242448]
"Facebook Update"="c:\users\Bernard\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-25 137536]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-03 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-26 64112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-29 1987976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
c:\users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe [2010-9-3 12862]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 100352]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-9-3 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 BS_DEF;BS_DEF;c:\windows\BS_DEF.sys [2011-12-06 21048]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GamingMsFltr;Ideazon Reaper Edge;c:\windows\system32\drivers\gamingms.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-29 2343816]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - sbwtis
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2773988409-4248375181-1075095761-1002Core.job
- c:\users\Bernard\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-25 18:49]
.
2012-05-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2773988409-4248375181-1075095761-1002UA.job
- c:\users\Bernard\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-25 18:49]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 13:16]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 13:16]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2773988409-4248375181-1075095761-1002Core.job
- c:\users\Bernard\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-11 18:26]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2773988409-4248375181-1075095761-1002UA.job
- c:\users\Bernard\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-11 18:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1022904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-15 190536]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\y6fg8lof.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extentions.y2layers.installId, 1a7ff52c-c8b6-4e20-9943-46b4b01f518e
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-SessionLogon - c:\expressgateutil\SessionLogon.exe
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-PunkBusterSvc - c:\program files (x86)\GAMERSFIRST\APB RELOADED\Binaries\pbsvc_apb.exe
AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010} - c:\program files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe
AddRemove-{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF} - c:\program files (x86)\InstallShield Installation Information\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-29 21:20:10
ComboFix-quarantined-files.txt 2012-05-30 04:20
.
Pre-Run: 125,020,135,424 bytes free
Post-Run: 125,432,242,176 bytes free
.
- - End Of File - - 8FB96FCFA6CAA151D3BCF2AEBB47AF11

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 30 May 2012 - 12:43 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ohwhymewhymeme

ohwhymewhymeme
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 30 May 2012 - 12:46 AM

Hi!, thank you very much for the reply. I'll be getting these logs now.

#4 ohwhymewhymeme

ohwhymewhymeme
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 30 May 2012 - 12:49 AM

Firstly, Here is the Security Check file.

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Internet Security
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Java™ 6 Update 22
Java™ 6 Update 32
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 11.1.102.62 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0)
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 30 May 2012 - 12:52 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 ohwhymewhymeme

ohwhymewhymeme
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 30 May 2012 - 12:53 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32
Run by Bernard at 22:51:35 on 2012-05-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1288 [GMT -7:00]
.
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mumble\mumble.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Facebook Update] "C:\Users\Bernard\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
StartupFolder: C:\Users\Bernard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Bernard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C977603C-B985-40BB-A306-73F90B0E81CB}\2375942554238303 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C977603C-B985-40BB-A306-73F90B0E81CB}\2557E6564756272716 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C977603C-B985-40BB-A306-73F90B0E81CB}\265627279737D6F6F647869656 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C977603C-B985-40BB-A306-73F90B0E81CB}\47869637F6E65637437616262696 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C977603C-B985-40BB-A306-73F90B0E81CB}\5534D45627365646 : DhcpNameServer = 169.236.80.52 192.35.211.240 169.236.10.221
TCP: Interfaces\{C977603C-B985-40BB-A306-73F90B0E81CB}\5534D4D27457563747 : DhcpNameServer = 169.236.80.52 192.35.211.240 169.236.10.221
TCP: Interfaces\{DF43E8C7-BD29-4245-9DDE-6D7442AE9DA5} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\y6fg8lof.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Bernard\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Bernard\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Bernard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Bernard\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Bernard\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extentions.y2layers.installId, 1a7ff52c-c8b6-4e20-9943-46b4b01f518e
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-21 1262400]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-3 2320920]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2008-5-19 370872]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
RUnknown SbFw;SbFw; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-3 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 BS_DEF;BS_DEF;C:\Windows\BS_DEF.sys [2011-12-5 21048]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 GamingMsFltr;Ideazon Reaper Edge;C:\Windows\system32\drivers\gamingms.sys --> C:\Windows\system32\drivers\gamingms.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-3 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-9-3 917768]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
SUnknown SBFWIMCLMP;SBFWIMCLMP; [x]
SUnknown sbhips;sbhips; [x]
.
=============== Created Last 30 ================
.
2012-05-30 04:34:47 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD006C0D-52BC-4DBB-B0F0-429B5E03570A}\mpengine.dll
2012-05-30 04:34:03 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-30 03:58:57 98816 ----a-w- C:\Windows\sed.exe
2012-05-30 03:58:57 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-30 03:58:57 256000 ----a-w- C:\Windows\PEV.exe
2012-05-30 03:58:57 208896 ----a-w- C:\Windows\MBR.exe
2012-05-30 03:52:05 -------- d-----w- C:\Program Files (x86)\Yontoo
2012-05-30 03:52:04 -------- d-----w- C:\ProgramData\Tarma Installer
2012-05-30 03:43:06 -------- d-----w- C:\ProgramData\GFI Software
2012-05-23 19:05:45 -------- d-----w- C:\Users\Bernard\AppData\Roaming\LolClient2
2012-05-23 17:48:25 -------- d-----w- C:\Users\Bernard\AppData\Roaming\e-academy Inc
2012-05-23 17:48:25 -------- d-----w- C:\Users\Bernard\AppData\Local\e-academy Inc
2012-05-22 07:22:33 -------- d-----w- C:\Users\Bernard\AppData\Local\adaware
2012-05-22 07:22:32 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-05-22 07:21:59 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-05-22 07:20:06 -------- d-----w- C:\Users\Bernard\AppData\Roaming\Ad-Aware Antivirus
2012-05-15 04:09:14 -------- d-----w- C:\Program Files (x86)\Diablo III
2012-05-15 04:07:34 -------- d-----w- C:\ProgramData\Battle.net
2012-05-10 07:07:59 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 07:07:59 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 07:07:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 07:07:57 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 07:07:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 07:07:55 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 07:06:42 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 07:06:31 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 07:06:28 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 07:06:28 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 07:06:28 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 07:06:27 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 07:06:27 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-05 06:36:47 -------- d-----w- C:\Users\Bernard\AppData\Roaming\HackSlashLoot
2012-05-04 02:05:25 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-04 01:51:27 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-02 02:46:49 -------- d-----w- C:\Users\Bernard\AppData\Roaming\runic games
2012-04-30 23:00:37 -------- d-----w- C:\Users\Bernard\AppData\Roaming\OpenOffice.org
2012-04-30 22:58:50 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
.
==================== Find3M ====================
.
2012-05-30 03:30:49 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2012-05-30 03:30:43 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:47 858944 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 55616 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-05-15 09:29:46 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-04 01:51:17 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
.
============= FINISH: 22:51:56.14 ===============








