Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicios SQL


  • This topic is locked This topic is locked
24 replies to this topic

#1 Sasusaas

Sasusaas

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 12 June 2012 - 07:47 PM

*Suspicious

I noticed my computer was running very slowly and started to take a look at the services that were running. I noticed a lot of SQL stuff was running ("SQL Server VSS Writer", "SQL Server Browser", "SQL Server Agent", "SQL SERVER(SQLEXPRESS)", "SQL Active Directory Helper Service"), they were set to automatically start and I disabled them then came here.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mark at 20:17:14 on 2012-06-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4021.2611 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate05262012
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - d:\Visual STudio\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [MDS_Menu] "C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B349DECF-7F26-4A0B-A6C4-475F26BA0E62} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B349DECF-7F26-4A0B-A6C4-475F26BA0E62}\2375942554731303 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B349DECF-7F26-4A0B-A6C4-475F26BA0E62}\2456C6B696E6E233446473 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B349DECF-7F26-4A0B-A6C4-475F26BA0E62}\2456C6B696E6F554E68616E6365646F575962756C6563737F5243483332353 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B349DECF-7F26-4A0B-A6C4-475F26BA0E62}\7445D20534F5E4564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B349DECF-7F26-4A0B-A6C4-475F26BA0E62}\B6330776870486F6D656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B349DECF-7F26-4A0B-A6C4-475F26BA0E62}\C696E6B6379737 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DB89CC6B-E27E-4F1F-B34B-525E159FD334} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - d:\Visual STudio\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\t8wsqwbe.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-1-14 14904]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-18 654408]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-1-14 2314240]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Diablo\HiPatchService.exe [2012-2-6 8704]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 VSPerfDrv100;Performance Tools Driver 10.0;D:\Visual STudio\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s --> C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-05-30 23:19:58 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-26 18:48:48 -------- d-----w- C:\Users\Mark\AppData\Local\Xfinity.com
.
==================== Find3M ====================
.
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:55:58 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 20:18:22.58 ===============

Attached Files


Edited by Sasusaas, 12 June 2012 - 07:49 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 17 June 2012 - 07:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/456814 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Sasusaas

Sasusaas
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 19 June 2012 - 05:58 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mark at 18:48:53 on 2012-06-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4021.2792 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate05262012
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - d:\Visual STudio\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [MDS_Menu] "C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B349DECF-7F26-4A0B-A6C4-475F26BA0E62} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B349DECF-7F26-4A0B-A6C4-475F26BA0E62}\2375942554731303 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B349DECF-7F26-4A0B-A6C4-475F26BA0E62}\2456C6B696E6E233446473 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B349DECF-7F26-4A0B-A6C4-475F26BA0E62}\2456C6B696E6F554E68616E6365646F575962756C6563737F5243483332353 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B349DECF-7F26-4A0B-A6C4-475F26BA0E62}\7445D20534F5E4564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B349DECF-7F26-4A0B-A6C4-475F26BA0E62}\B6330776870486F6D656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B349DECF-7F26-4A0B-A6C4-475F26BA0E62}\C696E6B6379737 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DB89CC6B-E27E-4F1F-B34B-525E159FD334} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - d:\Visual STudio\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\t8wsqwbe.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-1-14 14904]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-18 654408]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-1-14 2314240]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Diablo\HiPatchService.exe [2012-2-6 8704]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 VSPerfDrv100;Performance Tools Driver 10.0;D:\Visual STudio\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s --> C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-05-30 23:19:58 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-26 18:48:48 -------- d-----w- C:\Users\Mark\AppData\Local\Xfinity.com
.
==================== Find3M ====================
.
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 18:50:00.91 ===============

Attached Files



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 22 June 2012 - 07:55 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 AM

Posted 27 June 2012 - 05:37 PM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 28 June 2012 - 10:13 PM

Hi Sasusaas

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

White Warrior

#7 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 29 June 2012 - 07:57 PM

Hi Sasusaas and welcome.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Download Security Check by screen317 from here or here.
  • Save it to your desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
To post:
ComboFix log
TDSSKiller log
Security Check log.
How is the computer running now?

White Warrior

#8 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 03 July 2012 - 06:58 AM

Hi Sasusaas

Do you still want my help?
There are other users who can use my help.
Please post a reply telling me what you want to do within the next 48 hours.
Also going forward, you will need to reply to this thread more promptly or I will close the thread.

White Warrior

#9 Sasusaas

Sasusaas
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 04 July 2012 - 12:44 PM

Sorry for taking so long to reply, I've just been very busy. I would certainly still appreciate your help.

