Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Ads playing


  • This topic is locked This topic is locked
17 replies to this topic

#1 DonH77

DonH77

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 25 June 2012 - 03:21 PM

Hi I am having an issue where I have Ads playing thew my laptop speakers, they play for about half an hour then stop Ive done every scan i can think of and system restore but cant get rid of it, here is a log it would be great if you guys can help if you solve this Ill shout ya all a beer ty :)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dons at 8:03:58 on 2012-06-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3872.1474 [GMT 12:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
C:\Users\Dons\AppData\Local\Apps\2.0\N52VM4TT.EY0\JDAP9QWH.T8K\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.co.nz/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyServer = http=;ftp=;https=;
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [BlazeServoTool] "C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe"
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
StartupFolder: C:\Users\Dons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{035147C5-D276-47C6-9911-1BDEBD5DB53D} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{03D962E3-AE09-4C20-8557-1405F8AB63EC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6353ADC9-4D4E-4108-8DC9-E3D42449F5EB} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{C9E145EC-CD9B-4737-B0BE-B22264410B0E} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dons\AppData\Roaming\Mozilla\Firefox\Profiles\25v6zume.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-1 1166848]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-3 277120]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-4 134928]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-17 2253120]
R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-17 2656280]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2011-4-28 241488]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-10-18 267480]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-14 1492840]
S3 IT9135BDA;IT9135 BDA Devices;C:\Windows\system32\Drivers\IT9135BDA.sys --> C:\Windows\system32\Drivers\IT9135BDA.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-10 129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-28 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-06-25 19:52:04 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{776AF41B-9426-4BE7-92B5-15420A342FB7}\mpengine.dll
2012-06-24 03:48:50 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-23 12:15:17 -------- d-----w- C:\Users\Dons\AppData\Local\Macromedia
2012-06-23 07:35:25 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-23 07:35:02 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-23 07:34:50 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-23 07:34:50 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 03:39:22 -------- d-----w- C:\Users\Dons\AppData\Local\adaware
2012-06-22 03:37:50 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-06-22 03:37:02 -------- d-----w- C:\Users\Dons\AppData\Local\adawarebp
2012-06-22 03:37:00 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-06-22 03:36:51 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-06-22 03:36:21 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-06-22 03:35:24 -------- d-----w- C:\Users\Dons\AppData\Roaming\Ad-Aware Antivirus
2012-06-20 22:19:07 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-20 22:19:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-20 21:05:21 1652688 ----a-w- C:\Windows\PCTBDCore.dll0609.old
2012-06-20 21:02:53 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2012-06-20 21:02:53 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-06-19 22:34:12 -------- d-----w- C:\Users\Dons\AppData\Roaming\Malwarebytes
2012-06-19 22:33:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-19 22:33:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-19 07:48:41 -------- d-----w- C:\Program Files (x86)\ChatZum Toolbar
2012-06-19 07:47:02 -------- d-----w- C:\Program Files (x86)\PANDORA.TV
2012-06-19 07:46:24 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2012-06-16 07:30:08 -------- d-----w- C:\ProgramData\RELOADED
2012-06-14 04:52:14 -------- d-----w- C:\Program Files\The Walking Dead
2012-06-13 09:13:15 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 09:13:04 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 09:13:04 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 09:13:04 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 09:13:00 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 09:12:55 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 09:12:52 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 09:12:51 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 09:12:23 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 09:12:22 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 09:12:22 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 09:12:22 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 09:12:21 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 09:12:21 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-13 09:12:05 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 09:01:00 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-13 09:01:00 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51846F62-3ECF-45E7-9A46-EB944863CD5D}\gapaengine.dll
2012-06-13 07:30:26 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 07:30:25 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-12 07:51:07 -------- d-----w- C:\NVIDIA
2012-06-04 04:01:45 -------- d-----w- C:\Users\Dons\AppData\Roaming\RealHideIP
2012-06-04 04:01:45 -------- d-----w- C:\ProgramData\RealHideIP
2012-06-04 04:01:17 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-06-04 04:00:56 -------- d-----w- C:\Program Files (x86)\RealHideIP
2012-05-29 01:22:51 -------- d-----w- C:\ProgramData\Aviosoft
2012-05-29 01:22:50 14 ----a-w- C:\Windows\SysWow64\SysInfo_6.dll
2012-05-29 01:22:35 -------- d-----w- C:\Program Files (x86)\BlazeVideo
2012-05-29 01:21:06 164864 ----a-w- C:\Windows\System32\drivers\IT9135BDA.sys
2012-05-29 01:19:52 245 ----a-w- C:\Windows\System32\AF15IRTBL.bin
.
==================== Find3M ====================
.
2012-06-23 08:15:03 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-23 08:15:02 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-24 00:36:23 33019 ----a-w- C:\Windows\SysWow64\CoreAAC-uninstall.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-02 01:16:38 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2012-04-24 05:25:51 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-04-06 12:53:31 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 8:05:35.40 ===============

Edit: Moved topic from Windows 7 to the more appropriate forum, at the request of Malware Staff. ~ Animal

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:10 PM

Posted 25 June 2012 - 03:25 PM

Hi,

Please run the following:

download Farbar Recovery Scan Tool and save it to a flash drive.
(you need the 64bit version)
Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 DonH77

DonH77
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 25 June 2012 - 04:03 PM

Hi ty for your quick response here is the log i ended up with eventually :)

Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 26-06-2012 08:58:29
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF" [x]
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none" [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-07-21] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2277992 2011-11-02] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [98088 2011-07-21] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-25] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [170264 2012-03-19] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [398616 2012-03-19] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [439064 2012-03-19] (Intel Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-07-31] (Microsoft Corporation)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [356 2012-06-25] ()
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [3331312 2011-10-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-21] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-23] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-18] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-01] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [1493288 2011-09-20] (Nero AG)
HKU\Dons\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672384 2012-04-11] (DT Soft Ltd)
HKU\Dons\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2012-04-25] (Valve Corporation)
HKU\Dons\...\Run: [BlazeServoTool] "C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe" [286720 2010-03-05] (BlazeVideo Company)
HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
HKU\UpdatusUser\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-28] (Skype Technologies S.A.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\Dons\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Services (Whitelisted) ======

2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [1166848 2011-08-31] (Intel Corporation)
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [80512 2011-11-20] (ASUS)
2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-02] (ASUS)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-20] (ASUS)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-06-03] (Intel® Corporation)
3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [276248 2012-03-19] (Intel Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-25] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

========================== Drivers (Whitelisted) =============

3 AMPPAL; C:\Windows\System32\Drivers\AMPPAL.sys [299008 2011-08-08] (Windows ® Win 7 DDK provider)
3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [299008 2011-08-08] (Windows ® Win 7 DDK provider)
2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-01] (ASUS)
1 ATKWMIACPIIO_; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-06] (ASUS)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-04-23] (DT Soft Ltd)
3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [164864 2012-05-28] (ITE )
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
0 NBVol; C:\Windows\System32\Drivers\NBVol.sys [72240 2011-07-12] (Nero AG)
0 NBVolUp; C:\Windows\System32\Drivers\NBVolUp.sys [15920 2011-07-12] (Nero AG)
2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [16120 2010-11-29] (Intel® Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-25 12:32 - 2012-06-25 12:34 - 01425797 ____A C:\Users\Dons\Downloads\FRST64.exe
2012-06-25 12:30 - 2012-06-25 12:31 - 00882250 ____A C:\Users\Dons\Downloads\FRST.exe
2012-06-25 12:03 - 2012-06-25 12:03 - 00607260 ____R (Swearware) C:\Users\Dons\Downloads\dds.scr
2012-06-25 11:51 - 2012-06-25 11:51 - 01402880 ____A C:\Users\Dons\Downloads\HiJackThis.msi
2012-06-23 19:41 - 2012-06-23 19:41 - 00000318 ____A C:\Users\Dons\Desktop\Curse Client.appref-ms
2012-06-23 04:15 - 2012-06-23 04:15 - 00000000 ____D C:\Users\Dons\AppData\Local\Macromedia
2012-06-22 23:35 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 23:35 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 23:35 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 23:35 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 23:35 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 23:35 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 23:35 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 23:34 - 2012-06-01 19:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 23:34 - 2012-06-01 19:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-22 12:18 - 2012-06-22 12:18 - 00000000 ____D C:\Users\Dons\Documents\My Curse
2012-06-21 19:39 - 2012-06-21 20:23 - 00000000 ____D C:\Users\Dons\AppData\Local\adaware
2012-06-21 19:39 - 2012-06-21 19:39 - 00000012 ____A C:\Users\Dons\Downloads\FSSC.dat
2012-06-21 19:37 - 2012-06-23 08:54 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-06-21 19:37 - 2012-06-23 08:54 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-06-21 19:37 - 2012-06-21 19:37 - 00000000 ____D C:\Users\Dons\AppData\Local\adawarebp
2012-06-21 19:37 - 2012-06-21 19:37 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-06-21 19:36 - 2012-06-23 08:54 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2012-06-21 19:36 - 2012-06-23 08:54 - 00000000 ____D C:\Program Files (x86)\adawaretb
2012-06-21 19:35 - 2012-06-21 19:44 - 00000000 ____D C:\Users\Dons\AppData\Roaming\Ad-Aware Antivirus
2012-06-20 14:19 - 2012-06-20 14:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-20 14:19 - 2012-06-20 14:38 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-20 13:05 - 2010-01-21 13:56 - 01652688 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll0609.old
2012-06-20 13:02 - 2012-06-20 14:39 - 00000000 ____D C:\Program Files (x86)\Spyware Doctor
2012-06-20 12:56 - 2012-06-20 12:56 - 00011987 ____A C:\Users\Dons\Downloads\[kat.ph]spyware.doctor.v7.0.0.545.new.serial.trt.torrent
2012-06-19 14:34 - 2012-06-19 14:34 - 00000000 ____D C:\Users\Dons\AppData\Roaming\Malwarebytes
2012-06-19 14:33 - 2012-06-20 14:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-19 14:33 - 2012-06-19 14:33 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-18 23:50 - 2012-06-18 23:51 - 00000000 ____D C:\Users\Dons\Documents\The KMPlayer
2012-06-18 23:48 - 2012-06-20 14:39 - 00000000 ____D C:\Program Files (x86)\ChatZum Toolbar
2012-06-18 23:47 - 2012-06-18 23:47 - 00000000 ____D C:\Program Files (x86)\PANDORA.TV
2012-06-18 23:46 - 2012-06-20 14:39 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2012-06-17 13:16 - 2012-06-20 14:38 - 00000000 ____D C:\Users\Dons\Downloads\God.Bless.America.2011.LIMITED.DVDRip.XviD-AMIABLE
2012-06-17 13:08 - 2012-06-18 14:17 - 00000000 ____D C:\Users\Dons\Downloads\Dead.Season.2012.DVDRiP.XviD.HS
2012-06-16 23:33 - 2012-06-20 14:38 - 00000000 ____D C:\Users\Dons\Downloads\Hot.Fuzz[2007]DvDrip[Eng]-aXXo
2012-06-16 23:27 - 2012-06-17 13:13 - 00000000 ____D C:\Users\Dons\Downloads\Independence Day
2012-06-15 23:30 - 2012-06-15 23:30 - 00000000 ____D C:\Users\Dons\Documents\Telltale Games
2012-06-15 23:30 - 2012-06-15 23:30 - 00000000 ____D C:\Users\All Users\RELOADED
2012-06-15 20:12 - 2012-06-23 08:54 - 00000000 ____D C:\Users\Dons\Downloads\A Thousand Words[2012]BRRip XviD-ETRG
2012-06-15 20:03 - 2012-06-23 08:54 - 00000000 ____D C:\Users\Dons\Downloads\The Pianist {2002} 720p BRRip x264 - Mr. KickASS
2012-06-14 22:25 - 2012-06-25 11:41 - 00000672 ____A C:\Windows\setupact.log
2012-06-14 22:25 - 2012-06-14 22:25 - 00000000 ____A C:\Windows\setuperr.log
2012-06-13 20:52 - 2012-06-23 08:54 - 00000000 ____D C:\Program Files\The Walking Dead
2012-06-13 01:14 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 01:14 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 01:14 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 01:14 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 01:14 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 01:14 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 01:14 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 01:14 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 01:14 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 01:14 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 01:14 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 01:14 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 01:14 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 01:14 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 01:14 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 01:14 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 01:14 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 01:14 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 01:14 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 01:14 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 01:14 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 01:14 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 01:14 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 01:14 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 01:14 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 01:13 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 01:13 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 01:13 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 01:13 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 01:13 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 01:13 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 01:13 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 01:13 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 01:12 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 01:12 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 01:12 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 01:12 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 01:12 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 01:12 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 01:12 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 01:12 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 01:12 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 01:12 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 23:30 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 23:30 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-11 23:51 - 2012-06-11 23:51 - 00000000 ____D C:\NVIDIA
2012-06-11 16:41 - 2012-06-11 16:41 - 00000219 ____A C:\Users\Dons\Desktop\Day of Defeat Source.url
2012-06-04 21:43 - 2012-06-04 21:43 - 00000219 ____A C:\Users\Dons\Desktop\Counter-Strike Source.url
2012-06-03 23:45 - 2012-06-03 23:45 - 03502192 ____A (New IT Solutions) C:\Users\Dons\Downloads\4shared_Desktop_3.3.5M.exe
2012-06-03 20:01 - 2012-06-23 08:54 - 00000000 ____D C:\Program Files (x86)\Ask.com
2012-06-03 20:01 - 2012-06-03 20:01 - 00001037 ____A C:\Users\Public\Desktop\Real Hide IP.lnk
2012-06-03 20:01 - 2012-06-03 20:01 - 00000000 ____D C:\Users\Dons\AppData\Roaming\RealHideIP
2012-06-03 20:01 - 2012-06-03 20:01 - 00000000 ____D C:\Users\All Users\RealHideIP
2012-06-03 20:00 - 2012-06-23 08:54 - 00000000 ____D C:\Program Files (x86)\RealHideIP
2012-06-03 19:55 - 2012-06-03 19:58 - 00000000 ____D C:\Users\Dons\Downloads\Real Hide IP V4.0.9.2 + Crack {blaze69}
2012-05-28 17:24 - 2012-05-28 17:24 - 00000000 ____D C:\Users\Dons\Documents\BlazeVideo
2012-05-28 17:22 - 2012-05-28 17:22 - 00002091 ____A C:\Users\Public\Desktop\BlazeDTV 6.0.lnk
2012-05-28 17:22 - 2012-05-28 17:22 - 00000014 ____A C:\Windows\SysWOW64\SysInfo_6.dll
2012-05-28 17:22 - 2012-05-28 17:22 - 00000000 ____D C:\Users\All Users\Aviosoft
2012-05-28 17:22 - 2012-05-28 17:22 - 00000000 ____D C:\Program Files (x86)\BlazeVideo
2012-05-28 17:21 - 2012-05-28 17:21 - 00164864 ____A (ITE ) C:\Windows\System32\Drivers\IT9135BDA.sys
2012-05-28 17:19 - 2012-05-28 17:21 - 00000245 ____A C:\Windows\System32\AF15IRTBL.bin


