Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef.AB and Sirefef.P Removal


  • This topic is locked This topic is locked
10 replies to this topic

#1 frankth3frizz

frankth3frizz

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 01 June 2012 - 07:42 PM

So these two things keep popping up, I've tried almost every other antivirus and malware removal, even tried deleting it from (C:\Windows\assembly\GAC_32\Desktop.ini and C:\Windows\assembly\GAC_64\Desktop.ini) using hiren. I don't seem to have any "issues" it just I would remove it and then after a couple of hours it'll show up again on MSE. MBAM doesn't detect anything anymore and so does every other scanner. Help?

Hijack This
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:37:38 AM, on 6/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mionix\NAOS 5000 Laser Gaming Mouse\NAOS_Monitor.EXE
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://battlelog.battlefield.com/bf3/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Mionix NAOS 5000] "C:\Program Files (x86)\Mionix\NAOS 5000 Laser Gaming Mouse\NAOS_Monitor.EXE"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Core Temp.lnk = C:\Program Files\Core Temp\Core Temp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: SAMSUNG AllShare Service (AllShare) - Unknown owner - C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iRacing.com Helper Service (iRacingService) - iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730 - C:\Program Files (x86)\iRacing\iRacingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12937 bytes

aswMBR scan
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-01 17:42:22
-----------------------------
17:42:22.679    OS Version: Windows x64 6.1.7601 Service Pack 1
17:42:22.679    Number of processors: 8 586 0x2A07
17:42:22.679    ComputerName: BYRON-PC  UserName: Byron
17:42:22.866    Initialize success
17:42:26.937    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:42:26.938    Disk 0 Vendor: Corsair_ 1.3. Size: 114473MB BusType: 3
17:42:26.939    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
17:42:26.940    Disk 1 Vendor: ST1000DM CC46 Size: 953869MB BusType: 3
17:42:26.941    Disk 0 MBR read successfully
17:42:26.942    Disk 0 MBR scan
17:42:26.943    Disk 0 Windows 7 default MBR code
17:42:26.944    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       114468 MB offset 8192
17:42:26.946    Disk 0 scanning C:\Windows\system32\drivers
17:42:27.462    Service scanning
17:42:29.259    Modules scanning
17:42:29.261    Disk 0 trace - called modules:
17:42:29.265    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
17:42:29.266    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80099ec790]
17:42:29.268    3 CLASSPNP.SYS[fffff88001c5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80087e3050]
17:42:29.270    Scan finished successfully
17:42:41.271    Disk 0 MBR has been saved successfully to "S:\Users\Byron\New folder\MBR.dat"
17:42:41.297    The log file has been saved successfully to "S:\Users\Byron\New folder\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-02 02:38:37
-----------------------------
02:38:37.031    OS Version: Windows x64 6.1.7601 Service Pack 1
02:38:37.031    Number of processors: 8 586 0x2A07
02:38:37.031    ComputerName: BYRON-PC  UserName: Byron
02:38:37.159    Initialize success
02:40:18.126    AVAST engine defs: 12060200
02:41:30.199    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:41:30.200    Disk 0 Vendor: Corsair_ 1.3. Size: 114473MB BusType: 3
02:41:30.201    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
02:41:30.202    Disk 1 Vendor: ST1000DM CC46 Size: 953869MB BusType: 3
02:41:30.204    Disk 0 MBR read successfully
02:41:30.205    Disk 0 MBR scan
02:41:30.207    Disk 0 Windows 7 default MBR code
02:41:30.208    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       114468 MB offset 8192
02:41:30.232    Disk 0 scanning C:\Windows\system32\drivers
02:41:33.200    Service scanning
02:41:41.570    Modules scanning
02:41:41.575    Disk 0 trace - called modules:
02:41:41.587    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
02:41:41.589    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80099e6790]
02:41:41.591    3 CLASSPNP.SYS[fffff88001fb943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80087e2050]
02:41:41.711    AVAST engine scan C:\Windows
02:41:44.022    AVAST engine scan C:\Windows\system32
02:42:53.642    AVAST engine scan C:\Windows\system32\drivers
02:42:57.010    AVAST engine scan C:\Users\Byron
02:43:30.383    AVAST engine scan C:\ProgramData
02:43:51.692    Scan finished successfully
02:44:39.129    Disk 0 MBR has been saved successfully to "S:\Users\Byron\New folder\MBR.dat"
02:44:39.203    The log file has been saved successfully to "S:\Users\Byron\New folder\aswMBR.txt"