13:39:52.0882 1192 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
13:39:53.0272 1192 ============================================================
13:39:53.0272 1192 Current date / time: 2012/07/04 13:39:53.0272
13:39:53.0272 1192 SystemInfo:
13:39:53.0272 1192
13:39:53.0272 1192 OS Version: 6.1.7600 ServicePack: 0.0
13:39:53.0272 1192 Product type: Workstation
13:39:53.0272 1192 ComputerName: MARK-PC
13:39:53.0272 1192 UserName: Mark
13:39:53.0272 1192 Windows directory: C:\Windows
13:39:53.0272 1192 System windows directory: C:\Windows
13:39:53.0272 1192 Running under WOW64
13:39:53.0272 1192 Processor architecture: Intel x64
13:39:53.0272 1192 Number of processors: 8
13:39:53.0272 1192 Page size: 0x1000
13:39:53.0272 1192 Boot type: Normal boot
13:39:53.0272 1192 ============================================================
13:39:53.0771 1192 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:39:53.0771 1192 ============================================================
13:39:53.0771 1192 \Device\Harddisk0\DR0:
13:39:53.0771 1192 MBR partitions:
13:39:53.0771 1192 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4B800, BlocksNum 0x950B800
13:39:53.0786 1192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB257800, BlocksNum 0x1A1D6800
13:39:53.0786 1192 ============================================================
13:39:53.0818 1192 C: <-> \Device\Harddisk0\DR0\Partition0
13:39:53.0864 1192 D: <-> \Device\Harddisk0\DR0\Partition1
13:39:53.0864 1192 ============================================================
13:39:53.0864 1192 Initialize success
13:39:53.0864 1192 ============================================================
13:40:01.0009 3608 ============================================================
13:40:01.0009 3608 Scan started
13:40:01.0009 3608 Mode: Manual; SigCheck; TDLFS;
13:40:01.0009 3608 ============================================================
13:40:01.0930 3608 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:40:01.0976 3608 1394ohci - ok
13:40:02.0023 3608 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:40:02.0023 3608 ACPI - ok
13:40:02.0039 3608 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:40:02.0039 3608 AcpiPmi - ok
13:40:02.0132 3608 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:40:02.0132 3608 adp94xx - ok
13:40:02.0179 3608 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:40:02.0195 3608 adpahci - ok
13:40:02.0210 3608 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:40:02.0226 3608 adpu320 - ok
13:40:02.0257 3608 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:40:02.0288 3608 AeLookupSvc - ok
13:40:02.0335 3608 AFBAgent (fb2be0bae9b3f248080cdbf91ef16c7f) C:\Windows\system32\FBAgent.exe
13:40:02.0351 3608 AFBAgent - ok
13:40:02.0413 3608 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
13:40:02.0429 3608 AFD - ok
13:40:02.0460 3608 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:40:02.0460 3608 agp440 - ok
13:40:02.0476 3608 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:40:02.0491 3608 ALG - ok
13:40:02.0491 3608 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:40:02.0507 3608 aliide - ok
13:40:02.0554 3608 AMD External Events Utility (87e226c0e11182943d28e8bec61618cd) C:\Windows\system32\atiesrxx.exe
13:40:02.0569 3608 AMD External Events Utility - ok
13:40:02.0585 3608 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:40:02.0600 3608 amdide - ok
13:40:02.0616 3608 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:40:02.0616 3608 AmdK8 - ok
13:40:03.0271 3608 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
13:40:03.0365 3608 amdkmdag - ok
13:40:03.0583 3608 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
13:40:03.0599 3608 amdkmdap - ok
13:40:03.0630 3608 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:40:03.0630 3608 AmdPPM - ok
13:40:03.0677 3608 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:40:03.0677 3608 amdsata - ok
13:40:03.0708 3608 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:40:03.0724 3608 amdsbs - ok
13:40:03.0739 3608 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:40:03.0739 3608 amdxata - ok
13:40:03.0770 3608 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:40:03.0786 3608 AppID - ok
13:40:03.0817 3608 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:40:03.0833 3608 AppIDSvc - ok
13:40:03.0848 3608 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
13:40:03.0864 3608 Appinfo - ok
13:40:03.0880 3608 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:40:03.0895 3608 arc - ok
13:40:03.0911 3608 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:40:03.0926 3608 arcsas - ok
13:40:04.0004 3608 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
13:40:04.0020 3608 ASLDRService - ok
13:40:04.0051 3608 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
13:40:04.0067 3608 ASMMAP64 - ok
13:40:04.0145 3608 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:40:04.0160 3608 aspnet_state - ok
13:40:04.0176 3608 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:40:04.0207 3608 AsyncMac - ok
13:40:04.0238 3608 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:40:04.0238 3608 atapi - ok
13:40:04.0348 3608 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
13:40:04.0379 3608 athr - ok
13:40:04.0535 3608 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
13:40:04.0550 3608 AtiHdmiService - ok
13:40:04.0597 3608 ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
13:40:04.0613 3608 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
13:40:04.0613 3608 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
13:40:04.0675 3608 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:40:04.0706 3608 AudioEndpointBuilder - ok
13:40:04.0722 3608 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:40:04.0753 3608 AudioSrv - ok
13:40:04.0784 3608 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
13:40:04.0800 3608 AxInstSV - ok
13:40:04.0862 3608 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:40:04.0878 3608 b06bdrv - ok
13:40:04.0909 3608 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:40:04.0925 3608 b57nd60a - ok
13:40:04.0956 3608 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:40:04.0956 3608 BDESVC - ok
13:40:04.0972 3608 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:40:04.0987 3608 Beep - ok
13:40:05.0065 3608 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
13:40:05.0096 3608 BFE - ok
13:40:05.0159 3608 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
13:40:05.0190 3608 BITS - ok
13:40:05.0252 3608 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:40:05.0268 3608 blbdrive - ok
13:40:05.0299 3608 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:40:05.0315 3608 bowser - ok
13:40:05.0330 3608 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:40:05.0346 3608 BrFiltLo - ok
13:40:05.0377 3608 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:40:05.0393 3608 BrFiltUp - ok
13:40:05.0408 3608 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:40:05.0440 3608 BridgeMP - ok
13:40:05.0455 3608 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
13:40:05.0486 3608 Browser - ok
13:40:05.0518 3608 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:40:05.0533 3608 Brserid - ok
13:40:05.0533 3608 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:40:05.0549 3608 BrSerWdm - ok
13:40:05.0549 3608 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:40:05.0564 3608 BrUsbMdm - ok
13:40:05.0564 3608 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:40:05.0580 3608 BrUsbSer - ok
13:40:05.0611 3608 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
13:40:05.0611 3608 BthEnum - ok
13:40:05.0627 3608 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:40:05.0642 3608 BTHMODEM - ok
13:40:05.0658 3608 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:40:05.0674 3608 BthPan - ok
13:40:05.0720 3608 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
13:40:05.0736 3608 BTHPORT - ok
13:40:05.0767 3608 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:40:05.0783 3608 bthserv - ok