============ 3 Months Modified Files and Folders =============

2012-06-26 08:58 - 2012-06-25 12:32 - 00000000 ____D C:\FRST
2012-06-25 12:41 - 2011-12-16 17:08 - 01609565 ____A C:\Windows\WindowsUpdate.log
2012-06-25 12:37 - 2009-07-13 21:13 - 00797854 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-25 12:34 - 2012-06-25 12:32 - 01425797 ____A C:\Users\Dons\Downloads\FRST64.exe
2012-06-25 12:31 - 2012-06-25 12:30 - 00882250 ____A C:\Users\Dons\Downloads\FRST.exe
2012-06-25 12:13 - 2012-04-04 17:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-25 12:03 - 2012-06-25 12:03 - 00607260 ____R (Swearware) C:\Users\Dons\Downloads\dds.scr
2012-06-25 11:53 - 2012-04-03 22:38 - 00000000 ____D C:\Users\Dons\AppData\Local\VirtualStore
2012-06-25 11:51 - 2012-06-25 11:51 - 01402880 ____A C:\Users\Dons\Downloads\HiJackThis.msi
2012-06-25 11:48 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-25 11:48 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-25 11:42 - 2012-04-25 17:50 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-25 11:42 - 2012-04-04 13:45 - 00000000 ____D C:\Users\Dons\AppData\Local\Deployment
2012-06-25 11:41 - 2012-06-14 22:25 - 00000672 ____A C:\Windows\setupact.log
2012-06-25 11:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-25 02:17 - 2012-04-03 22:38 - 00000000 ____D C:\users\Dons
2012-06-24 23:12 - 2012-04-04 01:10 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2012-06-24 11:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-23 19:41 - 2012-06-23 19:41 - 00000318 ____A C:\Users\Dons\Desktop\Curse Client.appref-ms
2012-06-23 10:20 - 2012-04-13 21:03 - 00000000 ____D C:\Users\Dons\AppData\Roaming\vlc
2012-06-23 08:54 - 2012-06-21 19:37 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-06-23 08:54 - 2012-06-21 19:37 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-06-23 08:54 - 2012-06-21 19:36 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2012-06-23 08:54 - 2012-06-21 19:36 - 00000000 ____D C:\Program Files (x86)\adawaretb
2012-06-23 08:54 - 2012-06-15 20:12 - 00000000 ____D C:\Users\Dons\Downloads\A Thousand Words[2012]BRRip XviD-ETRG
2012-06-23 08:54 - 2012-06-15 20:03 - 00000000 ____D C:\Users\Dons\Downloads\The Pianist {2002} 720p BRRip x264 - Mr. KickASS
2012-06-23 08:54 - 2012-06-13 20:52 - 00000000 ____D C:\Program Files\The Walking Dead
2012-06-23 08:54 - 2012-06-03 20:01 - 00000000 ____D C:\Program Files (x86)\Ask.com
2012-06-23 08:54 - 2012-06-03 20:00 - 00000000 ____D C:\Program Files (x86)\RealHideIP
2012-06-23 08:54 - 2012-05-23 21:42 - 00000000 ____D C:\Users\Dons\AppData\Local\Nero_AG
2012-06-23 08:54 - 2012-05-09 21:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-23 08:54 - 2012-05-05 04:20 - 00000000 ____D C:\Users\All Users\P4G
2012-06-23 08:54 - 2012-04-25 17:37 - 00000000 ____D C:\Program Files (x86)\Trine 2
2012-06-23 08:54 - 2012-04-23 21:25 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-06-23 08:54 - 2012-04-20 22:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-23 08:54 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2012-06-23 08:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-06-23 08:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-23 08:50 - 2012-04-20 22:51 - 00000000 ____D C:\Users\Dons\AppData\Local\Mozilla
2012-06-23 04:15 - 2012-06-23 04:15 - 00000000 ____D C:\Users\Dons\AppData\Local\Macromedia
2012-06-23 00:15 - 2012-04-04 17:08 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-23 00:15 - 2012-04-04 17:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-22 12:18 - 2012-06-22 12:18 - 00000000 ____D C:\Users\Dons\Documents\My Curse
2012-06-21 20:23 - 2012-06-21 19:39 - 00000000 ____D C:\Users\Dons\AppData\Local\adaware
2012-06-21 19:44 - 2012-06-21 19:35 - 00000000 ____D C:\Users\Dons\AppData\Roaming\Ad-Aware Antivirus
2012-06-21 19:39 - 2012-06-21 19:39 - 00000012 ____A C:\Users\Dons\Downloads\FSSC.dat
2012-06-21 19:37 - 2012-06-21 19:37 - 00000000 ____D C:\Users\Dons\AppData\Local\adawarebp
2012-06-21 19:37 - 2012-06-21 19:37 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-06-20 14:39 - 2012-06-20 14:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-20 14:39 - 2012-06-20 13:02 - 00000000 ____D C:\Program Files (x86)\Spyware Doctor
2012-06-20 14:39 - 2012-06-19 14:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-20 14:39 - 2012-06-18 23:48 - 00000000 ____D C:\Program Files (x86)\ChatZum Toolbar
2012-06-20 14:39 - 2012-06-18 23:46 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2012-06-20 14:38 - 2012-06-20 14:19 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-20 14:38 - 2012-06-17 13:16 - 00000000 ____D C:\Users\Dons\Downloads\God.Bless.America.2011.LIMITED.DVDRip.XviD-AMIABLE
2012-06-20 14:38 - 2012-06-16 23:33 - 00000000 ____D C:\Users\Dons\Downloads\Hot.Fuzz[2007]DvDrip[Eng]-aXXo
2012-06-20 14:38 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-06-20 12:56 - 2012-06-20 12:56 - 00011987 ____A C:\Users\Dons\Downloads\[kat.ph]spyware.doctor.v7.0.0.545.new.serial.trt.torrent
2012-06-19 14:34 - 2012-06-19 14:34 - 00000000 ____D C:\Users\Dons\AppData\Roaming\Malwarebytes
2012-06-19 14:33 - 2012-06-19 14:33 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-18 23:51 - 2012-06-18 23:50 - 00000000 ____D C:\Users\Dons\Documents\The KMPlayer
2012-06-18 23:47 - 2012-06-18 23:47 - 00000000 ____D C:\Program Files (x86)\PANDORA.TV
2012-06-18 14:17 - 2012-06-17 13:08 - 00000000 ____D C:\Users\Dons\Downloads\Dead.Season.2012.DVDRiP.XviD.HS
2012-06-17 13:13 - 2012-06-16 23:27 - 00000000 ____D C:\Users\Dons\Downloads\Independence Day
2012-06-15 23:30 - 2012-06-15 23:30 - 00000000 ____D C:\Users\Dons\Documents\Telltale Games
2012-06-15 23:30 - 2012-06-15 23:30 - 00000000 ____D C:\Users\All Users\RELOADED
2012-06-14 22:25 - 2012-06-14 22:25 - 00000000 ____A C:\Windows\setuperr.log
2012-06-13 01:45 - 2009-07-13 20:45 - 00276216 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 01:29 - 2012-04-04 14:35 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-11 23:51 - 2012-06-11 23:51 - 00000000 ____D C:\NVIDIA
2012-06-11 16:41 - 2012-06-11 16:41 - 00000219 ____A C:\Users\Dons\Desktop\Day of Defeat Source.url
2012-06-07 12:32 - 2012-05-15 17:38 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-06-06 16:28 - 2009-07-13 21:08 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-04 21:43 - 2012-06-04 21:43 - 00000219 ____A C:\Users\Dons\Desktop\Counter-Strike Source.url
2012-06-03 23:45 - 2012-06-03 23:45 - 03502192 ____A (New IT Solutions) C:\Users\Dons\Downloads\4shared_Desktop_3.3.5M.exe
2012-06-03 20:01 - 2012-06-03 20:01 - 00001037 ____A C:\Users\Public\Desktop\Real Hide IP.lnk
2012-06-03 20:01 - 2012-06-03 20:01 - 00000000 ____D C:\Users\Dons\AppData\Roaming\RealHideIP
2012-06-03 20:01 - 2012-06-03 20:01 - 00000000 ____D C:\Users\All Users\RealHideIP
2012-06-03 19:58 - 2012-06-03 19:55 - 00000000 ____D C:\Users\Dons\Downloads\Real Hide IP V4.0.9.2 + Crack {blaze69}
2012-06-03 18:57 - 2012-04-03 23:15 - 00000000 ____D C:\Users\Dons\AppData\Roaming\Skype
2012-06-02 14:19 - 2012-06-22 23:35 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 23:35 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 23:35 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 23:35 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 23:35 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 23:35 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 23:35 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-01 19:19 - 2012-06-22 23:34 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-01 19:15 - 2012-06-22 23:34 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-30 04:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-05-28 17:33 - 2011-12-16 17:19 - 00002036 ____A C:\Windows\System32\AutoRunFilter.ini
2012-05-28 17:24 - 2012-05-28 17:24 - 00000000 ____D C:\Users\Dons\Documents\BlazeVideo
2012-05-28 17:22 - 2012-05-28 17:22 - 00002091 ____A C:\Users\Public\Desktop\BlazeDTV 6.0.lnk
2012-05-28 17:22 - 2012-05-28 17:22 - 00000014 ____A C:\Windows\SysWOW64\SysInfo_6.dll
2012-05-28 17:22 - 2012-05-28 17:22 - 00000000 ____D C:\Users\All Users\Aviosoft
2012-05-28 17:22 - 2012-05-28 17:22 - 00000000 ____D C:\Program Files (x86)\BlazeVideo
2012-05-28 17:21 - 2012-05-28 17:21 - 00164864 ____A (ITE ) C:\Windows\System32\Drivers\IT9135BDA.sys
2012-05-28 17:21 - 2012-05-28 17:19 - 00000245 ____A C:\Windows\System32\AF15IRTBL.bin
2012-05-25 16:00 - 2012-05-25 15:59 - 00000000 ____D C:\Users\Dons\Desktop\Land Before Time
2012-05-25 15:11 - 2012-04-03 22:38 - 00057952 ____A C:\Users\Dons\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-25 12:23 - 2012-05-25 12:23 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf
2012-05-25 12:23 - 2012-05-25 12:23 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint
2012-05-24 11:45 - 2012-05-24 11:45 - 01058280 ____A C:\Users\Dons\Downloads\Paranormal.Activity.4.2011.DVDSCR.XVID.720bps.mp4_downloader.exe
2012-05-23 21:43 - 2012-05-23 21:42 - 00000000 ____D C:\Users\Dons\AppData\Local\Nero
2012-05-23 19:01 - 2012-05-23 19:01 - 00001237 ____A C:\Users\Public\Desktop\Nero Express.lnk
2012-05-23 19:01 - 2012-05-23 19:01 - 00000000 ____D C:\Users\Dons\AppData\Roaming\Nero
2012-05-23 19:01 - 2012-05-23 18:57 - 00000000 ____D C:\Program Files (x86)\Nero
2012-05-23 19:00 - 2012-05-23 19:00 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-05-23 18:56 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-23 18:52 - 2012-05-23 18:42 - 00000000 ____D C:\Users\Dons\Downloads\Nero 11.0.15800 + Creative Collections Pack 11 Repack (2011)[TeNeBrA]
2012-05-23 17:03 - 2012-05-23 17:03 - 00000000 ____D C:\Users\Dons\Documents\converted
2012-05-23 17:01 - 2012-05-23 16:52 - 00000000 ____D C:\Program Files\QuickMediaConverter
2012-05-23 16:58 - 2012-05-23 16:52 - 00000116 ____A C:\Error.log
2012-05-23 16:57 - 2012-05-23 16:35 - 00000000 ____D C:\Program Files (x86)\Avi2Dvd
2012-05-23 16:52 - 2012-05-23 16:52 - 00000000 ____D C:\Users\Dons\AppData\Roaming\Cocoon Software
2012-05-23 16:52 - 2012-05-23 16:52 - 00000000 ____D C:\Users\Dons\AppData\Local\WDSetup
2012-05-23 16:52 - 2009-07-13 18:34 - 00000750 ____A C:\Windows\win.ini
2012-05-23 16:37 - 2012-05-23 16:37 - 00003584 ____A C:\Users\Dons\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-23 16:37 - 2012-05-23 16:37 - 00000000 ____D C:\Program Files (x86)\Xvid
2012-05-23 16:36 - 2012-05-23 16:36 - 00033019 ____A C:\Windows\SysWOW64\CoreAAC-uninstall.exe
2012-05-23 16:35 - 2012-05-23 16:35 - 00000997 ____A C:\Users\UpdatusUser\Desktop\Avi2Dvd.lnk
2012-05-23 16:35 - 2012-05-23 16:35 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2012-05-23 16:29 - 2012-05-23 16:10 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2012-05-23 16:13 - 2012-05-23 16:13 - 00000000 ____D C:\Users\Dons\AppData\Roaming\AVS4YOU
2012-05-23 16:13 - 2012-05-23 16:10 - 00000000 ____D C:\Users\All Users\AVS4YOU
2012-05-23 00:24 - 2012-05-23 00:24 - 00001440 ____A C:\Users\Dons\Desktop\Ventrilo - Shortcut.lnk
2012-05-23 00:23 - 2012-05-23 00:23 - 00000268 ____A C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2012-05-23 00:23 - 2012-05-23 00:23 - 00000000 ____D C:\Program Files (x86)\Ventrilo
2012-05-23 00:22 - 2012-05-23 00:22 - 03786512 ____A C:\Users\Dons\Downloads\ventrilo-3.0.8-Windows-i386.exe
2012-05-20 18:28 - 2012-04-09 19:48 - 00000993 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-05-17 18:47 - 2012-06-13 01:13 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 01:13 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:14 - 2011-12-16 17:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-17 18:06 - 2012-06-13 01:14 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 01:14 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 01:14 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 01:14 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 01:14 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 01:14 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 01:14 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 01:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 01:14 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 01:14 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 01:14 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 01:14 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 01:14 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 01:13 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 01:14 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 01:14 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 01:14 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 01:14 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 01:14 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 01:14 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 01:14 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 01:14 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 01:14 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 01:14 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 01:14 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 01:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 22:01 - 2012-05-15 22:01 - 00000000 ____D C:\Users\Dons\Documents\Diablo III
