Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE disabled


  • This topic is locked This topic is locked
19 replies to this topic

#1 sefarison

sefarison

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 27 May 2013 - 09:34 PM

Hello, I found this thread through Google: http://www.bleepingcomputer.com/forums/t/494247/mse-been-disabled-by-virus/

 

I seem to have the same problem, though I don't recall opening any suspicious exes. Windows Defender is also disabled, but Windows Firewall is enabled. I am also on Windows 7 x64 Home Premium. Anyways I followed the instructions provided in the thread.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.17.2
Run by Erskine at 21:55:50 on 2013-05-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7968.4527 [GMT -4:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\AsScrPro.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\explorer.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRunOnce: [Uninstall C:\Users\Erskine\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Erskine\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A10DD6E5-70B4-48A6-B9A8-6C3331651953} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A10DD6E5-70B4-48A6-B9A8-6C3331651953}\5534F4E4E4D2055524C49434 : DHCPNameServer = 137.99.25.14 137.99.203.20
TCP: Interfaces\{A10DD6E5-70B4-48A6-B9A8-6C3331651953}\5534F4E4E4D2355434552554 : DHCPNameServer = 137.99.25.14 137.99.203.20
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\8cofi543.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypchub.dll
FF - plugin: C:\Users\Erskine\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-4-9 30496]
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-8-17 283200]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-4-3 379520]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-3 277120]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-21 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-21 701512]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-10-18 67664]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-3 2656280]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-22 130024]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-22 395752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-12-6 108656]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-21 25928]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2011-4-28 241488]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/04/03 04:56:07;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-10-18 267480]
S3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2011-4-27 20480]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
S3 NisSrv;NisSrv;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-18 1255736]
.
=============== Created Last 30 ================
.
2013-05-27 08:48:33    9460464    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB3DB3D0-5CCC-4A52-9283-3E2FC8BB07CF}\mpengine.dll
2013-05-27 03:40:41    --------    d-----w-    C:\Program Files (x86)\StarDrive
2013-05-27 03:06:27    --------    d-----w-    C:\Users\Erskine\AppData\Local\Razer
2013-05-26 00:56:10    9460464    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-25 08:18:10    --------    d-----w-    C:\Users\Erskine\AppData\Local\Microsoft Help
2013-05-23 23:46:58    --------    d-----w-    C:\Program Files (x86)\Fractal Softworks
2013-05-22 08:37:20    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12726609-DF71-436A-AD21-C5C5F1C76700}\gapaengine.dll
2013-05-20 03:07:41    --------    d-----w-    C:\GOG Games
2013-05-17 20:39:01    --------    d-----w-    C:\Users\Erskine\AppData\Roaming\11bitstudios
2013-05-17 20:22:53    --------    d-----w-    C:\Program Files (x86)\Anomaly 2
2013-05-16 17:04:25    --------    d-----w-    C:\Program Files (x86)\Sanctum 2
2013-05-15 14:46:25    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 14:46:25    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 14:46:25    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-05-15 14:46:13    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-05-15 14:46:12    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-05-15 14:46:12    111448    ----a-w-    C:\Windows\System32\consent.exe
2013-05-15 14:46:11    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-05-15 14:45:53    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-05-15 14:45:53    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-05-15 14:45:48    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-05-11 10:37:28    209472    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2013-05-11 09:32:09    --------    d-----w-    C:\Users\Erskine\AppData\Roaming\StarDrive
2013-05-11 09:15:18    --------    d-----w-    C:\Program Files (x86)\Microsoft XNA
.
==================== Find3M  ====================
.
2013-05-28 01:31:35    387    ----a-w-    C:\Users\Erskine\AppData\Roaming\sp_data.sys
2013-05-15 15:29:26    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 15:29:26    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-05 06:52:14    2242048    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-05 06:50:36    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24    1767424    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 18:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-03-16 09:03:00    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-16 09:02:58    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-03-16 09:02:57    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-03-16 08:58:54    108448    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-03-16 08:58:51    963488    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-03-16 08:58:51    1085344    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-03-15 04:16:18    3477280    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:17    6398240    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10    877856    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:10    76064    ----a-w-    C:\Windows\System32\nv3dappshextr.dll
2013-03-15 04:16:10    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10    2555680    ----a-w-    C:\Windows\System32\nvsvcr.dll
2013-03-15 04:16:10    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-03-15 04:16:10    1016096    ----a-w-    C:\Windows\System32\nv3dappshext.dll
2013-03-13 16:24:01    3065455    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-03-03 22:05:55    466456    ----a-w-    C:\Windows\System32\wrap_oal.dll
2013-03-03 22:05:55    444952    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2013-03-03 22:05:55    122904    ----a-w-    C:\Windows\System32\OpenAL32.dll
2013-03-03 22:05:55    109080    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
.
============= FINISH: 21:56:23.25 ===============