MBAM
MBAM DIDNT FIND ANYTHING

GMER LOG:
GMER DIDN'T FIND ANYTHING

TDSS lOG:
02:50:15.0275 6000	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
02:50:15.0702 6000	============================================================
02:50:15.0702 6000	Current date / time: 2012/06/02 02:50:15.0702
02:50:15.0702 6000	SystemInfo:
02:50:15.0702 6000	
02:50:15.0702 6000	OS Version: 6.1.7601 ServicePack: 1.0
02:50:15.0702 6000	Product type: Workstation
02:50:15.0702 6000	ComputerName: BYRON-PC
02:50:15.0702 6000	UserName: Byron
02:50:15.0702 6000	Windows directory: C:\Windows
02:50:15.0702 6000	System windows directory: C:\Windows
02:50:15.0702 6000	Running under WOW64
02:50:15.0702 6000	Processor architecture: Intel x64
02:50:15.0702 6000	Number of processors: 8
02:50:15.0702 6000	Page size: 0x1000
02:50:15.0702 6000	Boot type: Normal boot
02:50:15.0702 6000	============================================================
02:50:15.0822 6000	Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:50:16.0063 6000	Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:50:16.0102 6000	============================================================
02:50:16.0102 6000	\Device\Harddisk0\DR0:
02:50:16.0103 6000	MBR partitions:
02:50:16.0103 6000	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000, BlocksNum 0xDF92000
02:50:16.0103 6000	\Device\Harddisk1\DR1:
02:50:16.0103 6000	MBR partitions:
02:50:16.0103 6000	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
02:50:16.0103 6000	============================================================
02:50:16.0104 6000	C: <-> \Device\Harddisk0\DR0\Partition0
02:50:16.0120 6000	S: <-> \Device\Harddisk1\DR1\Partition0
02:50:16.0120 6000	============================================================
02:50:16.0120 6000	Initialize success
02:50:16.0120 6000	============================================================
02:50:20.0664 5860	============================================================
02:50:20.0664 5860	Scan started
02:50:20.0664 5860	Mode: Manual; SigCheck; TDLFS; 
02:50:20.0664 5860	============================================================
02:50:20.0799 5860	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
02:50:20.0830 5860	1394ohci - ok
02:50:20.0838 5860	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:50:20.0846 5860	ACPI - ok
02:50:20.0847 5860	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:50:20.0853 5860	AcpiPmi - ok
02:50:20.0858 5860	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:50:20.0862 5860	AdobeARMservice - ok
02:50:20.0878 5860	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:50:20.0883 5860	AdobeFlashPlayerUpdateSvc - ok
02:50:20.0893 5860	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
02:50:20.0901 5860	adp94xx - ok
02:50:20.0908 5860	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
02:50:20.0915 5860	adpahci - ok
02:50:20.0919 5860	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
02:50:20.0925 5860	adpu320 - ok
02:50:20.0928 5860	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:50:20.0944 5860	AeLookupSvc - ok
02:50:20.0954 5860	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
02:50:20.0961 5860	AFD - ok
02:50:20.0963 5860	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:50:20.0968 5860	agp440 - ok
02:50:20.0971 5860	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:50:20.0976 5860	ALG - ok
02:50:20.0978 5860	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:50:20.0982 5860	aliide - ok
02:50:21.0083 5860	AllShare        (aaa1f9d4cf4c976c21bca8afa2bae6a4) C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
02:50:21.0121 5860	AllShare ( UnsignedFile.Multi.Generic ) - warning
02:50:21.0121 5860	AllShare - detected UnsignedFile.Multi.Generic (1)
02:50:21.0127 5860	ALSysIO - ok
02:50:21.0143 5860	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
02:50:21.0151 5860	AMD External Events Utility - ok
02:50:21.0155 5860	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:50:21.0159 5860	amdide - ok
02:50:21.0162 5860	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
02:50:21.0167 5860	AmdK8 - ok
02:50:21.0333 5860	amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
02:50:21.0395 5860	amdkmdag - ok
02:50:21.0414 5860	amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
02:50:21.0422 5860	amdkmdap - ok
02:50:21.0424 5860	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
02:50:21.0429 5860	AmdPPM - ok
02:50:21.0432 5860	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:50:21.0438 5860	amdsata - ok
02:50:21.0442 5860	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
02:50:21.0448 5860	amdsbs - ok
02:50:21.0450 5860	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:50:21.0455 5860	amdxata - ok
02:50:21.0458 5860	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:50:21.0473 5860	AppID - ok
02:50:21.0475 5860	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:50:21.0491 5860	AppIDSvc - ok
02:50:21.0493 5860	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
02:50:21.0509 5860	Appinfo - ok
02:50:21.0513 5860	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:50:21.0517 5860	Apple Mobile Device - ok
02:50:21.0520 5860	AppleCharger    (6be11ad81d4527d299f0cb5f3731aabc) C:\Windows\system32\DRIVERS\AppleCharger.sys
02:50:21.0546 5860	AppleCharger - ok
02:50:21.0548 5860	AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\Windows\system32\AppleChargerSrv.exe
02:50:21.0565 5860	AppleChargerSrv - ok
02:50:21.0570 5860	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
02:50:21.0576 5860	AppMgmt - ok
02:50:21.0579 5860	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
02:50:21.0584 5860	arc - ok
02:50:21.0587 5860	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
02:50:21.0592 5860	arcsas - ok
02:50:21.0599 5860	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:50:21.0603 5860	aspnet_state - ok
02:50:21.0605 5860	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:50:21.0620 5860	AsyncMac - ok
02:50:21.0622 5860	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:50:21.0626 5860	atapi - ok
02:50:21.0630 5860	AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
02:50:21.0635 5860	AtiHDAudioService - ok
02:50:21.0650 5860	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:50:21.0668 5860	AudioEndpointBuilder - ok
02:50:21.0671 5860	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:50:21.0689 5860	AudioSrv - ok
02:50:21.0694 5860	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
02:50:21.0702 5860	AxInstSV - ok
02:50:21.0711 5860	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
02:50:21.0719 5860	b06bdrv - ok
02:50:21.0725 5860	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:50:21.0731 5860	b57nd60a - ok
02:50:21.0735 5860	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:50:21.0740 5860	BDESVC - ok
02:50:21.0742 5860	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:50:21.0757 5860	Beep - ok
02:50:21.0773 5860	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
02:50:21.0791 5860	BFE - ok
02:50:21.0807 5860	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
02:50:21.0826 5860	BITS - ok
02:50:21.0831 5860	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:50:21.0835 5860	blbdrive - ok
02:50:21.0844 5860	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
02:50:21.0850 5860	Bonjour Service - ok
02:50:21.0854 5860	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:50:21.0858 5860	bowser - ok
02:50:21.0860 5860	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
02:50:21.0866 5860	BrFiltLo - ok
02:50:21.0867 5860	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
02:50:21.0873 5860	BrFiltUp - ok
02:50:21.0876 5860	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
02:50:21.0892 5860	BridgeMP - ok
02:50:21.0896 5860	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
02:50:21.0912 5860	Browser - ok
02:50:21.0917 5860	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:50:21.0924 5860	Brserid - ok
02:50:21.0926 5860	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:50:21.0932 5860	BrSerWdm - ok
02:50:21.0934 5860	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:50:21.0940 5860	BrUsbMdm - ok
02:50:21.0941 5860	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:50:21.0946 5860	BrUsbSer - ok
02:50:21.0949 5860	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
02:50:21.0956 5860	BTHMODEM - ok
02:50:21.0959 5860	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:50:21.0975 5860	bthserv - ok
02:50:21.0978 5860	catchme - ok
02:50:21.0982 5860	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:50:21.0998 5860	cdfs - ok
02:50:22.0001 5860	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
02:50:22.0006 5860	cdrom - ok
02:50:22.0010 5860	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:50:22.0025 5860	CertPropSvc - ok
02:50:22.0027 5860	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
02:50:22.0034 5860	circlass - ok
02:50:22.0042 5860	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:50:22.0050 5860	CLFS - ok
02:50:22.0054 5860	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:50:22.0058 5860	clr_optimization_v2.0.50727_32 - ok
02:50:22.0062 5860	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:50:22.0066 5860	clr_optimization_v2.0.50727_64 - ok
02:50:22.0072 5860	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:50:22.0077 5860	clr_optimization_v4.0.30319_32 - ok
02:50:22.0083 5860	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:50:22.0087 5860	clr_optimization_v4.0.30319_64 - ok
02:50:22.0089 5860	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
02:50:22.0094 5860	CmBatt - ok
02:50:22.0096 5860	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:50:22.0100 5860	cmdide - ok
02:50:22.0111 5860	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
02:50:22.0124 5860	CNG - ok
02:50:22.0126 5860	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
02:50:22.0130 5860	Compbatt - ok
02:50:22.0132 5860	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
02:50:22.0138 5860	CompositeBus - ok
02:50:22.0139 5860	COMSysApp - ok
02:50:22.0156 5860	cphs            (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe
02:50:22.0162 5860	cphs - ok
02:50:22.0164 5860	cpudrv64 - ok
02:50:22.0169 5860	cpuz134 - ok
02:50:22.0172 5860	cpuz135         (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys
02:50:22.0175 5860	cpuz135 - ok
02:50:22.0177 5860	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
02:50:22.0181 5860	crcdisk - ok
02:50:22.0183 5860	crqwrzkr - ok
02:50:22.0189 5860	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
02:50:22.0204 5860	CryptSvc - ok
02:50:22.0213 5860	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
02:50:22.0220 5860	CSC - ok
02:50:22.0231 5860	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
02:50:22.0239 5860	CscService - ok
02:50:22.0251 5860	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:50:22.0269 5860	DcomLaunch - ok
02:50:22.0276 5860	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:50:22.0294 5860	defragsvc - ok
02:50:22.0296 5860	DES2 Service - ok
02:50:22.0302 5860	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:50:22.0317 5860	DfsC - ok
02:50:22.0325 5860	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
02:50:22.0341 5860	Dhcp - ok
02:50:22.0343 5860	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:50:22.0360 5860	discache - ok
02:50:22.0363 5860	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
02:50:22.0368 5860	Disk - ok
02:50:22.0370 5860	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
02:50:22.0375 5860	dmvsc - ok
02:50:22.0380 5860	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
02:50:22.0385 5860	Dnscache - ok
02:50:22.0390 5860	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
02:50:22.0407 5860	dot3svc - ok
02:50:22.0412 5860	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
02:50:22.0428 5860	DPS - ok
02:50:22.0429 5860	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:50:22.0435 5860	drmkaud - ok
02:50:22.0458 5860	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:50:22.0469 5860	DXGKrnl - ok
02:50:22.0470 5860	EagleX64 - ok
02:50:22.0474 5860	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:50:22.0490 5860	EapHost - ok
02:50:22.0538 5860	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
02:50:22.0565 5860	ebdrv - ok
02:50:22.0577 5860	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
02:50:22.0581 5860	EFS - ok
02:50:22.0593 5860	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
02:50:22.0601 5860	ehRecvr - ok
02:50:22.0604 5860	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:50:22.0609 5860	ehSched - ok
02:50:22.0613 5860	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
02:50:22.0617 5860	ElbyCDIO - ok
02:50:22.0627 5860	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
02:50:22.0636 5860	elxstor - ok