2012-05-15 17:38 - 2012-05-15 17:38 - 00001195 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-15 17:36 - 2012-05-15 17:36 - 32288896 ____A (Blizzard Entertainment) C:\Users\Dons\Downloads\Diablo-III-Setup-enUS.exe
2012-05-14 17:32 - 2012-06-13 01:13 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 11:10 - 2011-12-16 17:19 - 00001309 ____A C:\Windows\System32\ServiceFilter.ini
2012-05-12 11:09 - 2011-12-16 17:18 - 00000000 ____D C:\Windows\SysWOW64\NV
2012-05-12 11:09 - 2011-12-16 17:18 - 00000000 ____D C:\Windows\System32\NV
2012-05-12 11:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2012-05-12 11:04 - 2012-05-12 11:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-12 11:04 - 2012-05-12 11:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 01:42 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-09 21:12 - 2012-05-09 21:12 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-05 04:22 - 2011-10-17 20:27 - 00000000 ____D C:\Program Files (x86)\ASUS
2012-05-05 04:21 - 2012-05-05 04:21 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
2012-05-05 04:20 - 2011-12-16 17:19 - 00000000 ____D C:\Program Files\ASUS
2012-05-04 04:10 - 2012-05-04 03:35 - 00002578 ____A C:\WirelessDiagLog.csv
2012-05-04 03:06 - 2012-06-13 01:12 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 01:12 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 01:12 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 17:17 - 2012-05-01 17:17 - 00000000 ____D C:\Users\Dons\AppData\Roaming\NVIDIA
2012-05-01 17:16 - 2012-05-01 17:16 - 00043520 ____A C:\Windows\SysWOW64\CmdLineExt03.dll
2012-04-30 21:40 - 2012-06-13 01:13 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 08:31 - 2012-04-23 21:25 - 00000000 ____D C:\Users\Dons\AppData\Roaming\DAEMON Tools Lite
2012-04-27 19:55 - 2012-06-13 01:12 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 07:02 - 2012-04-27 07:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-27 07:02 - 2012-04-03 23:09 - 00001945 ____A C:\Windows\epplauncher.mif
2012-04-27 07:02 - 2012-04-03 23:09 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-04-27 07:02 - 2011-10-17 20:17 - 00812004 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-27 04:00 - 2012-04-03 23:27 - 00000000 ____D C:\Users\All Users\ASUS
2012-04-25 21:41 - 2012-06-13 01:13 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 01:13 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 01:13 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 19:08 - 2012-04-25 19:08 - 00000000 ____D C:\Users\Dons\AppData\Roaming\Trine2
2012-04-25 18:33 - 2012-04-25 18:33 - 00000000 ____D C:\Users\Dons\AppData\Local\SKIDROW
2012-04-25 18:13 - 2012-04-25 18:13 - 00000000 ____D C:\Program Files (x86)\Frozenbyte
2012-04-25 17:51 - 2012-04-25 17:51 - 00000919 ____A C:\Users\Public\Desktop\Steam.lnk
2012-04-25 17:49 - 2012-04-25 17:49 - 01606656 ____A C:\Users\Dons\Downloads\SteamInstall.msi
2012-04-24 00:38 - 2012-04-23 11:17 - 00000000 ____D C:\Windows\Minidump
2012-04-23 21:50 - 2012-04-23 21:49 - 00000000 ____D C:\Users\Dons\AppData\Roaming\WinRAR
2012-04-23 21:49 - 2012-04-23 21:49 - 01506653 ____A C:\Users\Dons\Downloads\wrar411.exe
2012-04-23 21:49 - 2012-04-23 21:49 - 00000000 ____D C:\Program Files (x86)\WinRAR
2012-04-23 21:37 - 2012-06-13 01:12 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 01:12 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 01:12 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 21:32 - 2012-04-23 21:24 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-04-23 21:27 - 2012-04-23 21:27 - 00001956 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-04-23 21:25 - 2012-04-23 21:25 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-04-23 21:24 - 2012-04-23 21:24 - 14259736 ____A (DT Soft Ltd) C:\Users\Dons\Downloads\DTLite4454-0314.exe
2012-04-23 21:21 - 2012-04-23 21:21 - 00000000 ____D C:\Users\Dons\AppData\Roaming\CyberLink
2012-04-23 20:40 - 2012-04-23 20:38 - 00000000 ____D C:\Users\Dons\AppData\Local\Conduit
2012-04-23 20:38 - 2012-04-23 20:38 - 00000000 ____D C:\Users\Dons\AppData\Local\Google
2012-04-23 20:38 - 2012-04-23 20:38 - 00000000 ____D C:\Users\Dons\AppData\Local\CRE
2012-04-23 20:38 - 2012-04-23 20:38 - 00000000 ____D C:\Program Files (x86)\Conduit
2012-04-23 20:37 - 2012-04-23 20:37 - 00879984 ____A (BitTorrent, Inc.) C:\Users\Dons\Downloads\uTorrent.exe
2012-04-23 20:36 - 2012-06-13 01:12 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 01:12 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 01:12 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 19:50 - 2012-04-23 19:50 - 00000000 ____D C:\Users\Dons\AppData\Roaming\FreeHideIP
2012-04-23 19:50 - 2012-04-23 19:50 - 00000000 ____D C:\Users\All Users\FreeHideIP
2012-04-23 19:49 - 2012-04-23 19:48 - 04864216 ____A C:\Users\Dons\Downloads\FreeHideIP-3.7.9.2.Setup.exe
2012-04-22 05:03 - 2012-04-20 22:25 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-04-20 22:52 - 2012-04-20 22:51 - 00000000 ____D C:\Users\Dons\AppData\Roaming\Mozilla
2012-04-20 22:27 - 2012-04-20 22:27 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-04-13 21:02 - 2012-04-13 21:02 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2012-04-13 20:20 - 2012-04-13 20:20 - 00000000 ____D C:\Users\Dons\AppData\Local\{ABCEB25D-7688-4651-8E38-62EFD7624498}
2012-04-13 13:48 - 2012-04-03 23:27 - 00000000 ____D C:\Users\Dons\Documents\ASUS
2012-04-13 13:18 - 2012-04-13 13:18 - 00000000 ____D C:\Users\Dons\AppData\Local\{75EC5F2D-20D6-47BE-9F18-2AB3FB27326D}
2012-04-12 21:12 - 2012-04-12 21:12 - 00000000 ____D C:\Users\All Users\Battle.net
2012-04-11 22:29 - 2012-04-11 22:29 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-04-11 18:11 - 2012-04-11 18:11 - 00000000 ____D C:\Users\Dons\Documents\CV
2012-04-10 10:42 - 2012-04-09 19:41 - 00000000 ____D C:\Users\All Users\TuneUp360
2012-04-09 19:49 - 2012-04-08 00:25 - 00000000 ____D C:\Users\Dons\AppData\Roaming\Ventrilo
2012-04-09 19:49 - 2009-07-28 22:03 - 00000000 ____D C:\Windows\Panther
2012-04-09 19:48 - 2012-04-09 19:48 - 00000000 ____D C:\Program Files\CCleaner
2012-04-09 19:41 - 2012-04-09 19:41 - 00077950 ____A C:\Users\Dons\AppData\Roaming\userenv.xml
2012-04-09 19:41 - 2012-04-09 19:41 - 00000000 ____D C:\Users\Dons\AppData\Roaming\spotmau
2012-04-09 10:37 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-09 10:37 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-09 10:37 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-09 10:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2012-04-09 10:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
2012-04-09 10:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\WCN
2012-04-09 10:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2012-04-09 10:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2012-04-09 10:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-04-09 10:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\winrm
2012-04-09 10:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\WCN
2012-04-09 10:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\slmgr
2012-04-09 10:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-04-09 10:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2012-04-09 10:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2012-04-09 10:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2012-04-09 10:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-09 10:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2012-04-09 10:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\com
2012-04-09 10:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2012-04-09 10:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2012-04-09 10:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2012-04-09 10:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\MUI
2012-04-09 10:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2012-04-09 10:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2012-04-09 10:35 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-04-09 10:35 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-09 10:35 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2012-04-09 10:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\com
2012-04-09 10:35 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-04-09 10:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2012-04-09 10:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Globalization
2012-04-07 04:31 - 2012-06-12 23:30 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-12 23:30 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-06 06:55 - 2012-04-06 06:55 - 00000000 ____D C:\Users\Dons\AppData\Local\Downloaded Installations
2012-04-06 06:55 - 2011-12-16 17:14 - 00002529 ____A C:\RHDSetup.log
2012-04-06 06:55 - 2011-12-16 17:14 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2012-04-06 06:51 - 2012-04-06 06:51 - 00002595 ____A C:\Users\Public\Desktop\AI Recovery Burner.lnk
2012-04-06 04:53 - 2012-04-03 22:38 - 00045056 ____A C:\Windows\SysWOW64\acovcnt.exe
2012-04-05 05:28 - 2012-04-03 23:32 - 00000000 ____D C:\Users\Dons\AppData\Local\Microsoft Games
2012-04-04 17:07 - 2012-04-04 17:07 - 00000000 ____D C:\Windows\System32\Macromed
2012-04-04 14:36 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\SysWOW64\license.rtf
2012-04-04 14:36 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\System32\license.rtf
2012-04-04 13:45 - 2012-04-04 13:45 - 00000000 ____D C:\Users\Dons\AppData\Local\Apps\2.0
2012-04-04 03:14 - 2011-10-17 20:28 - 00000000 ____D C:\AsusVibeData
2012-04-04 03:11 - 2012-04-04 03:11 - 00000000 ____D C:\Users\Dons\AppData\Roaming\Zeon
2012-04-04 03:11 - 2012-04-04 03:11 - 00000000 ____D C:\Users\Dons\AppData\Roaming\Nuance
2012-04-04 03:11 - 2012-04-04 03:11 - 00000000 ____D C:\Users\Dons\AppData\Roaming\FLEXnet
2012-04-04 03:11 - 2011-10-17 20:18 - 00000000 ____D C:\Users\All Users\Nuance
2012-04-04 02:28 - 2012-04-04 02:28 - 00000000 ____D C:\Users\Dons\AppData\Local\Power2Go
2012-04-04 02:25 - 2011-12-16 17:19 - 00000080 ____A C:\Windows\System32\Defrag.ini
2012-04-04 02:02 - 2012-04-04 02:02 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-04-03 23:47 - 2012-04-03 23:47 - 00000000 ____D C:\Users\Public\CyberLink
2012-04-03 23:47 - 2011-12-16 17:22 - 00000000 ____D C:\Users\All Users\CyberLink
2012-04-03 23:27 - 2012-04-03 22:38 - 00000000 ____D C:\Users\Dons\AppData\Local\ASUS
2012-04-03 23:17 - 2012-04-03 23:17 - 00000000 ____D C:\Users\Dons\AppData\Local\{FEFDC695-C27A-4143-8119-BFC7641BEF77}
2012-04-03 23:15 - 2012-04-03 23:15 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-03 23:15 - 2012-04-03 23:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-04-03 23:15 - 2012-04-03 23:15 - 00000000 ____D C:\Users\All Users\Skype
2012-04-03 23:03 - 2012-04-03 23:03 - 00000000 ____D C:\Users\Dons\AppData\Roaming\ASUS WebStorage
2012-04-03 22:42 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2012-04-03 22:41 - 2011-10-17 20:30 - 00000000 ____D C:\Users\All Users\Trend Micro
2012-04-03 22:41 - 2011-10-17 20:28 - 00000000 ____D C:\Users\All Users\ChangeFolderView
2012-04-03 22:40 - 2012-04-03 22:40 - 00000000 ____D C:\Users\Dons\AppData\Roaming\Macromedia
2012-04-03 22:40 - 2012-04-03 22:40 - 00000000 ____D C:\Users\Dons\AppData\Roaming\Adobe
2012-04-03 22:38 - 2012-04-03 22:38 - 00000020 ___SH C:\Users\Dons\ntuser.ini
2012-04-03 22:38 - 2012-04-03 22:38 - 00000000 ____D C:\Users\Dons\AppData\Roaming\Intel
2012-04-03 22:38 - 2012-04-03 22:38 - 00000000 ____D C:\Users\All Users\FolderView
2012-04-03 22:38 - 2009-07-28 21:10 - 00000000 __SHD C:\Recovery
2012-04-03 22:38 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2012-04-03 22:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Recovery
2012-03-30 03:35 - 2012-05-09 23:17 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-10-17 19:28] - [2011-10-17 19:28] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3872.06 MB
Available physical RAM: 3315.5 MB
Total Pagefile: 3870.21 MB
Available Pagefile: 3300.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:175.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:379.85 GB) NTFS
4 Drive f: () (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 3835 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 279 GB 25 GB
Partition 3 Primary 394 GB 304 GB