 

 

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-27 22:01:38
-----------------------------
22:01:38.138    OS Version: Windows x64 6.1.7601 Service Pack 1
22:01:38.138    Number of processors: 8 586 0x2A07
22:01:38.138    ComputerName: INDIGO-PC  UserName: Erskine
22:01:39.055    Initialize success
22:03:35.421    AVAST engine defs: 13052701
22:03:45.233    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:03:45.235    Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
22:03:45.417    Disk 0 MBR read successfully
22:03:45.419    Disk 0 MBR scan
22:03:45.422    Disk 0 Windows 7 default MBR code
22:03:45.425    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
22:03:45.443    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       286161 MB offset 52430848
22:03:45.465    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       403641 MB offset 638488576
22:03:45.565    Disk 0 scanning C:\Windows\system32\drivers
22:03:54.303    Service scanning
22:04:24.186    Modules scanning
22:04:24.191    Disk 0 trace - called modules:
22:04:24.228    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:04:24.555    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80080e9790]
22:04:24.559    3 CLASSPNP.SYS[fffff88001c7e43f] -> nt!IofCallDriver -> [0xfffffa8007b68630]
22:04:24.562    5 ACPI.sys[fffff88000f207a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b6e050]
22:04:25.545    AVAST engine scan C:\Windows
22:04:27.769    AVAST engine scan C:\Windows\system32
22:06:52.659    AVAST engine scan C:\Windows\system32\drivers
22:07:04.801    AVAST engine scan C:\Users\Erskine
22:08:08.453    Disk 0 MBR has been saved successfully to "C:\Users\Erskine\Desktop\MBR.dat"
22:08:08.456    The log file has been saved successfully to "C:\Users\Erskine\Desktop\aswMBR.txt"

 

 

Kapersky TDSSKiller did not turn up any results, but here is the report anyways:

 

 