02:50:22.0638 5860	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:50:22.0642 5860	ErrDev - ok
02:50:22.0646 5860	etdrv           (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
02:50:22.0649 5860	etdrv - ok
02:50:22.0652 5860	EtronHub3       (db6aec32faf5bd002d9ed6c38692d42b) C:\Windows\system32\Drivers\EtronHub3.sys
02:50:22.0656 5860	EtronHub3 - ok
02:50:22.0658 5860	EtronXHCI       (9cc2f24274741e12f9df92125ea6d6d8) C:\Windows\system32\Drivers\EtronXHCI.sys
02:50:22.0662 5860	EtronXHCI - ok
02:50:22.0673 5860	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:50:22.0690 5860	EventSystem - ok
02:50:22.0695 5860	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:50:22.0711 5860	exfat - ok
02:50:22.0716 5860	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:50:22.0733 5860	fastfat - ok
02:50:22.0745 5860	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
02:50:22.0753 5860	Fax - ok
02:50:22.0755 5860	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
02:50:22.0760 5860	fdc - ok
02:50:22.0762 5860	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:50:22.0778 5860	fdPHost - ok
02:50:22.0780 5860	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:50:22.0795 5860	FDResPub - ok
02:50:22.0798 5860	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:50:22.0803 5860	FileInfo - ok
02:50:22.0805 5860	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:50:22.0820 5860	Filetrace - ok
02:50:22.0822 5860	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
02:50:22.0827 5860	flpydisk - ok
02:50:22.0833 5860	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:50:22.0839 5860	FltMgr - ok
02:50:22.0861 5860	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
02:50:22.0871 5860	FontCache - ok
02:50:22.0874 5860	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:50:22.0878 5860	FontCache3.0.0.0 - ok
02:50:22.0882 5860	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:50:22.0887 5860	FsDepends - ok
02:50:22.0888 5860	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
02:50:22.0892 5860	Fs_Rec - ok
02:50:22.0897 5860	Futuremark SystemInfo Service (ae6f0a6562d3eccd613de1fd8612ac4e) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
02:50:22.0901 5860	Futuremark SystemInfo Service - ok
02:50:22.0907 5860	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:50:22.0915 5860	fvevol - ok
02:50:22.0917 5860	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
02:50:22.0922 5860	gagp30kx - ok
02:50:22.0924 5860	gdrv            (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
02:50:22.0928 5860	gdrv - ok
02:50:22.0930 5860	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:50:22.0933 5860	GEARAspiWDM - ok
02:50:22.0936 5860	gpmgdzjc        (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\gpmgdzjc.sys
02:50:22.0940 5860	gpmgdzjc - ok
02:50:22.0955 5860	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
02:50:22.0974 5860	gpsvc - ok
02:50:22.0979 5860	GPU-Z - ok
02:50:22.0984 5860	Gun             (721ce1551f8198714f3cabfe2147939b) C:\Program Files (x86)\Game\SoftnyxGame\GunBoundIS\Gun64.sys
02:50:22.0987 5860	Gun - ok
02:50:22.0990 5860	GVTDrv64        (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
02:50:22.0994 5860	GVTDrv64 - ok
02:50:22.0996 5860	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:50:23.0001 5860	hcw85cir - ok
02:50:23.0007 5860	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
02:50:23.0015 5860	HdAudAddService - ok
02:50:23.0019 5860	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:50:23.0025 5860	HDAudBus - ok
02:50:23.0027 5860	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
02:50:23.0032 5860	HidBatt - ok
02:50:23.0035 5860	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
02:50:23.0041 5860	HidBth - ok
02:50:23.0043 5860	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
02:50:23.0050 5860	HidIr - ok
02:50:23.0052 5860	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
02:50:23.0067 5860	hidserv - ok
02:50:23.0069 5860	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
02:50:23.0074 5860	HidUsb - ok
02:50:23.0077 5860	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
02:50:23.0092 5860	hkmsvc - ok
02:50:23.0098 5860	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
02:50:23.0104 5860	HomeGroupListener - ok
02:50:23.0109 5860	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
02:50:23.0115 5860	HomeGroupProvider - ok
02:50:23.0118 5860	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:50:23.0123 5860	HpSAMD - ok
02:50:23.0138 5860	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:50:23.0156 5860	HTTP - ok
02:50:23.0158 5860	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:50:23.0162 5860	hwpolicy - ok
02:50:23.0166 5860	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
02:50:23.0172 5860	i8042prt - ok
02:50:23.0182 5860	iaStor          (8180a2392e732e8871589b54fab6991f) C:\Windows\system32\DRIVERS\iaStor.sys
02:50:23.0189 5860	iaStor - ok
02:50:23.0193 5860	IAStorDataMgrSvc (17125b7d2f56b4b35441561c780c2ccb) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
02:50:23.0196 5860	IAStorDataMgrSvc - ok
02:50:23.0204 5860	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:50:23.0212 5860	iaStorV - ok
02:50:23.0215 5860	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:50:23.0217 5860	IDriverT ( UnsignedFile.Multi.Generic ) - warning
02:50:23.0217 5860	IDriverT - detected UnsignedFile.Multi.Generic (1)
02:50:23.0231 5860	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:50:23.0240 5860	idsvc - ok
02:50:23.0447 5860	igfx            (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys
02:50:23.0557 5860	igfx - ok
02:50:23.0574 5860	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
02:50:23.0579 5860	iirsp - ok
02:50:23.0595 5860	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
02:50:23.0614 5860	IKEEXT - ok
02:50:23.0669 5860	IntcAzAudAddService (98f4e841ea43ed5a442f0dc60cab4326) C:\Windows\system32\drivers\RTKVHD64.sys
02:50:23.0695 5860	IntcAzAudAddService - ok
02:50:23.0713 5860	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
02:50:23.0719 5860	IntcDAud - ok
02:50:23.0721 5860	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:50:23.0725 5860	intelide - ok
02:50:23.0728 5860	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:50:23.0733 5860	intelppm - ok
02:50:23.0735 5860	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:50:23.0752 5860	IPBusEnum - ok
02:50:23.0754 5860	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:50:23.0770 5860	IpFilterDriver - ok
02:50:23.0781 5860	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
02:50:23.0798 5860	iphlpsvc - ok
02:50:23.0801 5860	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:50:23.0806 5860	IPMIDRV - ok
02:50:23.0810 5860	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:50:23.0826 5860	IPNAT - ok
02:50:23.0842 5860	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
02:50:23.0851 5860	iPod Service - ok
02:50:23.0862 5860	iRacingService  (280251f98811a263bbd80ca80ea8c212) C:\Program Files (x86)\iRacing\iRacingService.exe
02:50:23.0869 5860	iRacingService - ok
02:50:23.0882 5860	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:50:23.0889 5860	IRENUM - ok
02:50:23.0891 5860	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:50:23.0895 5860	isapnp - ok
02:50:23.0901 5860	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:50:23.0908 5860	iScsiPrt - ok
02:50:23.0911 5860	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
02:50:23.0915 5860	kbdclass - ok
02:50:23.0917 5860	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
02:50:23.0922 5860	kbdhid - ok
02:50:23.0924 5860	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:50:23.0928 5860	KeyIso - ok
02:50:23.0931 5860	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
02:50:23.0936 5860	KSecDD - ok
02:50:23.0940 5860	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
02:50:23.0946 5860	KSecPkg - ok
02:50:23.0947 5860	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:50:23.0963 5860	ksthunk - ok
02:50:23.0970 5860	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:50:23.0988 5860	KtmRm - ok
02:50:23.0994 5860	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
02:50:24.0011 5860	LanmanServer - ok
02:50:24.0015 5860	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
02:50:24.0031 5860	LanmanWorkstation - ok
02:50:24.0034 5860	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:50:24.0050 5860	lltdio - ok
02:50:24.0056 5860	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:50:24.0074 5860	lltdsvc - ok
02:50:24.0076 5860	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:50:24.0092 5860	lmhosts - ok
02:50:24.0096 5860	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
02:50:24.0101 5860	LSI_FC - ok
02:50:24.0105 5860	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
02:50:24.0110 5860	LSI_SAS - ok
02:50:24.0112 5860	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
02:50:24.0117 5860	LSI_SAS2 - ok
02:50:24.0121 5860	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
02:50:24.0126 5860	LSI_SCSI - ok
02:50:24.0129 5860	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:50:24.0145 5860	luafv - ok
02:50:24.0147 5860	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
02:50:24.0151 5860	MBAMProtector - ok
02:50:24.0164 5860	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
02:50:24.0172 5860	MBAMService - ok
02:50:24.0175 5860	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
02:50:24.0180 5860	Mcx2Svc - ok
02:50:24.0182 5860	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
02:50:24.0187 5860	megasas - ok
02:50:24.0195 5860	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
02:50:24.0202 5860	MegaSR - ok
02:50:24.0204 5860	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
02:50:24.0208 5860	MEIx64 - ok
02:50:24.0212 5860	Microsoft SharePoint Workspace Audit Service - ok
02:50:24.0215 5860	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:50:24.0231 5860	MMCSS - ok
02:50:24.0233 5860	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:50:24.0248 5860	Modem - ok
02:50:24.0250 5860	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:50:24.0256 5860	monitor - ok
02:50:24.0258 5860	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:50:24.0262 5860	mouclass - ok
02:50:24.0264 5860	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:50:24.0269 5860	mouhid - ok
02:50:24.0272 5860	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:50:24.0277 5860	mountmgr - ok
02:50:24.0282 5860	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
02:50:24.0287 5860	MpFilter - ok
02:50:24.0291 5860	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:50:24.0297 5860	mpio - ok
02:50:24.0300 5860	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:50:24.0315 5860	mpsdrv - ok
02:50:24.0335 5860	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
02:50:24.0355 5860	MpsSvc - ok
02:50:24.0359 5860	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:50:24.0367 5860	MRxDAV - ok
02:50:24.0371 5860	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:50:24.0378 5860	mrxsmb - ok
02:50:24.0386 5860	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:50:24.0392 5860	mrxsmb10 - ok
02:50:24.0396 5860	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:50:24.0400 5860	mrxsmb20 - ok
02:50:24.0402 5860	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:50:24.0407 5860	msahci - ok
02:50:24.0411 5860	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:50:24.0417 5860	msdsm - ok
02:50:24.0421 5860	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:50:24.0428 5860	MSDTC - ok
02:50:24.0431 5860	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:50:24.0446 5860	Msfs - ok
02:50:24.0448 5860	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:50:24.0463 5860	mshidkmdf - ok
02:50:24.0465 5860	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:50:24.0469 5860	msisadrv - ok
02:50:24.0473 5860	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:50:24.0490 5860	MSiSCSI - ok
02:50:24.0491 5860	msiserver - ok
02:50:24.0494 5860	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:50:24.0509 5860	MSKSSRV - ok
02:50:24.0512 5860	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
02:50:24.0517 5860	MsMpSvc - ok
02:50:24.0518 5860	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:50:24.0533 5860	MSPCLOCK - ok
02:50:24.0535 5860	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:50:24.0550 5860	MSPQM - ok
02:50:24.0558 5860	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:50:24.0566 5860	MsRPC - ok
02:50:24.0569 5860	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
02:50:24.0573 5860	mssmbios - ok
02:50:24.0574 5860	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:50:24.0591 5860	MSTEE - ok
02:50:24.0592 5860	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
02:50:24.0597 5860	MTConfig - ok
02:50:24.0600 5860	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:50:24.0605 5860	Mup - ok