======================================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 279 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 394 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3835 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-06-17 14:49

======================= End Of Log ==========================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:10 PM

Posted 25 June 2012 - 04:11 PM

Please run the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 DonH77

DonH77
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 25 June 2012 - 05:00 PM

Hi here are both logs ty

ComboFix 12-06-25.03 - Dons 06/26/2012 9:33.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3872.2096 [GMT 12:00]
Running from: c:\users\Dons\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\SysInfo_6.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-25 21:48 . 2012-06-25 21:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-25 21:48 . 2012-06-25 21:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 20:32 . 2012-06-26 16:59 -------- d-----w- C:\FRST
2012-06-25 19:52 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{776AF41B-9426-4BE7-92B5-15420A342FB7}\mpengine.dll
2012-06-24 03:48 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-23 12:15 . 2012-06-23 12:15 -------- d-----w- c:\users\Dons\AppData\Local\Macromedia
2012-06-23 07:35 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 07:35 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 07:35 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 07:35 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 07:35 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 07:35 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 07:35 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 07:34 . 2012-06-02 03:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 07:34 . 2012-06-02 03:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 03:39 . 2012-06-22 04:23 -------- d-----w- c:\users\Dons\AppData\Local\adaware
2012-06-22 03:37 . 2012-06-22 03:37 -------- d-----w- c:\programdata\Lavasoft
2012-06-22 03:37 . 2012-06-23 16:54 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-06-22 03:37 . 2012-06-23 16:54 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-06-22 03:36 . 2012-06-23 16:54 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-06-22 03:36 . 2012-06-23 16:54 -------- d-----w- c:\program files (x86)\adawaretb
2012-06-22 03:35 . 2012-06-22 03:44 -------- d-----w- c:\users\Dons\AppData\Roaming\Ad-Aware Antivirus
2012-06-20 22:19 . 2012-06-20 22:39 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-20 22:19 . 2012-06-20 22:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-20 21:05 . 2010-01-21 21:56 1652688 ----a-w- c:\windows\PCTBDCore.dll0609.old
2012-06-20 21:02 . 2012-06-20 22:39 -------- d-----w- c:\program files (x86)\Spyware Doctor
2012-06-20 21:02 . 2012-06-20 21:27 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-06-19 22:34 . 2012-06-19 22:34 -------- d-----w- c:\users\Dons\AppData\Roaming\Malwarebytes
2012-06-19 22:33 . 2012-06-19 22:33 -------- d-----w- c:\programdata\Malwarebytes
2012-06-19 22:33 . 2012-06-20 22:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-19 07:48 . 2012-06-20 22:39 -------- d-----w- c:\program files (x86)\ChatZum Toolbar
2012-06-19 07:47 . 2012-06-19 07:47 -------- d-----w- c:\program files (x86)\PANDORA.TV
2012-06-19 07:46 . 2012-06-20 22:39 -------- d-----w- c:\program files (x86)\The KMPlayer
2012-06-16 07:30 . 2012-06-16 07:30 -------- d-----w- c:\programdata\RELOADED
2012-06-14 04:52 . 2012-06-23 16:54 -------- d-----w- c:\program files\The Walking Dead
2012-06-13 09:13 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 09:13 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 09:13 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 09:13 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 09:13 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 09:12 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 09:12 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 09:12 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 09:12 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 09:12 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 09:12 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 09:12 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 09:12 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 09:12 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 09:12 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 09:01 . 2012-04-04 07:10 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-13 09:01 . 2012-04-04 07:10 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51846F62-3ECF-45E7-9A46-EB944863CD5D}\gapaengine.dll
2012-06-13 07:30 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 07:30 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-12 07:51 . 2012-06-12 07:51 -------- d-----w- C:\NVIDIA
2012-06-04 04:01 . 2012-06-04 04:01 -------- d-----w- c:\users\Dons\AppData\Roaming\RealHideIP
2012-06-04 04:01 . 2012-06-04 04:01 -------- d-----w- c:\programdata\RealHideIP
2012-06-04 04:01 . 2012-06-23 16:54 -------- d-----w- c:\program files (x86)\Ask.com
2012-05-29 01:22 . 2012-05-29 01:22 -------- d-----w- c:\programdata\Aviosoft
2012-05-29 01:22 . 2012-05-29 01:22 -------- d-----w- c:\program files (x86)\BlazeVideo
2012-05-29 01:21 . 2012-05-29 01:21 164864 ----a-w- c:\windows\system32\drivers\IT9135BDA.sys
2012-05-29 01:19 . 2012-05-29 01:21 245 ----a-w- c:\windows\system32\AF15IRTBL.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 08:15 . 2012-04-05 01:08 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 08:15 . 2012-04-05 01:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-24 00:36 . 2012-05-24 00:36 33019 ----a-w- c:\windows\SysWow64\CoreAAC-uninstall.exe
2012-05-11 19:40 . 2012-05-11 19:40 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-11 19:40 . 2012-05-11 19:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-11 19:40 . 2012-05-11 19:40 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-11 19:40 . 2012-05-11 19:40 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-02 01:16 . 2012-05-02 01:16 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-04-24 05:25 . 2012-04-24 05:25 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-06 12:53 . 2012-04-04 06:38 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2012-04-04 06:38 . 2011-03-29 01:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-30 11:35 . 2012-05-10 07:17 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 10:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-04-26 1242448]
"BlazeServoTool"="c:\program files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe" [2010-03-06 286720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-18 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-09 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-18 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
.
c:\users\Dons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-4-5 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-18 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-28 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-10 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-06 17536]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-03 277120]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-17 2253120]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 08:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-03 2277992]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.co.nz/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dons\AppData\Roaming\Mozilla\Firefox\Profiles\25v6zume.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-RunOnce-RealHideIPunstall - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-26 09:54:56
ComboFix-quarantined-files.txt 2012-06-25 21:54
.
Pre-Run: 188,451,835,904 bytes free
Post-Run: 199,314,755,584 bytes free
.
- - End Of File - - 0CF468F8205A8A8E04829C430CD62310