22:09:42.0880 6128  TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34
22:09:43.0276 6128  ============================================================
22:09:43.0276 6128  Current date / time: 2013/05/27 22:09:43.0276
22:09:43.0276 6128  SystemInfo:
22:09:43.0276 6128  
22:09:43.0276 6128  OS Version: 6.1.7601 ServicePack: 1.0
22:09:43.0276 6128  Product type: Workstation
22:09:43.0276 6128  ComputerName: INDIGO-PC
22:09:43.0276 6128  UserName: Erskine
22:09:43.0276 6128  Windows directory: C:\Windows
22:09:43.0276 6128  System windows directory: C:\Windows
22:09:43.0276 6128  Running under WOW64
22:09:43.0276 6128  Processor architecture: Intel x64
22:09:43.0276 6128  Number of processors: 8
22:09:43.0276 6128  Page size: 0x1000
22:09:43.0276 6128  Boot type: Normal boot
22:09:43.0276 6128  ============================================================
22:09:43.0867 6128  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:09:43.0871 6128  ============================================================
22:09:43.0871 6128  \Device\Harddisk0\DR0:
22:09:43.0887 6128  MBR partitions:
22:09:43.0887 6128  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x22EE8800
22:09:43.0887 6128  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x260E9000, BlocksNum 0x3145C800
22:09:43.0887 6128  ============================================================
22:09:43.0954 6128  C: <-> \Device\Harddisk0\DR0\Partition1
22:09:44.0266 6128  D: <-> \Device\Harddisk0\DR0\Partition2
22:09:44.0266 6128  ============================================================
22:09:44.0266 6128  Initialize success
22:09:44.0266 6128  ============================================================
22:09:45.0111 2564  ============================================================
22:09:45.0116 2564  Scan started
22:09:45.0116 2564  Mode: Manual;
22:09:45.0116 2564  ============================================================
22:09:45.0542 2564  ================ Scan system memory ========================
22:09:45.0542 2564  System memory - ok
22:09:45.0542 2564  ================ Scan services =============================
22:09:46.0175 2564  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:09:46.0176 2564  1394ohci - ok
22:09:46.0245 2564  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:09:46.0247 2564  ACPI - ok
22:09:46.0283 2564  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:09:46.0283 2564  AcpiPmi - ok
22:09:46.0483 2564  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:09:46.0484 2564  AdobeARMservice - ok
22:09:46.0777 2564  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:09:46.0778 2564  AdobeFlashPlayerUpdateSvc - ok
22:09:46.0865 2564  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:09:46.0868 2564  adp94xx - ok
22:09:46.0976 2564  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:09:46.0978 2564  adpahci - ok
22:09:47.0028 2564  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:09:47.0030 2564  adpu320 - ok
22:09:47.0069 2564  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:09:47.0069 2564  AeLookupSvc - ok
22:09:47.0141 2564  [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent        C:\Windows\system32\FBAgent.exe
22:09:47.0144 2564  AFBAgent - ok
22:09:47.0197 2564  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:09:47.0200 2564  AFD - ok
22:09:47.0258 2564  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:09:47.0259 2564  agp440 - ok
22:09:47.0300 2564  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:09:47.0301 2564  ALG - ok
22:09:47.0358 2564  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:09:47.0358 2564  aliide - ok
22:09:48.0046 2564  ALSysIO - ok
22:09:48.0357 2564  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:09:48.0358 2564  amdide - ok
22:09:48.0414 2564  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:09:48.0415 2564  AmdK8 - ok
22:09:48.0435 2564  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:09:48.0436 2564  AmdPPM - ok
22:09:48.0455 2564  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:09:48.0456 2564  amdsata - ok
22:09:48.0504 2564  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:09:48.0505 2564  amdsbs - ok
22:09:48.0539 2564  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:09:48.0540 2564  amdxata - ok
22:09:48.0617 2564  [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
22:09:48.0619 2564  AMPPAL - ok
22:09:48.0631 2564  [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
22:09:48.0633 2564  AMPPALP - ok
22:09:48.0799 2564  [ 576134E43169810B560F0BB6FDEE13F5 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
22:09:48.0804 2564  AMPPALR3 - ok
22:09:48.0911 2564  [ E8494519BCB9E3B1B72E5604993A76E3 ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
22:09:48.0913 2564  Amsp - ok
22:09:48.0982 2564  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:09:48.0983 2564  AppID - ok
22:09:49.0019 2564  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:09:49.0019 2564  AppIDSvc - ok
22:09:49.0087 2564  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
22:09:49.0088 2564  Appinfo - ok
22:09:49.0349 2564  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:09:49.0350 2564  Apple Mobile Device - ok
22:09:49.0388 2564  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
22:09:49.0389 2564  arc - ok
22:09:49.0438 2564  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:09:49.0439 2564  arcsas - ok
22:09:49.0613 2564  [ A3626C6D3F2DC95497F3F61842D7FD89 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
22:09:49.0614 2564  ASLDRService - ok
22:09:49.0715 2564  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
22:09:49.0715 2564  ASMMAP64 - ok
22:09:49.0791 2564  [ 8569AF4C73747671194EA9EBB2F2D6CF ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
22:09:49.0792 2564  asmthub3 - ok
22:09:49.0839 2564  [ 073716FBFFAC7057CD5FF00A1B558331 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
