Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Olmarik.tdl4 trojan


  • This topic is locked This topic is locked
20 replies to this topic

#1 Neurism

Neurism

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 22 June 2012 - 10:35 AM

ESET Nod says I'm infected with Win32/Olmarik.TDL4 Trojan on my operating memory and Win32/Olmarik.AYA trojan on my active boot sector 0. physical disk.
I've had this virus for a while because it's really hard to get rid of and it doesn't have any symptoms.
Recently my computer/operating system has been crashing after about 25 minutes of being on. I can still move the mouse but I can't do anything, so I restart. I don't think this is the virus but if it is I will know once I get rid of it.
I would greatly appreciate anyone's help on this site!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:28 AM

Posted 23 June 2012 - 07:07 AM

Greetings and Welcome to The Forums!!


My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: ESET NOD32 Antivirus 5.0
AV: Spyware Doctor with AntiVirus


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Neurism

Neurism
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 23 June 2012 - 03:42 PM

ComboFix 12-06-23.05 - Jess 06/23/2012 14:56:22.5.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8109.6223 [GMT -4:00]
Running from: C:\Users\Jess\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))


2012-06-23 19:27:42 . 2012-06-23 19:27:42 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2012-06-23 19:27:42 . 2012-06-23 19:27:42 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-06-22 23:05:09 . 2012-05-31 04:04:02 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7F9E3B6-14C3-45B5-97C1-92ACF3EE02F7}\mpengine.dll
2012-06-22 01:23:14 . 2012-06-22 01:23:20 -------- d-----w- C:\Users\Jess\AppData\Local\{E9907751-6358-46A9-AF1A-B09EE596675A}
2012-06-21 04:19:10 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dll
2012-06-21 04:19:10 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.exe
2012-06-21 04:19:10 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll
2012-06-21 04:19:10 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dll
2012-06-21 04:19:08 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll
2012-06-21 04:19:08 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-21 04:19:08 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.dll
2012-06-21 04:19:07 . 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-21 04:19:07 . 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\system32\wuapp.exe
2012-06-19 20:17:16 . 2012-06-22 14:56:48 -------- d-----w- C:\Users\Jess\Tracing
2012-06-19 20:03:55 . 2012-06-19 20:05:10 -------- d-----w- C:\Program Files (x86)\Windows Live
2012-06-19 20:03:53 . 2012-06-19 20:03:53 -------- d-----w- C:\Windows\PCHEALTH
2012-06-19 20:02:39 . 2012-06-22 14:57:23 -------- d-----w- C:\Users\Jess\AppData\Local\Windows Live
2012-06-19 20:02:39 . 2012-06-19 20:02:39 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-06-14 18:38:36 . 2012-06-14 18:38:36 -------- d-----r- C:\Users\Jess\AppData\Roaming\Brother
2012-06-14 18:32:26 . 2012-06-14 18:32:26 -------- d-----w- C:\Brother
2012-06-14 18:32:25 . 2012-06-14 18:32:25 -------- d-----w- C:\Program Files (x86)\Browny02
2012-06-14 18:32:24 . 2010-05-10 08:45:58 103736 ----a-w- C:\Windows\SysWow64\BRRBTOOL.EXE
2012-06-14 18:32:24 . 2005-01-17 07:10:16 45056 ----a-w- C:\Windows\SysWow64\BRTCPCON.DLL
2012-06-14 18:32:23 . 2010-04-02 05:33:34 25299 ----a-w- C:\Windows\SysWow64\BRLM03A.DLL
2012-06-14 18:32:23 . 2004-08-09 06:42:08 77824 ----a-w- C:\Windows\SysWow64\BRLMW03A.DLL
2012-06-14 18:32:20 . 2012-06-14 18:32:25 -------- d-----w- C:\Program Files (x86)\Brother
2012-06-14 18:32:20 . 2010-08-03 00:57:34 217088 ------w- C:\Windows\SysWow64\NSSearch.dll
2012-06-14 18:32:20 . 2010-03-15 23:56:30 2560 ------w- C:\Windows\SysWow64\BrDctF2S.dll
2012-06-14 18:32:20 . 2010-03-15 23:45:12 73728 ------w- C:\Windows\SysWow64\BrDctF2.dll
2012-06-14 18:32:20 . 2007-12-14 02:16:20 5120 ------w- C:\Windows\SysWow64\BrDctF2L.dll
2012-06-14 18:32:18 . 2010-02-05 15:42:34 180224 ------w- C:\Windows\SysWow64\BroSNMP.dll
2012-06-14 18:31:36 . 2012-06-14 18:34:04 -------- d-----w- C:\ProgramData\Brother
2012-06-14 04:22:55 . 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-06-14 04:22:55 . 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-06-14 04:22:55 . 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\system32\rdrmemptylst.exe
2012-06-14 04:22:47 . 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-06-14 04:22:47 . 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-14 04:22:46 . 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\system32\win32k.sys
2012-06-14 04:22:46 . 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-14 04:22:45 . 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-06-07 03:51:14 . 2012-06-07 03:51:14 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 03:51:14 . 2012-06-07 03:51:14 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-05 15:11:06 . 2012-06-06 22:05:08 -------- d-----w- C:\Users\Jess\AppData\Roaming\.minecraft
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-06-23 18:47:16 . 2011-10-01 06:12:19 25640 ----a-w- C:\Windows\gdrv.sys
2012-06-19 20:03:54 . 2011-03-28 22:36:46 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-18 17:40:40 . 2012-05-18 17:40:40 53248 ----a-r- C:\Users\Jess\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-04 22:47:08 . 2012-05-21 01:48:01 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-04-04 22:47:02 . 2011-10-01 05:48:38 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-30 11:35:47 . 2012-05-10 21:01:24 1918320 ----a-w- C:\Windows\system32\drivers\tcpip.sys


((((((((((((((((((((((((((((( SnapShot@2012-06-23_17.18.43 )))))))))))))))))))))))))))))))))))))))))

- 2009-07-14 05:10:35 . 2012-06-23 16:37:32 35678 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10:35 . 2012-06-23 18:48:50 35678 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-10-01 05:21:05 . 2012-06-23 16:37:32 5430 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-664553082-1086461949-3365375154-1000_UserData.bin
+ 2011-10-01 05:21:05 . 2012-06-23 18:48:50 5430 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-664553082-1086461949-3365375154-1000_UserData.bin
+ 2012-06-23 05:08:09 . 2012-06-23 18:46:56 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-23 05:08:09 . 2012-06-23 16:35:39 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-23 05:08:09 . 2012-06-23 18:46:56 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-23 05:08:09 . 2012-06-23 16:35:39 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-23 18:46:57 . 2009-10-07 05:46:36 131608 C:\Windows\Temp\logishrd\LVPrcInj02.dll
- 2012-06-23 16:35:40 . 2009-10-07 05:46:36 131608 C:\Windows\Temp\logishrd\LVPrcInj02.dll
- 2012-06-23 16:35:40 . 2009-10-07 05:47:22 109080 C:\Windows\Temp\logishrd\LVPrcInj01.dll
+ 2012-06-23 18:46:57 . 2009-10-07 05:47:22 109080 C:\Windows\Temp\logishrd\LVPrcInj01.dll
- 2009-07-14 02:36:59 . 2012-06-23 16:42:35 615122 C:\Windows\system32\perfh009.dat
+ 2009-07-14 02:36:59 . 2012-06-23 18:53:52 615122 C:\Windows\system32\perfh009.dat
+ 2009-07-14 02:36:59 . 2012-06-23 18:53:52 103496 C:\Windows\system32\perfc009.dat
- 2009-07-14 02:36:59 . 2012-06-23 16:42:35 103496 C:\Windows\system32\perfc009.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-03-04 19:07:48 165776]