02:50:24.0611 5860	mvs91xx         (a986dc81534582fa478c286e8f57a877) C:\Windows\system32\DRIVERS\mvs91xx.sys
02:50:24.0618 5860	mvs91xx - ok
02:50:24.0627 5860	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
02:50:24.0645 5860	napagent - ok
02:50:24.0652 5860	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:50:24.0661 5860	NativeWifiP - ok
02:50:24.0683 5860	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
02:50:24.0698 5860	NDIS - ok
02:50:24.0700 5860	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:50:24.0716 5860	NdisCap - ok
02:50:24.0719 5860	ndisrd          (8dc4cf52e4ba1c85edef32a8f9444eda) C:\Windows\system32\DRIVERS\ndisrd.sys
02:50:24.0722 5860	ndisrd - ok
02:50:24.0724 5860	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:50:24.0740 5860	NdisTapi - ok
02:50:24.0742 5860	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:50:24.0757 5860	Ndisuio - ok
02:50:24.0762 5860	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:50:24.0777 5860	NdisWan - ok
02:50:24.0779 5860	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:50:24.0794 5860	NDProxy - ok
02:50:24.0797 5860	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:50:24.0812 5860	NetBIOS - ok
02:50:24.0819 5860	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:50:24.0835 5860	NetBT - ok
02:50:24.0837 5860	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:50:24.0841 5860	Netlogon - ok
02:50:24.0850 5860	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:50:24.0867 5860	Netman - ok
02:50:24.0875 5860	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:50:24.0879 5860	NetMsmqActivator - ok
02:50:24.0880 5860	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:50:24.0884 5860	NetPipeActivator - ok
02:50:24.0895 5860	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:50:24.0912 5860	netprofm - ok
02:50:24.0914 5860	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:50:24.0919 5860	NetTcpActivator - ok
02:50:24.0920 5860	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:50:24.0924 5860	NetTcpPortSharing - ok
02:50:24.0929 5860	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
02:50:24.0934 5860	nfrd960 - ok
02:50:24.0937 5860	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
02:50:24.0941 5860	NisDrv - ok
02:50:24.0948 5860	NisSrv          (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
02:50:24.0954 5860	NisSrv - ok
02:50:24.0962 5860	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
02:50:24.0979 5860	NlaSvc - ok
02:50:24.0981 5860	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:50:24.0996 5860	Npfs - ok
02:50:24.0998 5860	npggsvc - ok
02:50:25.0001 5860	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:50:25.0016 5860	nsi - ok
02:50:25.0018 5860	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:50:25.0034 5860	nsiproxy - ok
02:50:25.0060 5860	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:50:25.0079 5860	Ntfs - ok
02:50:25.0093 5860	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:50:25.0108 5860	Null - ok
02:50:25.0112 5860	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:50:25.0117 5860	nvraid - ok
02:50:25.0121 5860	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:50:25.0127 5860	nvstor - ok
02:50:25.0130 5860	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:50:25.0135 5860	nv_agp - ok
02:50:25.0138 5860	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:50:25.0143 5860	ohci1394 - ok
02:50:25.0148 5860	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:50:25.0152 5860	ose - ok
02:50:25.0243 5860	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:50:25.0282 5860	osppsvc - ok
02:50:25.0300 5860	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:50:25.0306 5860	p2pimsvc - ok
02:50:25.0316 5860	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:50:25.0323 5860	p2psvc - ok
02:50:25.0327 5860	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
02:50:25.0332 5860	Parport - ok
02:50:25.0335 5860	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
02:50:25.0340 5860	partmgr - ok
02:50:25.0345 5860	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:50:25.0353 5860	PcaSvc - ok
02:50:25.0358 5860	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:50:25.0364 5860	pci - ok
02:50:25.0366 5860	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:50:25.0370 5860	pciide - ok
02:50:25.0376 5860	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
02:50:25.0382 5860	pcmcia - ok
02:50:25.0384 5860	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:50:25.0389 5860	pcw - ok
02:50:25.0403 5860	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:50:25.0422 5860	PEAUTH - ok
02:50:25.0443 5860	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
02:50:25.0457 5860	PeerDistSvc - ok
02:50:25.0471 5860	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:50:25.0476 5860	PerfHost - ok
02:50:25.0512 5860	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
02:50:25.0539 5860	pla - ok
02:50:25.0547 5860	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
02:50:25.0553 5860	PlugPlay - ok
02:50:25.0555 5860	PnkBstrA - ok
02:50:25.0557 5860	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:50:25.0563 5860	PNRPAutoReg - ok
02:50:25.0570 5860	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:50:25.0576 5860	PNRPsvc - ok
02:50:25.0586 5860	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
02:50:25.0603 5860	PolicyAgent - ok
02:50:25.0609 5860	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:50:25.0626 5860	Power - ok
02:50:25.0632 5860	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:50:25.0647 5860	PptpMiniport - ok
02:50:25.0650 5860	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
02:50:25.0655 5860	Processor - ok
02:50:25.0661 5860	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
02:50:25.0677 5860	ProfSvc - ok
02:50:25.0681 5860	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:50:25.0686 5860	ProtectedStorage - ok
02:50:25.0690 5860	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:50:25.0706 5860	Psched - ok
02:50:25.0731 5860	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
02:50:25.0748 5860	ql2300 - ok
02:50:25.0764 5860	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
02:50:25.0769 5860	ql40xx - ok
02:50:25.0775 5860	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:50:25.0784 5860	QWAVE - ok
02:50:25.0787 5860	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:50:25.0794 5860	QWAVEdrv - ok
02:50:25.0795 5860	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:50:25.0811 5860	RasAcd - ok
02:50:25.0814 5860	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:50:25.0829 5860	RasAgileVpn - ok
02:50:25.0833 5860	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:50:25.0849 5860	RasAuto - ok
02:50:25.0853 5860	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:50:25.0869 5860	Rasl2tp - ok
02:50:25.0878 5860	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
02:50:25.0894 5860	RasMan - ok
02:50:25.0897 5860	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:50:25.0913 5860	RasPppoe - ok
02:50:25.0916 5860	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:50:25.0932 5860	RasSstp - ok
02:50:25.0940 5860	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:50:25.0956 5860	rdbss - ok
02:50:25.0958 5860	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:50:25.0964 5860	rdpbus - ok
02:50:25.0965 5860	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:50:25.0981 5860	RDPCDD - ok
02:50:25.0985 5860	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
02:50:25.0991 5860	RDPDR - ok
02:50:25.0992 5860	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:50:26.0007 5860	RDPENCDD - ok
02:50:26.0009 5860	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:50:26.0024 5860	RDPREFMP - ok
02:50:26.0029 5860	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
02:50:26.0035 5860	RDPWD - ok
02:50:26.0040 5860	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:50:26.0047 5860	rdyboost - ok
02:50:26.0051 5860	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:50:26.0067 5860	RemoteAccess - ok
02:50:26.0071 5860	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:50:26.0088 5860	RemoteRegistry - ok
02:50:26.0097 5860	RichVideo64     (0b169fe016039571ecc6db70073f8979) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
02:50:26.0102 5860	RichVideo64 - ok
02:50:26.0106 5860	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:50:26.0122 5860	RpcEptMapper - ok
02:50:26.0124 5860	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:50:26.0129 5860	RpcLocator - ok
02:50:26.0140 5860	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
02:50:26.0157 5860	RpcSs - ok
02:50:26.0164 5860	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:50:26.0179 5860	rspndr - ok
02:50:26.0182 5860	RTCore64        (4b60ef388071e0baf299496e3d6590ae) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
02:50:26.0186 5860	RTCore64 - ok
02:50:26.0195 5860	RTL8167         (0039de6a0a1293889a3f21ecc473263d) C:\Windows\system32\DRIVERS\Rt64win7.sys
02:50:26.0202 5860	RTL8167 - ok
02:50:26.0204 5860	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
02:50:26.0208 5860	s3cap - ok
02:50:26.0210 5860	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:50:26.0215 5860	SamSs - ok
02:50:26.0218 5860	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:50:26.0223 5860	sbp2port - ok
02:50:26.0228 5860	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:50:26.0245 5860	SCardSvr - ok
02:50:26.0248 5860	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:50:26.0263 5860	scfilter - ok
02:50:26.0284 5860	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
02:50:26.0305 5860	Schedule - ok
02:50:26.0308 5860	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:50:26.0323 5860	SCPolicySvc - ok
02:50:26.0328 5860	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
02:50:26.0335 5860	SDRSVC - ok
02:50:26.0339 5860	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:50:26.0354 5860	secdrv - ok
02:50:26.0356 5860	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
02:50:26.0372 5860	seclogon - ok
02:50:26.0374 5860	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
02:50:26.0390 5860	SENS - ok
02:50:26.0393 5860	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:50:26.0399 5860	SensrSvc - ok
02:50:26.0404 5860	Ser2ph          (de3135e7ed559fc1c1b92aa7ba52ccdb) C:\Windows\system32\DRIVERS\ser2ph64.sys
02:50:26.0409 5860	Ser2ph - ok
02:50:26.0411 5860	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:50:26.0416 5860	Serenum - ok
02:50:26.0419 5860	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:50:26.0424 5860	Serial - ok
02:50:26.0426 5860	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
02:50:26.0434 5860	sermouse - ok
02:50:26.0439 5860	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
02:50:26.0455 5860	SessionEnv - ok
02:50:26.0456 5860	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:50:26.0463 5860	sffdisk - ok
02:50:26.0464 5860	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:50:26.0470 5860	sffp_mmc - ok
02:50:26.0472 5860	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:50:26.0478 5860	sffp_sd - ok
02:50:26.0479 5860	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
02:50:26.0485 5860	sfloppy - ok
02:50:26.0493 5860	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
02:50:26.0510 5860	SharedAccess - ok
02:50:26.0517 5860	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
02:50:26.0534 5860	ShellHWDetection - ok
02:50:26.0537 5860	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
02:50:26.0541 5860	SiSRaid2 - ok
02:50:26.0544 5860	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
02:50:26.0549 5860	SiSRaid4 - ok
02:50:26.0555 5860	SkypeUpdate     (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
02:50:26.0559 5860	SkypeUpdate - ok
02:50:26.0562 5860	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:50:26.0578 5860	Smb - ok
02:50:26.0582 5860	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:50:26.0587 5860	SNMPTRAP - ok
02:50:26.0589 5860	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:50:26.0593 5860	spldr - ok
02:50:26.0606 5860	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
02:50:26.0624 5860	Spooler - ok
02:50:26.0698 5860	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
02:50:26.0732 5860	sppsvc - ok
02:50:26.0744 5860	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:50:26.0761 5860	sppuinotify - ok
02:50:26.0773 5860	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:50:26.0779 5860	srv - ok
02:50:26.0789 5860	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:50:26.0795 5860	srv2 - ok
02:50:26.0799 5860	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:50:26.0804 5860	srvnet - ok
02:50:26.0810 5860	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:50:26.0826 5860	SSDPSRV - ok