22:09:49.0841 2564  asmtxhci - ok
22:09:50.0065 2564  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:09:50.0066 2564  aspnet_state - ok
22:09:50.0197 2564  [ EDF4B8A072414E43CC3F85F68F4960E7 ] ASUS InstantOn  C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
22:09:50.0199 2564  ASUS InstantOn - ok
22:09:50.0234 2564  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:09:50.0234 2564  AsyncMac - ok
22:09:50.0314 2564  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:09:50.0314 2564  atapi - ok
22:09:50.0455 2564  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
22:09:50.0462 2564  athr - ok
22:09:50.0518 2564  [ DBC598E47E7A382E60E2A4745D41FEF9 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
22:09:50.0519 2564  ATKGFNEXSrv - ok
22:09:50.0570 2564  [ 41CEAFFCF3550785E59E3EC9BEE8D97A ] ATKWMIACPIIO_   C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
22:09:50.0570 2564  ATKWMIACPIIO_ - ok
22:09:50.0684 2564  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:09:50.0688 2564  AudioEndpointBuilder - ok
22:09:50.0752 2564  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:09:50.0755 2564  AudioSrv - ok
22:09:50.0817 2564  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:09:50.0818 2564  AxInstSV - ok
22:09:50.0875 2564  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:09:50.0877 2564  b06bdrv - ok
22:09:50.0944 2564  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:09:50.0946 2564  b57nd60a - ok
22:09:51.0059 2564  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:09:51.0060 2564  BDESVC - ok
22:09:51.0090 2564  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:09:51.0090 2564  Beep - ok
22:09:51.0222 2564  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:09:51.0225 2564  BFE - ok
22:09:51.0329 2564  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
22:09:51.0334 2564  BITS - ok
22:09:51.0393 2564  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:09:51.0394 2564  blbdrive - ok
22:09:51.0597 2564  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:09:51.0599 2564  Bonjour Service - ok
22:09:51.0645 2564  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:09:51.0646 2564  bowser - ok
22:09:51.0694 2564  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:09:51.0694 2564  BrFiltLo - ok
22:09:51.0711 2564  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:09:51.0712 2564  BrFiltUp - ok
22:09:51.0771 2564  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:09:51.0772 2564  Browser - ok
22:09:51.0826 2564  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:09:51.0828 2564  Brserid - ok
22:09:51.0845 2564  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:09:51.0846 2564  BrSerWdm - ok
22:09:51.0865 2564  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:09:51.0865 2564  BrUsbMdm - ok
22:09:51.0894 2564  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:09:51.0894 2564  BrUsbSer - ok
22:09:51.0977 2564  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
22:09:51.0977 2564  BthEnum - ok
22:09:52.0013 2564  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:09:52.0013 2564  BTHMODEM - ok
22:09:52.0058 2564  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:09:52.0059 2564  BthPan - ok
22:09:52.0155 2564  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
22:09:52.0158 2564  BTHPORT - ok
22:09:52.0210 2564  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:09:52.0211 2564  bthserv - ok
22:09:52.0317 2564  [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
22:09:52.0318 2564  BTHSSecurityMgr - ok
22:09:52.0354 2564  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
22:09:52.0355 2564  BTHUSB - ok
22:09:52.0413 2564  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:09:52.0414 2564  cdfs - ok
22:09:52.0472 2564  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:09:52.0473 2564  cdrom - ok
22:09:52.0545 2564  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:09:52.0546 2564  CertPropSvc - ok
22:09:52.0609 2564  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
22:09:52.0609 2564  circlass - ok
22:09:52.0666 2564  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:09:52.0668 2564  CLFS - ok
22:09:52.0839 2564  [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
22:09:52.0841 2564  CLKMSVC10_38F51D56 - ok
22:09:52.0975 2564  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:09:52.0976 2564  clr_optimization_v2.0.50727_32 - ok
22:09:53.0054 2564  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:09:53.0055 2564  clr_optimization_v2.0.50727_64 - ok
22:09:53.0228 2564  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:09:53.0229 2564  clr_optimization_v4.0.30319_32 - ok
22:09:53.0267 2564  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:09:53.0268 2564  clr_optimization_v4.0.30319_64 - ok
22:09:53.0310 2564  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:09:53.0311 2564  CmBatt - ok
22:09:53.0338 2564  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:09:53.0339 2564  cmdide - ok
22:09:53.0425 2564  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:09:53.0428 2564  CNG - ok
22:09:53.0470 2564  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:09:53.0470 2564  Compbatt - ok
22:09:53.0527 2564  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:09:53.0528 2564  CompositeBus - ok
22:09:53.0552 2564  COMSysApp - ok
22:09:53.0898 2564  [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:09:53.0900 2564  cphs - ok
22:09:53.0952 2564  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:09:53.0952 2564  crcdisk - ok
22:09:54.0027 2564  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:09:54.0028 2564  CryptSvc - ok
22:09:54.0241 2564  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:09:54.0245 2564  cvhsvc - ok
22:09:54.0333 2564  [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
22:09:54.0333 2564  dc3d - ok