[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 11:15:22 221184]
"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-01 06:55:46 3077528]
"ooVoo.exe"="C:\Program Files (x86)\ooVoo\oovoo.exe" [2012-02-07 23:01:50 22465104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"STCAgent"="C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-03-04 19:07:56 776064]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 14:10:12 284440]
"ISUSScheduler"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 11:15:20 81920]
"PWRISOVM.EXE"="C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 06:19:14 307200]
"Jomantha"="C:\Program Files (x86)\n52te\n52teHid.exe" [2008-06-13 15:19:46 159744]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 12:22:28 59240]
"amd_dc_opt"="C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 18:53:10 77824]
"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 19:53:18 460872]
"EEventManager"="C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 14:13:10 673616]
"KSafeTray"="C:\Program files (x86)\Kingsoft\PCDoctor\KSafeTray.exe" [2012-02-21 11:45:22 1144752]
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 17:42:44 2621440]
"ZyngaGamesAgent"="C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 11:21:56 841544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-16 00:59:24 136176]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;C:\Windows\system32\AppleChargerSrv.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-10-03 05:36:56 25640]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-16 00:59:24 136176]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-10-09 21:43:15 30528]
R3 JmtFltr;n52te;C:\Windows\system32\drivers\JmtFltr.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 17:32:22 113120]
R3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys [x]
R3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2009-12-09 20:23:34 365280]
R3 TfNetMon;TfNetMon;C:\Windows\system32\drivers\TfNetMon.sys [x]
R3 ThreatFire;ThreatFire;C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys [x]
S0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;C:\Windows\system32\drivers\TfSysMon.sys [x]
S1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys [x]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [x]
S1 pctgntdi;pctgntdi;C:\Windows\system32\drivers\pctgntdi64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 16:55:28 64952]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
S2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 20:13:06 68136]
S2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;F:\ESET\x86\ekrn.exe [2011-09-22 17:03:30 974944]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 14:10:26 13592]
S2 KSafeSvc;KSafe service;C:\Program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe [2012-02-21 11:45:20 451504]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 05:47:10 191000]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 19:53:18 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 08:53:00 2253120]
S2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 11:21:54 477000]
S2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 20:39:46 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 05:54:40 381248]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 01:04:12 2655768]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 04:37:18 493384]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 08:37:16 497480]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2010-01-25 12:22:56 245760]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys [x]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys [x]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]


Contents of the 'Scheduled Tasks' folder

2012-06-23 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-16 00:59:25 . 2011-11-16 00:59:24]

2012-06-23 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-16 00:59:25 . 2011-11-16 00:59:24]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23:48 444752 ----a-w- C:\Windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 03:23:48 444752]

[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-07 07:59:00 11858536]
"Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe" [2011-07-28 17:25:56 110360]
"egui"="F:\ESET\egui.exe" [2011-09-22 17:03:04 4035152]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 22:57:30 825184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-30 20:49:50 2552320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\t8c4e47c.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 2aace49d-b289-4649-a1a5-af641a2f0b9d
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,BuzzdockTease,DropDownDeals,
FF - user.js: network.protocol-handler.warn-external.dnupdate - false

- - - - ORPHANS REMOVED - - - -

AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-cise_screensaver - C:\Windows\system32\cise_screensaver.scr
AddRemove-myro-py2.4 - C:\Python24\Removemyro.exe
AddRemove-numpy-py2.4 - C:\Python24\Removenumpy.exe
AddRemove-PIL-py2.4 - C:\Python24\RemovePIL.exe
AddRemove-pygame-py2.4 - C:\Python24\Removepygame.exe
AddRemove-pyserial-py2.4 - C:\Python24\Removepyserial.exe
AddRemove-pyTTS-py2.4 - C:\Python24\RemovepyTTS.exe
AddRemove-pywin32-py2.4 - C:\Python24\Removepywin32.exe
AddRemove-xmpppy-py2.4 - C:\Python24\Removexmpppy.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1 - C:\Games\World_of_Tanks\unins000.exe

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 5.0
Spyware Doctor with AntiVirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spyware Doctor 7.0
Malwarebytes Anti-Malware version 1.60.1.1000
JavaFX 2.1.0
Java™ 6 Update 30
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox (for.)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 37% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#4 Neurism

Neurism
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 23 June 2012 - 03:43 PM

My computer runs perfectly except that it just freezes up after 40 minutes, and then I have to restart. It crashed during Combofix and made it take forever.

Edited by Neurism, 23 June 2012 - 03:44 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:28 AM

Posted 23 June 2012 - 04:04 PM

Greetings


did you remove one of the antivirus?

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Neurism

Neurism
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 23 June 2012 - 07:09 PM

I disabled it and tried to uninstall it gave me an administrative error and I didn't proceed after that.
I appreciate your help!