.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/4/2011 6:53:25 PM
System Uptime: 5/29/2012 8:30:04 PM (2 hours ago)
.
Motherboard: PEGATRON CORPORATION | | U43Jc
Processor: Intel® Core™ i5 CPU M 450 @ 2.40GHz | Socket 989 | 2400/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 312 GiB total, 116.666 GiB free.
D: is FIXED (NTFS) - 134 GiB total, 134.367 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1091AE74&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1091AE74&0&01
Service: vwifimp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0001
Service: vpnva
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1091AE74&0&02
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter #2
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1091AE74&0&02
Service: vwifimp
.
==== System Restore Points ===================
.
RP247: 5/21/2012 11:46:21 PM - Windows Update
RP248: 5/23/2012 10:47:39 AM - Installed Secure Download Manager
RP249: 5/25/2012 6:42:26 PM - Windows Update
RP250: 5/29/2012 12:17:13 AM - Windows Update
RP251: 5/29/2012 8:38:08 PM - Removed Ad-Aware Antivirus.
.
==== Installed Programs ======================
.
7-Zip 9.20
Acrobat.com
Ad-Aware Browsing Protection
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.5.0 MUI
AIM 7
Alcor Micro USB Card Reader
Android SDK Tools
Apple Application Support
Apple Software Update
Assassin's Creed II
ASUS AI Recovery
ASUS AP Bank
ASUS FancyStart
ASUS U Series Bamboo ScreenSaver
ASUS WebStorage
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATK Package
Avadon
Bandisoft MPEG-1 Decoder
Bing Bar
Boingo Wi-Fi
Choice Guard
Cisco AnyConnect VPN Client
ControlDeck
Corona SDK
Costume Quest
Counter-Strike
Crystal Reports for Visual Studio
CyberLink LabelPrint
CyberLink Power2Go
DAEMON Tools Lite
Day of Defeat: Source
Dead Island
Dev-C++ 5 beta 9 release (4.9.9.2)
Diablo III
Dota 2
Dotfuscator Software Services - Community Edition
Download Updater (AOL LLC)
Dungeon Defenders
ExpressGate Cloud
Facebook Video Calling 1.2.0.159
Faerie Solitaire
Frozen Synapse
GIMP 2.6.11
Google Chrome
Google Earth
Google SketchUp 8
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hack, Slash, Loot
Heroes of Newerth
Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB982218)
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Jamestown
Jamestown: Legend of the Lost Colony
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 32
Junk Mail filter update
Lara Croft and the Guardian of Light
League of Legends
Legend of Grimrock
LogMeIn Hamachi
Magic Online
Magicka
MapleStory
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend 4 Add-in for Adobe FXG Import
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Blend SDK for Windows Phone 7
Microsoft F# Runtime for Silverlight 4
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Silverlight Tools for Visual Studio 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express for Windows Phone - ENU
Microsoft Visual Studio 2010 Premium - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio Macro Tools
Microsoft Windows Phone 7 Developer Resources
Microsoft Windows Phone Developer Tools - ENU
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Game Studio 4.0
Microsoft XNA Game Studio 4.0 (ARP entry)
Microsoft XNA Game Studio 4.0 (Redists)
Microsoft XNA Game Studio 4.0 (Shared Components)
Microsoft XNA Game Studio 4.0 (Visual Studio)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Documentation
Microsoft XNA Game Studio 4.0 Windows Phone Extensions
Microsoft XNA Game Studio Platform Tools
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser (KB973685)
Mumble 1.2.3
NEC Electronics USB 3.0 Host Controller Driver
Nexon Game Manager
Notepad++
NVIDIA PhysX
NVIDIA Updatus
OpenAL
OpenOffice.org 3.3
Pcsx2 0.9.6
PunkBuster Services
Python 2.7 numpy-1.5.1
Python 2.7.2
QuickTime
Quincy 2005 v. 1.3
Rainmeter
Realtek High Definition Audio Driver
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2251489)
Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2644980)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
SEGA Genesis & Mega Drive Classics
Sequence
Skype Click to Call
Skype™ 5.8
SpaceChem
Star Wars: Knights of the Old Republic
Star Wars: The Old Republic
StarCraft II
Starfarer by Fractal Softworks LLC
Steam
Super Meat Boy
Super Monday Night Combat
syncables desktop SE
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
TeamSpeak 3 Client
Terraria
The Binding Of Isaac
The Elder Scrolls V: Skyrim
Tribes Ascend Closed Beta
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VMware Player
VoiceOver Kit
Wakfu
WCF RIA Services V1.0 for Visual Studio 2010
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Phone 7 Add-in for Visual Studio 2010 - ENU
WinFlash
WinRAR archiver
WinSCP 4.3.2
WPF Toolkit February 2010 (Version 3.5.50211.1)
.
==== Event Viewer Messages From Past Week ========
.
5/29/2012 9:28:02 PM, Error: nvlddmkm [14] -
5/29/2012 9:15:03 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/29/2012 9:13:47 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/29/2012 9:03:16 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
5/28/2012 11:56:01 PM, Error: Service Control Manager [7023] - The Application Virtualization Client service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
5/28/2012 10:12:23 PM, Error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
5/22/2012 3:23:52 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 30 May 2012 - 01:01 AM

Hello

I Would like you to rerun combofix and if it asks to update to allow it


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Trend Micro Internet Security
AV: Microsoft Security Essentials


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ohwhymewhymeme

ohwhymewhymeme
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 30 May 2012 - 01:04 AM

Alright. I uninstalled Trend, and am going to run ComboFix again. Bookmarking this so I can return because I have to close the browser. Thank you so much for this help!

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 30 May 2012 - 01:07 AM

you are welcome and see you soon


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ohwhymewhymeme

ohwhymewhymeme
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 30 May 2012 - 01:17 AM

Here's the log :)

ComboFix 12-05-30.02 - Bernard 05/29/2012 23:06:01.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1589 [GMT -7:00]
Running from: c:\users\Bernard\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-30 06:13 . 2012-05-30 06:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-30 06:13 . 2012-05-30 06:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-30 04:34 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD006C0D-52BC-4DBB-B0F0-429B5E03570A}\mpengine.dll
2012-05-30 04:34 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-30 03:52 . 2012-05-30 03:52 -------- d-----w- c:\program files (x86)\Yontoo
2012-05-30 03:52 . 2012-05-30 03:52 -------- d-----w- c:\programdata\Tarma Installer
2012-05-30 03:43 . 2012-05-30 03:43 -------- d-----w- c:\programdata\GFI Software
2012-05-23 19:05 . 2012-05-23 19:05 -------- d-----w- c:\users\Bernard\AppData\Roaming\LolClient2
2012-05-23 17:48 . 2012-05-23 17:48 -------- d-----w- c:\users\Bernard\AppData\Roaming\e-academy Inc
2012-05-23 17:48 . 2012-05-23 17:48 -------- d-----w- c:\users\Bernard\AppData\Local\e-academy Inc
2012-05-22 07:22 . 2012-05-22 07:22 -------- d-----w- c:\users\Bernard\AppData\Local\adaware
2012-05-22 07:22 . 2012-05-22 07:22 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-05-22 07:22 . 2012-05-22 07:22 -------- d-----w- c:\programdata\Lavasoft
2012-05-22 07:21 . 2012-05-30 03:46 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-05-22 07:20 . 2012-05-22 22:22 -------- d-----w- c:\users\Bernard\AppData\Roaming\Ad-Aware Antivirus
2012-05-15 04:09 . 2012-05-15 05:22 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-15 04:07 . 2012-05-15 04:07 -------- d-----w- c:\programdata\Battle.net
2012-05-10 07:07 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 07:07 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 07:07 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 07:07 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 07:07 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 07:07 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 07:06 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 07:06 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 07:06 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 07:06 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 07:06 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 07:06 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 07:06 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-05 06:36 . 2012-05-05 06:36 -------- d-----w- c:\users\Bernard\AppData\Roaming\HackSlashLoot
2012-05-04 02:05 . 2012-05-04 02:05 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-04 01:52 . 2012-05-04 01:52 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-04 01:51 . 2012-05-04 01:51 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-02 02:46 . 2012-05-02 02:46 -------- d-----w- c:\users\Bernard\AppData\Roaming\runic games
2012-04-30 23:00 . 2012-04-30 23:00 -------- d-----w- c:\users\Bernard\AppData\Roaming\OpenOffice.org
2012-04-30 22:58 . 2012-04-30 22:58 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-30 03:30 . 2010-09-03 12:47 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-05-30 03:30 . 2011-02-05 03:09 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-05-15 10:48 . 2012-04-27 05:18 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-27 05:18 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-11-17 18:14 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2011-11-17 18:14 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-11-17 18:14 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2010-06-22 17:04 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2010-06-22 17:04 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2010-06-22 17:04 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2010-06-22 17:04 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2010-06-22 17:04 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2010-06-22 17:04 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2010-06-22 19:49 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-06-22 19:49 858944 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-05-15 09:29 . 2010-06-22 19:49 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-06-22 19:49 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-06-22 19:49 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-05-15 09:29 . 2010-06-22 19:49 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2010-06-22 19:49 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2010-06-22 19:49 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-06-22 19:49 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-04 01:51 . 2011-02-10 00:31 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-26 06:32 . 2011-09-26 21:45 2474528 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-04-26 06:26 . 2012-04-26 06:19 111968 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2012-03-21 03:44 . 2011-04-27 22:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2011-04-18 20:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 09:05 . 2012-03-17 09:05 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1E6E9D7-7339-49C0-88C9-4AC866AB20DF}\gapaengine.dll
2012-03-01 21:21 . 2012-03-17 07:24 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC8B5280-BA36-4AC3-8853-D15793D5F084}\mpengine.dll
2012-03-01 06:46 . 2012-04-13 20:20 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-13 20:20 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-13 20:20 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-13 20:20 5120 ----a-w- c:\windows\system32\wmi.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-30_04.15.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 05:30 . 2012-05-22 21:27 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-05-30 06:02 86016 c:\windows\system32\DriverStore\infpub.dat
- 2011-02-05 02:58 . 2012-05-30 04:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-05 02:58 . 2012-05-30 05:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-05 02:58 . 2012-05-30 04:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-05 02:58 . 2012-05-30 05:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-22 03:41 . 2012-05-30 05:32 2376 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\qwavecache.dat
- 2009-07-14 05:30 . 2012-05-22 21:27 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-05-30 06:02 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-05-30 06:02 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-05-22 21:26 143360 c:\windows\system32\DriverStore\infstor.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-02-29 4321112]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-03 1242448]
"Facebook Update"="c:\users\Bernard\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-25 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-03 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-26 64112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-29 1987976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
c:\users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe [2010-9-3 12862]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 100352]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-9-3 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 BS_DEF;BS_DEF;c:\windows\BS_DEF.sys [2011-12-06 21048]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GamingMsFltr;Ideazon Reaper Edge;c:\windows\system32\drivers\gamingms.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-29 2343816]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - sbwtis
*Deregistered* - tmpreflt
*Deregistered* - tmxpflt
*Deregistered* - vsapint
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2773988409-4248375181-1075095761-1002Core.job
- c:\users\Bernard\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-25 18:49]
.
2012-05-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2773988409-4248375181-1075095761-1002UA.job
- c:\users\Bernard\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-25 18:49]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 13:16]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 13:16]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2773988409-4248375181-1075095761-1002Core.job
- c:\users\Bernard\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-11 18:26]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2773988409-4248375181-1075095761-1002UA.job
- c:\users\Bernard\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-11 18:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-15 190536]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\y6fg8lof.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extentions.y2layers.installId, 1a7ff52c-c8b6-4e20-9943-46b4b01f518e
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-29 23:15:26
ComboFix-quarantined-files.txt 2012-05-30 06:15
ComboFix2.txt 2012-05-30 04:20
.
Pre-Run: 126,045,564,928 bytes free
Post-Run: 125,746,917,376 bytes free
.
- - End Of File - - 9330AB2A04B748AE8D0EA0627BA4765C