22:09:54.0415 2564  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:09:54.0418 2564  DcomLaunch - ok
22:09:54.0474 2564  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:09:54.0476 2564  defragsvc - ok
22:09:54.0502 2564  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:09:54.0503 2564  DfsC - ok
22:09:54.0582 2564  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:09:54.0584 2564  Dhcp - ok
22:09:54.0627 2564  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:09:54.0628 2564  discache - ok
22:09:54.0675 2564  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
22:09:54.0675 2564  Disk - ok
22:09:54.0754 2564  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:09:54.0755 2564  Dnscache - ok
22:09:54.0767 2564  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:09:54.0769 2564  dot3svc - ok
22:09:54.0803 2564  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:09:54.0805 2564  DPS - ok
22:09:54.0856 2564  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:09:54.0857 2564  drmkaud - ok
22:09:54.0943 2564  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:09:54.0944 2564  dtsoftbus01 - ok
22:09:55.0021 2564  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:09:55.0025 2564  DXGKrnl - ok
22:09:55.0091 2564  EagleX64 - ok
22:09:55.0128 2564  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:09:55.0129 2564  EapHost - ok
22:09:55.0526 2564  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:09:55.0541 2564  ebdrv - ok
22:09:55.0579 2564  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:09:55.0580 2564  EFS - ok
22:09:55.0674 2564  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:09:55.0676 2564  elxstor - ok
22:09:55.0693 2564  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:09:55.0693 2564  ErrDev - ok
22:09:55.0781 2564  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:09:55.0783 2564  EventSystem - ok
22:09:55.0876 2564  [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:09:55.0883 2564  EvtEng - ok
22:09:55.0976 2564  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:09:55.0978 2564  exfat - ok
22:09:56.0027 2564  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:09:56.0028 2564  fastfat - ok
22:09:56.0102 2564  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:09:56.0106 2564  Fax - ok
22:09:56.0118 2564  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
22:09:56.0119 2564  fdc - ok
22:09:56.0175 2564  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:09:56.0175 2564  fdPHost - ok
22:09:56.0205 2564  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:09:56.0205 2564  FDResPub - ok
22:09:56.0237 2564  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:09:56.0238 2564  FileInfo - ok
22:09:56.0264 2564  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:09:56.0265 2564  Filetrace - ok
22:09:56.0275 2564  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:09:56.0275 2564  flpydisk - ok
22:09:56.0314 2564  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:09:56.0315 2564  FltMgr - ok
22:09:56.0456 2564  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
22:09:56.0462 2564  FontCache - ok
22:09:56.0506 2564  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:09:56.0506 2564  FontCache3.0.0.0 - ok
22:09:56.0544 2564  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:09:56.0545 2564  FsDepends - ok
22:09:56.0583 2564  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:09:56.0583 2564  Fs_Rec - ok
22:09:56.0662 2564  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:09:56.0663 2564  fvevol - ok
22:09:56.0738 2564  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:09:56.0739 2564  gagp30kx - ok
22:09:56.0825 2564  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:09:56.0826 2564  GEARAspiWDM - ok
22:09:56.0894 2564  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:09:56.0898 2564  gpsvc - ok
22:09:56.0925 2564  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:09:56.0925 2564  hcw85cir - ok
22:09:57.0004 2564  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:09:57.0006 2564  HdAudAddService - ok
22:09:57.0045 2564  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:09:57.0046 2564  HDAudBus - ok
22:09:57.0074 2564  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:09:57.0074 2564  HidBatt - ok
22:09:57.0098 2564  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:09:57.0099 2564  HidBth - ok
22:09:57.0138 2564  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:09:57.0139 2564  HidIr - ok
22:09:57.0182 2564  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:09:57.0183 2564  hidserv - ok
22:09:57.0262 2564  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:09:57.0263 2564  HidUsb - ok
22:09:57.0308 2564  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:09:57.0309 2564  hkmsvc - ok
22:09:57.0371 2564  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:09:57.0373 2564  HomeGroupListener - ok
22:09:57.0434 2564  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:09:57.0436 2564  HomeGroupProvider - ok
22:09:57.0466 2564  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:09:57.0467 2564  HpSAMD - ok
22:09:57.0628 2564  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:09:57.0632 2564  HTTP - ok
22:09:57.0663 2564  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:09:57.0663 2564  hwpolicy - ok
22:09:57.0731 2564  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:09:57.0732 2564  i8042prt - ok
22:09:57.0793 2564  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
22:09:57.0796 2564  iaStor - ok
22:09:57.0865 2564  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:09:57.0867 2564  iaStorV - ok
22:09:57.0964 2564  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:09:57.0965 2564  IDriverT - ok
22:09:58.0014 2564  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:09:58.0018 2564  idsvc - ok
22:09:58.0892 2564  [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:09:58.0958 2564  igfx - ok