13:40:05.0798 3608 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
13:40:05.0814 3608 BTHUSB - ok
13:40:05.0845 3608 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
13:40:05.0861 3608 btusbflt - ok
13:40:05.0892 3608 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
13:40:05.0908 3608 btwaudio - ok
13:40:05.0923 3608 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
13:40:05.0923 3608 btwavdt - ok
13:40:06.0048 3608 btwdins (1e08dc82525282e34ad66ffba0782565) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
13:40:06.0064 3608 btwdins - ok
13:40:06.0095 3608 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
13:40:06.0095 3608 btwl2cap - ok
13:40:06.0110 3608 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
13:40:06.0110 3608 btwrchid - ok
13:40:06.0142 3608 catchme - ok
13:40:06.0173 3608 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:40:06.0204 3608 cdfs - ok
13:40:06.0235 3608 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:40:06.0251 3608 cdrom - ok
13:40:06.0282 3608 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:40:06.0313 3608 CertPropSvc - ok
13:40:06.0329 3608 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:40:06.0344 3608 circlass - ok
13:40:06.0376 3608 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:40:06.0391 3608 CLFS - ok
13:40:06.0454 3608 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:40:06.0469 3608 clr_optimization_v2.0.50727_32 - ok
13:40:06.0500 3608 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:40:06.0500 3608 clr_optimization_v2.0.50727_64 - ok
13:40:06.0578 3608 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:40:06.0594 3608 clr_optimization_v4.0.30319_32 - ok
13:40:06.0610 3608 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:40:06.0625 3608 clr_optimization_v4.0.30319_64 - ok
13:40:06.0688 3608 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:40:06.0688 3608 CmBatt - ok
13:40:06.0703 3608 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:40:06.0719 3608 cmdide - ok
13:40:06.0781 3608 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
13:40:06.0797 3608 CNG - ok
13:40:06.0828 3608 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:40:06.0828 3608 Compbatt - ok
13:40:06.0859 3608 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:40:06.0875 3608 CompositeBus - ok
13:40:06.0875 3608 COMSysApp - ok
13:40:06.0875 3608 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:40:06.0890 3608 crcdisk - ok
13:40:06.0922 3608 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
13:40:06.0937 3608 CryptSvc - ok
13:40:07.0000 3608 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:40:07.0031 3608 DcomLaunch - ok
13:40:07.0062 3608 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:40:07.0093 3608 defragsvc - ok
13:40:07.0140 3608 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:40:07.0156 3608 DfsC - ok
13:40:07.0171 3608 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
13:40:07.0187 3608 Dhcp - ok
13:40:07.0218 3608 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:40:07.0249 3608 discache - ok
13:40:07.0249 3608 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:40:07.0265 3608 Disk - ok
13:40:07.0296 3608 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
13:40:07.0296 3608 Dnscache - ok
13:40:07.0327 3608 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
13:40:07.0358 3608 dot3svc - ok
13:40:07.0374 3608 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
13:40:07.0405 3608 DPS - ok
13:40:07.0421 3608 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:40:07.0436 3608 drmkaud - ok
13:40:07.0514 3608 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:40:07.0530 3608 DXGKrnl - ok
13:40:07.0561 3608 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:40:07.0592 3608 EapHost - ok
13:40:07.0795 3608 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:40:07.0826 3608 ebdrv - ok
13:40:07.0951 3608 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
13:40:07.0967 3608 EFS - ok
13:40:08.0092 3608 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:40:08.0107 3608 elxstor - ok
13:40:08.0123 3608 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:40:08.0138 3608 ErrDev - ok
13:40:08.0170 3608 ETD (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys
13:40:08.0185 3608 ETD - ok
13:40:08.0216 3608 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:40:08.0248 3608 EventSystem - ok
13:40:08.0279 3608 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:40:08.0310 3608 exfat - ok
13:40:08.0326 3608 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:40:08.0357 3608 fastfat - ok
13:40:08.0419 3608 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
13:40:08.0435 3608 Fax - ok
13:40:08.0450 3608 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:40:08.0466 3608 fdc - ok
13:40:08.0466 3608 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:40:08.0497 3608 fdPHost - ok
13:40:08.0513 3608 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:40:08.0544 3608 FDResPub - ok
13:40:08.0544 3608 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:40:08.0560 3608 FileInfo - ok
13:40:08.0575 3608 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:40:08.0591 3608 Filetrace - ok
13:40:08.0622 3608 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:40:08.0622 3608 flpydisk - ok
13:40:08.0669 3608 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:40:08.0669 3608 FltMgr - ok
13:40:08.0762 3608 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
13:40:08.0778 3608 FontCache - ok
13:40:08.0825 3608 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:40:08.0840 3608 FontCache3.0.0.0 - ok
13:40:08.0887 3608 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:40:08.0903 3608 FsDepends - ok
13:40:08.0934 3608 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
13:40:08.0950 3608 fssfltr - ok
13:40:09.0028 3608 fsssvc (f6717211c1ec2cddaa81b97b0727c2e9) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:40:09.0043 3608 fsssvc - ok
13:40:09.0090 3608 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
13:40:09.0090 3608 Fs_Rec - ok
13:40:09.0137 3608 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:40:09.0152 3608 fvevol - ok
13:40:09.0184 3608 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:40:09.0199 3608 gagp30kx - ok
13:40:09.0262 3608 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
13:40:09.0293 3608 gpsvc - ok
13:40:09.0324 3608 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
13:40:09.0340 3608 hamachi - ok
13:40:09.0355 3608 Hamachi2Svc - ok
13:40:09.0371 3608 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:40:09.0386 3608 hcw85cir - ok
13:40:09.0433 3608 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:40:09.0449 3608 HdAudAddService - ok
13:40:09.0464 3608 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:40:09.0480 3608 HDAudBus - ok
13:40:09.0496 3608 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
13:40:09.0511 3608 HECIx64 - ok
13:40:09.0527 3608 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:40:09.0527 3608 HidBatt - ok
13:40:09.0542 3608 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:40:09.0558 3608 HidBth - ok
13:40:09.0589 3608 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:40:09.0605 3608 HidIr - ok
13:40:09.0620 3608 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:40:09.0652 3608 hidserv - ok
13:40:09.0667 3608 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:40:09.0683 3608 HidUsb - ok
13:40:09.0761 3608 HiPatchService (d61f8e72032bdc43157f2b8aea32b529) D:\Diablo\HiPatchService.exe
13:40:09.0761 3608 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
13:40:09.0761 3608 HiPatchService - detected UnsignedFile.Multi.Generic (1)
13:40:09.0792 3608 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
13:40:09.0823 3608 hkmsvc - ok
13:40:09.0854 3608 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
13:40:09.0854 3608 HomeGroupListener - ok
13:40:09.0886 3608 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
13:40:09.0901 3608 HomeGroupProvider - ok
13:40:09.0917 3608 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:40:09.0917 3608 HpSAMD - ok