19:58:41.0688 3996 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
19:58:42.0287 3996 ============================================================
19:58:42.0287 3996 Current date / time: 2012/06/23 19:58:42.0287
19:58:42.0287 3996 SystemInfo:
19:58:42.0287 3996
19:58:42.0287 3996 OS Version: 6.1.7601 ServicePack: 1.0
19:58:42.0287 3996 Product type: Workstation
19:58:42.0287 3996 ComputerName: JESSPC
19:58:42.0288 3996 UserName: Jess
19:58:42.0288 3996 Windows directory: C:\Windows
19:58:42.0288 3996 System windows directory: C:\Windows
19:58:42.0288 3996 Running under WOW64
19:58:42.0288 3996 Processor architecture: Intel x64
19:58:42.0288 3996 Number of processors: 4
19:58:42.0288 3996 Page size: 0x1000
19:58:42.0288 3996 Boot type: Normal boot
19:58:42.0288 3996 ============================================================
19:58:42.0463 3996 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x72C4, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
19:58:42.0464 3996 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:58:42.0467 3996 ============================================================
19:58:42.0467 3996 \Device\Harddisk0\DR0:
19:58:42.0467 3996 MBR partitions:
19:58:42.0467 3996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:58:42.0467 3996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
19:58:42.0467 3996 \Device\Harddisk1\DR1:
19:58:42.0467 3996 MBR partitions:
19:58:42.0467 3996 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
19:58:42.0467 3996 ============================================================
19:58:42.0468 3996 C: <-> \Device\Harddisk0\DR0\Partition1
19:58:42.0497 3996 F: <-> \Device\Harddisk1\DR1\Partition0
19:58:42.0497 3996 ============================================================
19:58:42.0497 3996 Initialize success
19:58:42.0497 3996 ============================================================
19:58:43.0673 5964 ============================================================
19:58:43.0673 5964 Scan started
19:58:43.0673 5964 Mode: Manual;
19:58:43.0673 5964 ============================================================
19:58:43.0824 5964 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
19:58:43.0826 5964 1394ohci - ok
19:58:43.0835 5964 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:58:43.0839 5964 ACPI - ok
19:58:43.0841 5964 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:58:43.0842 5964 AcpiPmi - ok
19:58:43.0847 5964 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:58:43.0849 5964 AdobeARMservice - ok
19:58:43.0859 5964 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:58:43.0864 5964 adp94xx - ok
19:58:43.0873 5964 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:58:43.0877 5964 adpahci - ok
19:58:43.0883 5964 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:58:43.0885 5964 adpu320 - ok
19:58:43.0890 5964 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:58:43.0892 5964 AeLookupSvc - ok
19:58:43.0902 5964 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:58:43.0906 5964 AFD - ok
19:58:43.0910 5964 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:58:43.0912 5964 agp440 - ok
19:58:43.0915 5964 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:58:43.0917 5964 ALG - ok
19:58:43.0919 5964 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:58:43.0920 5964 aliide - ok
19:58:43.0925 5964 AMD External Events Utility (87e226c0e11182943d28e8bec61618cd) C:\Windows\system32\atiesrxx.exe
19:58:43.0928 5964 AMD External Events Utility - ok
19:58:43.0930 5964 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:58:43.0931 5964 amdide - ok
19:58:43.0935 5964 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:58:43.0936 5964 AmdK8 - ok
19:58:44.0118 5964 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
19:58:44.0197 5964 amdkmdag - ok
19:58:44.0225 5964 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
19:58:44.0228 5964 amdkmdap - ok
19:58:44.0230 5964 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:58:44.0231 5964 AmdPPM - ok
19:58:44.0234 5964 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:58:44.0236 5964 amdsata - ok
19:58:44.0240 5964 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:58:44.0242 5964 amdsbs - ok
19:58:44.0244 5964 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:58:44.0245 5964 amdxata - ok
19:58:44.0248 5964 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:58:44.0250 5964 AppID - ok
19:58:44.0252 5964 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:58:44.0252 5964 AppIDSvc - ok
19:58:44.0255 5964 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:58:44.0257 5964 Appinfo - ok
19:58:44.0262 5964 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:58:44.0263 5964 Apple Mobile Device - ok
19:58:44.0266 5964 AppleCharger (6be11ad81d4527d299f0cb5f3731aabc) C:\Windows\system32\DRIVERS\AppleCharger.sys
19:58:44.0267 5964 AppleCharger - ok
19:58:44.0268 5964 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\Windows\system32\AppleChargerSrv.exe
19:58:44.0270 5964 AppleChargerSrv - ok
19:58:44.0276 5964 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:58:44.0279 5964 AppMgmt - ok
19:58:44.0282 5964 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:58:44.0284 5964 arc - ok
19:58:44.0286 5964 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:58:44.0288 5964 arcsas - ok
19:58:44.0290 5964 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:58:44.0291 5964 AsyncMac - ok
19:58:44.0293 5964 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:58:44.0293 5964 atapi - ok
19:58:44.0299 5964 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
19:58:44.0302 5964 AtiHDAudioService - ok
19:58:44.0315 5964 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:58:44.0320 5964 AudioEndpointBuilder - ok
19:58:44.0324 5964 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:58:44.0327 5964 AudioSrv - ok
19:58:44.0332 5964 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:58:44.0334 5964 AxInstSV - ok
19:58:44.0343 5964 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:58:44.0347 5964 b06bdrv - ok
19:58:44.0355 5964 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:58:44.0357 5964 b57nd60a - ok
19:58:44.0363 5964 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:58:44.0365 5964 BDESVC - ok
19:58:44.0366 5964 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:58:44.0367 5964 Beep - ok
19:58:44.0381 5964 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:58:44.0386 5964 BFE - ok
19:58:44.0403 5964 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
19:58:44.0409 5964 BITS - ok
19:58:44.0417 5964 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:58:44.0418 5964 blbdrive - ok
19:58:44.0430 5964 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:58:44.0433 5964 Bonjour Service - ok
19:58:44.0437 5964 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:58:44.0439 5964 bowser - ok
19:58:44.0441 5964 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:58:44.0442 5964 BrFiltLo - ok
19:58:44.0443 5964 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:58:44.0444 5964 BrFiltUp - ok
19:58:44.0448 5964 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:58:44.0457 5964 BridgeMP - ok
19:58:44.0461 5964 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:58:44.0463 5964 Browser - ok
19:58:44.0469 5964 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:58:44.0472 5964 Brserid - ok
19:58:44.0474 5964 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:58:44.0476 5964 BrSerWdm - ok
19:58:44.0477 5964 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:58:44.0478 5964 BrUsbMdm - ok
19:58:44.0480 5964 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:58:44.0481 5964 BrUsbSer - ok
19:58:44.0488 5964 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
19:58:44.0490 5964 BrYNSvc - ok
19:58:44.0494 5964 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:58:44.0495 5964 BTHMODEM - ok
19:58:44.0499 5964 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:58:44.0501 5964 bthserv - ok
19:58:44.0507 5964 catchme - ok
19:58:44.0510 5964 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:58:44.0511 5964 cdfs - ok
19:58:44.0515 5964 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:58:44.0517 5964 cdrom - ok
19:58:44.0520 5964 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:58:44.0522 5964 CertPropSvc - ok
19:58:44.0525 5964 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:58:44.0526 5964 circlass - ok
19:58:44.0533 5964 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:58:44.0536 5964 CLFS - ok
19:58:44.0544 5964 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:58:44.0546 5964 clr_optimization_v2.0.50727_32 - ok
19:58:44.0551 5964 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:58:44.0553 5964 clr_optimization_v2.0.50727_64 - ok
19:58:44.0555 5964 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:58:44.0556 5964 CmBatt - ok
19:58:44.0557 5964 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:58:44.0559 5964 cmdide - ok
19:58:44.0567 5964 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:58:44.0571 5964 CNG - ok
19:58:44.0573 5964 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:58:44.0574 5964 Compbatt - ok
19:58:44.0576 5964 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:58:44.0578 5964 CompositeBus - ok
19:58:44.0579 5964 COMSysApp - ok
19:58:44.0581 5964 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:58:44.0582 5964 crcdisk - ok
19:58:44.0588 5964 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:58:44.0590 5964 CryptSvc - ok
19:58:44.0600 5964 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:58:44.0604 5964 CSC - ok
19:58:44.0617 5964 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
19:58:44.0622 5964 CscService - ok
19:58:44.0634 5964 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:58:44.0638 5964 DcomLaunch - ok
19:58:44.0645 5964 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:58:44.0648 5964 defragsvc - ok
19:58:44.0653 5964 DES2 Service (fdc0c5adde1cde6edb0bef78f0699af3) C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
19:58:44.0654 5964 DES2 Service - ok
19:58:44.0661 5964 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:58:44.0662 5964 DfsC - ok
19:58:44.0668 5964 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:58:44.0672 5964 Dhcp - ok
19:58:44.0675 5964 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:58:44.0675 5964 discache - ok
19:58:44.0679 5964 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:58:44.0679 5964 Disk - ok
19:58:44.0682 5964 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
19:58:44.0683 5964 dmvsc - ok
19:58:44.0688 5964 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:58:44.0690 5964 Dnscache - ok
19:58:44.0696 5964 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:58:44.0699 5964 dot3svc - ok
19:58:44.0704 5964 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:58:44.0706 5964 DPS - ok
19:58:44.0708 5964 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:58:44.0709 5964 drmkaud - ok
19:58:44.0726 5964 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:58:44.0730 5964 DXGKrnl - ok
19:58:44.0737 5964 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
19:58:44.0738 5964 eamonm - ok
19:58:44.0741 5964 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:58:44.0743 5964 EapHost - ok
19:58:44.0801 5964 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:58:44.0825 5964 ebdrv - ok
19:58:44.0845 5964 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:58:44.0847 5964 EFS - ok
19:58:44.0854 5964 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
19:58:44.0855 5964 ehdrv - ok
19:58:44.0869 5964 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:58:44.0875 5964 ehRecvr - ok
19:58:44.0879 5964 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:58:44.0881 5964 ehSched - ok
19:58:44.0975 5964 ekrn (c7bb95cf9631aa401e4aded1648f6af7) F:\ESET\x86\ekrn.exe
19:58:44.0978 5964 ekrn - ok
19:58:44.0989 5964 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:58:44.0994 5964 elxstor - ok
19:58:44.0999 5964 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
19:58:45.0000 5964 epfwwfpr - ok
19:58:45.0005 5964 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
19:58:45.0007 5964 EPSON_EB_RPCV4_01 - ok
19:58:45.0010 5964 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
19:58:45.0012 5964 EPSON_PM_RPCV4_01 - ok
19:58:45.0013 5964 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:58:45.0015 5964 ErrDev - ok
19:58:45.0019 5964 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
19:58:45.0020 5964 etdrv - ok
19:58:45.0023 5964 EtronHub3 (72eccb2f5c9cfc32a9b2a60933832501) C:\Windows\system32\Drivers\EtronHub3.sys
19:58:45.0024 5964 EtronHub3 - ok
19:58:45.0026 5964 EtronXHCI (7bb310f6fb9e1b9d21dd2ce7eb0d5464) C:\Windows\system32\Drivers\EtronXHCI.sys
19:58:45.0028 5964 EtronXHCI - ok
19:58:45.0036 5964 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:58:45.0039 5964 EventSystem - ok
19:58:45.0047 5964 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:58:45.0049 5964 exfat - ok