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 30 May 2012 - 01:23 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ohwhymewhymeme

ohwhymewhymeme
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 30 May 2012 - 01:35 AM

Hi, here is the TDSSKiller log. In addition, when I tried to aswMBR. After it scanned for a bit, I got a blue screen and my laptop restarted.

Here's the TDSSKiller log:

23:24:27.0127 2108 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
23:24:27.0494 2108 ============================================================
23:24:27.0494 2108 Current date / time: 2012/05/29 23:24:27.0494
23:24:27.0494 2108 SystemInfo:
23:24:27.0494 2108
23:24:27.0494 2108 OS Version: 6.1.7601 ServicePack: 1.0
23:24:27.0494 2108 Product type: Workstation
23:24:27.0494 2108 ComputerName: ARTHUR2
23:24:27.0495 2108 UserName: Bernard
23:24:27.0495 2108 Windows directory: C:\Windows
23:24:27.0495 2108 System windows directory: C:\Windows
23:24:27.0495 2108 Running under WOW64
23:24:27.0495 2108 Processor architecture: Intel x64
23:24:27.0495 2108 Number of processors: 4
23:24:27.0495 2108 Page size: 0x1000
23:24:27.0495 2108 Boot type: Normal boot
23:24:27.0495 2108 ============================================================
23:24:27.0917 2108 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:24:27.0928 2108 ============================================================
23:24:27.0928 2108 \Device\Harddisk0\DR0:
23:24:27.0928 2108 MBR partitions:
23:24:27.0928 2108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x26F80168
23:24:27.0928 2108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x29691800, BlocksNum 0x10CF3800
23:24:27.0929 2108 ============================================================
23:24:27.0963 2108 C: <-> \Device\Harddisk0\DR0\Partition0
23:24:28.0015 2108 D: <-> \Device\Harddisk0\DR0\Partition1
23:24:28.0015 2108 ============================================================
23:24:28.0015 2108 Initialize success
23:24:28.0015 2108 ============================================================
23:24:29.0601 4448 ============================================================
23:24:29.0601 4448 Scan started
23:24:29.0601 4448 Mode: Manual;
23:24:29.0601 4448 ============================================================
23:24:30.0886 4448 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:24:30.0898 4448 1394ohci - ok
23:24:30.0946 4448 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:24:30.0966 4448 ACPI - ok
23:24:31.0006 4448 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:24:31.0008 4448 AcpiPmi - ok
23:24:31.0073 4448 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:24:31.0094 4448 adp94xx - ok
23:24:31.0129 4448 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:24:31.0146 4448 adpahci - ok
23:24:31.0172 4448 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:24:31.0184 4448 adpu320 - ok
23:24:31.0209 4448 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:24:31.0212 4448 AeLookupSvc - ok
23:24:31.0274 4448 AFBAgent (2d00d3dadc1d3326ba788eb071f2726e) C:\Windows\system32\FBAgent.exe
23:24:31.0290 4448 AFBAgent - ok
23:24:31.0366 4448 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:24:31.0390 4448 AFD - ok
23:24:31.0435 4448 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:24:31.0438 4448 agp440 - ok
23:24:31.0471 4448 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:24:31.0474 4448 ALG - ok
23:24:31.0504 4448 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:24:31.0506 4448 aliide - ok
23:24:31.0519 4448 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:24:31.0521 4448 amdide - ok
23:24:31.0566 4448 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:24:31.0568 4448 AmdK8 - ok
23:24:31.0587 4448 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:24:31.0589 4448 AmdPPM - ok
23:24:31.0641 4448 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:24:31.0644 4448 amdsata - ok
23:24:31.0678 4448 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:24:31.0691 4448 amdsbs - ok
23:24:31.0713 4448 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:24:31.0715 4448 amdxata - ok
23:24:31.0768 4448 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:24:31.0772 4448 AppID - ok
23:24:31.0798 4448 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:24:31.0800 4448 AppIDSvc - ok
23:24:31.0846 4448 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:24:31.0849 4448 Appinfo - ok
23:24:31.0955 4448 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:24:31.0957 4448 Apple Mobile Device - ok
23:24:32.0079 4448 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:24:32.0082 4448 arc - ok
23:24:32.0103 4448 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:24:32.0107 4448 arcsas - ok
23:24:32.0296 4448 ASInsHelp (edaa17ce771c696655b6585f7cad2100) C:\Windows\SysWow64\drivers\AsInsHelp64.sys
23:24:32.0298 4448 ASInsHelp - ok
23:24:32.0370 4448 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
23:24:32.0371 4448 ASLDRService - ok
23:24:32.0391 4448 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
23:24:32.0393 4448 ASMMAP64 - ok
23:24:32.0517 4448 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:24:32.0519 4448 aspnet_state - ok
23:24:32.0546 4448 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:24:32.0546 4448 AsyncMac - ok
23:24:32.0606 4448 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:24:32.0606 4448 atapi - ok
23:24:32.0702 4448 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
23:24:32.0749 4448 athr - ok
23:24:32.0816 4448 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
23:24:32.0817 4448 ATKGFNEXSrv - ok
23:24:33.0002 4448 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:24:33.0039 4448 AudioEndpointBuilder - ok
23:24:33.0048 4448 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:24:33.0054 4448 AudioSrv - ok
23:24:33.0139 4448 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:24:33.0142 4448 AxInstSV - ok
23:24:33.0211 4448 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:24:33.0233 4448 b06bdrv - ok
23:24:33.0278 4448 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:24:33.0295 4448 b57nd60a - ok
23:24:33.0416 4448 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:24:33.0428 4448 BBSvc - ok
23:24:33.0476 4448 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:24:33.0478 4448 BBUpdate - ok
23:24:33.0502 4448 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:24:33.0505 4448 BDESVC - ok
23:24:33.0537 4448 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:24:33.0540 4448 Beep - ok
23:24:33.0645 4448 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:24:33.0674 4448 BFE - ok
23:24:33.0762 4448 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
23:24:33.0769 4448 BITS - ok
23:24:33.0814 4448 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:24:33.0816 4448 blbdrive - ok
23:24:33.0934 4448 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:24:33.0957 4448 Bonjour Service - ok
23:24:34.0001 4448 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:24:34.0004 4448 bowser - ok
23:24:34.0032 4448 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:24:34.0034 4448 BrFiltLo - ok
23:24:34.0049 4448 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:24:34.0051 4448 BrFiltUp - ok
23:24:34.0112 4448 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:24:34.0115 4448 BridgeMP - ok
23:24:34.0170 4448 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:24:34.0171 4448 Browser - ok
23:24:34.0200 4448 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:24:34.0220 4448 Brserid - ok
23:24:34.0252 4448 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:24:34.0255 4448 BrSerWdm - ok
23:24:34.0275 4448 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:24:34.0277 4448 BrUsbMdm - ok
23:24:34.0288 4448 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:24:34.0290 4448 BrUsbSer - ok
23:24:34.0357 4448 BS_DEF (aec668c09c9c46d0951b3677cbc64b83) C:\Windows\BS_DEF.sys
23:24:34.0358 4448 Suspicious file (Forged): C:\Windows\BS_DEF.sys. Real md5: aec668c09c9c46d0951b3677cbc64b83, Fake md5: 0d6bc1462f9ec5be631fcf1c3eb5505d
23:24:34.0358 4448 BS_DEF ( ForgedFile.Multi.Generic ) - warning
23:24:34.0358 4448 BS_DEF - detected ForgedFile.Multi.Generic (1)
23:24:34.0396 4448 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:24:34.0399 4448 BTHMODEM - ok
23:24:34.0437 4448 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:24:34.0441 4448 bthserv - ok
23:24:34.0469 4448 catchme - ok
23:24:34.0517 4448 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:24:34.0520 4448 cdfs - ok
23:24:34.0579 4448 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:24:34.0584 4448 cdrom - ok
23:24:34.0636 4448 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:24:34.0638 4448 CertPropSvc - ok
23:24:34.0681 4448 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:24:34.0684 4448 circlass - ok