13:40:09.0979 3608 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:40:10.0010 3608 HTTP - ok
13:40:10.0026 3608 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:40:10.0042 3608 hwpolicy - ok
13:40:10.0073 3608 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:40:10.0088 3608 i8042prt - ok
13:40:10.0120 3608 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
13:40:10.0135 3608 iaStor - ok
13:40:10.0182 3608 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:40:10.0198 3608 iaStorV - ok
13:40:10.0307 3608 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:40:10.0322 3608 idsvc - ok
13:40:10.0447 3608 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:40:10.0447 3608 iirsp - ok
13:40:10.0525 3608 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
13:40:10.0556 3608 IKEEXT - ok
13:40:10.0728 3608 IntcAzAudAddService (dcf6afba140af3f880a427c2656be44d) C:\Windows\system32\drivers\RTKVHD64.sys
13:40:10.0759 3608 IntcAzAudAddService - ok
13:40:10.0837 3608 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:40:10.0853 3608 intelide - ok
13:40:10.0868 3608 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:40:10.0884 3608 intelppm - ok
13:40:10.0900 3608 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:40:10.0931 3608 IPBusEnum - ok
13:40:10.0946 3608 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:40:10.0978 3608 IpFilterDriver - ok
13:40:11.0024 3608 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
13:40:11.0056 3608 iphlpsvc - ok
13:40:11.0087 3608 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:40:11.0102 3608 IPMIDRV - ok
13:40:11.0118 3608 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:40:11.0149 3608 IPNAT - ok
13:40:11.0165 3608 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:40:11.0180 3608 IRENUM - ok
13:40:11.0196 3608 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:40:11.0212 3608 isapnp - ok
13:40:11.0227 3608 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:40:11.0243 3608 iScsiPrt - ok
13:40:11.0258 3608 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:40:11.0274 3608 kbdclass - ok
13:40:11.0274 3608 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:40:11.0290 3608 kbdhid - ok
13:40:11.0305 3608 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
13:40:11.0305 3608 kbfiltr - ok
13:40:11.0336 3608 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:40:11.0352 3608 KeyIso - ok
13:40:11.0368 3608 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
13:40:11.0383 3608 KSecDD - ok
13:40:11.0399 3608 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
13:40:11.0399 3608 KSecPkg - ok
13:40:11.0414 3608 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:40:11.0430 3608 ksthunk - ok
13:40:11.0477 3608 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:40:11.0508 3608 KtmRm - ok
13:40:11.0539 3608 L1C (b4a3a05b0f9c81d098b96ab6aa915042) C:\Windows\system32\DRIVERS\L1C62x64.sys
13:40:11.0539 3608 L1C - ok
13:40:11.0586 3608 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
13:40:11.0602 3608 LanmanServer - ok
13:40:11.0633 3608 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
13:40:11.0648 3608 LanmanWorkstation - ok
13:40:11.0695 3608 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:40:11.0711 3608 lltdio - ok
13:40:11.0742 3608 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:40:11.0773 3608 lltdsvc - ok
13:40:11.0789 3608 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:40:11.0820 3608 lmhosts - ok
13:40:11.0898 3608 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:40:11.0898 3608 LMS ( UnsignedFile.Multi.Generic ) - warning
13:40:11.0898 3608 LMS - detected UnsignedFile.Multi.Generic (1)
13:40:11.0929 3608 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:40:11.0945 3608 LSI_FC - ok
13:40:11.0960 3608 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:40:11.0976 3608 LSI_SAS - ok
13:40:11.0976 3608 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:40:11.0992 3608 LSI_SAS2 - ok
13:40:11.0992 3608 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:40:12.0007 3608 LSI_SCSI - ok
13:40:12.0023 3608 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:40:12.0054 3608 luafv - ok
13:40:12.0085 3608 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
13:40:12.0085 3608 lullaby - ok
13:40:12.0132 3608 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
13:40:12.0132 3608 MBAMProtector - ok
13:40:12.0226 3608 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:40:12.0241 3608 MBAMService - ok
13:40:12.0272 3608 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
13:40:12.0288 3608 Mcx2Svc - ok
13:40:12.0304 3608 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:40:12.0304 3608 megasas - ok
13:40:12.0350 3608 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:40:12.0366 3608 MegaSR - ok
13:40:12.0382 3608 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:40:12.0413 3608 MMCSS - ok
13:40:12.0413 3608 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:40:12.0444 3608 Modem - ok
13:40:12.0475 3608 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:40:12.0475 3608 monitor - ok
13:40:12.0491 3608 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:40:12.0491 3608 mouclass - ok
13:40:12.0522 3608 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:40:12.0538 3608 mouhid - ok
13:40:12.0553 3608 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:40:12.0569 3608 mountmgr - ok
13:40:12.0662 3608 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:40:12.0662 3608 MozillaMaintenance - ok
13:40:12.0694 3608 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:40:12.0709 3608 mpio - ok
13:40:12.0725 3608 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:40:12.0756 3608 mpsdrv - ok
13:40:12.0818 3608 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
13:40:12.0865 3608 MpsSvc - ok
13:40:12.0881 3608 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:40:12.0896 3608 MRxDAV - ok
13:40:12.0912 3608 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:40:12.0928 3608 mrxsmb - ok
13:40:12.0959 3608 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:40:12.0974 3608 mrxsmb10 - ok
13:40:12.0990 3608 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:40:13.0006 3608 mrxsmb20 - ok
13:40:13.0021 3608 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:40:13.0021 3608 msahci - ok
13:40:13.0052 3608 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:40:13.0052 3608 msdsm - ok
13:40:13.0084 3608 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:40:13.0099 3608 MSDTC - ok
13:40:13.0099 3608 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:40:13.0130 3608 Msfs - ok
13:40:13.0162 3608 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:40:13.0177 3608 mshidkmdf - ok
13:40:13.0193 3608 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:40:13.0208 3608 msisadrv - ok
13:40:13.0240 3608 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:40:13.0271 3608 MSiSCSI - ok
13:40:13.0271 3608 msiserver - ok
13:40:13.0302 3608 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:40:13.0333 3608 MSKSSRV - ok
13:40:13.0333 3608 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:40:13.0364 3608 MSPCLOCK - ok
13:40:13.0380 3608 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:40:13.0411 3608 MSPQM - ok
13:40:13.0442 3608 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:40:13.0458 3608 MsRPC - ok
13:40:13.0489 3608 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:40:13.0489 3608 mssmbios - ok
13:40:13.0567 3608 MSSQL$SQLEXPRESS - ok
13:40:13.0630 3608 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
13:40:13.0645 3608 MSSQLServerADHelper100 - ok
13:40:13.0661 3608 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:40:13.0692 3608 MSTEE - ok
13:40:13.0692 3608 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:40:13.0708 3608 MTConfig - ok
13:40:13.0739 3608 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
13:40:13.0739 3608 MTsensor - ok
13:40:13.0754 3608 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:40:13.0754 3608 Mup - ok