19:58:45.0054 5964 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:58:45.0056 5964 fastfat - ok
19:58:45.0070 5964 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:58:45.0075 5964 Fax - ok
19:58:45.0078 5964 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:58:45.0080 5964 fdc - ok
19:58:45.0081 5964 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:58:45.0083 5964 fdPHost - ok
19:58:45.0085 5964 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:58:45.0086 5964 FDResPub - ok
19:58:45.0089 5964 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:58:45.0090 5964 FileInfo - ok
19:58:45.0092 5964 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:58:45.0093 5964 Filetrace - ok
19:58:45.0095 5964 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:58:45.0096 5964 flpydisk - ok
19:58:45.0101 5964 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:58:45.0104 5964 FltMgr - ok
19:58:45.0125 5964 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:58:45.0133 5964 FontCache - ok
19:58:45.0137 5964 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:58:45.0139 5964 FontCache3.0.0.0 - ok
19:58:45.0144 5964 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:58:45.0146 5964 FsDepends - ok
19:58:45.0147 5964 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:58:45.0148 5964 Fs_Rec - ok
19:58:45.0153 5964 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:58:45.0155 5964 fvevol - ok
19:58:45.0158 5964 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:58:45.0160 5964 gagp30kx - ok
19:58:45.0161 5964 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
19:58:45.0162 5964 gdrv - ok
19:58:45.0165 5964 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:58:45.0165 5964 GEARAspiWDM - ok
19:58:45.0179 5964 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:58:45.0185 5964 gpsvc - ok
19:58:45.0193 5964 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:58:45.0195 5964 gupdate - ok
19:58:45.0196 5964 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:58:45.0197 5964 gupdatem - ok
19:58:45.0199 5964 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
19:58:45.0201 5964 GVTDrv64 - ok
19:58:45.0203 5964 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:58:45.0204 5964 hcw85cir - ok
19:58:45.0211 5964 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:58:45.0214 5964 HdAudAddService - ok
19:58:45.0218 5964 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:58:45.0220 5964 HDAudBus - ok
19:58:45.0221 5964 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:58:45.0222 5964 HidBatt - ok
19:58:45.0225 5964 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:58:45.0227 5964 HidBth - ok
19:58:45.0229 5964 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:58:45.0230 5964 HidIr - ok
19:58:45.0233 5964 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:58:45.0234 5964 hidserv - ok
19:58:45.0237 5964 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:58:45.0238 5964 HidUsb - ok
19:58:45.0241 5964 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:58:45.0243 5964 hkmsvc - ok
19:58:45.0250 5964 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:58:45.0252 5964 HomeGroupListener - ok
19:58:45.0260 5964 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:58:45.0262 5964 HomeGroupProvider - ok
19:58:45.0265 5964 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:58:45.0267 5964 HpSAMD - ok
19:58:45.0279 5964 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:58:45.0285 5964 HTTP - ok
19:58:45.0287 5964 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:58:45.0288 5964 hwpolicy - ok
19:58:45.0296 5964 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:58:45.0298 5964 i8042prt - ok
19:58:45.0312 5964 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys
19:58:45.0314 5964 iaStor - ok
19:58:45.0319 5964 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:58:45.0320 5964 IAStorDataMgrSvc - ok
19:58:45.0329 5964 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:58:45.0332 5964 iaStorV - ok
19:58:45.0336 5964 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:58:45.0338 5964 IDriverT - ok
19:58:45.0352 5964 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:58:45.0359 5964 idsvc - ok
19:58:45.0568 5964 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:58:45.0646 5964 igfx - ok
19:58:45.0668 5964 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:58:45.0669 5964 iirsp - ok
19:58:45.0684 5964 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:58:45.0691 5964 IKEEXT - ok
19:58:45.0741 5964 IntcAzAudAddService (392d5c87f282e8e36df5154418a7bb20) C:\Windows\system32\drivers\RTKVHD64.sys
19:58:45.0752 5964 IntcAzAudAddService - ok
19:58:45.0777 5964 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:58:45.0780 5964 IntcDAud - ok
19:58:45.0782 5964 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:58:45.0783 5964 intelide - ok
19:58:45.0786 5964 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:58:45.0787 5964 intelppm - ok
19:58:45.0790 5964 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:58:45.0792 5964 IPBusEnum - ok
19:58:45.0797 5964 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:58:45.0798 5964 IpFilterDriver - ok
19:58:45.0809 5964 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:58:45.0813 5964 iphlpsvc - ok
19:58:45.0818 5964 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:58:45.0819 5964 IPMIDRV - ok
19:58:45.0823 5964 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:58:45.0824 5964 IPNAT - ok
19:58:45.0842 5964 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
19:58:45.0849 5964 iPod Service - ok
19:58:45.0851 5964 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:58:45.0853 5964 IRENUM - ok
19:58:45.0855 5964 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:58:45.0856 5964 isapnp - ok
19:58:45.0861 5964 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:58:45.0864 5964 iScsiPrt - ok
19:58:45.0867 5964 JmtFltr (112809ce3919156c484c5bbe61eeee25) C:\Windows\system32\drivers\JmtFltr.sys
19:58:45.0869 5964 JmtFltr - ok
19:58:45.0871 5964 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:58:45.0872 5964 kbdclass - ok
19:58:45.0874 5964 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:58:45.0875 5964 kbdhid - ok
19:58:45.0877 5964 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:58:45.0878 5964 KeyIso - ok
19:58:45.0881 5964 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
19:58:45.0882 5964 KMWDFILTER - ok
19:58:45.0892 5964 KSafeSvc (d72d2237825b5dc75031e8b3e7139b71) C:\Program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
19:58:45.0896 5964 KSafeSvc - ok
19:58:45.0901 5964 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:58:45.0903 5964 KSecDD - ok
19:58:45.0907 5964 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:58:45.0908 5964 KSecPkg - ok
19:58:45.0910 5964 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:58:45.0911 5964 ksthunk - ok
19:58:45.0918 5964 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:58:45.0923 5964 KtmRm - ok
19:58:45.0930 5964 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:58:45.0933 5964 LanmanServer - ok
19:58:45.0937 5964 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:58:45.0940 5964 LanmanWorkstation - ok
19:58:45.0950 5964 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:58:45.0952 5964 LBTServ - ok
19:58:45.0956 5964 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
19:58:45.0957 5964 LGBusEnum - ok
19:58:45.0959 5964 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
19:58:45.0960 5964 LGVirHid - ok
19:58:45.0963 5964 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:58:45.0963 5964 LHidFilt - ok
19:58:45.0966 5964 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:58:45.0967 5964 lltdio - ok
19:58:45.0973 5964 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:58:45.0977 5964 lltdsvc - ok
19:58:45.0980 5964 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:58:45.0981 5964 lmhosts - ok
19:58:45.0984 5964 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:58:45.0985 5964 LMouFilt - ok
19:58:45.0993 5964 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:58:45.0996 5964 LMS - ok
19:58:46.0001 5964 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:58:46.0003 5964 LSI_FC - ok
19:58:46.0006 5964 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:58:46.0008 5964 LSI_SAS - ok
19:58:46.0011 5964 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:58:46.0012 5964 LSI_SAS2 - ok
19:58:46.0015 5964 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:58:46.0017 5964 LSI_SCSI - ok
19:58:46.0020 5964 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:58:46.0021 5964 luafv - ok
19:58:46.0024 5964 lvpepf64 (4a503882318bb2f59218d401614e6af6) C:\Windows\system32\DRIVERS\lv302a64.sys
19:58:46.0024 5964 lvpepf64 - ok
19:58:46.0026 5964 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:58:46.0027 5964 LVPr2M64 - ok
19:58:46.0028 5964 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:58:46.0028 5964 LVPr2Mon - ok
19:58:46.0034 5964 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
19:58:46.0037 5964 LVPrcS64 - ok
19:58:46.0044 5964 LVRS64 (125ae13c293889001b8456cf3eb04a40) C:\Windows\system32\DRIVERS\lvrs64.sys
19:58:46.0045 5964 LVRS64 - ok
19:58:46.0049 5964 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:58:46.0050 5964 MBAMProtector - ok
19:58:46.0063 5964 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:58:46.0068 5964 MBAMService - ok
19:58:46.0072 5964 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:58:46.0075 5964 Mcx2Svc - ok
19:58:46.0077 5964 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:58:46.0078 5964 megasas - ok
19:58:46.0085 5964 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:58:46.0087 5964 MegaSR - ok
19:58:46.0090 5964 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
19:58:46.0091 5964 MEIx64 - ok
19:58:46.0094 5964 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:58:46.0096 5964 MMCSS - ok
19:58:46.0098 5964 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:58:46.0099 5964 Modem - ok
19:58:46.0101 5964 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:58:46.0102 5964 monitor - ok
19:58:46.0104 5964 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:58:46.0104 5964 mouclass - ok
19:58:46.0107 5964 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:58:46.0108 5964 mouhid - ok
19:58:46.0110 5964 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:58:46.0112 5964 mountmgr - ok
19:58:46.0116 5964 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:58:46.0119 5964 MozillaMaintenance - ok
19:58:46.0122 5964 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:58:46.0124 5964 mpio - ok
19:58:46.0127 5964 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:58:46.0129 5964 mpsdrv - ok
19:58:46.0143 5964 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:58:46.0150 5964 MpsSvc - ok
19:58:46.0155 5964 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:58:46.0157 5964 MRxDAV - ok
19:58:46.0161 5964 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:58:46.0163 5964 mrxsmb - ok
19:58:46.0169 5964 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:58:46.0172 5964 mrxsmb10 - ok
19:58:46.0177 5964 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:58:46.0178 5964 mrxsmb20 - ok
19:58:46.0180 5964 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:58:46.0181 5964 msahci - ok
19:58:46.0184 5964 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:58:46.0186 5964 msdsm - ok
19:58:46.0190 5964 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:58:46.0193 5964 MSDTC - ok
19:58:46.0196 5964 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:58:46.0198 5964 Msfs - ok
19:58:46.0199 5964 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:58:46.0201 5964 mshidkmdf - ok
19:58:46.0203 5964 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:58:46.0203 5964 msisadrv - ok
19:58:46.0208 5964 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:58:46.0211 5964 MSiSCSI - ok
19:58:46.0213 5964 msiserver - ok
19:58:46.0216 5964 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:58:46.0217 5964 MSKSSRV - ok
19:58:46.0219 5964 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:58:46.0220 5964 MSPCLOCK - ok
19:58:46.0222 5964 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:58:46.0223 5964 MSPQM - ok
19:58:46.0232 5964 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:58:46.0235 5964 MsRPC - ok
19:58:46.0239 5964 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:58:46.0240 5964 mssmbios - ok
19:58:46.0242 5964 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:58:46.0243 5964 MSTEE - ok
19:58:46.0245 5964 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:58:46.0246 5964 MTConfig - ok
19:58:46.0248 5964 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:58:46.0249 5964 Mup - ok
19:58:46.0259 5964 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:58:46.0263 5964 napagent - ok