23:24:34.0733 4448 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:24:34.0750 4448 CLFS - ok
23:24:34.0840 4448 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:24:34.0843 4448 clr_optimization_v2.0.50727_32 - ok
23:24:34.0892 4448 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:24:34.0896 4448 clr_optimization_v2.0.50727_64 - ok
23:24:34.0985 4448 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:24:34.0989 4448 clr_optimization_v4.0.30319_32 - ok
23:24:35.0035 4448 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:24:35.0039 4448 clr_optimization_v4.0.30319_64 - ok
23:24:35.0080 4448 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:24:35.0083 4448 CmBatt - ok
23:24:35.0124 4448 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:24:35.0126 4448 cmdide - ok
23:24:35.0195 4448 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:24:35.0218 4448 CNG - ok
23:24:35.0258 4448 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:24:35.0260 4448 Compbatt - ok
23:24:35.0319 4448 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:24:35.0321 4448 CompositeBus - ok
23:24:35.0333 4448 COMSysApp - ok
23:24:35.0354 4448 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:24:35.0356 4448 crcdisk - ok
23:24:35.0412 4448 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:24:35.0414 4448 CryptSvc - ok
23:24:35.0579 4448 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:24:35.0587 4448 cvhsvc - ok
23:24:35.0679 4448 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:24:35.0684 4448 DcomLaunch - ok
23:24:35.0749 4448 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:24:35.0768 4448 defragsvc - ok
23:24:35.0824 4448 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:24:35.0827 4448 DfsC - ok
23:24:35.0905 4448 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:24:35.0924 4448 Dhcp - ok
23:24:35.0964 4448 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:24:35.0967 4448 discache - ok
23:24:35.0999 4448 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:24:36.0002 4448 Disk - ok
23:24:36.0035 4448 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:24:36.0048 4448 Dnscache - ok
23:24:36.0132 4448 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:24:36.0150 4448 dot3svc - ok
23:24:36.0171 4448 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:24:36.0177 4448 DPS - ok
23:24:36.0210 4448 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:24:36.0212 4448 drmkaud - ok
23:24:36.0265 4448 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:24:36.0282 4448 dtsoftbus01 - ok
23:24:36.0400 4448 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:24:36.0432 4448 DXGKrnl - ok
23:24:36.0490 4448 EagleX64 - ok
23:24:36.0527 4448 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:24:36.0532 4448 EapHost - ok
23:24:36.0876 4448 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:24:36.0958 4448 ebdrv - ok
23:24:37.0077 4448 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:24:37.0079 4448 EFS - ok
23:24:37.0195 4448 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:24:37.0251 4448 ehRecvr - ok
23:24:37.0284 4448 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:24:37.0288 4448 ehSched - ok
23:24:37.0413 4448 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:24:37.0430 4448 elxstor - ok
23:24:37.0462 4448 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:24:37.0464 4448 ErrDev - ok
23:24:37.0512 4448 ETD (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys
23:24:37.0516 4448 ETD - ok
23:24:37.0562 4448 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:24:37.0566 4448 EventSystem - ok
23:24:37.0759 4448 EvtEng (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:24:37.0805 4448 EvtEng - ok
23:24:37.0981 4448 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:24:37.0993 4448 exfat - ok
23:24:38.0024 4448 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:24:38.0036 4448 fastfat - ok
23:24:38.0115 4448 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:24:38.0162 4448 Fax - ok
23:24:38.0189 4448 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:24:38.0191 4448 fdc - ok
23:24:38.0222 4448 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:24:38.0224 4448 fdPHost - ok
23:24:38.0238 4448 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:24:38.0241 4448 FDResPub - ok
23:24:38.0270 4448 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:24:38.0273 4448 FileInfo - ok
23:24:38.0287 4448 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:24:38.0289 4448 Filetrace - ok
23:24:38.0309 4448 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:24:38.0312 4448 flpydisk - ok
23:24:38.0363 4448 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:24:38.0384 4448 FltMgr - ok
23:24:38.0476 4448 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:24:38.0538 4448 FontCache - ok
23:24:38.0606 4448 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:24:38.0609 4448 FontCache3.0.0.0 - ok
23:24:38.0660 4448 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:24:38.0662 4448 FsDepends - ok
23:24:38.0725 4448 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
23:24:38.0727 4448 fssfltr - ok
23:24:38.0831 4448 fsssvc (f6717211c1ec2cddaa81b97b0727c2e9) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:24:38.0872 4448 fsssvc - ok
23:24:38.0919 4448 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:24:38.0920 4448 Fs_Rec - ok
23:24:38.0992 4448 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:24:39.0003 4448 fvevol - ok
23:24:39.0051 4448 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:24:39.0053 4448 gagp30kx - ok
23:24:39.0104 4448 GamingMsFltr (b992a5a4d46c04e3a62d0578c33d6b84) C:\Windows\system32\drivers\gamingms.sys
23:24:39.0105 4448 GamingMsFltr - ok
23:24:39.0158 4448 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:24:39.0160 4448 GEARAspiWDM - ok
23:24:39.0254 4448 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:24:39.0308 4448 gpsvc - ok
23:24:39.0393 4448 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:24:39.0397 4448 gupdate - ok
23:24:39.0435 4448 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:24:39.0436 4448 gupdatem - ok
23:24:39.0474 4448 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:24:39.0487 4448 gusvc - ok
23:24:39.0525 4448 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
23:24:39.0527 4448 hamachi - ok
23:24:39.0720 4448 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
23:24:39.0783 4448 Hamachi2Svc - ok
23:24:39.0942 4448 hcmon (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys
23:24:39.0944 4448 hcmon - ok
23:24:39.0978 4448 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:24:39.0981 4448 hcw85cir - ok
23:24:40.0063 4448 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:24:40.0082 4448 HdAudAddService - ok
23:24:40.0118 4448 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:24:40.0121 4448 HDAudBus - ok
23:24:40.0161 4448 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
23:24:40.0163 4448 HECIx64 - ok
23:24:40.0178 4448 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:24:40.0181 4448 HidBatt - ok
23:24:40.0198 4448 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:24:40.0201 4448 HidBth - ok
23:24:40.0226 4448 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:24:40.0228 4448 HidIr - ok
23:24:40.0260 4448 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:24:40.0263 4448 hidserv - ok
23:24:40.0328 4448 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:24:40.0329 4448 HidUsb - ok
23:24:40.0372 4448 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:24:40.0377 4448 hkmsvc - ok
23:24:40.0421 4448 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:24:40.0432 4448 HomeGroupListener - ok
23:24:40.0481 4448 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:24:40.0494 4448 HomeGroupProvider - ok
23:24:40.0532 4448 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:24:40.0534 4448 HpSAMD - ok
23:24:40.0630 4448 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:24:40.0674 4448 HTTP - ok
23:24:40.0716 4448 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:24:40.0718 4448 hwpolicy - ok
23:24:40.0771 4448 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:24:40.0775 4448 i8042prt - ok
23:24:40.0846 4448 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
23:24:40.0851 4448 iaStor - ok
23:24:40.0918 4448 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:24:40.0932 4448 iaStorV - ok
23:24:41.0055 4448 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:24:41.0106 4448 idsvc - ok
23:24:41.0992 4448 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:24:42.0230 4448 igfx - ok
23:24:42.0374 4448 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:24:42.0376 4448 iirsp - ok
23:24:42.0465 4448 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:24:42.0493 4448 IKEEXT - ok
23:24:42.0544 4448 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