13:40:13.0817 3608 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
13:40:13.0848 3608 napagent - ok
13:40:13.0895 3608 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:40:13.0926 3608 NativeWifiP - ok
13:40:14.0004 3608 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:40:14.0020 3608 NDIS - ok
13:40:14.0035 3608 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:40:14.0051 3608 NdisCap - ok
13:40:14.0082 3608 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:40:14.0113 3608 NdisTapi - ok
13:40:14.0129 3608 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:40:14.0160 3608 Ndisuio - ok
13:40:14.0176 3608 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:40:14.0207 3608 NdisWan - ok
13:40:14.0222 3608 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:40:14.0254 3608 NDProxy - ok
13:40:14.0254 3608 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:40:14.0285 3608 NetBIOS - ok
13:40:14.0316 3608 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:40:14.0347 3608 NetBT - ok
13:40:14.0363 3608 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:40:14.0378 3608 Netlogon - ok
13:40:14.0425 3608 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:40:14.0456 3608 Netman - ok
13:40:14.0550 3608 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:40:14.0550 3608 NetMsmqActivator - ok
13:40:14.0550 3608 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:40:14.0566 3608 NetPipeActivator - ok
13:40:14.0612 3608 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:40:14.0628 3608 netprofm - ok
13:40:14.0644 3608 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:40:14.0644 3608 NetTcpActivator - ok
13:40:14.0644 3608 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:40:14.0659 3608 NetTcpPortSharing - ok
13:40:14.0737 3608 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:40:14.0753 3608 nfrd960 - ok
13:40:14.0784 3608 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
13:40:14.0815 3608 NlaSvc - ok
13:40:14.0831 3608 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:40:14.0862 3608 Npfs - ok
13:40:14.0878 3608 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:40:14.0909 3608 nsi - ok
13:40:14.0924 3608 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:40:14.0940 3608 nsiproxy - ok
13:40:15.0065 3608 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:40:15.0096 3608 Ntfs - ok
13:40:15.0221 3608 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:40:15.0252 3608 Null - ok
13:40:15.0283 3608 nusb3hub (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys
13:40:15.0299 3608 nusb3hub - ok
13:40:15.0299 3608 nusb3xhc (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:40:15.0314 3608 nusb3xhc - ok
13:40:15.0346 3608 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
13:40:15.0361 3608 nvraid - ok
13:40:15.0361 3608 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:40:15.0377 3608 nvstor - ok
13:40:15.0408 3608 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:40:15.0408 3608 nv_agp - ok
13:40:15.0424 3608 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:40:15.0439 3608 ohci1394 - ok
13:40:15.0517 3608 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:40:15.0533 3608 ose64 - ok
13:40:15.0876 3608 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:40:15.0938 3608 osppsvc - ok
13:40:16.0063 3608 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:40:16.0079 3608 p2pimsvc - ok
13:40:16.0110 3608 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:40:16.0126 3608 p2psvc - ok
13:40:16.0188 3608 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:40:16.0204 3608 Parport - ok
13:40:16.0219 3608 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
13:40:16.0235 3608 partmgr - ok
13:40:16.0266 3608 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:40:16.0282 3608 PcaSvc - ok
13:40:16.0297 3608 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:40:16.0297 3608 pci - ok
13:40:16.0313 3608 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:40:16.0328 3608 pciide - ok
13:40:16.0344 3608 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:40:16.0360 3608 pcmcia - ok
13:40:16.0375 3608 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:40:16.0375 3608 pcw - ok
13:40:16.0422 3608 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:40:16.0453 3608 PEAUTH - ok
13:40:16.0531 3608 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:40:16.0547 3608 PerfHost - ok
13:40:16.0703 3608 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
13:40:16.0750 3608 pla - ok
13:40:16.0859 3608 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
13:40:16.0874 3608 PlugPlay - ok
13:40:16.0890 3608 PnkBstrA - ok
13:40:16.0906 3608 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:40:16.0921 3608 PNRPAutoReg - ok
13:40:16.0952 3608 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:40:16.0968 3608 PNRPsvc - ok
13:40:17.0030 3608 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
13:40:17.0062 3608 PolicyAgent - ok
13:40:17.0093 3608 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:40:17.0124 3608 Power - ok
13:40:17.0218 3608 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:40:17.0249 3608 PptpMiniport - ok
13:40:17.0264 3608 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:40:17.0264 3608 Processor - ok
13:40:17.0311 3608 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
13:40:17.0327 3608 ProfSvc - ok
13:40:17.0358 3608 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:40:17.0374 3608 ProtectedStorage - ok
13:40:17.0405 3608 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:40:17.0436 3608 Psched - ok
13:40:17.0530 3608 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:40:17.0561 3608 ql2300 - ok
13:40:17.0717 3608 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:40:17.0717 3608 ql40xx - ok
13:40:17.0764 3608 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:40:17.0779 3608 QWAVE - ok
13:40:17.0779 3608 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:40:17.0795 3608 QWAVEdrv - ok
13:40:17.0795 3608 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:40:17.0826 3608 RasAcd - ok
13:40:17.0857 3608 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:40:17.0888 3608 RasAgileVpn - ok
13:40:17.0888 3608 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:40:17.0920 3608 RasAuto - ok
13:40:17.0935 3608 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:40:17.0966 3608 Rasl2tp - ok
13:40:18.0013 3608 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
13:40:18.0044 3608 RasMan - ok
13:40:18.0060 3608 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:40:18.0091 3608 RasPppoe - ok
13:40:18.0107 3608 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:40:18.0122 3608 RasSstp - ok
13:40:18.0154 3608 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:40:18.0185 3608 rdbss - ok
13:40:18.0200 3608 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:40:18.0200 3608 rdpbus - ok
13:40:18.0216 3608 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:40:18.0247 3608 RDPCDD - ok
13:40:18.0278 3608 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:40:18.0310 3608 RDPENCDD - ok
13:40:18.0325 3608 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:40:18.0341 3608 RDPREFMP - ok
13:40:18.0372 3608 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
13:40:18.0388 3608 RDPWD - ok
13:40:18.0403 3608 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:40:18.0419 3608 rdyboost - ok
13:40:18.0450 3608 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:40:18.0466 3608 RemoteAccess - ok
13:40:18.0497 3608 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:40:18.0528 3608 RemoteRegistry - ok
13:40:18.0544 3608 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:40:18.0559 3608 RFCOMM - ok
13:40:18.0668 3608 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
13:40:18.0668 3608 RichVideo ( UnsignedFile.Multi.Generic ) - warning
13:40:18.0668 3608 RichVideo - detected UnsignedFile.Multi.Generic (1)
13:40:18.0684 3608 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:40:18.0715 3608 RpcEptMapper - ok