09:14:57.0694 7032 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
09:14:58.0445 7032 ============================================================
09:14:58.0445 7032 Current date / time: 2012/06/26 09:14:58.0445
09:14:58.0445 7032 SystemInfo:
09:14:58.0445 7032
09:14:58.0446 7032 OS Version: 6.1.7601 ServicePack: 1.0
09:14:58.0446 7032 Product type: Workstation
09:14:58.0448 7032 ComputerName: DON_STEPH
09:14:58.0448 7032 UserName: Dons
09:14:58.0448 7032 Windows directory: C:\Windows
09:14:58.0448 7032 System windows directory: C:\Windows
09:14:58.0448 7032 Running under WOW64
09:14:58.0448 7032 Processor architecture: Intel x64
09:14:58.0448 7032 Number of processors: 4
09:14:58.0448 7032 Page size: 0x1000
09:14:58.0448 7032 Boot type: Normal boot
09:14:58.0448 7032 ============================================================
09:14:59.0614 7032 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:14:59.0629 7032 ============================================================
09:14:59.0629 7032 \Device\Harddisk0\DR0:
09:14:59.0629 7032 MBR partitions:
09:14:59.0629 7032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x22EE8800
09:14:59.0629 7032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x260E9000, BlocksNum 0x3145C800
09:14:59.0629 7032 ============================================================
09:14:59.0674 7032 C: <-> \Device\Harddisk0\DR0\Partition0
09:14:59.0712 7032 D: <-> \Device\Harddisk0\DR0\Partition1
09:14:59.0712 7032 ============================================================
09:14:59.0712 7032 Initialize success
09:14:59.0712 7032 ============================================================
09:15:28.0352 6352 ============================================================
09:15:28.0352 6352 Scan started
09:15:28.0352 6352 Mode: Manual; TDLFS;
09:15:28.0352 6352 ============================================================
09:15:28.0812 6352 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:15:28.0822 6352 1394ohci - ok
09:15:28.0872 6352 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:15:28.0882 6352 ACPI - ok
09:15:28.0922 6352 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:15:28.0922 6352 AcpiPmi - ok
09:15:29.0062 6352 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:15:29.0062 6352 AdobeFlashPlayerUpdateSvc - ok
09:15:29.0142 6352 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
09:15:29.0162 6352 adp94xx - ok
09:15:29.0262 6352 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
09:15:29.0272 6352 adpahci - ok
09:15:29.0353 6352 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
09:15:29.0367 6352 adpu320 - ok
09:15:29.0441 6352 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:15:29.0448 6352 AeLookupSvc - ok
09:15:29.0667 6352 AFBAgent (69fd46fac0d9c4a8ecd522ac6a7481f5) C:\Windows\system32\FBAgent.exe
09:15:29.0677 6352 AFBAgent - ok
09:15:29.0751 6352 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:15:29.0768 6352 AFD - ok
09:15:29.0807 6352 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:15:29.0810 6352 agp440 - ok
09:15:29.0859 6352 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:15:29.0863 6352 ALG - ok
09:15:29.0900 6352 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:15:29.0903 6352 aliide - ok
09:15:29.0919 6352 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:15:29.0921 6352 amdide - ok
09:15:29.0959 6352 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
09:15:29.0962 6352 AmdK8 - ok
09:15:29.0982 6352 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
09:15:29.0985 6352 AmdPPM - ok
09:15:30.0024 6352 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:15:30.0028 6352 amdsata - ok
09:15:30.0058 6352 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
09:15:30.0078 6352 amdsbs - ok
09:15:30.0093 6352 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:15:30.0096 6352 amdxata - ok
09:15:30.0149 6352 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys
09:15:30.0157 6352 AMPPAL - ok
09:15:30.0168 6352 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys
09:15:30.0174 6352 AMPPALP - ok
09:15:30.0333 6352 AMPPALR3 (576134e43169810b560f0bb6fdee13f5) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
09:15:30.0358 6352 AMPPALR3 - ok
09:15:30.0430 6352 Amsp (e8494519bcb9e3b1b72e5604993a76e3) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
09:15:30.0437 6352 Amsp - ok
09:15:30.0570 6352 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:15:30.0574 6352 AppID - ok
09:15:30.0761 6352 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:15:30.0765 6352 AppIDSvc - ok
09:15:30.0826 6352 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:15:30.0830 6352 Appinfo - ok
09:15:30.0863 6352 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
09:15:30.0867 6352 arc - ok
09:15:30.0923 6352 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
09:15:30.0930 6352 arcsas - ok
09:15:31.0043 6352 ASLDRService (a3626c6d3f2dc95497f3f61842d7fd89) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
09:15:31.0046 6352 ASLDRService - ok
09:15:31.0066 6352 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
09:15:31.0067 6352 ASMMAP64 - ok
09:15:31.0100 6352 asmthub3 (8569af4c73747671194ea9ebb2f2d6cf) C:\Windows\system32\DRIVERS\asmthub3.sys
09:15:31.0104 6352 asmthub3 - ok
09:15:31.0172 6352 asmtxhci (073716fbffac7057cd5ff00a1b558331) C:\Windows\system32\DRIVERS\asmtxhci.sys
09:15:31.0182 6352 asmtxhci - ok
09:15:31.0300 6352 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:15:31.0302 6352 aspnet_state - ok
09:15:31.0374 6352 ASUS InstantOn (edf4b8a072414e43cc3f85f68f4960e7) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
09:15:31.0383 6352 ASUS InstantOn - ok
09:15:31.0423 6352 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:15:31.0429 6352 AsyncMac - ok
09:15:31.0484 6352 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:15:31.0489 6352 atapi - ok
09:15:31.0608 6352 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
09:15:31.0644 6352 athr - ok
09:15:31.0723 6352 ATKGFNEXSrv (dbc598e47e7a382e60e2a4745d41fef9) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
09:15:31.0726 6352 ATKGFNEXSrv - ok
09:15:31.0762 6352 ATKWMIACPIIO_ (41ceaffcf3550785e59e3ec9bee8d97a) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
09:15:31.0764 6352 ATKWMIACPIIO_ - ok
09:15:31.0931 6352 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:15:31.0947 6352 AudioEndpointBuilder - ok
09:15:31.0967 6352 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:15:31.0980 6352 AudioSrv - ok
09:15:32.0015 6352 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:15:32.0019 6352 AxInstSV - ok
09:15:32.0122 6352 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
09:15:32.0134 6352 b06bdrv - ok
09:15:32.0186 6352 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:15:32.0197 6352 b57nd60a - ok
09:15:32.0244 6352 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:15:32.0248 6352 BDESVC - ok
09:15:32.0268 6352 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:15:32.0269 6352 Beep - ok
09:15:32.0369 6352 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:15:32.0385 6352 BFE - ok
09:15:32.0470 6352 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
09:15:32.0492 6352 BITS - ok
09:15:32.0576 6352 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:15:32.0578 6352 blbdrive - ok
09:15:32.0611 6352 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:15:32.0615 6352 bowser - ok
09:15:32.0644 6352 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
09:15:32.0647 6352 BrFiltLo - ok
09:15:32.0681 6352 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
09:15:32.0684 6352 BrFiltUp - ok
09:15:32.0808 6352 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:15:32.0813 6352 Browser - ok
09:15:32.0863 6352 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:15:32.0872 6352 Brserid - ok
09:15:32.0900 6352 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:15:32.0904 6352 BrSerWdm - ok
09:15:32.0928 6352 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:15:32.0931 6352 BrUsbMdm - ok
09:15:32.0963 6352 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:15:32.0965 6352 BrUsbSer - ok
09:15:33.0012 6352 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
09:15:33.0015 6352 BthEnum - ok
09:15:33.0070 6352 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
09:15:33.0078 6352 BTHMODEM - ok
09:15:33.0118 6352 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
09:15:33.0131 6352 BthPan - ok
09:15:33.0187 6352 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
09:15:33.0202 6352 BTHPORT - ok
09:15:33.0244 6352 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:15:33.0248 6352 bthserv - ok
09:15:33.0329 6352 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
09:15:33.0333 6352 BTHSSecurityMgr - ok
09:15:33.0373 6352 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
09:15:33.0377 6352 BTHUSB - ok
09:15:33.0412 6352 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:15:33.0416 6352 cdfs - ok
09:15:33.0474 6352 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:15:33.0479 6352 cdrom - ok
09:15:33.0526 6352 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:15:33.0530 6352 CertPropSvc - ok
09:15:33.0573 6352 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
09:15:33.0576 6352 circlass - ok
09:15:33.0648 6352 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:15:33.0661 6352 CLFS - ok
09:15:33.0746 6352 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:15:33.0750 6352 clr_optimization_v2.0.50727_32 - ok
09:15:33.0828 6352 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:15:33.0832 6352 clr_optimization_v2.0.50727_64 - ok
09:15:33.0898 6352 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:15:33.0902 6352 clr_optimization_v4.0.30319_32 - ok
09:15:33.0968 6352 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:15:33.0973 6352 clr_optimization_v4.0.30319_64 - ok
09:15:34.0012 6352 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:15:34.0014 6352 CmBatt - ok
09:15:34.0034 6352 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:15:34.0038 6352 cmdide - ok
09:15:34.0101 6352 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:15:34.0112 6352 CNG - ok
09:15:34.0130 6352 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
09:15:34.0133 6352 Compbatt - ok
09:15:34.0182 6352 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:15:34.0184 6352 CompositeBus - ok
09:15:34.0209 6352 COMSysApp - ok
09:15:34.0331 6352 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe
09:15:34.0338 6352 cphs - ok
09:15:34.0371 6352 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
09:15:34.0374 6352 crcdisk - ok
09:15:34.0448 6352 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
09:15:34.0522 6352 CryptSvc - ok
09:15:34.0606 6352 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:15:34.0621 6352 DcomLaunch - ok
09:15:34.0681 6352 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:15:34.0689 6352 defragsvc - ok
09:15:34.0764 6352 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:15:34.0768 6352 DfsC - ok
09:15:34.0843 6352 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:15:34.0851 6352 Dhcp - ok
09:15:34.0880 6352 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:15:34.0882 6352 discache - ok
09:15:34.0932 6352 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
09:15:34.0941 6352 Disk - ok
09:15:34.0983 6352 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:15:34.0990 6352 Dnscache - ok
09:15:35.0019 6352 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:15:35.0027 6352 dot3svc - ok
09:15:35.0055 6352 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:15:35.0060 6352 DPS - ok
09:15:35.0091 6352 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:15:35.0093 6352 drmkaud - ok
09:15:35.0146 6352 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
09:15:35.0154 6352 dtsoftbus01 - ok
09:15:35.0255 6352 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:15:35.0277 6352 DXGKrnl - ok
09:15:35.0325 6352 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:15:35.0329 6352 EapHost - ok
09:15:35.0572 6352 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
09:15:35.0642 6352 ebdrv - ok
09:15:35.0759 6352 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:15:35.0763 6352 EFS - ok
09:15:35.0849 6352 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:15:35.0868 6352 ehRecvr - ok
09:15:35.0906 6352 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:15:35.0911 6352 ehSched - ok
09:15:36.0022 6352 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
09:15:36.0034 6352 elxstor - ok
09:15:36.0060 6352 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:15:36.0062 6352 ErrDev - ok
09:15:36.0143 6352 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:15:36.0154 6352 EventSystem - ok
09:15:36.0321 6352 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:15:36.0353 6352 EvtEng - ok
09:15:36.0488 6352 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:15:36.0495 6352 exfat - ok
09:15:36.0530 6352 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:15:36.0536 6352 fastfat - ok
09:15:36.0648 6352 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:15:36.0665 6352 Fax - ok
09:15:36.0704 6352 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
09:15:36.0711 6352 fdc - ok
09:15:36.0740 6352 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:15:36.0743 6352 fdPHost - ok
09:15:36.0781 6352 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:15:36.0785 6352 FDResPub - ok
09:15:36.0802 6352 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:15:36.0810 6352 FileInfo - ok
09:15:36.0821 6352 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:15:36.0824 6352 Filetrace - ok
09:15:36.0850 6352 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
09:15:36.0853 6352 flpydisk - ok
09:15:36.0892 6352 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:15:36.0899 6352 FltMgr - ok
09:15:37.0005 6352 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:15:37.0033 6352 FontCache - ok
09:15:37.0103 6352 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:15:37.0107 6352 FontCache3.0.0.0 - ok
09:15:37.0150 6352 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:15:37.0153 6352 FsDepends - ok
09:15:37.0200 6352 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
09:15:37.0204 6352 fssfltr - ok
09:15:37.0373 6352 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:15:37.0417 6352 fsssvc - ok
09:15:37.0532 6352 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
09:15:37.0535 6352 Fs_Rec - ok
09:15:37.0596 6352 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:15:37.0603 6352 fvevol - ok
09:15:37.0660 6352 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
09:15:37.0663 6352 gagp30kx - ok
09:15:37.0751 6352 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:15:37.0769 6352 gpsvc - ok
09:15:37.0797 6352 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:15:37.0800 6352 hcw85cir - ok
09:15:37.0861 6352 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:15:37.0870 6352 HdAudAddService - ok
09:15:37.0914 6352 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:15:37.0917 6352 HDAudBus - ok
09:15:37.0945 6352 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
09:15:37.0947 6352 HidBatt - ok
09:15:37.0983 6352 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
09:15:37.0989 6352 HidBth - ok
09:15:38.0012 6352 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
09:15:38.0015 6352 HidIr - ok
09:15:38.0046 6352 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
09:15:38.0049 6352 hidserv - ok
09:15:38.0099 6352 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:15:38.0101 6352 HidUsb - ok
09:15:38.0128 6352 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:15:38.0133 6352 hkmsvc - ok
09:15:38.0190 6352 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:15:38.0199 6352 HomeGroupListener - ok
09:15:38.0257 6352 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:15:38.0265 6352 HomeGroupProvider - ok
09:15:38.0296 6352 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:15:38.0300 6352 HpSAMD - ok
09:15:38.0384 6352 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:15:38.0404 6352 HTTP - ok
09:15:38.0428 6352 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:15:38.0430 6352 hwpolicy - ok