02:50:26.0829 5860	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:50:26.0845 5860	SstpSvc - ok
02:50:26.0848 5860	Steam Client Service - ok
02:50:26.0851 5860	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
02:50:26.0856 5860	stexstor - ok
02:50:26.0869 5860	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
02:50:26.0879 5860	stisvc - ok
02:50:26.0881 5860	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
02:50:26.0886 5860	storflt - ok
02:50:26.0888 5860	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
02:50:26.0893 5860	StorSvc - ok
02:50:26.0895 5860	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
02:50:26.0899 5860	storvsc - ok
02:50:26.0901 5860	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
02:50:26.0905 5860	swenum - ok
02:50:26.0915 5860	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
02:50:26.0922 5860	SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
02:50:26.0922 5860	SwitchBoard - detected UnsignedFile.Multi.Generic (1)
02:50:26.0932 5860	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:50:26.0952 5860	swprv - ok
02:50:26.0984 5860	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
02:50:27.0000 5860	SysMain - ok
02:50:27.0013 5860	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
02:50:27.0021 5860	TabletInputService - ok
02:50:27.0028 5860	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
02:50:27.0045 5860	TapiSrv - ok
02:50:27.0047 5860	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:50:27.0063 5860	TBS - ok
02:50:27.0095 5860	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
02:50:27.0116 5860	Tcpip - ok
02:50:27.0156 5860	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
02:50:27.0174 5860	TCPIP6 - ok
02:50:27.0187 5860	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:50:27.0202 5860	tcpipreg - ok
02:50:27.0204 5860	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:50:27.0209 5860	TDPIPE - ok
02:50:27.0211 5860	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
02:50:27.0215 5860	TDTCP - ok
02:50:27.0218 5860	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:50:27.0233 5860	tdx - ok
02:50:27.0236 5860	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
02:50:27.0241 5860	TermDD - ok
02:50:27.0253 5860	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
02:50:27.0272 5860	TermService - ok
02:50:27.0274 5860	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:50:27.0282 5860	Themes - ok
02:50:27.0285 5860	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:50:27.0300 5860	THREADORDER - ok
02:50:27.0304 5860	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:50:27.0320 5860	TrkWks - ok
02:50:27.0325 5860	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
02:50:27.0341 5860	TrustedInstaller - ok
02:50:27.0343 5860	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:50:27.0359 5860	tssecsrv - ok
02:50:27.0361 5860	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:50:27.0366 5860	TsUsbFlt - ok
02:50:27.0368 5860	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
02:50:27.0373 5860	TsUsbGD - ok
02:50:27.0377 5860	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:50:27.0392 5860	tunnel - ok
02:50:27.0394 5860	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
02:50:27.0399 5860	uagp35 - ok
02:50:27.0407 5860	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:50:27.0425 5860	udfs - ok
02:50:27.0428 5860	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:50:27.0434 5860	UI0Detect - ok
02:50:27.0437 5860	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:50:27.0442 5860	uliagpkx - ok
02:50:27.0444 5860	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
02:50:27.0449 5860	umbus - ok
02:50:27.0451 5860	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
02:50:27.0455 5860	UmPass - ok
02:50:27.0460 5860	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
02:50:27.0466 5860	UmRdpService - ok
02:50:27.0475 5860	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:50:27.0492 5860	upnphost - ok
02:50:27.0495 5860	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
02:50:27.0499 5860	USBAAPL64 - ok
02:50:27.0503 5860	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
02:50:27.0510 5860	usbaudio - ok
02:50:27.0513 5860	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
02:50:27.0518 5860	usbccgp - ok
02:50:27.0521 5860	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:50:27.0527 5860	usbcir - ok
02:50:27.0529 5860	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
02:50:27.0534 5860	usbehci - ok
02:50:27.0540 5860	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
02:50:27.0546 5860	usbhub - ok
02:50:27.0548 5860	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
02:50:27.0553 5860	usbohci - ok
02:50:27.0555 5860	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
02:50:27.0561 5860	usbprint - ok
02:50:27.0564 5860	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:50:27.0569 5860	USBSTOR - ok
02:50:27.0570 5860	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
02:50:27.0575 5860	usbuhci - ok
02:50:27.0580 5860	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
02:50:27.0586 5860	usbvideo - ok
02:50:27.0588 5860	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:50:27.0604 5860	UxSms - ok
02:50:27.0606 5860	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:50:27.0611 5860	VaultSvc - ok
02:50:27.0613 5860	VClone          (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
02:50:27.0617 5860	VClone - ok
02:50:27.0619 5860	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:50:27.0624 5860	vdrvroot - ok
02:50:27.0635 5860	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
02:50:27.0655 5860	vds - ok
02:50:27.0657 5860	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:50:27.0664 5860	vga - ok
02:50:27.0666 5860	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:50:27.0681 5860	VgaSave - ok
02:50:27.0686 5860	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
02:50:27.0693 5860	vhdmp - ok
02:50:27.0695 5860	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:50:27.0699 5860	viaide - ok
02:50:27.0706 5860	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
02:50:27.0712 5860	vmbus - ok
02:50:27.0714 5860	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
02:50:27.0720 5860	VMBusHID - ok
02:50:27.0722 5860	VMnetAdapter - ok
02:50:27.0726 5860	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:50:27.0731 5860	volmgr - ok
02:50:27.0740 5860	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:50:27.0748 5860	volmgrx - ok
02:50:27.0755 5860	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:50:27.0762 5860	volsnap - ok
02:50:27.0767 5860	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
02:50:27.0772 5860	vsmraid - ok
02:50:27.0802 5860	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
02:50:27.0830 5860	VSS - ok
02:50:27.0844 5860	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
02:50:27.0850 5860	vwifibus - ok
02:50:27.0858 5860	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:50:27.0877 5860	W32Time - ok
02:50:27.0880 5860	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
02:50:27.0885 5860	WacomPen - ok
02:50:27.0889 5860	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:50:27.0904 5860	WANARP - ok
02:50:27.0906 5860	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:50:27.0921 5860	Wanarpv6 - ok
02:50:27.0942 5860	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
02:50:27.0958 5860	WatAdminSvc - ok
02:50:27.0988 5860	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
02:50:28.0006 5860	wbengine - ok
02:50:28.0020 5860	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:50:28.0029 5860	WbioSrvc - ok
02:50:28.0038 5860	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
02:50:28.0047 5860	wcncsvc - ok
02:50:28.0049 5860	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:50:28.0055 5860	WcsPlugInService - ok
02:50:28.0059 5860	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
02:50:28.0063 5860	Wd - ok
02:50:28.0077 5860	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:50:28.0088 5860	Wdf01000 - ok
02:50:28.0092 5860	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:50:28.0100 5860	WdiServiceHost - ok
02:50:28.0101 5860	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:50:28.0109 5860	WdiSystemHost - ok
02:50:28.0115 5860	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
02:50:28.0124 5860	WebClient - ok
02:50:28.0129 5860	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:50:28.0147 5860	Wecsvc - ok
02:50:28.0150 5860	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:50:28.0167 5860	wercplsupport - ok
02:50:28.0170 5860	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:50:28.0187 5860	WerSvc - ok
02:50:28.0191 5860	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:50:28.0206 5860	WfpLwf - ok
02:50:28.0208 5860	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:50:28.0212 5860	WIMMount - ok
02:50:28.0214 5860	WinDefend - ok
02:50:28.0217 5860	WinHttpAutoProxySvc - ok
02:50:28.0226 5860	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:50:28.0243 5860	Winmgmt - ok
02:50:28.0275 5860	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
02:50:28.0304 5860	WinRM - ok
02:50:28.0320 5860	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
02:50:28.0327 5860	WinUsb - ok
02:50:28.0342 5860	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:50:28.0356 5860	Wlansvc - ok
02:50:28.0391 5860	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:50:28.0410 5860	wlidsvc - ok
02:50:28.0425 5860	WmBEnum         (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
02:50:28.0429 5860	WmBEnum - ok
02:50:28.0431 5860	WmFilter        (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
02:50:28.0435 5860	WmFilter - ok
02:50:28.0437 5860	WmHidLo         (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys
02:50:28.0441 5860	WmHidLo - ok
02:50:28.0443 5860	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
02:50:28.0448 5860	WmiAcpi - ok
02:50:28.0456 5860	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:50:28.0462 5860	wmiApSrv - ok
02:50:28.0464 5860	WMPNetworkSvc - ok
02:50:28.0466 5860	WmVirHid        (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
02:50:28.0470 5860	WmVirHid - ok
02:50:28.0472 5860	WmXlCore        (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
02:50:28.0476 5860	WmXlCore - ok
02:50:28.0478 5860	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:50:28.0483 5860	WPCSvc - ok
02:50:28.0488 5860	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
02:50:28.0494 5860	WPDBusEnum - ok
02:50:28.0496 5860	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:50:28.0511 5860	ws2ifsl - ok
02:50:28.0516 5860	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
02:50:28.0523 5860	wscsvc - ok
02:50:28.0525 5860	WSearch - ok
02:50:28.0574 5860	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
02:50:28.0602 5860	wuauserv - ok
02:50:28.0616 5860	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:50:28.0631 5860	WudfPf - ok
02:50:28.0636 5860	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:50:28.0652 5860	WUDFRd - ok
02:50:28.0655 5860	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
02:50:28.0671 5860	wudfsvc - ok
02:50:28.0676 5860	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
02:50:28.0685 5860	WwanSvc - ok
02:50:28.0689 5860	xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
02:50:28.0693 5860	xusb21 - ok
02:50:28.0706 5860	YahooAUService  (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
02:50:28.0713 5860	YahooAUService - ok
02:50:28.0716 5860	yalamuvy - ok
02:50:28.0720 5860	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:50:28.0862 5860	\Device\Harddisk0\DR0 - ok
02:50:28.0863 5860	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
02:50:28.0927 5860	\Device\Harddisk1\DR1 - ok
02:50:28.0930 5860	Boot (0x1200)   (e3e6ec816eb474893461ea93fa8218d4) \Device\Harddisk0\DR0\Partition0
02:50:28.0930 5860	\Device\Harddisk0\DR0\Partition0 - ok
02:50:28.0931 5860	Boot (0x1200)   (9a6a8f1a69b6bb4361516b8db18c5226) \Device\Harddisk1\DR1\Partition0
02:50:28.0932 5860	\Device\Harddisk1\DR1\Partition0 - ok
02:50:28.0932 5860	============================================================
02:50:28.0932 5860	Scan finished
02:50:28.0932 5860	============================================================
02:50:28.0936 4472	Detected object count: 3
02:50:28.0936 4472	Actual detected object count: 3
02:50:32.0867 4472	AllShare ( UnsignedFile.Multi.Generic ) - skipped by user
02:50:32.0867 4472	AllShare ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:50:32.0868 4472	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
02:50:32.0868 4472	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:50:32.0868 4472	SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
02:50:32.0868 4472	SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 