23:24:42.0547 4448 Impcd - ok
23:24:42.0749 4448 IntcAzAudAddService (163f94ebf8f8a98616a6b804af08d736) C:\Windows\system32\drivers\RTKVHD64.sys
23:24:42.0805 4448 IntcAzAudAddService - ok
23:24:42.0968 4448 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:24:42.0984 4448 IntcDAud - ok
23:24:43.0021 4448 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:24:43.0023 4448 intelide - ok
23:24:43.0059 4448 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:24:43.0062 4448 intelppm - ok
23:24:43.0094 4448 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:24:43.0098 4448 IPBusEnum - ok
23:24:43.0144 4448 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:24:43.0146 4448 IpFilterDriver - ok
23:24:43.0209 4448 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:24:43.0217 4448 iphlpsvc - ok
23:24:43.0252 4448 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:24:43.0255 4448 IPMIDRV - ok
23:24:43.0289 4448 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:24:43.0292 4448 IPNAT - ok
23:24:43.0428 4448 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
23:24:43.0453 4448 iPod Service - ok
23:24:43.0488 4448 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:24:43.0490 4448 IRENUM - ok
23:24:43.0527 4448 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:24:43.0529 4448 isapnp - ok
23:24:43.0583 4448 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:24:43.0602 4448 iScsiPrt - ok
23:24:43.0629 4448 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:24:43.0630 4448 kbdclass - ok
23:24:43.0662 4448 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:24:43.0663 4448 kbdhid - ok
23:24:43.0697 4448 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
23:24:43.0699 4448 kbfiltr - ok
23:24:43.0724 4448 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:24:43.0726 4448 KeyIso - ok
23:24:43.0753 4448 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:24:43.0756 4448 KSecDD - ok
23:24:43.0802 4448 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:24:43.0818 4448 KSecPkg - ok
23:24:43.0850 4448 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:24:43.0852 4448 ksthunk - ok
23:24:43.0900 4448 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:24:43.0918 4448 KtmRm - ok
23:24:43.0966 4448 L1C (9ddc68b87a9b837736a2b193ee14a4a5) C:\Windows\system32\DRIVERS\L1C62x64.sys
23:24:43.0968 4448 L1C - ok
23:24:44.0027 4448 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:24:44.0045 4448 LanmanServer - ok
23:24:44.0088 4448 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:24:44.0094 4448 LanmanWorkstation - ok
23:24:44.0141 4448 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:24:44.0143 4448 lltdio - ok
23:24:44.0196 4448 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:24:44.0215 4448 lltdsvc - ok
23:24:44.0244 4448 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:24:44.0247 4448 lmhosts - ok
23:24:44.0359 4448 LMS (d0e7ff91b52fe9fd2f9522b91f27cb09) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:24:44.0362 4448 LMS - ok
23:24:44.0405 4448 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:24:44.0408 4448 LSI_FC - ok
23:24:44.0432 4448 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:24:44.0435 4448 LSI_SAS - ok
23:24:44.0458 4448 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:24:44.0461 4448 LSI_SAS2 - ok
23:24:44.0484 4448 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:24:44.0487 4448 LSI_SCSI - ok
23:24:44.0522 4448 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:24:44.0525 4448 luafv - ok
23:24:44.0581 4448 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:24:44.0585 4448 Mcx2Svc - ok
23:24:44.0605 4448 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:24:44.0607 4448 megasas - ok
23:24:44.0637 4448 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:24:44.0653 4448 MegaSR - ok
23:24:44.0684 4448 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:24:44.0688 4448 MMCSS - ok
23:24:44.0704 4448 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:24:44.0706 4448 Modem - ok
23:24:44.0731 4448 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:24:44.0733 4448 monitor - ok
23:24:44.0776 4448 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:24:44.0777 4448 mouclass - ok
23:24:44.0800 4448 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:24:44.0802 4448 mouhid - ok
23:24:44.0848 4448 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:24:44.0850 4448 mountmgr - ok
23:24:44.0953 4448 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:24:44.0956 4448 MozillaMaintenance - ok
23:24:45.0041 4448 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
23:24:45.0053 4448 MpFilter - ok
23:24:45.0096 4448 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:24:45.0100 4448 mpio - ok
23:24:45.0134 4448 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:24:45.0137 4448 mpsdrv - ok
23:24:45.0220 4448 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:24:45.0263 4448 MpsSvc - ok
23:24:45.0309 4448 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:24:45.0313 4448 MRxDAV - ok
23:24:45.0353 4448 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:24:45.0356 4448 mrxsmb - ok
23:24:45.0393 4448 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:24:45.0412 4448 mrxsmb10 - ok
23:24:45.0430 4448 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:24:45.0433 4448 mrxsmb20 - ok
23:24:45.0467 4448 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:24:45.0469 4448 msahci - ok
23:24:45.0516 4448 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:24:45.0520 4448 msdsm - ok
23:24:45.0560 4448 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:24:45.0565 4448 MSDTC - ok
23:24:45.0603 4448 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:24:45.0606 4448 Msfs - ok
23:24:45.0634 4448 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:24:45.0636 4448 mshidkmdf - ok
23:24:45.0671 4448 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:24:45.0673 4448 msisadrv - ok
23:24:45.0712 4448 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:24:45.0717 4448 MSiSCSI - ok
23:24:45.0722 4448 msiserver - ok
23:24:45.0743 4448 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:24:45.0745 4448 MSKSSRV - ok
23:24:45.0892 4448 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
23:24:45.0894 4448 MsMpSvc - ok
23:24:45.0925 4448 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:24:45.0927 4448 MSPCLOCK - ok
23:24:45.0935 4448 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:24:45.0937 4448 MSPQM - ok
23:24:45.0990 4448 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:24:46.0006 4448 MsRPC - ok
23:24:46.0055 4448 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:24:46.0057 4448 mssmbios - ok
23:24:46.0142 4448 MSSQL$SQLEXPRESS - ok
23:24:46.0236 4448 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
23:24:46.0255 4448 MSSQLServerADHelper100 - ok
23:24:46.0297 4448 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:24:46.0299 4448 MSTEE - ok
23:24:46.0317 4448 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:24:46.0320 4448 MTConfig - ok
23:24:46.0367 4448 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
23:24:46.0370 4448 MTsensor - ok
23:24:46.0383 4448 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:24:46.0385 4448 Mup - ok
23:24:46.0459 4448 MyWiFiDHCPDNS (a9bc2302fbdf52c8af4e2fc966288d21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
23:24:46.0476 4448 MyWiFiDHCPDNS - ok
23:24:46.0545 4448 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:24:46.0568 4448 napagent - ok
23:24:46.0625 4448 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:24:46.0642 4448 NativeWifiP - ok
23:24:46.0717 4448 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:24:46.0725 4448 NDIS - ok
23:24:46.0764 4448 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:24:46.0766 4448 NdisCap - ok
23:24:46.0790 4448 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:24:46.0792 4448 NdisTapi - ok
23:24:46.0830 4448 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:24:46.0833 4448 Ndisuio - ok
23:24:46.0869 4448 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:24:46.0875 4448 NdisWan - ok
23:24:46.0919 4448 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:24:46.0922 4448 NDProxy - ok
23:24:46.0949 4448 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:24:46.0951 4448 NetBIOS - ok
23:24:46.0998 4448 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:24:47.0008 4448 NetBT - ok
23:24:47.0036 4448 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:24:47.0037 4448 Netlogon - ok
23:24:47.0083 4448 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:24:47.0085 4448 Netman - ok
23:24:47.0212 4448 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:24:47.0216 4448 NetMsmqActivator - ok
23:24:47.0236 4448 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:24:47.0237 4448 NetPipeActivator - ok