09:15:38.0465 6352 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
09:15:38.0469 6352 i8042prt - ok
09:15:38.0543 6352 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
09:15:38.0553 6352 iaStor - ok
09:15:38.0626 6352 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:15:38.0640 6352 iaStorV - ok
09:15:38.0814 6352 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:15:38.0832 6352 idsvc - ok
09:15:39.0664 6352 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:15:40.0111 6352 igfx - ok
09:15:40.0255 6352 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
09:15:40.0258 6352 iirsp - ok
09:15:40.0349 6352 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:15:40.0368 6352 IKEEXT - ok
09:15:40.0622 6352 IntcAzAudAddService (c90545464654215b186b3cbe4ad0701d) C:\Windows\system32\drivers\RTKVHD64.sys
09:15:40.0684 6352 IntcAzAudAddService - ok
09:15:40.0827 6352 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
09:15:40.0835 6352 IntcDAud - ok
09:15:40.0861 6352 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:15:40.0863 6352 intelide - ok
09:15:40.0892 6352 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:15:40.0894 6352 intelppm - ok
09:15:40.0929 6352 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:15:40.0935 6352 IPBusEnum - ok
09:15:40.0961 6352 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:15:40.0977 6352 IpFilterDriver - ok
09:15:41.0038 6352 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:15:41.0055 6352 iphlpsvc - ok
09:15:41.0096 6352 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:15:41.0099 6352 IPMIDRV - ok
09:15:41.0130 6352 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:15:41.0134 6352 IPNAT - ok
09:15:41.0177 6352 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:15:41.0179 6352 IRENUM - ok
09:15:41.0209 6352 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:15:41.0212 6352 isapnp - ok
09:15:41.0253 6352 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:15:41.0261 6352 iScsiPrt - ok
09:15:41.0327 6352 IT9135BDA (ec878766b993b09e99320d693cc0ac93) C:\Windows\system32\Drivers\IT9135BDA.sys
09:15:41.0333 6352 IT9135BDA - ok
09:15:41.0371 6352 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:15:41.0377 6352 kbdclass - ok
09:15:41.0395 6352 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:15:41.0398 6352 kbdhid - ok
09:15:41.0433 6352 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
09:15:41.0435 6352 kbfiltr - ok
09:15:41.0470 6352 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:15:41.0474 6352 KeyIso - ok
09:15:41.0513 6352 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:15:41.0519 6352 KSecDD - ok
09:15:41.0559 6352 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:15:41.0566 6352 KSecPkg - ok
09:15:41.0603 6352 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:15:41.0606 6352 ksthunk - ok
09:15:41.0661 6352 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:15:41.0674 6352 KtmRm - ok
09:15:41.0729 6352 L1C (fc010c7814ddac17389a7d87ea2ebb39) C:\Windows\system32\DRIVERS\L1C62x64.sys
09:15:41.0733 6352 L1C - ok
09:15:41.0811 6352 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
09:15:41.0822 6352 LanmanServer - ok
09:15:41.0854 6352 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:15:41.0861 6352 LanmanWorkstation - ok
09:15:41.0928 6352 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:15:41.0931 6352 lltdio - ok
09:15:41.0999 6352 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:15:42.0013 6352 lltdsvc - ok
09:15:42.0031 6352 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:15:42.0038 6352 lmhosts - ok
09:15:42.0158 6352 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:15:42.0166 6352 LMS - ok
09:15:42.0225 6352 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
09:15:42.0229 6352 LSI_FC - ok
09:15:42.0256 6352 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
09:15:42.0260 6352 LSI_SAS - ok
09:15:42.0292 6352 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
09:15:42.0296 6352 LSI_SAS2 - ok
09:15:42.0327 6352 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
09:15:42.0331 6352 LSI_SCSI - ok
09:15:42.0388 6352 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:15:42.0392 6352 luafv - ok
09:15:42.0423 6352 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:15:42.0428 6352 Mcx2Svc - ok
09:15:42.0449 6352 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
09:15:42.0452 6352 megasas - ok
09:15:42.0513 6352 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
09:15:42.0523 6352 MegaSR - ok
09:15:42.0589 6352 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
09:15:42.0592 6352 MEIx64 - ok
09:15:42.0642 6352 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:15:42.0649 6352 MMCSS - ok
09:15:42.0719 6352 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:15:42.0723 6352 Modem - ok
09:15:42.0759 6352 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:15:42.0761 6352 monitor - ok
09:15:42.0801 6352 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:15:42.0803 6352 mouclass - ok
09:15:42.0840 6352 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:15:42.0843 6352 mouhid - ok
09:15:42.0868 6352 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:15:42.0872 6352 mountmgr - ok
09:15:42.0983 6352 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:15:42.0987 6352 MozillaMaintenance - ok
09:15:43.0042 6352 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
09:15:43.0051 6352 MpFilter - ok
09:15:43.0109 6352 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:15:43.0114 6352 mpio - ok
09:15:43.0134 6352 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:15:43.0140 6352 mpsdrv - ok
09:15:43.0220 6352 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
09:15:43.0242 6352 MpsSvc - ok
09:15:43.0275 6352 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:15:43.0281 6352 MRxDAV - ok
09:15:43.0311 6352 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:15:43.0318 6352 mrxsmb - ok
09:15:43.0358 6352 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:15:43.0365 6352 mrxsmb10 - ok
09:15:43.0391 6352 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:15:43.0396 6352 mrxsmb20 - ok
09:15:43.0411 6352 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:15:43.0415 6352 msahci - ok
09:15:43.0456 6352 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:15:43.0461 6352 msdsm - ok
09:15:43.0500 6352 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:15:43.0514 6352 MSDTC - ok
09:15:43.0558 6352 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:15:43.0562 6352 Msfs - ok
09:15:43.0595 6352 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:15:43.0597 6352 mshidkmdf - ok
09:15:43.0631 6352 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:15:43.0634 6352 msisadrv - ok
09:15:43.0693 6352 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:15:43.0700 6352 MSiSCSI - ok
09:15:43.0712 6352 msiserver - ok
09:15:43.0753 6352 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:15:43.0756 6352 MSKSSRV - ok
09:15:43.0843 6352 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:15:43.0845 6352 MsMpSvc - ok
09:15:43.0873 6352 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:15:43.0879 6352 MSPCLOCK - ok
09:15:43.0899 6352 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:15:43.0901 6352 MSPQM - ok
09:15:43.0954 6352 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:15:43.0962 6352 MsRPC - ok
09:15:43.0989 6352 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
09:15:43.0991 6352 mssmbios - ok
09:15:44.0011 6352 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:15:44.0013 6352 MSTEE - ok
09:15:44.0048 6352 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
09:15:44.0051 6352 MTConfig - ok
09:15:44.0090 6352 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:15:44.0094 6352 Mup - ok
09:15:44.0179 6352 MyWiFiDHCPDNS (8f57db74bf5407a4cda6c8b005dc8dd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
09:15:44.0189 6352 MyWiFiDHCPDNS - ok
09:15:44.0237 6352 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:15:44.0253 6352 napagent - ok
09:15:44.0323 6352 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:15:44.0333 6352 NativeWifiP - ok
09:15:44.0391 6352 NBVol (7b2d90bbbbed11c8dfba441d34ae901e) C:\Windows\system32\DRIVERS\NBVol.sys
09:15:44.0394 6352 NBVol - ok
09:15:44.0412 6352 NBVolUp (4fe7b5757279d82c4d171e9f7fd52a75) C:\Windows\system32\DRIVERS\NBVolUp.sys
09:15:44.0419 6352 NBVolUp - ok
09:15:44.0520 6352 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
09:15:44.0545 6352 NDIS - ok
09:15:44.0617 6352 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:15:44.0621 6352 NdisCap - ok
09:15:44.0666 6352 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:15:44.0668 6352 NdisTapi - ok
09:15:44.0696 6352 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:15:44.0699 6352 Ndisuio - ok
09:15:44.0750 6352 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:15:44.0774 6352 NdisWan - ok
09:15:44.0828 6352 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:15:44.0843 6352 NDProxy - ok
09:15:44.0913 6352 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:15:44.0916 6352 NetBIOS - ok
09:15:44.0952 6352 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:15:44.0959 6352 NetBT - ok
09:15:44.0992 6352 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:15:44.0995 6352 Netlogon - ok
09:15:45.0074 6352 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:15:45.0089 6352 Netman - ok
09:15:45.0201 6352 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:15:45.0209 6352 NetMsmqActivator - ok
09:15:45.0222 6352 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:15:45.0226 6352 NetPipeActivator - ok
09:15:45.0286 6352 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:15:45.0299 6352 netprofm - ok
09:15:45.0313 6352 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:15:45.0317 6352 NetTcpActivator - ok
09:15:45.0329 6352 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:15:45.0332 6352 NetTcpPortSharing - ok
09:15:45.0924 6352 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
09:15:46.0171 6352 NETwNs64 - ok
09:15:46.0309 6352 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
09:15:46.0312 6352 nfrd960 - ok
09:15:46.0364 6352 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:15:46.0376 6352 NisDrv - ok
09:15:46.0448 6352 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
09:15:46.0456 6352 NisSrv - ok
09:15:46.0512 6352 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:15:46.0526 6352 NlaSvc - ok
09:15:46.0558 6352 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:15:46.0561 6352 Npfs - ok
09:15:46.0632 6352 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:15:46.0640 6352 nsi - ok
09:15:46.0665 6352 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:15:46.0668 6352 nsiproxy - ok
09:15:46.0793 6352 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:15:46.0831 6352 Ntfs - ok
09:15:46.0944 6352 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:15:46.0946 6352 Null - ok
09:15:47.0808 6352 nvlddmkm (e97e8c80793ef12c994607ca5645799a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:15:48.0197 6352 nvlddmkm - ok
09:15:48.0324 6352 nvpciflt (50612bd6943b9cb20008e9e241dc8b7d) C:\Windows\system32\DRIVERS\nvpciflt.sys
09:15:48.0327 6352 nvpciflt - ok
09:15:48.0383 6352 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:15:48.0388 6352 nvraid - ok
09:15:48.0421 6352 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:15:48.0426 6352 nvstor - ok
09:15:48.0541 6352 nvsvc (f355c26fde46edb911e3e3d749e985ae) C:\Windows\system32\nvvsvc.exe
09:15:48.0584 6352 nvsvc - ok
09:15:48.0809 6352 nvUpdatusService (03aa7307c0d92d38d7af90e181736b8d) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
09:15:48.0857 6352 nvUpdatusService - ok
09:15:48.0967 6352 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:15:48.0971 6352 nv_agp - ok
09:15:49.0000 6352 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:15:49.0004 6352 ohci1394 - ok
09:15:49.0061 6352 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:15:49.0071 6352 p2pimsvc - ok
09:15:49.0131 6352 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:15:49.0148 6352 p2psvc - ok
09:15:49.0185 6352 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
09:15:49.0190 6352 Parport - ok
09:15:49.0230 6352 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
09:15:49.0233 6352 partmgr - ok
09:15:49.0271 6352 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:15:49.0279 6352 PcaSvc - ok
09:15:49.0307 6352 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:15:49.0313 6352 pci - ok
09:15:49.0332 6352 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:15:49.0334 6352 pciide - ok
09:15:49.0384 6352 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
09:15:49.0393 6352 pcmcia - ok
09:15:49.0433 6352 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:15:49.0438 6352 pcw - ok
09:15:49.0522 6352 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:15:49.0540 6352 PEAUTH - ok
09:15:49.0678 6352 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:15:49.0683 6352 PerfHost - ok
09:15:49.0819 6352 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:15:49.0849 6352 pla - ok
09:15:49.0915 6352 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:15:49.0929 6352 PlugPlay - ok
09:15:49.0959 6352 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:15:49.0964 6352 PNRPAutoReg - ok
09:15:50.0002 6352 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:15:50.0011 6352 PNRPsvc - ok
09:15:50.0075 6352 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
09:15:50.0080 6352 Point64 - ok
09:15:50.0147 6352 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:15:50.0159 6352 PolicyAgent - ok
09:15:50.0215 6352 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:15:50.0228 6352 Power - ok
09:15:50.0298 6352 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:15:50.0303 6352 PptpMiniport - ok
09:15:50.0341 6352 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
09:15:50.0350 6352 Processor - ok
09:15:50.0418 6352 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
09:15:50.0495 6352 ProfSvc - ok
09:15:50.0528 6352 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:15:50.0532 6352 ProtectedStorage - ok
09:15:50.0595 6352 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:15:50.0600 6352 Psched - ok
09:15:50.0759 6352 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
09:15:50.0790 6352 ql2300 - ok
09:15:50.0910 6352 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
09:15:50.0915 6352 ql40xx - ok
09:15:50.0961 6352 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:15:50.0970 6352 QWAVE - ok
09:15:50.0989 6352 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:15:50.0992 6352 QWAVEdrv - ok
09:15:51.0010 6352 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:15:51.0012 6352 RasAcd - ok
09:15:51.0051 6352 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:15:51.0055 6352 RasAgileVpn - ok
09:15:51.0089 6352 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:15:51.0097 6352 RasAuto - ok
09:15:51.0115 6352 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:15:51.0119 6352 Rasl2tp - ok
09:15:51.0164 6352 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:15:51.0175 6352 RasMan - ok
09:15:51.0210 6352 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:15:51.0214 6352 RasPppoe - ok
09:15:51.0242 6352 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:15:51.0246 6352 RasSstp - ok
09:15:51.0288 6352 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:15:51.0296 6352 rdbss - ok
09:15:51.0319 6352 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
09:15:51.0322 6352 rdpbus - ok
09:15:51.0337 6352 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:15:51.0339 6352 RDPCDD - ok
09:15:51.0376 6352 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:15:51.0378 6352 RDPENCDD - ok
09:15:51.0393 6352 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:15:51.0393 6352 RDPREFMP - ok
09:15:51.0433 6352 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
09:15:51.0473 6352 RDPWD - ok
09:15:51.0523 6352 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:15:51.0533 6352 rdyboost - ok