gmer LOG

Attached Files


Edited by frankth3frizz, 02 June 2012 - 05:13 AM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:42 AM

Posted 02 June 2012 - 05:33 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic455612.html

Collect::
c:\windows\system32\drivers\gifgohrw.sys
c:\windows\system32\drivers\mjknrfuj.sys
c:\windows\system32\drivers\dciifivj.sys
c:\windows\system32\drivers\quribcyz.sys

DirLook::
c:\programdata\~0

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | c:\windows\system32\services.exe

Driver::
crqwrzkr

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 frankth3frizz

frankth3frizz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 02 June 2012 - 05:58 PM

Here's the new log.

ComboFix 12-06-02.03 - Byron 06/02/2012  15:52:55.7.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8175.6213 [GMT -7:00]
Running from: s:\users\Byron\Downloads\ComboFix.exe
Command switches used :: s:\users\Byron\New folder\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\drivers\dciifivj.sys
c:\windows\system32\drivers\gifgohrw.sys
c:\windows\system32\drivers\mjknrfuj.sys
c:\windows\system32\drivers\quribcyz.sys
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --> c:\windows\system32\services.exe
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_crqwrzkr
.
.
(((((((((((((((((((((((((   Files Created from 2012-05-02 to 2012-06-02  )))))))))))))))))))))))))))))))
.
.
2012-06-02 22:54 . 2012-06-02 22:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-02 22:38 . 2012-05-15 08:41	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{078A6FEA-DD33-4A6B-BA83-6A44000E47C9}\mpengine.dll
2012-06-02 09:44 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21112A8E-A6EB-4994-B964-D791FC20FAFE}\mpengine.dll
2012-06-02 09:33 . 2012-06-02 09:33	50000	----a-w-	c:\windows\system32\drivers\gpmgdzjc.sys
2012-06-02 00:45 . 2012-06-02 00:45	388096	----a-r-	c:\users\Byron\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-02 00:45 . 2012-06-02 00:45	--------	d-----w-	c:\program files (x86)\Trend Micro
2012-06-01 08:31 . 2012-06-01 08:31	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A33D3AE8-B3CB-4A04-9FD5-5FC2B20F1C4A}\gapaengine.dll
2012-06-01 08:31 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-01 08:30 . 2012-06-01 08:30	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2012-06-01 08:30 . 2012-06-01 08:30	--------	d-----w-	c:\program files\Microsoft Security Client
2012-06-01 08:17 . 2012-06-01 08:17	--------	d-----w-	c:\program files (x86)\ESET
2012-06-01 08:15 . 2012-06-02 09:34	--------	d-----w-	c:\windows\system32\MpEngineStore
2012-05-31 23:17 . 2012-05-31 23:17	--------	d-----w-	c:\users\Byron\AppData\Local\European Bus Simulator 2012
2012-05-31 23:10 . 2012-05-31 23:10	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2012-05-31 22:58 . 2012-05-31 23:16	27256	----a-w-	c:\windows\system32\drivers\FixZeroAccess.sys
2012-05-31 22:51 . 2012-05-31 23:02	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-05-31 11:39 . 2012-05-31 11:39	--------	d-----w-	c:\programdata\Trymedia
2012-05-19 21:04 . 2010-06-14 20:26	1998168	----a-w-	c:\windows\system32\D3DX9_43.dll
2012-05-19 21:04 . 2010-05-12 15:42	1467200	----a-w-	c:\windows\system32\msvcr100d.dll
2012-05-19 21:04 . 2010-03-18 15:36	827728	----a-w-	c:\windows\system32\msvcr100.dll
2012-05-19 21:04 . 2009-09-30 19:08	1892184	----a-w-	c:\windows\system32\d3dx9_42.dll
2012-05-19 21:04 . 2009-09-23 22:48	431936	----a-w-	c:\windows\system32\msvcp100.dll
2012-05-19 21:04 . 2009-05-20 21:23	4178264	----a-w-	c:\windows\system32\d3dx9_41.dll
2012-05-19 21:04 . 2008-10-30 17:57	3851784	----a-w-	c:\windows\system32\d3dx9_39.dll
2012-05-19 21:04 . 2005-04-05 19:57	104960	----a-w-	c:\windows\system32\mssp32.dll
2012-05-19 21:04 . 2011-09-08 21:44	16384	----a-w-	c:\windows\system32\c12.1.dll
2012-05-19 21:04 . 2007-07-20 00:14	3727720	----a-w-	c:\windows\system32\d3dx9_35.dll
2012-05-19 21:04 . 2006-10-31 02:25	2414360	----a-w-	c:\windows\system32\d3dx9_31.dll
2012-05-19 20:34 . 2010-05-12 16:42	631616	----a-w-	c:\windows\system32\msvcp100d.dll
2012-05-19 20:21 . 2012-05-19 20:21	--------	d-----w-	c:\programdata\Nexon
2012-05-19 20:20 . 2012-05-19 20:20	--------	d-----w-	c:\users\Byron\AppData\Local\master131
2012-05-18 17:10 . 2012-05-18 10:23	3130440	----a-w-	c:\windows\SysWow64\pbsvc_blr.exe
2012-05-17 16:44 . 2012-05-17 16:44	--------	d-----w-	c:\users\Byron\AppData\Local\SWTOR
2012-05-17 09:31 . 2012-05-17 09:31	--------	d-----w-	c:\program files (x86)\Common Files\BioWare
2012-05-15 22:12 . 2012-05-15 22:12	--------	d-s---w-	c:\programdata\SecuROM
2012-05-15 22:11 . 2012-05-15 22:12	--------	d-----w-	c:\users\Byron\AppData\Local\Rockstar Games
2012-05-15 22:03 . 2012-05-15 22:03	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2012-05-15 06:58 . 2012-05-15 06:59	--------	d-----w-	c:\users\Byron\Unigine Heaven Pro
2012-05-14 17:08 . 2012-05-14 17:08	--------	d-----w-	c:\program files (x86)\GTA IV Savegame Backup Tool + GTA IV Savegame Installer
2012-05-14 06:31 . 2012-05-14 06:31	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-05-14 06:31 . 2012-05-14 06:31	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-05-11 17:35 . 2012-05-11 17:35	87616	----a-w-	c:\windows\system32\drivers\SIVX64.sys
2012-05-11 17:18 . 2012-05-11 17:18	--------	d-----w-	c:\program files (x86)\GPU-Z
2012-05-11 06:01 . 2012-03-30 11:35	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-11 06:00 . 2012-03-31 05:42	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 06:00 . 2012-03-31 05:40	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 06:00 . 2012-03-31 05:40	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 06:00 . 2012-03-31 05:40	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 06:00 . 2012-03-31 04:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 06:00 . 2012-03-31 06:05	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-11 06:00 . 2012-03-31 04:39	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 06:00 . 2012-03-31 04:39	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 06:00 . 2012-03-31 03:10	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 06:00 . 2012-03-03 06:35	1544704	----a-w-	c:\windows\system32\DWrite.dll
2012-05-11 06:00 . 2012-03-03 05:31	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-05-11 06:00 . 2012-03-17 07:58	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-11 05:39 . 2012-05-11 05:40	--------	d-----w-	c:\users\Byron\AppData\Local\Stardock
2012-05-11 05:39 . 2012-05-11 05:39	--------	d-----w-	c:\users\Byron\AppData\Roaming\Stardock
2012-05-11 05:39 . 2012-06-01 08:26	--------	dc----w-	c:\programdata\~0
2012-05-11 05:39 . 2012-05-11 05:39	--------	d-----w-	c:\users\Byron\AppData\Local\PackageAware
2012-05-11 05:39 . 2012-05-11 05:39	--------	d-----w-	c:\program files (x86)\Common Files\Stardock
2012-05-11 05:39 . 2012-06-01 08:26	--------	d-----w-	c:\program files (x86)\Stardock
2012-05-11 01:25 . 2012-05-11 01:25	--------	d-----w-	c:\program files (x86)\Android
2012-05-09 06:05 . 2012-05-09 06:07	--------	d-----w-	c:\users\Byron\AppData\Roaming\Yahoo!
2012-05-09 06:05 . 2012-05-09 06:06	--------	d-----w-	c:\programdata\Yahoo! Companion
2012-05-09 06:05 . 2012-05-09 06:05	--------	d-----w-	c:\programdata\Yahoo!
2012-05-09 06:05 . 2012-05-09 06:05	--------	d-----w-	c:\program files (x86)\Yahoo!
2012-05-08 10:55 . 2012-05-08 10:55	--------	d-----w-	c:\users\Byron\AppData\Local\SniperV2
2012-05-07 20:06 . 2012-05-07 20:06	--------	d-----w-	c:\program files\Futuremark
2012-05-06 11:10 . 2012-05-06 11:10	--------	d-----w-	c:\users\Byron\AppData\Local\i-Knyazev.ru
2012-05-06 07:11 . 2012-05-06 07:41	--------	d-----w-	c:\users\Byron\AppData\Roaming\Tunngle
2012-05-06 07:11 . 2012-05-06 07:16	--------	d-----w-	c:\programdata\Tunngle
2012-05-06 07:11 . 2009-09-16 15:02	31232	----a-w-	c:\windows\system32\drivers\tap0901t.sys
2012-05-06 02:59 . 2012-05-06 07:17	--------	d-----w-	c:\users\Byron\AppData\Local\ArmA 2 OA
2012-05-05 22:43 . 2012-05-05 22:45	--------	d-----w-	c:\users\Byron\AppData\Local\Roblox
2012-05-05 22:43 . 2012-05-05 22:43	--------	d-----w-	c:\programdata\Roblox
2012-05-05 22:43 . 2012-05-05 22:43	--------	d-----w-	c:\program files (x86)\Roblox
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 20:36 . 2012-02-11 03:02	283304	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-06-02 20:36 . 2012-02-11 02:45	283304	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-06-02 20:36 . 2012-02-11 02:45	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-05-18 19:02 . 2012-02-11 02:45	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-05-05 07:38 . 2012-04-11 07:41	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 07:38 . 2012-02-10 07:10	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 07:38 . 2012-04-14 11:38	8769696	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 21:22 . 2012-02-11 05:08	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-04-06 05:34 . 2012-04-06 05:34	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-04-06 05:34 . 2012-04-06 05:34	74752	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-04-06 05:34 . 2012-04-06 05:34	64512	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-04-06 05:33 . 2012-04-06 05:33	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-04-06 05:33 . 2012-04-06 05:33	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-04-06 05:33 . 2012-04-06 05:33	16457216	----a-w-	c:\windows\system32\amdocl64.dll
2012-04-06 05:32 . 2012-04-06 05:32	13007872	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-04-06 05:22 . 2012-04-06 05:22	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-01-19 17:50	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-01-19 17:49	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-01-19 17:46	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2012-01-19 16:58	64000	----a-w-	c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-01-19 17:28	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34	1831424	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-01-19 17:20	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-01-19 17:12	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-01-19 17:03	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-01-19 17:09	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:17 . 2012-04-06 01:17	71680	----a-w-	c:\windows\system32\amdave64.dll
2012-04-06 01:16 . 2012-04-06 01:16	72704	----a-w-	c:\windows\SysWow64\amdave32.dll
2012-04-06 01:16 . 2012-04-06 01:16	72704	----a-w-	c:\windows\system32\atisamu64.dll
2012-04-06 01:16 . 2012-04-06 01:16	67584	----a-w-	c:\windows\atisamu32.dll
2012-04-06 01:11 . 2012-01-19 16:53	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-01-19 16:53	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-01-19 16:52	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-01-19 16:52	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-01-19 16:52	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-04-04 22:56 . 2012-02-10 08:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-03 09:16 . 2012-02-11 17:03	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2012-04-03 09:16 . 2012-02-11 17:03	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-04-03 09:16 . 2012-02-11 17:03	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2012-04-03 09:16 . 2012-02-11 17:03	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-03-25 00:30 . 2012-02-10 06:54	30528	----a-w-	c:\windows\GVTDrv64.sys
2012-03-25 00:29 . 2012-03-18 03:11	25640	----a-w-	c:\windows\gdrv.sys
2012-03-25 00:29 . 2012-02-10 07:09	25640	----a-w-	c:\windows\etdrv.sys
2012-03-21 03:44 . 2012-03-21 03:44	98688	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2012-03-21 03:44	203888	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-03-20 06:44 . 2012-03-20 06:44	5888792	----a-w-	c:\windows\system32\GfxUI.exe
2012-03-20 06:44 . 2012-03-20 06:44	509720	----a-w-	c:\windows\system32\igfxsrvc.exe
2012-03-20 06:44 . 2012-03-20 06:44	439064	----a-w-	c:\windows\system32\igfxpers.exe
2012-03-20 06:44 . 2012-03-20 06:44	398616	----a-w-	c:\windows\system32\hkcmd.exe
2012-03-20 06:44 . 2012-03-20 06:44	276248	----a-w-	c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-03-20 06:44 . 2012-03-20 06:44	250136	----a-w-	c:\windows\system32\igfxext.exe
2012-03-20 06:44 . 2012-03-20 06:44	184600	----a-w-	c:\windows\system32\difx64.exe
2012-03-20 06:44 . 2012-03-20 06:44	170264	----a-w-	c:\windows\system32\igfxtray.exe
2012-03-20 06:42 . 2012-03-20 06:42	90112	----a-w-	c:\windows\system32\igfxCoIn_v2696.dll
2012-03-20 06:32 . 2012-03-20 06:32	14745600	----a-w-	c:\windows\system32\drivers\igdkmd64.sys
2012-03-20 06:31 . 2012-03-20 06:31	8087040	----a-w-	c:\windows\system32\igdumd64.dll
2012-03-20 06:31 . 2012-03-20 06:31	79360	----a-w-	c:\windows\system32\igdde64.dll
2012-03-20 06:26 . 2012-03-20 06:26	6120960	----a-w-	c:\windows\SysWow64\igdumd32.dll
2012-03-20 06:25 . 2012-03-20 06:25	58880	----a-w-	c:\windows\SysWow64\igdde32.dll
2012-03-20 06:22 . 2012-03-20 06:22	9605632	----a-w-	c:\windows\system32\igd10umd64.dll
2012-03-20 06:11 . 2012-03-20 06:11	7795200	----a-w-	c:\windows\SysWow64\igd10umd32.dll
2012-03-20 05:31 . 2012-03-20 05:31	18137088	----a-w-	c:\windows\system32\ig4icd64.dll
2012-03-20 05:21 . 2012-03-20 05:21	13212672	----a-w-	c:\windows\SysWow64\ig4icd32.dll
2012-03-20 05:18 . 2012-03-20 05:18	439296	----a-w-	c:\windows\system32\igfxrrom.lrc
2012-03-20 05:18 . 2012-03-20 05:18	438784	----a-w-	c:\windows\system32\igfxrhrv.lrc
2012-03-20 05:18 . 2012-03-20 05:18	438272	----a-w-	c:\windows\system32\igfxrsky.lrc
2012-03-20 05:18 . 2012-03-20 05:18	437760	----a-w-	c:\windows\system32\igfxrslv.lrc
2012-03-20 05:18 . 2012-03-20 05:18	439808	----a-w-	c:\windows\system32\igfxresn.lrc
2012-03-20 05:18 . 2012-03-20 05:18	439296	----a-w-	c:\windows\system32\igfxrrus.lrc
2012-03-20 05:18 . 2012-03-20 05:18	438784	----a-w-	c:\windows\system32\igfxrptg.lrc
2012-03-20 05:18 . 2012-03-20 05:18	438784	----a-w-	c:\windows\system32\igfxrplk.lrc
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\~0 ----
.
2012-05-11 05:39 . 2010-10-07 19:10	577597	-c----w-	c:\programdata\~0\mia.lib
2012-05-11 05:39 . 2010-10-07 19:11	3024216	-c----w-	c:\programdata\~0\ObjectDock_free.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-02_10.11.30   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-06-02 22:50	27252              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-10 06:48 . 2012-06-02 22:50	6646              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-710198752-149296124-4269579256-1000_UserData.bin
- 2012-06-02 10:07 . 2012-06-02 10:07	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-02 22:55 . 2012-06-02 22:55	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-06-02 22:42	665138              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-02 09:41	665138              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-02 09:41	122906              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-02 22:42	122906              c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-02 10:07	473248              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-02 22:54	473248              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-10 07:44 . 2012-06-02 22:54	1942656              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-02-10 07:44 . 2012-06-02 10:07	1942656              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-10 11:15 . 2012-06-02 22:54	17688982              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-710198752-149296124-4269579256-1000-12288.dat
- 2012-02-10 11:15 . 2012-06-02 10:07	17688982              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-710198752-149296124-4269579256-1000-12288.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"Cleano"="s:\users\Byron\Downloads\Cleano.exe" [2012-06-02 181248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Mionix NAOS 5000"="c:\program files (x86)\Mionix\NAOS 5000 Laser Gaming Mouse\NAOS_Monitor.EXE" [2011-02-19 184320]
.
c:\users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2012-5-10 3581680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Core Temp.lnk - c:\program files\Core Temp\Core Temp.exe [2012-2-10 848336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 cpuz134;cpuz134;c:\users\Byron\AppData\Local\Temp\HBCD\PCWizard\pcwiz_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-03-25 25640]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
R3 GPU-Z;GPU-Z;c:\users\Byron\AppData\Local\Temp\GPU-Z.sys [x]
R3 Gun;Gun;c:\program files (x86)\Game\SoftnyxGame\GunBoundIS\Gun64.sys [2012-03-18 45176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-03-25 30528]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-17 6638080]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 iRacingService;iRacing.com Helper Service;c:\program files (x86)\iRacing\iRacingService.exe [2012-05-06 516264]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 07:38]
.
2012-06-02 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-02-10 09:09]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-710198752-149296124-4269579256-1000Core.job
- c:\users\Byron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 07:56]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-710198752-149296124-4269579256-1000UA.job
- c:\users\Byron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 07:56]
.
2012-06-02 c:\windows\Tasks\RtlLanOptimizerVistaStart.job
- c:\program files (x86)\Realtek\LanOptimizer\LanOptimizer.exe [2012-03-25 08:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-21 12632168]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"combofix"="c:\combofix\CF11465.3XE" [2010-11-21 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://battlelog.battlefield.com/bf3/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_\00\00\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-710198752-149296124-4269579256-1000\Software\SecuROM\License information*]
"datasecu"=hex:62,1d,d6,2f,a5,ff,b0,55,7b,07,64,5c,92,af,ff,68,7c,ae,1f,01,bf,
   30,03,f4,5a,74,a1,92,54,b4,db,c0,80,89,b8,6b,c7,20,e0,96,01,10,b1,9d,83,4f,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Skype\Updater\Updater.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
.
**************************************************************************
.
Completion time: 2012-06-02  15:56:26 - machine was rebooted
ComboFix-quarantined-files.txt  2012-06-02 22:56
ComboFix2.txt  2012-06-02 10:12
ComboFix3.txt  2012-06-02 00:12
.
Pre-Run: 61,500,768,256 bytes free
Post-Run: 60,960,813,056 bytes free
.
- - End Of File - - F12532108D1F0629F0490DC71B7EB8AC
Upload was successful 