13:40:18.0731 3608 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:40:18.0731 3608 RpcLocator - ok
13:40:18.0793 3608 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:40:18.0809 3608 RpcSs - ok
13:40:18.0887 3608 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
13:40:18.0887 3608 RsFx0103 - ok
13:40:18.0918 3608 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:40:18.0949 3608 rspndr - ok
13:40:18.0996 3608 RTHDMIAzAudService (483c537e69fa97c77f7fe0e2e1c1f102) C:\Windows\system32\drivers\RtHDMIVX.sys
13:40:19.0012 3608 RTHDMIAzAudService - ok
13:40:19.0027 3608 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:40:19.0043 3608 SamSs - ok
13:40:19.0058 3608 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:40:19.0074 3608 sbp2port - ok
13:40:19.0105 3608 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:40:19.0136 3608 SCardSvr - ok
13:40:19.0136 3608 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:40:19.0168 3608 scfilter - ok
13:40:19.0261 3608 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
13:40:19.0277 3608 Schedule - ok
13:40:19.0308 3608 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:40:19.0324 3608 SCPolicySvc - ok
13:40:19.0355 3608 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
13:40:19.0355 3608 SDRSVC - ok
13:40:19.0448 3608 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:40:19.0480 3608 secdrv - ok
13:40:19.0480 3608 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
13:40:19.0511 3608 seclogon - ok
13:40:19.0526 3608 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:40:19.0558 3608 SENS - ok
13:40:19.0573 3608 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:40:19.0573 3608 SensrSvc - ok
13:40:19.0589 3608 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:40:19.0604 3608 Serenum - ok
13:40:19.0636 3608 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:40:19.0651 3608 Serial - ok
13:40:19.0667 3608 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:40:19.0682 3608 sermouse - ok
13:40:19.0714 3608 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
13:40:19.0729 3608 SessionEnv - ok
13:40:19.0745 3608 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:40:19.0745 3608 sffdisk - ok
13:40:19.0760 3608 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:40:19.0760 3608 sffp_mmc - ok
13:40:19.0776 3608 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:40:19.0776 3608 sffp_sd - ok
13:40:19.0792 3608 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:40:19.0792 3608 sfloppy - ok
13:40:19.0838 3608 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:40:19.0870 3608 SharedAccess - ok
13:40:19.0901 3608 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
13:40:19.0916 3608 ShellHWDetection - ok
13:40:19.0948 3608 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
13:40:19.0948 3608 SiSGbeLH - ok
13:40:19.0963 3608 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:40:19.0979 3608 SiSRaid2 - ok
13:40:19.0994 3608 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:40:19.0994 3608 SiSRaid4 - ok
13:40:20.0026 3608 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:40:20.0057 3608 Smb - ok
13:40:20.0088 3608 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:40:20.0088 3608 SNMPTRAP - ok
13:40:20.0228 3608 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
13:40:20.0244 3608 SNP2UVC - ok
13:40:20.0384 3608 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:40:20.0384 3608 spldr - ok
13:40:20.0447 3608 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
13:40:20.0462 3608 Spooler - ok
13:40:20.0681 3608 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
13:40:20.0728 3608 sppsvc - ok
13:40:20.0821 3608 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:40:20.0852 3608 sppuinotify - ok
13:40:20.0962 3608 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
13:40:20.0977 3608 SQLAgent$SQLEXPRESS - ok
13:40:21.0024 3608 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:40:21.0040 3608 SQLBrowser - ok
13:40:21.0071 3608 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:40:21.0071 3608 SQLWriter - ok
13:40:21.0180 3608 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:40:21.0196 3608 srv - ok
13:40:21.0227 3608 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:40:21.0227 3608 srv2 - ok
13:40:21.0258 3608 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:40:21.0258 3608 srvnet - ok
13:40:21.0305 3608 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:40:21.0336 3608 SSDPSRV - ok
13:40:21.0352 3608 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:40:21.0367 3608 SstpSvc - ok
13:40:21.0445 3608 Steam Client Service - ok
13:40:21.0461 3608 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:40:21.0461 3608 stexstor - ok
13:40:21.0539 3608 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
13:40:21.0554 3608 stisvc - ok
13:40:21.0570 3608 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:40:21.0570 3608 swenum - ok
13:40:21.0617 3608 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:40:21.0648 3608 swprv - ok
13:40:21.0773 3608 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
13:40:21.0788 3608 SysMain - ok
13:40:21.0913 3608 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
13:40:21.0929 3608 TabletInputService - ok
13:40:21.0960 3608 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
13:40:21.0991 3608 TapiSrv - ok
13:40:22.0007 3608 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:40:22.0022 3608 TBS - ok
13:40:22.0256 3608 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
13:40:22.0272 3608 Tcpip - ok
13:40:22.0475 3608 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
13:40:22.0490 3608 TCPIP6 - ok
13:40:22.0568 3608 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:40:22.0600 3608 tcpipreg - ok
13:40:22.0615 3608 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:40:22.0615 3608 TDPIPE - ok
13:40:22.0646 3608 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
13:40:22.0662 3608 TDTCP - ok
13:40:22.0678 3608 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:40:22.0693 3608 tdx - ok
13:40:22.0724 3608 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:40:22.0724 3608 TermDD - ok
13:40:22.0787 3608 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
13:40:22.0818 3608 TermService - ok
13:40:22.0834 3608 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:40:22.0849 3608 Themes - ok
13:40:22.0880 3608 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:40:22.0912 3608 THREADORDER - ok
13:40:22.0943 3608 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:40:22.0958 3608 TrkWks - ok
13:40:23.0021 3608 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
13:40:23.0036 3608 TrustedInstaller - ok
13:40:23.0099 3608 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:40:23.0114 3608 tssecsrv - ok
13:40:23.0161 3608 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:40:23.0192 3608 tunnel - ok
13:40:23.0208 3608 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
13:40:23.0208 3608 TurboB - ok
13:40:23.0255 3608 TurboBoost (baef86ebeaece76573fa822dea256f6c) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
13:40:23.0270 3608 TurboBoost - ok
13:40:23.0286 3608 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:40:23.0302 3608 uagp35 - ok
13:40:23.0333 3608 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:40:23.0348 3608 udfs - ok
13:40:23.0380 3608 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:40:23.0395 3608 UI0Detect - ok
13:40:23.0426 3608 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:40:23.0426 3608 uliagpkx - ok
13:40:23.0442 3608 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:40:23.0458 3608 umbus - ok
13:40:23.0473 3608 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:40:23.0473 3608 UmPass - ok
13:40:23.0676 3608 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:40:23.0707 3608 UNS ( UnsignedFile.Multi.Generic ) - warning
13:40:23.0707 3608 UNS - detected UnsignedFile.Multi.Generic (1)
13:40:23.0863 3608 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:40:23.0894 3608 upnphost - ok