09:15:51.0693 6352 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:15:51.0703 6352 RegSrvc - ok
09:15:51.0743 6352 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:15:51.0753 6352 RemoteAccess - ok
09:15:51.0783 6352 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:15:51.0793 6352 RemoteRegistry - ok
09:15:51.0893 6352 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
09:15:51.0903 6352 RFCOMM - ok
09:15:51.0953 6352 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:15:51.0963 6352 RpcEptMapper - ok
09:15:52.0003 6352 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:15:52.0003 6352 RpcLocator - ok
09:15:52.0043 6352 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:15:52.0053 6352 RpcSs - ok
09:15:52.0103 6352 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:15:52.0113 6352 rspndr - ok
09:15:52.0183 6352 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:15:52.0183 6352 SamSs - ok
09:15:52.0233 6352 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:15:52.0243 6352 sbp2port - ok
09:15:52.0328 6352 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:15:52.0343 6352 SCardSvr - ok
09:15:52.0383 6352 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:15:52.0483 6352 scfilter - ok
09:15:52.0589 6352 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:15:52.0617 6352 Schedule - ok
09:15:52.0661 6352 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:15:52.0663 6352 SCPolicySvc - ok
09:15:52.0697 6352 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:15:52.0706 6352 SDRSVC - ok
09:15:52.0790 6352 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:15:52.0794 6352 secdrv - ok
09:15:52.0821 6352 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:15:52.0826 6352 seclogon - ok
09:15:52.0865 6352 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
09:15:52.0871 6352 SENS - ok
09:15:52.0938 6352 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:15:52.0944 6352 SensrSvc - ok
09:15:52.0972 6352 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
09:15:52.0975 6352 Serenum - ok
09:15:53.0029 6352 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
09:15:53.0033 6352 Serial - ok
09:15:53.0081 6352 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
09:15:53.0085 6352 sermouse - ok
09:15:53.0140 6352 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:15:53.0147 6352 SessionEnv - ok
09:15:53.0173 6352 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:15:53.0176 6352 sffdisk - ok
09:15:53.0197 6352 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:15:53.0200 6352 sffp_mmc - ok
09:15:53.0220 6352 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:15:53.0223 6352 sffp_sd - ok
09:15:53.0238 6352 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
09:15:53.0242 6352 sfloppy - ok
09:15:53.0305 6352 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:15:53.0316 6352 SharedAccess - ok
09:15:53.0369 6352 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:15:53.0381 6352 ShellHWDetection - ok
09:15:53.0416 6352 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
09:15:53.0420 6352 SiSGbeLH - ok
09:15:53.0455 6352 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
09:15:53.0458 6352 SiSRaid2 - ok
09:15:53.0478 6352 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
09:15:53.0482 6352 SiSRaid4 - ok
09:15:53.0564 6352 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
09:15:53.0569 6352 SkypeUpdate - ok
09:15:53.0614 6352 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:15:53.0617 6352 Smb - ok
09:15:53.0698 6352 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:15:53.0704 6352 SNMPTRAP - ok
09:15:53.0719 6352 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:15:53.0723 6352 spldr - ok
09:15:53.0779 6352 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:15:53.0804 6352 Spooler - ok
09:15:54.0022 6352 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:15:54.0098 6352 sppsvc - ok
09:15:54.0213 6352 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:15:54.0219 6352 sppuinotify - ok
09:15:54.0301 6352 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:15:54.0317 6352 srv - ok
09:15:54.0354 6352 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:15:54.0364 6352 srv2 - ok
09:15:54.0394 6352 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:15:54.0401 6352 srvnet - ok
09:15:54.0452 6352 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:15:54.0460 6352 SSDPSRV - ok
09:15:54.0484 6352 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:15:54.0493 6352 SstpSvc - ok
09:15:54.0570 6352 Steam Client Service - ok
09:15:54.0610 6352 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
09:15:54.0612 6352 stexstor - ok
09:15:54.0717 6352 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:15:54.0733 6352 stisvc - ok
09:15:54.0788 6352 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
09:15:54.0790 6352 swenum - ok
09:15:54.0867 6352 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:15:54.0883 6352 swprv - ok
09:15:55.0029 6352 SynTP (cc13ee4af170abb99f6449cbb62ab219) C:\Windows\system32\DRIVERS\SynTP.sys
09:15:55.0061 6352 SynTP - ok
09:15:55.0270 6352 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:15:55.0317 6352 SysMain - ok
09:15:55.0424 6352 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:15:55.0431 6352 TabletInputService - ok
09:15:55.0468 6352 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:15:55.0482 6352 TapiSrv - ok
09:15:55.0502 6352 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:15:55.0511 6352 TBS - ok
09:15:55.0747 6352 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
09:15:55.0808 6352 Tcpip - ok
09:15:56.0087 6352 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
09:15:56.0120 6352 TCPIP6 - ok
09:15:56.0223 6352 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:15:56.0226 6352 tcpipreg - ok
09:15:56.0258 6352 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:15:56.0261 6352 TDPIPE - ok
09:15:56.0293 6352 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
09:15:56.0298 6352 TDTCP - ok
09:15:56.0340 6352 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:15:56.0352 6352 tdx - ok
09:15:56.0371 6352 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
09:15:56.0380 6352 TermDD - ok
09:15:56.0457 6352 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:15:56.0476 6352 TermService - ok
09:15:56.0502 6352 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:15:56.0512 6352 Themes - ok
09:15:56.0550 6352 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:15:56.0555 6352 THREADORDER - ok
09:15:56.0660 6352 TiMiniService (69d76ce06bb629b69165c81d83a4b03e) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
09:15:56.0666 6352 TiMiniService - ok
09:15:56.0714 6352 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
09:15:56.0718 6352 tmactmon - ok
09:15:56.0761 6352 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
09:15:56.0765 6352 tmcomm - ok
09:15:56.0797 6352 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
09:15:56.0800 6352 tmevtmgr - ok
09:15:56.0881 6352 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
09:15:56.0887 6352 tmtdi - ok
09:15:56.0919 6352 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
09:15:56.0923 6352 TPM - ok
09:15:56.0965 6352 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:15:56.0977 6352 TrkWks - ok
09:15:57.0037 6352 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:15:57.0044 6352 TrustedInstaller - ok
09:15:57.0071 6352 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:15:57.0078 6352 tssecsrv - ok
09:15:57.0113 6352 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:15:57.0116 6352 TsUsbFlt - ok
09:15:57.0144 6352 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
09:15:57.0149 6352 TsUsbGD - ok
09:15:57.0202 6352 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:15:57.0211 6352 tunnel - ok
09:15:57.0248 6352 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
09:15:57.0274 6352 TurboB - ok
09:15:57.0362 6352 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
09:15:57.0368 6352 TurboBoost - ok
09:15:57.0411 6352 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
09:15:57.0415 6352 uagp35 - ok
09:15:57.0465 6352 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:15:57.0474 6352 udfs - ok
09:15:57.0524 6352 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:15:57.0530 6352 UI0Detect - ok
09:15:57.0554 6352 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:15:57.0561 6352 uliagpkx - ok
09:15:57.0600 6352 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
09:15:57.0603 6352 umbus - ok
09:15:57.0667 6352 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
09:15:57.0669 6352 UmPass - ok
09:15:57.0932 6352 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:15:57.0986 6352 UNS - ok
09:15:58.0124 6352 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:15:58.0140 6352 upnphost - ok
09:15:58.0186 6352 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:15:58.0192 6352 usbccgp - ok
09:15:58.0234 6352 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:15:58.0238 6352 usbcir - ok
09:15:58.0258 6352 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:15:58.0261 6352 usbehci - ok
09:15:58.0316 6352 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:15:58.0325 6352 usbhub - ok
09:15:58.0350 6352 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:15:58.0353 6352 usbohci - ok
09:15:58.0379 6352 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
09:15:58.0381 6352 usbprint - ok
09:15:58.0440 6352 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:15:58.0446 6352 USBSTOR - ok
09:15:58.0464 6352 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:15:58.0467 6352 usbuhci - ok
09:15:58.0519 6352 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
09:15:58.0525 6352 usbvideo - ok
09:15:58.0558 6352 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
09:15:58.0561 6352 usb_rndisx - ok
09:15:58.0590 6352 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:15:58.0596 6352 UxSms - ok
09:15:58.0628 6352 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:15:58.0632 6352 VaultSvc - ok
09:15:58.0695 6352 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:15:58.0698 6352 vdrvroot - ok
09:15:58.0755 6352 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:15:58.0770 6352 vds - ok
09:15:58.0798 6352 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:15:58.0801 6352 vga - ok
09:15:58.0828 6352 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:15:58.0831 6352 VgaSave - ok
09:15:58.0867 6352 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:15:58.0878 6352 vhdmp - ok
09:15:58.0918 6352 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:15:58.0923 6352 viaide - ok
09:15:58.0948 6352 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:15:58.0951 6352 volmgr - ok
09:15:58.0987 6352 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:15:58.0996 6352 volmgrx - ok
09:15:59.0028 6352 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
09:15:59.0039 6352 volsnap - ok
09:15:59.0080 6352 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
09:15:59.0088 6352 vsmraid - ok
09:15:59.0217 6352 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:15:59.0256 6352 VSS - ok
09:15:59.0370 6352 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:15:59.0373 6352 vwifibus - ok
09:15:59.0397 6352 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:15:59.0403 6352 vwififlt - ok
09:15:59.0445 6352 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:15:59.0451 6352 vwifimp - ok
09:15:59.0507 6352 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:15:59.0520 6352 W32Time - ok
09:15:59.0561 6352 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
09:15:59.0564 6352 WacomPen - ok
09:15:59.0601 6352 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:15:59.0608 6352 WANARP - ok
09:15:59.0618 6352 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:15:59.0621 6352 Wanarpv6 - ok
09:15:59.0772 6352 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:15:59.0801 6352 WatAdminSvc - ok
09:15:59.0929 6352 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:15:59.0966 6352 wbengine - ok
09:16:00.0103 6352 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:16:00.0118 6352 WbioSrvc - ok
09:16:00.0152 6352 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:16:00.0165 6352 wcncsvc - ok
09:16:00.0194 6352 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:16:00.0201 6352 WcsPlugInService - ok
09:16:00.0253 6352 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
09:16:00.0256 6352 Wd - ok
09:16:00.0318 6352 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:16:00.0334 6352 Wdf01000 - ok
09:16:00.0374 6352 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:16:00.0383 6352 WdiServiceHost - ok
09:16:00.0393 6352 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:16:00.0402 6352 WdiSystemHost - ok
09:16:00.0467 6352 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:16:00.0480 6352 WebClient - ok
09:16:00.0512 6352 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:16:00.0524 6352 Wecsvc - ok
09:16:00.0551 6352 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:16:00.0558 6352 wercplsupport - ok
09:16:00.0595 6352 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:16:00.0603 6352 WerSvc - ok
09:16:00.0706 6352 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:16:00.0709 6352 WfpLwf - ok
09:16:00.0771 6352 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
09:16:00.0777 6352 WimFltr - ok
09:16:00.0800 6352 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:16:00.0803 6352 WIMMount - ok
09:16:00.0851 6352 WinDefend - ok
09:16:00.0877 6352 WinHttpAutoProxySvc - ok
09:16:00.0956 6352 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:16:00.0962 6352 Winmgmt - ok
09:16:01.0120 6352 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:16:01.0166 6352 WinRM - ok
09:16:01.0306 6352 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:16:01.0310 6352 WinUsb - ok
09:16:01.0409 6352 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:16:01.0431 6352 Wlansvc - ok
09:16:01.0536 6352 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:16:01.0540 6352 wlcrasvc - ok
09:16:01.0792 6352 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:16:01.0843 6352 wlidsvc - ok
09:16:01.0954 6352 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:16:01.0958 6352 WmiAcpi - ok
09:16:02.0022 6352 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:16:02.0027 6352 wmiApSrv - ok
09:16:02.0079 6352 WMPNetworkSvc - ok
09:16:02.0116 6352 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:16:02.0122 6352 WPCSvc - ok
09:16:02.0153 6352 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:16:02.0160 6352 WPDBusEnum - ok
09:16:02.0190 6352 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:16:02.0192 6352 ws2ifsl - ok
09:16:02.0212 6352 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
09:16:02.0220 6352 wscsvc - ok
09:16:02.0230 6352 WSearch - ok
09:16:02.0430 6352 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
09:16:02.0486 6352 wuauserv - ok
09:16:02.0604 6352 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:16:02.0615 6352 WudfPf - ok
09:16:02.0666 6352 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:16:02.0672 6352 WUDFRd - ok
09:16:02.0720 6352 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:16:02.0729 6352 wudfsvc - ok
09:16:02.0784 6352 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:16:02.0795 6352 WwanSvc - ok
09:16:02.0864 6352 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:16:03.0938 6352 \Device\Harddisk0\DR0 - ok
09:16:03.0976 6352 Boot (0x1200) (6529203816f6377a41eb33fc3d756331) \Device\Harddisk0\DR0\Partition0
09:16:03.0979 6352 \Device\Harddisk0\DR0\Partition0 - ok
09:16:04.0013 6352 Boot (0x1200) (1d68e5b371f0a94b2dc02ac84096d28d) \Device\Harddisk0\DR0\Partition1
09:16:04.0016 6352 \Device\Harddisk0\DR0\Partition1 - ok
09:16:04.0017 6352 ============================================================
09:16:04.0017 6352 Scan finished
09:16:04.0017 6352 ============================================================
09:16:04.0058 6400 Detected object count: 0
09:16:04.0059 6400 Actual detected object count: 0
09:19:34.0259 7028 Deinitialize success