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:42 AM

Posted 02 June 2012 - 06:13 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic455612.html/page__pid__2718486#entry2718486

Collect::
c:\windows\system32\drivers\gpmgdzjc.sys

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 frankth3frizz

frankth3frizz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 02 June 2012 - 07:33 PM

Seems to be fine now, will let you know if the stupid virus shows up on MSE again.

ComboFix

ComboFix 12-06-02.03 - Byron 06/02/2012  16:17:25.8.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8175.6247 [GMT -7:00]
Running from: s:\users\Byron\Downloads\ComboFix.exe
Command switches used :: s:\users\Byron\New folder\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\gpmgdzjc.sys
.
.
(((((((((((((((((((((((((   Files Created from 2012-05-02 to 2012-06-02  )))))))))))))))))))))))))))))))
.
.
2012-06-02 23:19 . 2012-06-02 23:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-02 22:38 . 2012-05-15 08:41	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{078A6FEA-DD33-4A6B-BA83-6A44000E47C9}\mpengine.dll
2012-06-02 09:44 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21112A8E-A6EB-4994-B964-D791FC20FAFE}\mpengine.dll
2012-06-02 00:45 . 2012-06-02 00:45	388096	----a-r-	c:\users\Byron\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-02 00:45 . 2012-06-02 00:45	--------	d-----w-	c:\program files (x86)\Trend Micro
2012-06-01 08:31 . 2012-06-01 08:31	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A33D3AE8-B3CB-4A04-9FD5-5FC2B20F1C4A}\gapaengine.dll
2012-06-01 08:31 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-01 08:30 . 2012-06-01 08:30	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2012-06-01 08:30 . 2012-06-01 08:30	--------	d-----w-	c:\program files\Microsoft Security Client
2012-06-01 08:17 . 2012-06-01 08:17	--------	d-----w-	c:\program files (x86)\ESET
2012-06-01 08:15 . 2012-06-02 09:34	--------	d-----w-	c:\windows\system32\MpEngineStore
2012-05-31 23:17 . 2012-05-31 23:17	--------	d-----w-	c:\users\Byron\AppData\Local\European Bus Simulator 2012
2012-05-31 23:10 . 2012-05-31 23:10	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2012-05-31 22:58 . 2012-05-31 23:16	27256	----a-w-	c:\windows\system32\drivers\FixZeroAccess.sys
2012-05-31 22:51 . 2012-05-31 23:02	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-05-31 11:39 . 2012-05-31 11:39	--------	d-----w-	c:\programdata\Trymedia
2012-05-19 21:04 . 2010-06-14 20:26	1998168	----a-w-	c:\windows\system32\D3DX9_43.dll
2012-05-19 21:04 . 2010-05-12 15:42	1467200	----a-w-	c:\windows\system32\msvcr100d.dll
2012-05-19 21:04 . 2010-03-18 15:36	827728	----a-w-	c:\windows\system32\msvcr100.dll
2012-05-19 21:04 . 2009-09-30 19:08	1892184	----a-w-	c:\windows\system32\d3dx9_42.dll
2012-05-19 21:04 . 2009-09-23 22:48	431936	----a-w-	c:\windows\system32\msvcp100.dll
2012-05-19 21:04 . 2009-05-20 21:23	4178264	----a-w-	c:\windows\system32\d3dx9_41.dll
2012-05-19 21:04 . 2008-10-30 17:57	3851784	----a-w-	c:\windows\system32\d3dx9_39.dll
2012-05-19 21:04 . 2005-04-05 19:57	104960	----a-w-	c:\windows\system32\mssp32.dll
2012-05-19 21:04 . 2011-09-08 21:44	16384	----a-w-	c:\windows\system32\c12.1.dll
2012-05-19 21:04 . 2007-07-20 00:14	3727720	----a-w-	c:\windows\system32\d3dx9_35.dll
2012-05-19 21:04 . 2006-10-31 02:25	2414360	----a-w-	c:\windows\system32\d3dx9_31.dll
2012-05-19 20:34 . 2010-05-12 16:42	631616	----a-w-	c:\windows\system32\msvcp100d.dll
2012-05-19 20:21 . 2012-05-19 20:21	--------	d-----w-	c:\programdata\Nexon
2012-05-19 20:20 . 2012-05-19 20:20	--------	d-----w-	c:\users\Byron\AppData\Local\master131
2012-05-18 17:10 . 2012-05-18 10:23	3130440	----a-w-	c:\windows\SysWow64\pbsvc_blr.exe
2012-05-17 16:44 . 2012-05-17 16:44	--------	d-----w-	c:\users\Byron\AppData\Local\SWTOR
2012-05-17 09:31 . 2012-05-17 09:31	--------	d-----w-	c:\program files (x86)\Common Files\BioWare
2012-05-15 22:12 . 2012-05-15 22:12	--------	d-s---w-	c:\programdata\SecuROM
2012-05-15 22:11 . 2012-05-15 22:12	--------	d-----w-	c:\users\Byron\AppData\Local\Rockstar Games
2012-05-15 22:03 . 2012-05-15 22:03	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2012-05-15 06:58 . 2012-05-15 06:59	--------	d-----w-	c:\users\Byron\Unigine Heaven Pro
2012-05-14 17:08 . 2012-05-14 17:08	--------	d-----w-	c:\program files (x86)\GTA IV Savegame Backup Tool + GTA IV Savegame Installer
2012-05-14 06:31 . 2012-05-14 06:31	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-05-14 06:31 . 2012-05-14 06:31	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-05-11 17:35 . 2012-05-11 17:35	87616	----a-w-	c:\windows\system32\drivers\SIVX64.sys
2012-05-11 17:18 . 2012-05-11 17:18	--------	d-----w-	c:\program files (x86)\GPU-Z
2012-05-11 06:01 . 2012-03-30 11:35	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-11 06:00 . 2012-03-31 05:42	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 06:00 . 2012-03-31 05:40	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 06:00 . 2012-03-31 05:40	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 06:00 . 2012-03-31 05:40	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 06:00 . 2012-03-31 04:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 06:00 . 2012-03-31 06:05	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-11 06:00 . 2012-03-31 04:39	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 06:00 . 2012-03-31 04:39	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 06:00 . 2012-03-31 03:10	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 06:00 . 2012-03-03 06:35	1544704	----a-w-	c:\windows\system32\DWrite.dll
2012-05-11 06:00 . 2012-03-03 05:31	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-05-11 06:00 . 2012-03-17 07:58	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-11 05:39 . 2012-05-11 05:40	--------	d-----w-	c:\users\Byron\AppData\Local\Stardock
2012-05-11 05:39 . 2012-05-11 05:39	--------	d-----w-	c:\users\Byron\AppData\Roaming\Stardock
2012-05-11 05:39 . 2012-06-01 08:26	--------	dc----w-	c:\programdata\~0
2012-05-11 05:39 . 2012-05-11 05:39	--------	d-----w-	c:\users\Byron\AppData\Local\PackageAware
2012-05-11 05:39 . 2012-05-11 05:39	--------	d-----w-	c:\program files (x86)\Common Files\Stardock
2012-05-11 05:39 . 2012-06-01 08:26	--------	d-----w-	c:\program files (x86)\Stardock
2012-05-11 01:25 . 2012-05-11 01:25	--------	d-----w-	c:\program files (x86)\Android
2012-05-09 06:05 . 2012-05-09 06:07	--------	d-----w-	c:\users\Byron\AppData\Roaming\Yahoo!
2012-05-09 06:05 . 2012-05-09 06:06	--------	d-----w-	c:\programdata\Yahoo! Companion
2012-05-09 06:05 . 2012-05-09 06:05	--------	d-----w-	c:\programdata\Yahoo!
2012-05-09 06:05 . 2012-05-09 06:05	--------	d-----w-	c:\program files (x86)\Yahoo!
2012-05-08 10:55 . 2012-05-08 10:55	--------	d-----w-	c:\users\Byron\AppData\Local\SniperV2
2012-05-07 20:06 . 2012-05-07 20:06	--------	d-----w-	c:\program files\Futuremark
2012-05-06 11:10 . 2012-05-06 11:10	--------	d-----w-	c:\users\Byron\AppData\Local\i-Knyazev.ru
2012-05-06 07:11 . 2012-05-06 07:41	--------	d-----w-	c:\users\Byron\AppData\Roaming\Tunngle
2012-05-06 07:11 . 2012-05-06 07:16	--------	d-----w-	c:\programdata\Tunngle
2012-05-06 07:11 . 2009-09-16 15:02	31232	----a-w-	c:\windows\system32\drivers\tap0901t.sys
2012-05-06 02:59 . 2012-05-06 07:17	--------	d-----w-	c:\users\Byron\AppData\Local\ArmA 2 OA
2012-05-05 22:43 . 2012-05-05 22:45	--------	d-----w-	c:\users\Byron\AppData\Local\Roblox
2012-05-05 22:43 . 2012-05-05 22:43	--------	d-----w-	c:\programdata\Roblox
2012-05-05 22:43 . 2012-05-05 22:43	--------	d-----w-	c:\program files (x86)\Roblox
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 20:36 . 2012-02-11 03:02	283304	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-06-02 20:36 . 2012-02-11 02:45	283304	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-06-02 20:36 . 2012-02-11 02:45	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-05-18 19:02 . 2012-02-11 02:45	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-05-05 07:38 . 2012-04-11 07:41	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 07:38 . 2012-02-10 07:10	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 07:38 . 2012-04-14 11:38	8769696	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 21:22 . 2012-02-11 05:08	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-04-06 05:34 . 2012-04-06 05:34	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-04-06 05:34 . 2012-04-06 05:34	74752	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-04-06 05:34 . 2012-04-06 05:34	64512	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-04-06 05:33 . 2012-04-06 05:33	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-04-06 05:33 . 2012-04-06 05:33	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-04-06 05:33 . 2012-04-06 05:33	16457216	----a-w-	c:\windows\system32\amdocl64.dll
2012-04-06 05:32 . 2012-04-06 05:32	13007872	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-04-06 05:22 . 2012-04-06 05:22	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-01-19 17:50	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-01-19 17:49	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-01-19 17:46	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2012-01-19 16:58	64000	----a-w-	c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-01-19 17:28	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34	1831424	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-01-19 17:20	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-01-19 17:12	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-01-19 17:03	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-01-19 17:09	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:17 . 2012-04-06 01:17	71680	----a-w-	c:\windows\system32\amdave64.dll
2012-04-06 01:16 . 2012-04-06 01:16	72704	----a-w-	c:\windows\SysWow64\amdave32.dll
2012-04-06 01:16 . 2012-04-06 01:16	72704	----a-w-	c:\windows\system32\atisamu64.dll
2012-04-06 01:16 . 2012-04-06 01:16	67584	----a-w-	c:\windows\atisamu32.dll