13:40:23.0988 3608 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
13:40:23.0988 3608 usbaudio - ok
13:40:24.0019 3608 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
13:40:24.0035 3608 usbccgp - ok
13:40:24.0066 3608 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:40:24.0082 3608 usbcir - ok
13:40:24.0097 3608 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
13:40:24.0097 3608 usbehci - ok
13:40:24.0160 3608 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
13:40:24.0160 3608 usbhub - ok
13:40:24.0175 3608 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
13:40:24.0191 3608 usbohci - ok
13:40:24.0206 3608 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:40:24.0222 3608 usbprint - ok
13:40:24.0238 3608 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
13:40:24.0238 3608 USBSTOR - ok
13:40:24.0269 3608 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
13:40:24.0269 3608 usbuhci - ok
13:40:24.0316 3608 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
13:40:24.0316 3608 usbvideo - ok
13:40:24.0331 3608 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:40:24.0362 3608 UxSms - ok
13:40:24.0394 3608 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:40:24.0409 3608 VaultSvc - ok
13:40:24.0409 3608 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:40:24.0425 3608 vdrvroot - ok
13:40:24.0456 3608 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
13:40:24.0472 3608 vds - ok
13:40:24.0503 3608 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:40:24.0518 3608 vga - ok
13:40:24.0534 3608 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:40:24.0550 3608 VgaSave - ok
13:40:24.0565 3608 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:40:24.0581 3608 vhdmp - ok
13:40:24.0581 3608 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:40:24.0596 3608 viaide - ok
13:40:24.0612 3608 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:40:24.0612 3608 volmgr - ok
13:40:24.0643 3608 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:40:24.0659 3608 volmgrx - ok
13:40:24.0690 3608 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:40:24.0706 3608 volsnap - ok
13:40:24.0737 3608 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:40:24.0752 3608 vsmraid - ok
13:40:24.0846 3608 VSPerfDrv100 (ca64a8838b4674d14bdf88aba2f253ea) D:\Visual STudio\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
13:40:24.0862 3608 VSPerfDrv100 - ok
13:40:24.0986 3608 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
13:40:25.0002 3608 VSS - ok
13:40:25.0142 3608 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:40:25.0142 3608 vwifibus - ok
13:40:25.0158 3608 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:40:25.0174 3608 vwififlt - ok
13:40:25.0220 3608 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:40:25.0252 3608 W32Time - ok
13:40:25.0267 3608 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:40:25.0283 3608 WacomPen - ok
13:40:25.0314 3608 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:40:25.0345 3608 WANARP - ok
13:40:25.0345 3608 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:40:25.0376 3608 Wanarpv6 - ok
13:40:25.0470 3608 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:40:25.0501 3608 WatAdminSvc - ok
13:40:25.0610 3608 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
13:40:25.0626 3608 wbengine - ok
13:40:25.0735 3608 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:40:25.0751 3608 WbioSrvc - ok
13:40:25.0798 3608 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
13:40:25.0813 3608 wcncsvc - ok
13:40:25.0829 3608 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:40:25.0829 3608 WcsPlugInService - ok
13:40:25.0891 3608 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:40:25.0907 3608 Wd - ok
13:40:25.0954 3608 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:40:25.0969 3608 Wdf01000 - ok
13:40:25.0985 3608 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:40:26.0000 3608 WdiServiceHost - ok
13:40:26.0000 3608 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:40:26.0016 3608 WdiSystemHost - ok
13:40:26.0063 3608 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
13:40:26.0078 3608 WebClient - ok
13:40:26.0110 3608 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:40:26.0125 3608 Wecsvc - ok
13:40:26.0141 3608 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:40:26.0172 3608 wercplsupport - ok
13:40:26.0188 3608 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:40:26.0219 3608 WerSvc - ok
13:40:26.0250 3608 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:40:26.0266 3608 WfpLwf - ok
13:40:26.0297 3608 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
13:40:26.0312 3608 WimFltr - ok
13:40:26.0328 3608 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:40:26.0344 3608 WIMMount - ok
13:40:26.0390 3608 WinDefend - ok
13:40:26.0390 3608 WinHttpAutoProxySvc - ok
13:40:26.0437 3608 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:40:26.0468 3608 Winmgmt - ok
13:40:26.0609 3608 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
13:40:26.0656 3608 WinRM - ok
13:40:26.0827 3608 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
13:40:26.0843 3608 WinUsb - ok
13:40:26.0905 3608 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:40:26.0936 3608 Wlansvc - ok
13:40:26.0968 3608 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:40:26.0968 3608 WmiAcpi - ok
13:40:27.0030 3608 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:40:27.0046 3608 wmiApSrv - ok
13:40:27.0092 3608 WMPNetworkSvc - ok
13:40:27.0124 3608 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:40:27.0139 3608 WPCSvc - ok
13:40:27.0155 3608 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
13:40:27.0170 3608 WPDBusEnum - ok
13:40:27.0186 3608 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:40:27.0217 3608 ws2ifsl - ok
13:40:27.0248 3608 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
13:40:27.0264 3608 wscsvc - ok
13:40:27.0264 3608 WSearch - ok
13:40:27.0436 3608 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:40:27.0482 3608 wuauserv - ok
13:40:27.0623 3608 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:40:27.0654 3608 WudfPf - ok
13:40:27.0685 3608 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:40:27.0716 3608 WUDFRd - ok
13:40:27.0748 3608 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
13:40:27.0763 3608 wudfsvc - ok
13:40:27.0794 3608 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:40:27.0810 3608 WwanSvc - ok
13:40:27.0841 3608 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:40:28.0247 3608 \Device\Harddisk0\DR0 - ok
13:40:28.0247 3608 Boot (0x1200) (1e9ffe66456b89c185a2f343869849d1) \Device\Harddisk0\DR0\Partition0
13:40:28.0247 3608 \Device\Harddisk0\DR0\Partition0 - ok
13:40:28.0278 3608 Boot (0x1200) (13f1b8aa37bd930e02ad800e991a285b) \Device\Harddisk0\DR0\Partition1
13:40:28.0278 3608 \Device\Harddisk0\DR0\Partition1 - ok
13:40:28.0278 3608 ============================================================
13:40:28.0278 3608 Scan finished
13:40:28.0278 3608 ============================================================
13:40:28.0294 4060 Detected object count: 5
13:40:28.0294 4060 Actual detected object count: 5
13:41:04.0112 4060 C:\Program Files\ATKGFNEX\GFNEXSrv.exe - copied to quarantine
13:41:04.0112 4060 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
13:41:04.0112 4060 D:\Diablo\HiPatchService.exe - copied to quarantine
13:41:04.0112 4060 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
13:41:04.0237 4060 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe - copied to quarantine
13:41:04.0237 4060 LMS ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
13:41:04.0299 4060 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe - copied to quarantine
13:41:04.0299 4060 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
13:41:04.0455 4060 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe - copied to quarantine
13:41:04.0471 4060 UNS ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
13:41:06.0686 3376 Deinitialize success