23:24:47.0294 4448 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:24:47.0317 4448 netprofm - ok
23:24:47.0343 4448 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:24:47.0345 4448 NetTcpActivator - ok
23:24:47.0349 4448 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:24:47.0351 4448 NetTcpPortSharing - ok
23:24:47.0945 4448 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
23:24:48.0106 4448 NETw5s64 - ok
23:24:48.0257 4448 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:24:48.0259 4448 nfrd960 - ok
23:24:48.0324 4448 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:24:48.0326 4448 NisDrv - ok
23:24:48.0465 4448 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
23:24:48.0485 4448 NisSrv - ok
23:24:48.0551 4448 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:24:48.0570 4448 NlaSvc - ok
23:24:48.0600 4448 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:24:48.0602 4448 Npfs - ok
23:24:48.0628 4448 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:24:48.0633 4448 nsi - ok
23:24:48.0647 4448 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:24:48.0649 4448 nsiproxy - ok
23:24:48.0781 4448 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:24:48.0796 4448 Ntfs - ok
23:24:48.0930 4448 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:24:48.0931 4448 Null - ok
23:24:48.0966 4448 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
23:24:48.0967 4448 nusb3hub - ok
23:24:48.0989 4448 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:24:48.0990 4448 nusb3xhc - ok
23:24:49.0911 4448 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:24:49.0979 4448 nvlddmkm - ok
23:24:50.0147 4448 nvpciflt (715d45ed30003fc70cfa0d9c6dd0b538) C:\Windows\system32\DRIVERS\nvpciflt.sys
23:24:50.0148 4448 nvpciflt - ok
23:24:50.0202 4448 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:24:50.0203 4448 nvraid - ok
23:24:50.0233 4448 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:24:50.0234 4448 nvstor - ok
23:24:50.0317 4448 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
23:24:50.0326 4448 nvsvc - ok
23:24:50.0466 4448 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:24:50.0472 4448 nvUpdatusService - ok
23:24:50.0624 4448 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:24:50.0626 4448 nv_agp - ok
23:24:50.0655 4448 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:24:50.0658 4448 ohci1394 - ok
23:24:50.0742 4448 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:24:50.0746 4448 ose - ok
23:24:51.0107 4448 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:24:51.0216 4448 osppsvc - ok
23:24:51.0360 4448 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:24:51.0364 4448 p2pimsvc - ok
23:24:51.0407 4448 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:24:51.0432 4448 p2psvc - ok
23:24:51.0465 4448 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:24:51.0466 4448 Parport - ok
23:24:51.0508 4448 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:24:51.0509 4448 partmgr - ok
23:24:51.0550 4448 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:24:51.0565 4448 PcaSvc - ok
23:24:51.0612 4448 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:24:51.0624 4448 pci - ok
23:24:51.0659 4448 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:24:51.0662 4448 pciide - ok
23:24:51.0703 4448 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:24:51.0705 4448 pcmcia - ok
23:24:51.0724 4448 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:24:51.0726 4448 pcw - ok
23:24:51.0782 4448 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:24:51.0821 4448 PEAUTH - ok
23:24:51.0901 4448 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:24:51.0902 4448 PerfHost - ok
23:24:52.0105 4448 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:24:52.0144 4448 pla - ok
23:24:52.0200 4448 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:24:52.0215 4448 PlugPlay - ok
23:24:52.0240 4448 PnkBstrA - ok
23:24:52.0262 4448 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:24:52.0265 4448 PNRPAutoReg - ok
23:24:52.0293 4448 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:24:52.0295 4448 PNRPsvc - ok
23:24:52.0365 4448 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:24:52.0387 4448 PolicyAgent - ok
23:24:52.0418 4448 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:24:52.0420 4448 Power - ok
23:24:52.0506 4448 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:24:52.0509 4448 PptpMiniport - ok
23:24:52.0547 4448 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:24:52.0548 4448 Processor - ok
23:24:52.0589 4448 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:24:52.0602 4448 ProfSvc - ok
23:24:52.0629 4448 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:24:52.0630 4448 ProtectedStorage - ok
23:24:52.0680 4448 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:24:52.0682 4448 Psched - ok
23:24:52.0799 4448 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:24:52.0811 4448 ql2300 - ok
23:24:52.0953 4448 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:24:52.0955 4448 ql40xx - ok
23:24:52.0993 4448 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:24:53.0007 4448 QWAVE - ok
23:24:53.0025 4448 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:24:53.0027 4448 QWAVEdrv - ok
23:24:53.0038 4448 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:24:53.0040 4448 RasAcd - ok
23:24:53.0069 4448 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:24:53.0071 4448 RasAgileVpn - ok
23:24:53.0088 4448 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:24:53.0092 4448 RasAuto - ok
23:24:53.0132 4448 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:24:53.0135 4448 Rasl2tp - ok
23:24:53.0169 4448 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:24:53.0186 4448 RasMan - ok
23:24:53.0214 4448 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:24:53.0217 4448 RasPppoe - ok
23:24:53.0237 4448 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:24:53.0239 4448 RasSstp - ok
23:24:53.0297 4448 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:24:53.0316 4448 rdbss - ok
23:24:53.0338 4448 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:24:53.0339 4448 rdpbus - ok
23:24:53.0371 4448 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:24:53.0372 4448 RDPCDD - ok
23:24:53.0386 4448 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:24:53.0387 4448 RDPENCDD - ok
23:24:53.0411 4448 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:24:53.0411 4448 RDPREFMP - ok
23:24:53.0458 4448 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:24:53.0471 4448 RDPWD - ok
23:24:53.0524 4448 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:24:53.0536 4448 rdyboost - ok
23:24:53.0639 4448 RegSrvc (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:24:53.0678 4448 RegSrvc - ok
23:24:53.0710 4448 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:24:53.0714 4448 RemoteAccess - ok
23:24:53.0754 4448 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:24:53.0757 4448 RemoteRegistry - ok
23:24:53.0832 4448 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
23:24:53.0833 4448 Revoflt - ok
23:24:53.0853 4448 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:24:53.0858 4448 RpcEptMapper - ok
23:24:53.0874 4448 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:24:53.0877 4448 RpcLocator - ok
23:24:53.0990 4448 rpcnet (3297445bb9fd3e8363e7559010ed2ae7) C:\Windows\SysWOW64\rpcnet.exe
23:24:53.0992 4448 rpcnet - ok
23:24:54.0060 4448 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:24:54.0066 4448 RpcSs - ok
23:24:54.0167 4448 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
23:24:54.0170 4448 RsFx0103 - ok
23:24:54.0218 4448 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:24:54.0221 4448 rspndr - ok
23:24:54.0246 4448 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:24:54.0248 4448 SamSs - ok
23:24:54.0290 4448 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:24:54.0292 4448 sbp2port - ok
23:24:54.0314 4448 SBRE - ok
23:24:54.0359 4448 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:24:54.0371 4448 SCardSvr - ok
23:24:54.0412 4448 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:24:54.0415 4448 scfilter - ok
23:24:54.0520 4448 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:24:54.0532 4448 Schedule - ok
23:24:54.0577 4448 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:24:54.0578 4448 SCPolicySvc - ok
23:24:54.0624 4448 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:24:54.0640 4448 SDRSVC - ok
23:24:54.0701 4448 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:24:54.0701 4448 secdrv - ok
23:24:54.0737 4448 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:24:54.0741 4448 seclogon - ok
23:24:54.0772 4448 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:24:54.0775 4448 SENS - ok
23:24:54.0790 4448 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:24:54.0794 4448 SensrSvc - ok