2012-04-06 01:11 . 2012-01-19 16:53	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-01-19 16:53	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-01-19 16:52	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-01-19 16:52	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-01-19 16:52	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-04-04 22:56 . 2012-02-10 08:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-03 09:16 . 2012-02-11 17:03	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2012-04-03 09:16 . 2012-02-11 17:03	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-04-03 09:16 . 2012-02-11 17:03	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2012-04-03 09:16 . 2012-02-11 17:03	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-03-25 00:30 . 2012-02-10 06:54	30528	----a-w-	c:\windows\GVTDrv64.sys
2012-03-25 00:29 . 2012-03-18 03:11	25640	----a-w-	c:\windows\gdrv.sys
2012-03-25 00:29 . 2012-02-10 07:09	25640	----a-w-	c:\windows\etdrv.sys
2012-03-21 03:44 . 2012-03-21 03:44	98688	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2012-03-21 03:44	203888	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-03-20 06:44 . 2012-03-20 06:44	5888792	----a-w-	c:\windows\system32\GfxUI.exe
2012-03-20 06:44 . 2012-03-20 06:44	509720	----a-w-	c:\windows\system32\igfxsrvc.exe
2012-03-20 06:44 . 2012-03-20 06:44	439064	----a-w-	c:\windows\system32\igfxpers.exe
2012-03-20 06:44 . 2012-03-20 06:44	398616	----a-w-	c:\windows\system32\hkcmd.exe
2012-03-20 06:44 . 2012-03-20 06:44	276248	----a-w-	c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-03-20 06:44 . 2012-03-20 06:44	250136	----a-w-	c:\windows\system32\igfxext.exe
2012-03-20 06:44 . 2012-03-20 06:44	184600	----a-w-	c:\windows\system32\difx64.exe
2012-03-20 06:44 . 2012-03-20 06:44	170264	----a-w-	c:\windows\system32\igfxtray.exe
2012-03-20 06:42 . 2012-03-20 06:42	90112	----a-w-	c:\windows\system32\igfxCoIn_v2696.dll
2012-03-20 06:32 . 2012-03-20 06:32	14745600	----a-w-	c:\windows\system32\drivers\igdkmd64.sys
2012-03-20 06:31 . 2012-03-20 06:31	8087040	----a-w-	c:\windows\system32\igdumd64.dll
2012-03-20 06:31 . 2012-03-20 06:31	79360	----a-w-	c:\windows\system32\igdde64.dll
2012-03-20 06:26 . 2012-03-20 06:26	6120960	----a-w-	c:\windows\SysWow64\igdumd32.dll
2012-03-20 06:25 . 2012-03-20 06:25	58880	----a-w-	c:\windows\SysWow64\igdde32.dll
2012-03-20 06:22 . 2012-03-20 06:22	9605632	----a-w-	c:\windows\system32\igd10umd64.dll
2012-03-20 06:11 . 2012-03-20 06:11	7795200	----a-w-	c:\windows\SysWow64\igd10umd32.dll
2012-03-20 05:31 . 2012-03-20 05:31	18137088	----a-w-	c:\windows\system32\ig4icd64.dll
2012-03-20 05:21 . 2012-03-20 05:21	13212672	----a-w-	c:\windows\SysWow64\ig4icd32.dll
2012-03-20 05:18 . 2012-03-20 05:18	439296	----a-w-	c:\windows\system32\igfxrrom.lrc
2012-03-20 05:18 . 2012-03-20 05:18	438784	----a-w-	c:\windows\system32\igfxrhrv.lrc
2012-03-20 05:18 . 2012-03-20 05:18	438272	----a-w-	c:\windows\system32\igfxrsky.lrc
2012-03-20 05:18 . 2012-03-20 05:18	437760	----a-w-	c:\windows\system32\igfxrslv.lrc
2012-03-20 05:18 . 2012-03-20 05:18	439808	----a-w-	c:\windows\system32\igfxresn.lrc
2012-03-20 05:18 . 2012-03-20 05:18	439296	----a-w-	c:\windows\system32\igfxrrus.lrc
2012-03-20 05:18 . 2012-03-20 05:18	438784	----a-w-	c:\windows\system32\igfxrptg.lrc
2012-03-20 05:18 . 2012-03-20 05:18	438784	----a-w-	c:\windows\system32\igfxrplk.lrc
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-02_10.11.30   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-02 22:57	74666              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-02 22:57	27448              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-10 06:48 . 2012-06-02 22:50	6646              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-710198752-149296124-4269579256-1000_UserData.bin
- 2012-06-02 10:07 . 2012-06-02 10:07	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-02 23:19 . 2012-06-02 23:19	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-13 23:19 . 2009-07-14 01:39	328704              c:\windows\system32\services.exe
- 2009-07-14 02:36 . 2012-06-02 09:41	665138              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-02 23:03	665138              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-02 09:41	122906              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-02 23:03	122906              c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-02 10:07	473248              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-02 23:19	473248              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-10 07:44 . 2012-06-02 22:54	1942656              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-02-10 07:44 . 2012-06-02 10:07	1942656              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-10 11:15 . 2012-06-02 23:19	17688982              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-710198752-149296124-4269579256-1000-12288.dat
- 2012-02-10 11:15 . 2012-06-02 10:07	17688982              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-710198752-149296124-4269579256-1000-12288.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"Cleano"="s:\users\Byron\Downloads\Cleano.exe" [2012-06-02 181248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Mionix NAOS 5000"="c:\program files (x86)\Mionix\NAOS 5000 Laser Gaming Mouse\NAOS_Monitor.EXE" [2011-02-19 184320]
.
c:\users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2012-5-10 3581680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Core Temp.lnk - c:\program files\Core Temp\Core Temp.exe [2012-2-10 848336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 yalamuvy;yalamuvy;c:\windows\system32\drivers\yalamuvy.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 cpuz134;cpuz134;c:\users\Byron\AppData\Local\Temp\HBCD\PCWizard\pcwiz_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-03-25 25640]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
R3 GPU-Z;GPU-Z;c:\users\Byron\AppData\Local\Temp\GPU-Z.sys [x]
R3 Gun;Gun;c:\program files (x86)\Game\SoftnyxGame\GunBoundIS\Gun64.sys [2012-03-18 45176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-03-25 30528]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 Ser2ph;Microsoft USB GPS driver;c:\windows\system32\DRIVERS\ser2ph64.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-17 6638080]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 iRacingService;iRacing.com Helper Service;c:\program files (x86)\iRacing\iRacingService.exe [2012-05-06 516264]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-20 386344]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
S3 ALSysIO;ALSysIO;c:\users\Byron\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-04-19 10568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 07:38]
.
2012-06-02 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-02-10 09:09]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-710198752-149296124-4269579256-1000Core.job
- c:\users\Byron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 07:56]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-710198752-149296124-4269579256-1000UA.job
- c:\users\Byron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 07:56]
.
2012-06-02 c:\windows\Tasks\RtlLanOptimizerVistaStart.job
- c:\program files (x86)\Realtek\LanOptimizer\LanOptimizer.exe [2012-03-25 08:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-21 12632168]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://battlelog.battlefield.com/bf3/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_Ž\00\00Ž\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~Ž\00\00Ž\00\00\00\00Ž\00\00\00\00\00\00\00\00‘’“"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-710198752-149296124-4269579256-1000\Software\SecuROM\License information*]
"datasecu"=hex:62,1d,d6,2f,a5,ff,b0,55,7b,07,64,5c,92,af,ff,68,7c,ae,1f,01,bf,
   30,03,f4,5a,74,a1,92,54,b4,db,c0,80,89,b8,6b,c7,20,e0,96,01,10,b1,9d,83,4f,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
.
**************************************************************************
.
Completion time: 2012-06-02  16:20:50 - machine was rebooted
ComboFix-quarantined-files.txt  2012-06-02 23:20
ComboFix2.txt  2012-06-02 22:57
ComboFix3.txt  2012-06-02 10:12
ComboFix4.txt  2012-06-02 00:12
.
Pre-Run: 60,957,540,352 bytes free
Post-Run: 60,910,268,416 bytes free
.
- - End Of File - - 92BDCF06A132446B5B5A2F3AD6D6E5E0
Upload was successful 

MBAM
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Byron :: BYRON-PC [administrator]

Protection: Enabled

6/2/2012 4:22:05 PM
mbam-log-2012-06-02 (16-22-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213441
Time elapsed: 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by frankth3frizz, 02 June 2012 - 07:34 PM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:42 AM

Posted 02 June 2012 - 07:45 PM

Hi,

Please stay with me until I give you the all clear,

were you able to complete the ESET scan?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 frankth3frizz

frankth3frizz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 02 June 2012 - 08:50 PM

Hi,

Please stay with me until I give you the all clear,

were you able to complete the ESET scan?



Yes, finished that. Got 3 results(it seemed like it found the quarantines from combofix, that was my bad. I forgot to post to log and left the remove malware ticked so I kinda missed it.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:42 AM

Posted 02 June 2012 - 09:00 PM

Hi,

As long as the items detected were in qoobox, then that's fine, as we will be clearing that up now. (when ComboFix is uninstalled it removes it)

just some housekeeping to do now,

please do the following:


Please go to Start > Control Panel > Programs and Features and uninstall all the Java entries, then download and install the latest Java version 7 update 4 from the following link:


http://java.com/en/download/index.jsp


NEXT



You can delete the GMER, TDSSKiller and aswMBR logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 frankth3frizz

frankth3frizz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 02 June 2012 - 09:08 PM

Thank you! Everything's sorted. Appreciate the help really.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:42 AM

Posted 02 June 2012 - 09:14 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:42 AM

Posted 07 June 2012 - 09:46 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users