19:58:46.0272 5964 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:58:46.0275 5964 NativeWifiP - ok
19:58:46.0294 5964 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:58:46.0301 5964 NDIS - ok
19:58:46.0304 5964 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:58:46.0305 5964 NdisCap - ok
19:58:46.0307 5964 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:58:46.0308 5964 NdisTapi - ok
19:58:46.0311 5964 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:58:46.0312 5964 Ndisuio - ok
19:58:46.0316 5964 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:58:46.0318 5964 NdisWan - ok
19:58:46.0320 5964 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:58:46.0321 5964 NDProxy - ok
19:58:46.0323 5964 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:58:46.0325 5964 NetBIOS - ok
19:58:46.0330 5964 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:58:46.0332 5964 NetBT - ok
19:58:46.0335 5964 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:58:46.0335 5964 Netlogon - ok
19:58:46.0344 5964 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:58:46.0348 5964 Netman - ok
19:58:46.0359 5964 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:58:46.0363 5964 netprofm - ok
19:58:46.0382 5964 netr28ux (26672f93749ac9fd28da1b0f94efa78d) C:\Windows\system32\DRIVERS\netr28ux.sys
19:58:46.0391 5964 netr28ux - ok
19:58:46.0407 5964 netr28x (68cdb276a3009f0cf000c6352c1f72e7) C:\Windows\system32\DRIVERS\netr28x.sys
19:58:46.0414 5964 netr28x - ok
19:58:46.0420 5964 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:58:46.0421 5964 NetTcpPortSharing - ok
19:58:46.0424 5964 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:58:46.0426 5964 nfrd960 - ok
19:58:46.0432 5964 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:58:46.0435 5964 NlaSvc - ok
19:58:46.0438 5964 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:58:46.0439 5964 Npfs - ok
19:58:46.0442 5964 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:58:46.0443 5964 nsi - ok
19:58:46.0445 5964 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:58:46.0446 5964 nsiproxy - ok
19:58:46.0475 5964 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:58:46.0486 5964 Ntfs - ok
19:58:46.0508 5964 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:58:46.0509 5964 Null - ok
19:58:46.0514 5964 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
19:58:46.0515 5964 NVHDA - ok
19:58:46.0745 5964 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:58:46.0789 5964 nvlddmkm - ok
19:58:46.0813 5964 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:58:46.0815 5964 nvraid - ok
19:58:46.0820 5964 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:58:46.0822 5964 nvstor - ok
19:58:46.0853 5964 NVSvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
19:58:46.0866 5964 NVSvc - ok
19:58:46.0907 5964 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:58:46.0924 5964 nvUpdatusService - ok
19:58:46.0948 5964 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:58:46.0950 5964 nv_agp - ok
19:58:46.0953 5964 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:58:46.0955 5964 ohci1394 - ok
19:58:46.0962 5964 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:58:46.0965 5964 p2pimsvc - ok
19:58:46.0975 5964 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:58:46.0979 5964 p2psvc - ok
19:58:46.0983 5964 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:58:46.0985 5964 Parport - ok
19:58:46.0988 5964 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:58:46.0989 5964 partmgr - ok
19:58:46.0993 5964 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:58:46.0996 5964 PcaSvc - ok
19:58:47.0001 5964 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:58:47.0003 5964 pci - ok
19:58:47.0005 5964 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:58:47.0005 5964 pciide - ok
19:58:47.0010 5964 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:58:47.0012 5964 pcmcia - ok
19:58:47.0015 5964 PCTCore - ok
19:58:47.0019 5964 pctgntdi - ok
19:58:47.0022 5964 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:58:47.0023 5964 pcw - ok
19:58:47.0035 5964 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:58:47.0040 5964 PEAUTH - ok
19:58:47.0066 5964 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:58:47.0076 5964 PeerDistSvc - ok
19:58:47.0095 5964 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:58:47.0097 5964 PerfHost - ok
19:58:47.0168 5964 PID_PEPI (ae0b94363da0f60d42b9d05b352f61ed) C:\Windows\system32\DRIVERS\LV302V64.SYS
19:58:47.0180 5964 PID_PEPI - ok
19:58:47.0225 5964 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:58:47.0237 5964 pla - ok
19:58:47.0247 5964 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:58:47.0251 5964 PlugPlay - ok
19:58:47.0255 5964 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:58:47.0257 5964 PNRPAutoReg - ok
19:58:47.0265 5964 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:58:47.0267 5964 PNRPsvc - ok
19:58:47.0277 5964 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:58:47.0284 5964 PolicyAgent - ok
19:58:47.0290 5964 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:58:47.0293 5964 Power - ok
19:58:47.0302 5964 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:58:47.0303 5964 PptpMiniport - ok
19:58:47.0306 5964 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:58:47.0308 5964 Processor - ok
19:58:47.0313 5964 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:58:47.0316 5964 ProfSvc - ok
19:58:47.0319 5964 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:58:47.0320 5964 ProtectedStorage - ok
19:58:47.0324 5964 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:58:47.0326 5964 Psched - ok
19:58:47.0349 5964 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:58:47.0360 5964 ql2300 - ok
19:58:47.0384 5964 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:58:47.0386 5964 ql40xx - ok
19:58:47.0392 5964 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:58:47.0396 5964 QWAVE - ok
19:58:47.0400 5964 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:58:47.0401 5964 QWAVEdrv - ok
19:58:47.0404 5964 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:58:47.0405 5964 RasAcd - ok
19:58:47.0408 5964 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:58:47.0409 5964 RasAgileVpn - ok
19:58:47.0412 5964 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:58:47.0415 5964 RasAuto - ok
19:58:47.0419 5964 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:58:47.0420 5964 Rasl2tp - ok
19:58:47.0427 5964 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:58:47.0432 5964 RasMan - ok
19:58:47.0436 5964 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:58:47.0438 5964 RasPppoe - ok
19:58:47.0441 5964 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:58:47.0442 5964 RasSstp - ok
19:58:47.0448 5964 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:58:47.0451 5964 rdbss - ok
19:58:47.0454 5964 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:58:47.0455 5964 rdpbus - ok
19:58:47.0457 5964 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:58:47.0457 5964 RDPCDD - ok
19:58:47.0463 5964 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:58:47.0465 5964 RDPDR - ok
19:58:47.0467 5964 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:58:47.0468 5964 RDPENCDD - ok
19:58:47.0470 5964 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:58:47.0471 5964 RDPREFMP - ok
19:58:47.0476 5964 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:58:47.0478 5964 RDPWD - ok
19:58:47.0484 5964 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:58:47.0486 5964 rdyboost - ok
19:58:47.0489 5964 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:58:47.0492 5964 RemoteAccess - ok
19:58:47.0497 5964 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:58:47.0500 5964 RemoteRegistry - ok
19:58:47.0504 5964 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:58:47.0506 5964 RpcEptMapper - ok
19:58:47.0508 5964 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:58:47.0510 5964 RpcLocator - ok
19:58:47.0520 5964 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
19:58:47.0523 5964 RpcSs - ok
19:58:47.0528 5964 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:58:47.0530 5964 rspndr - ok
19:58:47.0541 5964 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:58:47.0543 5964 RTL8167 - ok
19:58:47.0547 5964 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:58:47.0548 5964 s3cap - ok
19:58:47.0551 5964 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:58:47.0552 5964 SamSs - ok
19:58:47.0558 5964 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:58:47.0560 5964 sbp2port - ok
19:58:47.0565 5964 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:58:47.0569 5964 SCardSvr - ok
19:58:47.0579 5964 SCBackService (8475e746eb72d04f1015e6f091f50e09) C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
19:58:47.0583 5964 SCBackService - ok
19:58:47.0588 5964 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
19:58:47.0589 5964 SCDEmu - ok
19:58:47.0591 5964 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:58:47.0592 5964 scfilter - ok
19:58:47.0611 5964 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:58:47.0620 5964 Schedule - ok
19:58:47.0624 5964 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:58:47.0625 5964 SCPolicySvc - ok
19:58:47.0629 5964 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:58:47.0632 5964 SDRSVC - ok
19:58:47.0640 5964 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:58:47.0641 5964 secdrv - ok
19:58:47.0643 5964 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:58:47.0645 5964 seclogon - ok
19:58:47.0648 5964 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:58:47.0650 5964 SENS - ok
19:58:47.0653 5964 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:58:47.0655 5964 SensrSvc - ok
19:58:47.0658 5964 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:58:47.0659 5964 Serenum - ok
19:58:47.0662 5964 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:58:47.0664 5964 Serial - ok
19:58:47.0666 5964 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:58:47.0667 5964 sermouse - ok
19:58:47.0674 5964 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:58:47.0677 5964 SessionEnv - ok
19:58:47.0679 5964 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:58:47.0680 5964 sffdisk - ok
19:58:47.0682 5964 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:58:47.0684 5964 sffp_mmc - ok
19:58:47.0686 5964 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:58:47.0687 5964 sffp_sd - ok
19:58:47.0689 5964 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:58:47.0690 5964 sfloppy - ok
19:58:47.0698 5964 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:58:47.0702 5964 SharedAccess - ok
19:58:47.0711 5964 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:58:47.0715 5964 ShellHWDetection - ok
19:58:47.0718 5964 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:58:47.0719 5964 SiSRaid2 - ok
19:58:47.0722 5964 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:58:47.0724 5964 SiSRaid4 - ok
19:58:47.0728 5964 Smart TimeLock (101556f6216e97f1258d87c38203695f) C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
19:58:47.0730 5964 Smart TimeLock - ok
19:58:47.0733 5964 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:58:47.0734 5964 Smb - ok
19:58:47.0737 5964 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:58:47.0740 5964 SNMPTRAP - ok
19:58:47.0742 5964 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:58:47.0743 5964 spldr - ok
19:58:47.0753 5964 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:58:47.0759 5964 Spooler - ok
19:58:47.0828 5964 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:58:47.0853 5964 sppsvc - ok
19:58:47.0877 5964 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:58:47.0880 5964 sppuinotify - ok
19:58:47.0893 5964 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:58:47.0897 5964 srv - ok
19:58:47.0908 5964 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:58:47.0911 5964 srv2 - ok
19:58:47.0917 5964 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:58:47.0919 5964 srvnet - ok
19:58:47.0926 5964 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:58:47.0929 5964 SSDPSRV - ok
19:58:47.0932 5964 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:58:47.0934 5964 SstpSvc - ok
19:58:47.0938 5964 Steam Client Service - ok
19:58:47.0947 5964 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:58:47.0950 5964 Stereo Service - ok
19:58:47.0953 5964 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:58:47.0954 5964 stexstor - ok
19:58:47.0967 5964 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:58:47.0973 5964 stisvc - ok
19:58:47.0976 5964 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:58:47.0977 5964 storflt - ok
19:58:47.0979 5964 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
19:58:47.0981 5964 StorSvc - ok
19:58:47.0984 5964 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:58:47.0985 5964 storvsc - ok
19:58:47.0988 5964 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:58:47.0988 5964 swenum - ok