23:24:54.0827 4448 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:24:54.0828 4448 Serenum - ok
23:24:54.0863 4448 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:24:54.0864 4448 Serial - ok
23:24:54.0925 4448 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:24:54.0927 4448 sermouse - ok
23:24:54.0976 4448 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:24:54.0981 4448 SessionEnv - ok
23:24:55.0017 4448 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:24:55.0019 4448 sffdisk - ok
23:24:55.0030 4448 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:24:55.0032 4448 sffp_mmc - ok
23:24:55.0040 4448 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:24:55.0042 4448 sffp_sd - ok
23:24:55.0082 4448 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:24:55.0083 4448 sfloppy - ok
23:24:55.0155 4448 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
23:24:55.0161 4448 Sftfs - ok
23:24:55.0258 4448 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:24:55.0262 4448 sftlist - ok
23:24:55.0291 4448 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:24:55.0294 4448 Sftplay - ok
23:24:55.0304 4448 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:24:55.0305 4448 Sftredir - ok
23:24:55.0334 4448 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
23:24:55.0335 4448 Sftvol - ok
23:24:55.0364 4448 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:24:55.0366 4448 sftvsa - ok
23:24:55.0434 4448 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:24:55.0455 4448 SharedAccess - ok
23:24:55.0517 4448 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:24:55.0521 4448 ShellHWDetection - ok
23:24:55.0558 4448 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
23:24:55.0559 4448 SiSGbeLH - ok
23:24:55.0588 4448 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:24:55.0589 4448 SiSRaid2 - ok
23:24:55.0613 4448 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:24:55.0614 4448 SiSRaid4 - ok
23:24:55.0685 4448 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
23:24:55.0689 4448 SkypeUpdate - ok
23:24:55.0725 4448 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:24:55.0727 4448 Smb - ok
23:24:55.0770 4448 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:24:55.0774 4448 SNMPTRAP - ok
23:24:55.0932 4448 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
23:24:55.0946 4448 SNP2UVC - ok
23:24:56.0098 4448 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:24:56.0100 4448 spldr - ok
23:24:56.0170 4448 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:24:56.0178 4448 Spooler - ok
23:24:56.0422 4448 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:24:56.0517 4448 sppsvc - ok
23:24:56.0641 4448 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:24:56.0645 4448 sppuinotify - ok
23:24:56.0788 4448 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
23:24:56.0804 4448 SQLAgent$SQLEXPRESS - ok
23:24:56.0881 4448 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
23:24:56.0899 4448 SQLBrowser - ok
23:24:56.0929 4448 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
23:24:56.0933 4448 SQLWriter - ok
23:24:57.0014 4448 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:24:57.0037 4448 srv - ok
23:24:57.0073 4448 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:24:57.0093 4448 srv2 - ok
23:24:57.0119 4448 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:24:57.0122 4448 srvnet - ok
23:24:57.0161 4448 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:24:57.0163 4448 SSDPSRV - ok
23:24:57.0182 4448 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:24:57.0185 4448 SstpSvc - ok
23:24:57.0243 4448 Steam Client Service - ok
23:24:57.0276 4448 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:24:57.0276 4448 stexstor - ok
23:24:57.0354 4448 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:24:57.0396 4448 stisvc - ok
23:24:57.0435 4448 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:24:57.0435 4448 swenum - ok
23:24:57.0505 4448 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:24:57.0535 4448 swprv - ok
23:24:57.0713 4448 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:24:57.0775 4448 SysMain - ok
23:24:57.0945 4448 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:24:57.0950 4448 TabletInputService - ok
23:24:58.0007 4448 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:24:58.0013 4448 TapiSrv - ok
23:24:58.0036 4448 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:24:58.0039 4448 TBS - ok
23:24:58.0856 4448 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:24:58.0874 4448 Tcpip - ok
23:25:02.0060 4448 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:25:02.0071 4448 TCPIP6 - ok
23:25:03.0481 4448 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:25:03.0484 4448 tcpipreg - ok
23:25:03.0575 4448 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:25:03.0576 4448 TDPIPE - ok
23:25:03.0649 4448 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:25:03.0652 4448 TDTCP - ok
23:25:03.0862 4448 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:25:03.0864 4448 tdx - ok
23:25:04.0037 4448 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:25:04.0042 4448 TermDD - ok
23:25:04.0748 4448 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:25:04.0755 4448 TermService - ok
23:25:04.0781 4448 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:25:04.0784 4448 Themes - ok
23:25:04.0813 4448 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:25:04.0815 4448 THREADORDER - ok
23:25:04.0836 4448 tmtdi - ok
23:25:04.0861 4448 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:25:04.0865 4448 TrkWks - ok
23:25:04.0940 4448 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:25:04.0942 4448 TrustedInstaller - ok
23:25:04.0987 4448 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:25:04.0989 4448 tssecsrv - ok
23:25:05.0055 4448 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:25:05.0058 4448 TsUsbFlt - ok
23:25:05.0125 4448 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:25:05.0129 4448 tunnel - ok
23:25:05.0155 4448 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:25:05.0155 4448 uagp35 - ok
23:25:05.0207 4448 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:25:05.0225 4448 udfs - ok
23:25:05.0319 4448 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
23:25:05.0331 4448 ufad-ws60 - ok
23:25:05.0364 4448 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:25:05.0368 4448 UI0Detect - ok
23:25:05.0406 4448 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:25:05.0407 4448 uliagpkx - ok
23:25:05.0457 4448 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:25:05.0460 4448 umbus - ok
23:25:05.0505 4448 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:25:05.0506 4448 UmPass - ok
23:25:05.0744 4448 UNS (a7377410bc0d28c5a72135a4be1a1068) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:25:05.0760 4448 UNS - ok
23:25:05.0914 4448 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:25:05.0930 4448 upnphost - ok
23:25:05.0998 4448 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:25:05.0999 4448 USBAAPL64 - ok
23:25:06.0034 4448 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:25:06.0035 4448 usbccgp - ok
23:25:06.0092 4448 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:25:06.0094 4448 usbcir - ok
23:25:06.0117 4448 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:25:06.0120 4448 usbehci - ok
23:25:06.0166 4448 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:25:06.0185 4448 usbhub - ok
23:25:06.0199 4448 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:25:06.0201 4448 usbohci - ok
23:25:06.0232 4448 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:25:06.0232 4448 usbprint - ok
23:25:06.0250 4448 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:25:06.0253 4448 USBSTOR - ok
23:25:06.0270 4448 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:25:06.0273 4448 usbuhci - ok
23:25:06.0308 4448 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:25:06.0320 4448 usbvideo - ok
23:25:06.0344 4448 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:25:06.0347 4448 UxSms - ok
23:25:06.0374 4448 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:25:06.0375 4448 VaultSvc - ok
23:25:06.0416 4448 VBoxNetAdp (b996117f6202464a56901cbc13999fe2) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
23:25:06.0418 4448 VBoxNetAdp - ok
23:25:06.0431 4448 VBoxNetFlt - ok
23:25:06.0478 4448 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:25:06.0481 4448 vdrvroot - ok
23:25:06.0565 4448 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:25:06.0607 4448 vds - ok
23:25:06.0651 4448 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:25:06.0653 4448 vga - ok
23:25:06.0666 4448 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:25:06.0669 4448 VgaSave - ok
23:25:06.0717 4448 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:25:06.0728 4448 vhdmp - ok