Attached Files



#10 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 04 July 2012 - 07:56 PM

ComboFix 12-07-04.04 - Mark 07/04/2012 13:02:57.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4021.2172 [GMT -4:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\programdata\FullRemove.exe
c:\users\Mark\AppData\Local\assembly\tmp
c:\windows\system32\drivers\etc\lmhosts
D:\install.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 17:11 . 2012-07-04 17:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-19 22:55 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-30 23:19 . 2012-05-30 23:19 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-01 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MDS_Menu"="c:\program files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-11-13 210216]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 1080608]
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-1-14 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-1-14 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ IMSC12.IME
.
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\diablo\HiPatchService.exe [2012-02-21 8704]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\visual studio\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-20 1255736]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-08 204288]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-08 10203648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-08 310784]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 177152]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate05262012
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\t8wsqwbe.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Wow6432Node-HKLM-Run-RemoteControl9 - c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
Wow6432Node-HKLM-Run-PDVD9LanguageShortcut - c:\program files (x86)\Cyberlink\PowerDVD9\Language\Language.exe
Toolbar-Locked - (no file)
AddRemove-ASUS_N_Series_Screensaver - c:\windows\system32\ASUS_N_Series_Screensaver.scr
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-{3B11D799-48E0-48ED-BFD7-EA655676D8BB} - c:\program files (x86)\Common Files\BioWare\Uninstall Star Wars - The Old Republic.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-07-04 13:21:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 17:21
.
Pre-Run: 7,173,296,128 bytes free
Post-Run: 13,121,728,512 bytes free
.
- - End Of File - - BD84D1EB9BF19FBFAE4AF23285E6203F

#11 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 05 July 2012 - 05:25 PM

Hi Sasusaas

Please do not attach any logs unless I ask you to.

Security Check is an old version so will have to be run again.
Please delete the folder on the desktop.

Download Security Check by screen317 from here.
  • Save it to your desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
White Warrior

#12 Sasusaas

Sasusaas
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 05 July 2012 - 06:14 PM

Results of screen317's Security Check version 0.99.42
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#13 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 06 July 2012 - 05:42 PM

Hi Sasusaas

TDSSKiller has quarantined some files. I'd like to send them to virustotal to see if they are ok or not.

Please go to http://www.virustotal.com, click on Browse, and upload the following file for analysis: You will only be able to have one file scanned at a time.

C:\Program Files\ATKGFNEX\GFNEXSrv.exe
D:\Diablo\HiPatchService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


Then click Submit. Allow the file to be scanned, and then copy/paste the results here for me to see.

If you get a message saying File has already been analyzed: Click Reanalyze file now

If virustotal is busy, please go to http://virusscan.jotti.org

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Now, let's get you an antivirus program.
Three good antivirus programs free for non-commercial home use are
avast! Free Antivirus
Avira AntiVir Personal - Free Antivirus
Microsoft Security Essentials
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

White Warrior

#14 Sasusaas

Sasusaas
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 06 July 2012 - 09:23 PM

For all of the virustotal scans the results were blank throughout.

SHA256: 75331e6da4e30717085e7d8131989241ebc492dc3ee455546f91da9dfffd2bfc
SHA1: c7cd0f79752f64078a90727d675101670d9f04eb
MD5: f12a68ed55053940cadd59ca5e3468dd
File size: 239.2 KB ( 244904 bytes )
File name: RichVideo.exe
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-07-07 00:39:03 UTC ( 0 minutes ago )


SHA256: 4f99c4913dcfe02b0783fd97f02558e4dd4d7c98553d95a8e26faaa0c0d67616
SHA1: c8575802c99c0b95ac81b8e5eba1fdc5dcf4fdbd
MD5: 41118d920b2b268c0adc36421248cdcf
File size: 2.2 MB ( 2314240 bytes )
File name: UNS.exe
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-07-07 00:38:07 UTC ( 0 minutes ago )

SHA256: ff6ed89ea47df74c33cd8bfac48faed1b979348aba6b6d94ee07cbd21810f37b
SHA1: 09b12b937b00137bebf4578496495e1dc793b649
MD5: a1c148801b4af64847aeb9f3ad9594ef
File size: 256.0 KB ( 262144 bytes )
File name: LMS.exe
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-07-07 00:37:11 UTC ( 0 minutes ago )

SHA256: 62e738aaea75ed7573827d907081f6c0512f6d16748c949e4d37887c86b556de
SHA1: ba6dd1c06dd9cf8a61606fe2552d31310e16b085
MD5: d61f8e72032bdc43157f2b8aea32b529
File size: 8.5 KB ( 8704 bytes )
File name: HiPatchService.exe
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-07-07 00:36:11 UTC ( 0 minutes ago )

SHA256: 7ca78363cd420bfe4bfe9a38683ca9e31023ac573d9092666cdaee6af4998b60
SHA1: 48cadcf4cb89527cd7e4a770ce561f0e7feed629
MD5: 7c157574a181b19b9dcf5f339e25337e
File size: 92.0 KB ( 94208 bytes )
File name: GFNEXSrv.exe
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-07-07 00:34:11 UTC ( 0 minutes ago )


From the ESET scan:

C:\Users\Mark\Downloads\DriverSweeper_3.2.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
D:\MARK-PC\Backup Set 2011-10-27 234158\Backup Files 2011-10-27 234158\Backup files 1.zip Win32/OpenCandy application deleted - quarantined

#15 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 09 July 2012 - 09:04 PM

Hi Sasusaas

I'm sorry for the delay. I'll be with you as soon as possible. Thank you for your patience.

White Warrior




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users