19:58:47.0999 5964 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:58:48.0004 5964 swprv - ok
19:58:48.0032 5964 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:58:48.0047 5964 SysMain - ok
19:58:48.0069 5964 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:58:48.0072 5964 TabletInputService - ok
19:58:48.0080 5964 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:58:48.0085 5964 TapiSrv - ok
19:58:48.0089 5964 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:58:48.0090 5964 TBS - ok
19:58:48.0129 5964 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:58:48.0144 5964 Tcpip - ok
19:58:48.0202 5964 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:58:48.0212 5964 TCPIP6 - ok
19:58:48.0237 5964 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:58:48.0238 5964 tcpipreg - ok
19:58:48.0241 5964 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:58:48.0242 5964 TDPIPE - ok
19:58:48.0244 5964 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:58:48.0245 5964 TDTCP - ok
19:58:48.0249 5964 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:58:48.0251 5964 tdx - ok
19:58:48.0253 5964 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
19:58:48.0254 5964 TermDD - ok
19:58:48.0267 5964 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:58:48.0274 5964 TermService - ok
19:58:48.0276 5964 TfFsMon - ok
19:58:48.0278 5964 TfNetMon - ok
19:58:48.0280 5964 TfSysMon - ok
19:58:48.0284 5964 Themes (a7d93ffd3a24408683695ef5933fe019) C:\Windows\system32\themeservice.dll
19:58:48.0286 5964 Themes - ok
19:58:48.0289 5964 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:58:48.0291 5964 THREADORDER - ok
19:58:48.0295 5964 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:58:48.0297 5964 TrkWks - ok
19:58:48.0302 5964 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:58:48.0304 5964 TrustedInstaller - ok
19:58:48.0308 5964 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:58:48.0309 5964 tssecsrv - ok
19:58:48.0312 5964 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:58:48.0313 5964 TsUsbFlt - ok
19:58:48.0316 5964 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:58:48.0317 5964 TsUsbGD - ok
19:58:48.0320 5964 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:58:48.0322 5964 tunnel - ok
19:58:48.0325 5964 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:58:48.0326 5964 uagp35 - ok
19:58:48.0333 5964 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:58:48.0336 5964 udfs - ok
19:58:48.0341 5964 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:58:48.0344 5964 UI0Detect - ok
19:58:48.0347 5964 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:58:48.0349 5964 uliagpkx - ok
19:58:48.0352 5964 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:58:48.0353 5964 umbus - ok
19:58:48.0355 5964 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:58:48.0356 5964 UmPass - ok
19:58:48.0361 5964 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
19:58:48.0366 5964 UmRdpService - ok
19:58:48.0420 5964 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:58:48.0442 5964 UNS - ok
19:58:48.0466 5964 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:58:48.0471 5964 upnphost - ok
19:58:48.0480 5964 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:58:48.0482 5964 USBAAPL64 - ok
19:58:48.0486 5964 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:58:48.0488 5964 usbaudio - ok
19:58:48.0492 5964 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:58:48.0493 5964 usbccgp - ok
19:58:48.0497 5964 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:58:48.0499 5964 usbcir - ok
19:58:48.0502 5964 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:58:48.0503 5964 usbehci - ok
19:58:48.0510 5964 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:58:48.0514 5964 usbhub - ok
19:58:48.0517 5964 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:58:48.0518 5964 usbohci - ok
19:58:48.0521 5964 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:58:48.0522 5964 usbprint - ok
19:58:48.0525 5964 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:58:48.0526 5964 usbscan - ok
19:58:48.0529 5964 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:58:48.0531 5964 USBSTOR - ok
19:58:48.0533 5964 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:58:48.0534 5964 usbuhci - ok
19:58:48.0537 5964 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:58:48.0539 5964 UxSms - ok
19:58:48.0541 5964 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:58:48.0542 5964 VaultSvc - ok
19:58:48.0544 5964 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:58:48.0545 5964 vdrvroot - ok
19:58:48.0555 5964 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:58:48.0561 5964 vds - ok
19:58:48.0564 5964 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:58:48.0565 5964 vga - ok
19:58:48.0568 5964 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:58:48.0569 5964 VgaSave - ok
19:58:48.0574 5964 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:58:48.0577 5964 vhdmp - ok
19:58:48.0580 5964 vhidmini (52290e2e0bfae61d622aa8b9b3a4cb4e) C:\Windows\system32\DRIVERS\vhidmini.sys
19:58:48.0580 5964 vhidmini - ok
19:58:48.0586 5964 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:58:48.0588 5964 viaide - ok
19:58:48.0593 5964 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:58:48.0596 5964 vmbus - ok
19:58:48.0598 5964 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:58:48.0599 5964 VMBusHID - ok
19:58:48.0602 5964 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:58:48.0603 5964 volmgr - ok
19:58:48.0611 5964 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:58:48.0613 5964 volmgrx - ok
19:58:48.0620 5964 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:58:48.0622 5964 volsnap - ok
19:58:48.0627 5964 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:58:48.0629 5964 vsmraid - ok
19:58:48.0652 5964 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:58:48.0664 5964 VSS - ok
19:58:48.0688 5964 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:58:48.0689 5964 vwifibus - ok
19:58:48.0692 5964 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:58:48.0693 5964 vwififlt - ok
19:58:48.0695 5964 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:58:48.0697 5964 vwifimp - ok
19:58:48.0706 5964 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:58:48.0710 5964 W32Time - ok
19:58:48.0713 5964 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:58:48.0714 5964 WacomPen - ok
19:58:48.0718 5964 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:48.0720 5964 WANARP - ok
19:58:48.0721 5964 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:48.0722 5964 Wanarpv6 - ok
19:58:48.0745 5964 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:58:48.0756 5964 WatAdminSvc - ok
19:58:48.0811 5964 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:58:48.0829 5964 wbengine - ok
19:58:48.0853 5964 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:58:48.0857 5964 WbioSrvc - ok
19:58:48.0867 5964 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:58:48.0872 5964 wcncsvc - ok
19:58:48.0876 5964 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:58:48.0879 5964 WcsPlugInService - ok
19:58:48.0892 5964 WCUService_STC_FF (e47e66538692b1cfd6cc8021546fcc83) C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
19:58:48.0896 5964 WCUService_STC_FF - ok
19:58:48.0909 5964 WCUService_STC_IE (147c60622cb53e901efd8bb6d44a4c46) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
19:58:48.0913 5964 WCUService_STC_IE - ok
19:58:48.0920 5964 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:58:48.0922 5964 Wd - ok
19:58:48.0934 5964 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:58:48.0940 5964 Wdf01000 - ok
19:58:48.0944 5964 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:58:48.0946 5964 WdiServiceHost - ok
19:58:48.0948 5964 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:58:48.0949 5964 WdiSystemHost - ok
19:58:48.0956 5964 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:58:48.0960 5964 WebClient - ok
19:58:48.0967 5964 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:58:48.0989 5964 Wecsvc - ok
19:58:48.0993 5964 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:58:48.0995 5964 wercplsupport - ok
19:58:48.0999 5964 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:58:49.0001 5964 WerSvc - ok
19:58:49.0009 5964 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:58:49.0009 5964 WfpLwf - ok
19:58:49.0012 5964 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:58:49.0013 5964 WIMMount - ok
19:58:49.0015 5964 WinDefend - ok
19:58:49.0018 5964 WinHttpAutoProxySvc - ok
19:58:49.0028 5964 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:58:49.0030 5964 Winmgmt - ok
19:58:49.0066 5964 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:58:49.0085 5964 WinRM - ok
19:58:49.0111 5964 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:58:49.0112 5964 WinUsb - ok
19:58:49.0131 5964 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:58:49.0140 5964 Wlansvc - ok
19:58:49.0185 5964 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:58:49.0205 5964 wlidsvc - ok
19:58:49.0229 5964 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:58:49.0229 5964 WmiAcpi - ok
19:58:49.0239 5964 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:58:49.0242 5964 wmiApSrv - ok
19:58:49.0247 5964 WMPNetworkSvc - ok
19:58:49.0250 5964 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:58:49.0253 5964 WPCSvc - ok
19:58:49.0257 5964 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:58:49.0261 5964 WPDBusEnum - ok
19:58:49.0264 5964 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:58:49.0265 5964 ws2ifsl - ok
19:58:49.0269 5964 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:58:49.0272 5964 wscsvc - ok
19:58:49.0274 5964 WSearch - ok
19:58:49.0322 5964 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:58:49.0344 5964 wuauserv - ok
19:58:49.0368 5964 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:58:49.0370 5964 WudfPf - ok
19:58:49.0375 5964 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:58:49.0377 5964 WUDFRd - ok
19:58:49.0382 5964 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:58:49.0385 5964 wudfsvc - ok
19:58:49.0392 5964 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:58:49.0397 5964 WwanSvc - ok
19:58:49.0403 5964 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
19:58:49.0405 5964 xusb21 - ok
19:58:49.0417 5964 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:58:49.0418 5964 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
19:58:49.0418 5964 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
19:58:49.0440 5964 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
19:58:49.0457 5964 \Device\Harddisk1\DR1 - ok
19:58:49.0458 5964 Boot (0x1200) (bd3198d950b8c5a9a1191431350f9a87) \Device\Harddisk0\DR0\Partition0
19:58:49.0459 5964 \Device\Harddisk0\DR0\Partition0 - ok
19:58:49.0461 5964 Boot (0x1200) (93f79712dfdfcf60a74e496eaa264777) \Device\Harddisk0\DR0\Partition1
19:58:49.0462 5964 \Device\Harddisk0\DR0\Partition1 - ok
19:58:49.0464 5964 Boot (0x1200) (dee92a052deac367c275e22d95c8dcd8) \Device\Harddisk1\DR1\Partition0
19:58:49.0466 5964 \Device\Harddisk1\DR1\Partition0 - ok
19:58:49.0466 5964 ============================================================
19:58:49.0466 5964 Scan finished
19:58:49.0466 5964 ============================================================
19:58:49.0469 3792 Detected object count: 1
19:58:49.0469 3792 Actual detected object count: 1
19:58:54.0975 3792 \Device\Harddisk0\DR0\# - copied to quarantine
19:58:54.0977 3792 \Device\Harddisk0\DR0 - copied to quarantine
19:58:54.0993 3792 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
19:58:54.0996 3792 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
19:58:54.0999 3792 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
19:58:55.0002 3792 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
19:58:55.0005 3792 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
19:58:55.0008 3792 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
19:58:55.0400 3792 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
19:58:55.0663 3792 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
19:58:55.0905 3792 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
19:58:56.0149 3792 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:58:56.0393 3792 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:58:56.0396 3792 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:58:56.0633 3792 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:58:56.0877 3792 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
19:58:56.0879 3792 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
19:58:56.0882 3792 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
19:58:56.0884 3792 \Device\Harddisk0\DR0 - ok
19:58:56.0927 3792 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
19:59:33.0665 2900 Deinitialize success











aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 20:02:03
-----------------------------
20:02:03.652 OS Version: Windows x64 6.1.7601 Service Pack 1
20:02:03.652 Number of processors: 4 586 0x2A07
20:02:03.652 ComputerName: JESSPC UserName: Jess
20:02:03.796 Initialize success
20:02:58.677 AVAST engine defs: 12062301
20:04:45.526 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:04:45.529 Disk 0 Vendor: M4-CT064 0009 Size: 61057MB BusType: 3
20:04:45.531 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
20:04:45.533 Disk 1 Vendor: ST310005 JC4B Size: 953869MB BusType: 3
20:04:45.536 Disk 0 MBR read successfully
20:04:45.538 Disk 0 MBR scan
20:04:45.541 Disk 0 Windows 7 default MBR code
20:04:45.543 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:04:45.547 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
20:04:45.552 Disk 0 scanning C:\Windows\system32\drivers
20:04:47.759 Service scanning
20:04:53.616 Modules scanning
20:04:53.624 Disk 0 trace - called modules:
20:04:53.631 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:04:53.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80094c9060]
20:04:53.639 3 CLASSPNP.SYS[fffff88001dca43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80082c3050]
20:04:53.789 AVAST engine scan C:\Windows
20:04:54.248 AVAST engine scan C:\Windows\system32
20:05:33.592 AVAST engine scan C:\Windows\system32\drivers
20:05:36.107 AVAST engine scan C:\Users\Jess
20:05:55.248 AVAST engine scan C:\ProgramData
20:06:06.563 Scan finished successfully
20:07:33.421 Disk 0 MBR has been saved successfully to "C:\Users\Jess\Desktop\MBR.dat"
20:07:33.424 The log file has been saved successfully to "C:\Users\Jess\Desktop\aswMBR.txt"