23:25:06.0747 4448 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:25:06.0748 4448 viaide - ok
23:25:06.0843 4448 VMAuthdService (11dcd7a2a0b1f8532b80f5aa98f9903e) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
23:25:06.0844 4448 VMAuthdService - ok
23:25:06.0863 4448 vmci (4c8a14dbd410b510a88f77cb645f2c2a) C:\Windows\system32\drivers\vmci.sys
23:25:06.0865 4448 vmci - ok
23:25:06.0893 4448 vmkbd (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys
23:25:06.0894 4448 vmkbd - ok
23:25:06.0963 4448 vmm (21c96aa588d3993191761a08dbaabb15) C:\Windows\system32\Drivers\vmm.sys
23:25:06.0966 4448 vmm - ok
23:25:06.0989 4448 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
23:25:06.0990 4448 VMnetAdapter - ok
23:25:07.0010 4448 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
23:25:07.0011 4448 VMnetBridge - ok
23:25:07.0016 4448 VMnetDHCP - ok
23:25:07.0047 4448 VMnetuserif (d0b809f6a9fb437c2b880c3ca8c10780) C:\Windows\system32\drivers\vmnetuserif.sys
23:25:07.0048 4448 VMnetuserif - ok
23:25:07.0081 4448 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
23:25:07.0082 4448 vmusb - ok
23:25:07.0162 4448 VMUSBArbService (19368f7c4dc6ef444b826249fc8a0e30) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
23:25:07.0166 4448 VMUSBArbService - ok
23:25:07.0187 4448 VMware NAT Service - ok
23:25:07.0214 4448 vmx86 (541a6d6536710fd0602ec3aa24a81756) C:\Windows\system32\drivers\vmx86.sys
23:25:07.0215 4448 vmx86 - ok
23:25:07.0259 4448 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:25:07.0261 4448 volmgr - ok
23:25:07.0310 4448 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:25:07.0328 4448 volmgrx - ok
23:25:07.0384 4448 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:25:07.0403 4448 volsnap - ok
23:25:07.0522 4448 vpnagent (5298dcf8d684dbbf24cdb622f8a7cb37) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
23:25:07.0525 4448 vpnagent - ok
23:25:07.0558 4448 vpnva (67d62d30f4688d5cfe7c26db3f98da1e) C:\Windows\system32\DRIVERS\vpnva64.sys
23:25:07.0559 4448 vpnva - ok
23:25:07.0610 4448 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:25:07.0611 4448 vsmraid - ok
23:25:07.0733 4448 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
23:25:07.0737 4448 VSPerfDrv100 - ok
23:25:07.0879 4448 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:25:07.0941 4448 VSS - ok
23:25:08.0010 4448 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
23:25:08.0013 4448 vstor2-ws60 - ok
23:25:08.0161 4448 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:25:08.0163 4448 vwifibus - ok
23:25:08.0178 4448 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:25:08.0180 4448 vwififlt - ok
23:25:08.0196 4448 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:25:08.0198 4448 vwifimp - ok
23:25:08.0250 4448 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:25:08.0267 4448 W32Time - ok
23:25:08.0291 4448 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:25:08.0291 4448 WacomPen - ok
23:25:08.0346 4448 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:25:08.0349 4448 WANARP - ok
23:25:08.0352 4448 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:25:08.0353 4448 Wanarpv6 - ok
23:25:08.0459 4448 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:25:08.0470 4448 WatAdminSvc - ok
23:25:08.0618 4448 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:25:08.0670 4448 wbengine - ok
23:25:08.0823 4448 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:25:08.0835 4448 WbioSrvc - ok
23:25:08.0904 4448 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:25:08.0933 4448 wcncsvc - ok
23:25:08.0953 4448 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:25:08.0958 4448 WcsPlugInService - ok
23:25:09.0010 4448 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:25:09.0010 4448 Wd - ok
23:25:09.0076 4448 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:25:09.0102 4448 Wdf01000 - ok
23:25:09.0142 4448 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:25:09.0147 4448 WdiServiceHost - ok
23:25:09.0151 4448 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:25:09.0154 4448 WdiSystemHost - ok
23:25:09.0165 4448 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\Windows\system32\DRIVERS\WDKMD.sys
23:25:09.0166 4448 wdkmd - ok
23:25:09.0214 4448 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:25:09.0225 4448 WebClient - ok
23:25:09.0269 4448 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:25:09.0287 4448 Wecsvc - ok
23:25:09.0301 4448 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:25:09.0305 4448 wercplsupport - ok
23:25:09.0334 4448 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:25:09.0338 4448 WerSvc - ok
23:25:09.0366 4448 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:25:09.0368 4448 WfpLwf - ok
23:25:09.0397 4448 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
23:25:09.0399 4448 WimFltr - ok
23:25:09.0411 4448 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:25:09.0413 4448 WIMMount - ok
23:25:09.0456 4448 WinDefend - ok
23:25:09.0466 4448 WinHttpAutoProxySvc - ok
23:25:09.0527 4448 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:25:09.0537 4448 Winmgmt - ok
23:25:09.0709 4448 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:25:09.0773 4448 WinRM - ok
23:25:09.0972 4448 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:25:09.0974 4448 WinUsb - ok
23:25:10.0060 4448 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:25:10.0100 4448 Wlansvc - ok
23:25:10.0333 4448 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:25:10.0407 4448 wlidsvc - ok
23:25:10.0579 4448 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
23:25:10.0580 4448 WmBEnum - ok
23:25:10.0650 4448 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
23:25:10.0651 4448 WmFilter - ok
23:25:10.0694 4448 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:25:10.0696 4448 WmiAcpi - ok
23:25:10.0753 4448 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:25:10.0765 4448 wmiApSrv - ok
23:25:10.0828 4448 WMPNetworkSvc - ok
23:25:10.0884 4448 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
23:25:10.0885 4448 WmVirHid - ok
23:25:10.0906 4448 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
23:25:10.0907 4448 WmXlCore - ok
23:25:10.0934 4448 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:25:10.0939 4448 WPCSvc - ok
23:25:10.0989 4448 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:25:10.0995 4448 WPDBusEnum - ok
23:25:11.0023 4448 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:25:11.0026 4448 ws2ifsl - ok
23:25:11.0044 4448 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:25:11.0049 4448 wscsvc - ok
23:25:11.0053 4448 WSearch - ok
23:25:11.0225 4448 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:25:11.0299 4448 wuauserv - ok
23:25:11.0459 4448 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:25:11.0462 4448 WudfPf - ok
23:25:11.0485 4448 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:25:11.0499 4448 WUDFRd - ok
23:25:11.0546 4448 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:25:11.0551 4448 wudfsvc - ok
23:25:11.0588 4448 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:25:11.0607 4448 WwanSvc - ok
23:25:11.0679 4448 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
23:25:11.0680 4448 xusb21 - ok
23:25:11.0743 4448 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:25:12.0063 4448 \Device\Harddisk0\DR0 - ok
23:25:12.0069 4448 Boot (0x1200) (72143c2858d9b6fff9beb0ae80057cd2) \Device\Harddisk0\DR0\Partition0
23:25:12.0072 4448 \Device\Harddisk0\DR0\Partition0 - ok
23:25:12.0121 4448 Boot (0x1200) (ad6a0436e50698c6574e3bb4e276070f) \Device\Harddisk0\DR0\Partition1
23:25:12.0123 4448 \Device\Harddisk0\DR0\Partition1 - ok
23:25:12.0124 4448 ============================================================
23:25:12.0124 4448 Scan finished
23:25:12.0124 4448 ============================================================
23:25:12.0134 6680 Detected object count: 1
23:25:12.0135 6680 Actual detected object count: 1
23:25:29.0549 6680 BS_DEF ( ForgedFile.Multi.Generic ) - skipped by user
23:25:29.0549 6680 BS_DEF ( ForgedFile.Multi.Generic ) - User select action: Skip
23:26:24.0965 7012 Deinitialize success

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 30 May 2012 - 01:43 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Yontoo
c:\programdata\Tarma Installer

SecCenter::
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ohwhymewhymeme

ohwhymewhymeme
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 30 May 2012 - 01:46 AM

Alright. I'll be doing that now. Is it okay if I blue screened during that aswMBR scan? Is there something wrong?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 30 May 2012 - 01:52 AM

That happens allot


it checks in very sesitive areas of the computer so it is common


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users