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:10 PM

Posted 25 June 2012 - 05:09 PM

Please run the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT



Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 DonH77

DonH77
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 25 June 2012 - 08:22 PM

Hi my results

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.25.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dons :: DON_STEPH [administrator]

6/26/2012 10:17:01 AM
mbam-log-2012-06-26 (10-17-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226052
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\Users\Dons\Downloads\DTLite4454-0314.exe Win32/OpenCandy application

As for my system the advert playing in the background seems to not affect the operation of my laptop just more of an annoying pain.
It only plays for about half an hour then stops for the rest of the day even if i restart the laptop it wont show its ugly head till i start the laptop the next morning so Ill have to wait till morning to see if it is still there. :*( By the way thank you so much for this help its been great.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:10 PM

Posted 25 June 2012 - 08:33 PM

Hi,

The log is showing you have two AV's installed

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

having more than one AV can cause system slow downs, conflicts and crashes, so please uninstall one of them

please run the following diagnostic log, so I can be sure you are clean

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Download TFC to your desktop
Mirror
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean


NEXT

I'll wait to hear tomorrow if the ads have stopped, let me know if there are any other issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 DonH77

DonH77
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 25 June 2012 - 08:53 PM

Hi heres the DDS logs ty

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dons at 13:49:07 on 2012-06-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3872.1954 [GMT 12:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
C:\Program Files (x86)\ASUS\APRP\aprp.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.co.nz/
mStart Page = hxxp://asus.msn.com
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [BlazeServoTool] "C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe"
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
StartupFolder: C:\Users\Dons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{035147C5-D276-47C6-9911-1BDEBD5DB53D} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{03D962E3-AE09-4C20-8557-1405F8AB63EC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6353ADC9-4D4E-4108-8DC9-E3D42449F5EB} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{C9E145EC-CD9B-4737-B0BE-B22264410B0E} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dons\AppData\Roaming\Mozilla\Firefox\Profiles\25v6zume.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-1 1166848]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-3 277120]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-4 134928]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-17 2253120]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-17 2656280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-14 1492840]
S3 IT9135BDA;IT9135 BDA Devices;C:\Windows\system32\Drivers\IT9135BDA.sys --> C:\Windows\system32\Drivers\IT9135BDA.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-10 129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-28 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-06-25 22:22:53 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-25 22:15:59 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-25 22:09:10 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-25 21:57:21 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18651A60-0A25-4C54-91E4-A2318F8A878E}\mpengine.dll
2012-06-25 21:30:46 -------- d-----w- C:\ComboFix
2012-06-25 21:23:18 98816 ----a-w- C:\Windows\sed.exe
2012-06-25 21:23:18 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-25 21:23:18 256000 ----a-w- C:\Windows\PEV.exe
2012-06-25 21:23:18 208896 ----a-w- C:\Windows\MBR.exe
2012-06-25 20:32:07 -------- d-----w- C:\FRST
2012-06-24 03:48:50 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-23 12:15:17 -------- d-----w- C:\Users\Dons\AppData\Local\Macromedia
2012-06-23 07:35:25 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-23 07:35:02 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-23 07:34:50 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-23 07:34:50 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 03:39:22 -------- d-----w- C:\Users\Dons\AppData\Local\adaware
2012-06-22 03:37:50 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-06-22 03:37:02 -------- d-----w- C:\Users\Dons\AppData\Local\adawarebp
2012-06-22 03:37:00 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-06-22 03:36:51 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-06-22 03:36:21 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-06-22 03:35:24 -------- d-----w- C:\Users\Dons\AppData\Roaming\Ad-Aware Antivirus
2012-06-20 22:19:07 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-20 22:19:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-20 21:05:21 1652688 ----a-w- C:\Windows\PCTBDCore.dll0609.old
2012-06-20 21:02:53 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2012-06-20 21:02:53 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-06-19 22:34:12 -------- d-----w- C:\Users\Dons\AppData\Roaming\Malwarebytes
2012-06-19 22:33:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-19 22:33:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-19 07:48:41 -------- d-----w- C:\Program Files (x86)\ChatZum Toolbar
2012-06-19 07:47:02 -------- d-----w- C:\Program Files (x86)\PANDORA.TV
2012-06-19 07:46:24 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2012-06-16 07:30:08 -------- d-----w- C:\ProgramData\RELOADED
2012-06-14 04:52:14 -------- d-----w- C:\Program Files\The Walking Dead
2012-06-13 09:13:15 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 09:13:04 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 09:13:04 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 09:13:04 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 09:13:00 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 09:12:55 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 09:12:52 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 09:12:51 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 09:12:23 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 09:12:22 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 09:12:22 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 09:12:22 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 09:12:21 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 09:12:21 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-13 09:12:05 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 09:01:00 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-13 09:01:00 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51846F62-3ECF-45E7-9A46-EB944863CD5D}\gapaengine.dll
2012-06-13 07:30:26 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 07:30:25 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-12 07:51:07 -------- d-----w- C:\NVIDIA
2012-06-04 04:01:45 -------- d-----w- C:\Users\Dons\AppData\Roaming\RealHideIP
2012-06-04 04:01:45 -------- d-----w- C:\ProgramData\RealHideIP
2012-06-04 04:01:17 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-05-29 01:22:51 -------- d-----w- C:\ProgramData\Aviosoft
2012-05-29 01:22:35 -------- d-----w- C:\Program Files (x86)\BlazeVideo
2012-05-29 01:21:06 164864 ----a-w- C:\Windows\System32\drivers\IT9135BDA.sys
2012-05-29 01:19:52 245 ----a-w- C:\Windows\System32\AF15IRTBL.bin
.
==================== Find3M ====================
.
2012-06-23 08:15:03 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-23 08:15:02 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-24 00:36:23 33019 ----a-w- C:\Windows\SysWow64\CoreAAC-uninstall.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-02 01:16:38 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2012-04-24 05:25:51 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-04-06 12:53:31 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 13:50:29.82 ===============

.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/4/2012 7:38:15 PM
System Uptime: 6/26/2012 1:47:53 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K53SD
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz | CPU 1 | 775/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 186.735 GiB free.
D: is FIXED (NTFS) - 394 GiB total, 379.845 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP69: 6/22/2012 3:32:52 PM - Windows Update
RP70: 6/23/2012 7:34:06 PM - Windows Update
RP71: 6/24/2012 3:47:47 PM - Windows Update
RP72: 6/26/2012 7:51:45 AM - Installed HiJackThis
RP73: 6/26/2012 8:02:49 AM - Removed HiJackThis
RP74: 6/26/2012 9:41:51 AM - Removed Ask Toolbar.
.
==== Installed Programs ======================
.
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
Adobe Flash Player 11 Plugin
Alcor Micro USB Card Reader
Ask Toolbar
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS AI Recovery
ASUS FaceLogon
ASUS LifeFrame3
ASUS Live Update
ASUS Sonic Focus
ASUS Virtual Camera
ASUS WebStorage
AsusScr_K3 Series_ENG
AsusVibe2.0
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATK Package
AviSynth 2.5
BlazeDTV 6.0
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CoreAAC Audio Decoder (remove only)
Counter-Strike: Source
Curse Client
CyberLink LabelPrint
CyberLink Media Suite
CyberLink Power2Go
D3DX10
DAEMON Tools Lite
Day of Defeat: Source
Diablo III
ESET Online Scanner v3
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
InstantOn for NB
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Internet TV for Windows Media Center
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Office 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
Nuance PDF Reader
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.8
Steam
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Ventrilo Client
VLC media player 2.0.1
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Silverlight
WinFlash
WinRAR 4.11 (32-bit)
Wireless Console 3
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
6/26/2012 9:49:21 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/26/2012 9:47:15 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/26/2012 1:47:01 PM, Error: Service Control Manager [7034] - The ASLDR Service service terminated unexpectedly. It has done this 1 time(s).
6/24/2012 3:37:41 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
6/23/2012 8:58:33 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
6/23/2012 8:58:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
6/23/2012 8:58:15 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/23/2012 8:56:07 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.127.2110.0;1.127.2110.0 Engine version: 1.1.8403.0
6/23/2012 6:35:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.2110.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/23/2012 4:52:08 AM, Error: Service Control Manager [7034] - The AFBAgent service terminated unexpectedly. It has done this 1 time(s).
6/23/2012 10:49:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.2110.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/22/2012 6:18:17 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/22/2012 6:18:17 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
6/21/2012 9:14:03 AM, Error: Service Control Manager [7000] - The PC Tools Spyware Doctor Driver service failed to start due to the following error: This driver has been blocked from loading
6/21/2012 10:52:19 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1891.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/21/2012 10:52:19 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1891.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/21/2012 10:52:19 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1891.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/21/2012 10:40:45 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.127.1891.0;1.127.1891.0 Engine version: 1.1.8403.0
6/19/2012 7:47:18 PM, Error: Service Control Manager [7030] - The PandoraService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

#10 DonH77

DonH77
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 26 June 2012 - 02:18 PM

Good morning great news started my laptop and didn't hear a thing thank god I was getting sick of hearing about the Kardashian's Thankyou so much for you time and effort :crazy: :clapping: I will Donate

Edited by DonH77, 26 June 2012 - 02:19 PM.


#11 DonH77

DonH77
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 26 June 2012 - 03:53 PM

Having a new problem under other devices in my device manager there is a unknown device as well as the fps on a game i play has dropped a lot not sure why I tried updating and scanning for driver but i get prompt driver not installed.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:10 PM

Posted 26 June 2012 - 06:31 PM

try reinstalling the game

can you get me a screen shot of the unknown device?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 DonH77

DonH77
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 26 June 2012 - 06:44 PM

A gentleman on this site just told me to delete the unknown device so I did and things seem fine :) ty anyway take care

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:10 PM

Posted 26 June 2012 - 07:25 PM

I would have preferred to have had a look,

hopefully it wasn't a legitimate device that was needed by your system

who told you to delete the device? a member of the malware team or an unknown member?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:10 PM

Posted 26 June 2012 - 07:26 PM

if things are OK, then we need to clean up our tools


You can delete the DDS and FRST logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users