#7 Neurism

Neurism
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 23 June 2012 - 07:16 PM

I successfully uninstalled the other antivirus.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:28 AM

Posted 23 June 2012 - 08:42 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:28 AM

Posted 26 June 2012 - 12:22 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Neurism

Neurism
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 26 June 2012 - 12:49 PM

Sorry for the delay in replying, I was away from home for a couple of days. My computer still crashes after about a half hour of running.. so I don't think it was those viruses. Here's the log.

ComboFix 12-06-26.02 - Jess 06/26/2012 13:16:11.6.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8109.6259 [GMT -4:00]
Running from: c:\users\Jess\Desktop\ComboFix.exe
Command switches used :: c:\users\Jess\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-26 17:18 . 2012-06-26 17:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-22 23:05 . 2012-05-31 04:04 9013136 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7F9E3B6-14C3-45B5-97C1-92ACF3EE02F7}\mpengine.dll
2012-06-22 01:23 . 2012-06-22 01:23 -------- d-----w- c:\users\Jess\AppData\Local\{E9907751-6358-46A9-AF1A-B09EE596675A}
2012-06-21 04:19 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 04:19 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 04:19 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 04:19 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 04:19 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 04:19 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 04:19 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 04:19 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 04:19 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 20:17 . 2012-06-22 14:56 -------- d-----w- c:\users\Jess\Tracing
2012-06-19 20:03 . 2012-06-19 20:05 -------- d-----w- c:\program files (x86)\Windows Live
2012-06-19 20:03 . 2012-06-19 20:03 -------- d-----w- c:\windows\PCHEALTH
2012-06-19 20:02 . 2012-06-22 14:57 -------- d-----w- c:\users\Jess\AppData\Local\Windows Live
2012-06-19 20:02 . 2012-06-19 20:02 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-06-14 18:38 . 2012-06-14 18:38 -------- d-----r- c:\users\Jess\AppData\Roaming\Brother
2012-06-14 18:32 . 2012-06-14 18:32 -------- d-----w- C:\Brother
2012-06-14 18:32 . 2012-06-14 18:32 -------- d-----w- c:\program files (x86)\Browny02
2012-06-14 18:32 . 2010-05-10 08:45 103736 ----a-w- c:\windows\SysWow64\BRRBTOOL.EXE
2012-06-14 18:32 . 2005-01-17 07:10 45056 ----a-w- c:\windows\SysWow64\BRTCPCON.DLL
2012-06-14 18:32 . 2010-04-02 05:33 25299 ----a-w- c:\windows\SysWow64\BRLM03A.DLL
2012-06-14 18:32 . 2004-08-09 06:42 77824 ----a-w- c:\windows\SysWow64\BRLMW03A.DLL
2012-06-14 18:32 . 2012-06-14 18:32 -------- d-----w- c:\program files (x86)\Brother
2012-06-14 18:32 . 2010-08-03 00:57 217088 ------w- c:\windows\SysWow64\NSSearch.dll
2012-06-14 18:32 . 2010-03-15 23:56 2560 ------w- c:\windows\SysWow64\BrDctF2S.dll
2012-06-14 18:32 . 2010-03-15 23:45 73728 ------w- c:\windows\SysWow64\BrDctF2.dll
2012-06-14 18:32 . 2007-12-14 02:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll
2012-06-14 18:32 . 2010-02-05 15:42 180224 ------w- c:\windows\SysWow64\BroSNMP.dll
2012-06-14 18:31 . 2012-06-14 18:34 -------- d-----w- c:\programdata\Brother
2012-06-14 04:22 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 04:22 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 04:22 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 04:22 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 04:22 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 04:22 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 04:22 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 04:22 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-07 03:51 . 2012-06-07 03:51 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 03:51 . 2012-06-07 03:51 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-05 15:11 . 2012-06-06 22:05 -------- d-----w- c:\users\Jess\AppData\Roaming\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-26 17:19 . 2011-10-01 06:12 25640 ----a-w- c:\windows\gdrv.sys
2012-06-19 20:03 . 2011-03-28 22:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-18 17:40 . 2012-05-18 17:40 53248 ----a-r- c:\users\Jess\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-04 22:47 . 2012-05-21 01:48 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 22:47 . 2011-10-01 05:48 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35 . 2012-05-10 21:01 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-23_17.18.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-24 14:55 61640 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-26 17:11 35894 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-01 05:21 . 2012-06-26 17:11 5590 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-664553082-1086461949-3365375154-1000_UserData.bin
+ 2012-06-26 17:19 . 2012-06-26 17:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-23 05:08 . 2012-06-23 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-26 17:19 . 2012-06-26 17:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-23 05:08 . 2012-06-23 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-26 17:19 . 2009-10-07 05:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2012-06-23 16:35 . 2009-10-07 05:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2012-06-23 16:35 . 2009-10-07 05:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2012-06-26 17:19 . 2009-10-07 05:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2009-07-14 02:36 . 2012-06-23 16:42 615122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-26 17:26 615122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-26 17:26 103496 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-23 16:42 103496 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2012-06-25 18:22 108816 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-06-19 20:08 261556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-26 17:19 261556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-10-01 06:11 . 2012-06-19 20:08 53856844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-664553082-1086461949-3365375154-1000-12288.dat
+ 2011-10-01 06:11 . 2012-06-26 17:19 53856844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-664553082-1086461949-3365375154-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-03-04 165776]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-01 3077528]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2012-02-07 22465104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-03-04 776064]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"Jomantha"="c:\program files (x86)\n52te\n52teHid.exe" [2008-06-13 159744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"KSafeTray"="c:\program files (x86)\Kingsoft\PCDoctor\KSafeTray.exe" [2012-02-21 1144752]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-16 136176]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-08 10203648]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-08 310784]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-10-03 25640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-16 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-10-09 30528]
R3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2007-09-29 46464]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-08-05 987648]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-11-09 787968]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-01 1255736]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-08 204288]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;f:\eset\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 KSafeSvc;KSafe service;c:\program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe [2012-02-21 451504]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-05-25 52608]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-05-25 76160]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-10-08 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-10-08 16008]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2009-04-30 15896]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-04-30 327576]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 23152]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-16 00:59]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-16 00:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-07 11858536]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
"egui"="f:\eset\egui.exe" [2011-09-22 4035152]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-30 2552320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\t8c4e47c.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 2aace49d-b289-4649-a1a5-af641a2f0b9d
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,BuzzdockTease,DropDownDeals,
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-664553082-1086461949-3365375154-1000\Software\SecuROM\License information*]
"datasecu"=hex:fa,23,75,ab,dd,1a,2d,9a,10,6e,c2,74,c5,57,f4,c4,9a,d6,75,51,6b,
8f,36,e4,84,23,73,dd,d5,16,9c,76,2a,f0,7a,16,69,0d,d3,9d,8f,42,0f,1d,e7,1e,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x86\LCDMedia.exe
.
**************************************************************************
.
Completion time: 2012-06-26 13:45:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-26 17:45
.
Pre-Run: 3,341,484,032 bytes free
Post-Run: 4,787,871,744 bytes free
.
- - End Of File - - F89AA1671CA4A4AFD9B5C5BC9D96AB13

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:28 AM

Posted 26 June 2012 - 09:32 PM

greetings


Is this a laptop or a desktop?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Neurism

Neurism
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 27 June 2012 - 12:18 AM

Desktop, Why? If it's easy enough to explain.. Just curious.
Also if you think you could help with the crashing problem let me give you some more information.

I opened up my computer to see if I could find any problems. I noticed on my graphics card on one of the power cards connected to it that one of the red yellow and black wires that plug into it was unplugged. It was 1 out of three that plug into a white socket type thing. I don't know if that explains it well enough for you to get it. But I plugged the cord back in and it seemed to be in, but I couldn't get it to go quite as far as the other ones. But it wouldn't come out easily so it seemed locked in there.

Thanks for all your help and advice thus far. It's really appreciated!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:28 AM

Posted 27 June 2012 - 12:39 AM

Greetings

I found it strange that it happens after thirty min, sounds like a over heating problem or something simular


I want you to recheck that cable - the plug should have a latch on it that will allow it to be released check to see if you can remove it and see if the rashing stops


this is out of my area but I think it is worth verifying


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Neurism

Neurism
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 27 June 2012 - 01:43 AM

I agree. It can sometime take 45 minutes. But when it crashes it crashes strangely. It doesn't completely freeze right away. But whatever you click on crashes, and if I click on an icon on my desktop than my desktop freezes. The only way to fix it is with a restart, besides that the only thing you can do is move the mouse.

My top fan on my computer recently stopped working. But I took off the side and had my fan blowing the air out to keep it cool but it still happens in the same amount of time...
It's a really strange and annoying problem...

Edited by Neurism, 27 June 2012 - 01:43 AM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:28 AM

Posted 27 June 2012 - 02:04 AM

Greetings



I want you to recheck that cable - the plug should have a latch on it that will allow it to be released check to see if you can remove it and see if the crashing stops



Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 30
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users