22:09:58.0990 2564  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:09:58.0991 2564  iirsp - ok
22:09:59.0046 2564  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:09:59.0050 2564  IKEEXT - ok
22:09:59.0419 2564  [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:09:59.0437 2564  IntcAzAudAddService - ok
22:09:59.0529 2564  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
22:09:59.0531 2564  IntcDAud - ok
22:09:59.0544 2564  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:09:59.0544 2564  intelide - ok
22:09:59.0578 2564  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:09:59.0579 2564  intelppm - ok
22:09:59.0606 2564  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:09:59.0607 2564  IPBusEnum - ok
22:09:59.0630 2564  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:09:59.0631 2564  IpFilterDriver - ok
22:09:59.0683 2564  [ 08C2957BB30058E663720C5606885653 ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll
22:09:59.0686 2564  IpHlpSvc - ok
22:09:59.0712 2564  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:09:59.0713 2564  IPMIDRV - ok
22:09:59.0734 2564  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:09:59.0735 2564  IPNAT - ok
22:09:59.0797 2564  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:09:59.0801 2564  iPod Service - ok
22:09:59.0861 2564  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:09:59.0861 2564  IRENUM - ok
22:09:59.0880 2564  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:09:59.0880 2564  isapnp - ok
22:09:59.0924 2564  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:09:59.0925 2564  iScsiPrt - ok
22:09:59.0980 2564  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:09:59.0980 2564  kbdclass - ok
22:10:00.0015 2564  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:10:00.0016 2564  kbdhid - ok
22:10:00.0079 2564  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
22:10:00.0080 2564  kbfiltr - ok
22:10:00.0101 2564  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:10:00.0102 2564  KeyIso - ok
22:10:00.0141 2564  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:10:00.0141 2564  KSecDD - ok
22:10:00.0165 2564  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:10:00.0166 2564  KSecPkg - ok
22:10:00.0227 2564  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:10:00.0228 2564  ksthunk - ok
22:10:00.0265 2564  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:10:00.0267 2564  KtmRm - ok
22:10:00.0324 2564  [ FC010C7814DDAC17389A7D87EA2EBB39 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
22:10:00.0325 2564  L1C - ok
22:10:00.0387 2564  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:10:00.0389 2564  LanmanServer - ok
22:10:00.0441 2564  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:10:00.0443 2564  LanmanWorkstation - ok
22:10:00.0513 2564  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:10:00.0513 2564  lltdio - ok
22:10:00.0551 2564  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:10:00.0554 2564  lltdsvc - ok
22:10:00.0576 2564  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:10:00.0577 2564  lmhosts - ok
22:10:00.0733 2564  [ 7F32D4C47A50E7223491E8FB9359907D ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:10:00.0734 2564  LMS - ok
22:10:00.0817 2564  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:10:00.0818 2564  LSI_FC - ok
22:10:00.0844 2564  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:10:00.0845 2564  LSI_SAS - ok
22:10:00.0877 2564  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:10:00.0878 2564  LSI_SAS2 - ok
22:10:00.0944 2564  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:10:00.0945 2564  LSI_SCSI - ok
22:10:00.0995 2564  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:10:00.0996 2564  luafv - ok
22:10:01.0113 2564  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:10:01.0114 2564  MBAMProtector - ok
22:10:01.0239 2564  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:10:01.0242 2564  MBAMScheduler - ok
22:10:01.0321 2564  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:10:01.0325 2564  MBAMService - ok
22:10:01.0346 2564  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:10:01.0347 2564  megasas - ok
22:10:01.0392 2564  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:10:01.0394 2564  MegaSR - ok
22:10:01.0439 2564  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
22:10:01.0439 2564  MEIx64 - ok
22:10:01.0517 2564  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:10:01.0518 2564  MMCSS - ok
22:10:01.0552 2564  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:10:01.0552 2564  Modem - ok
22:10:01.0592 2564  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:10:01.0592 2564  monitor - ok
22:10:01.0620 2564  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:10:01.0621 2564  mouclass - ok
22:10:01.0655 2564  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:10:01.0655 2564  mouhid - ok
22:10:01.0694 2564  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:10:01.0695 2564  mountmgr - ok
22:10:01.0800 2564  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:10:01.0801 2564  MozillaMaintenance - ok
22:10:01.0852 2564  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
22:10:01.0854 2564  MpFilter - ok
22:10:01.0910 2564  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:10:01.0911 2564  mpio - ok
22:10:01.0928 2564  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:10:01.0929 2564  mpsdrv - ok
22:10:01.0985 2564  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:10:01.0989 2564  MpsSvc - ok
22:10:02.0011 2564  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:10:02.0012 2564  MRxDAV - ok
22:10:02.0057 2564  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:10:02.0058 2564  mrxsmb - ok
22:10:02.0074 2564  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:10:02.0075 2564  mrxsmb10 - ok
22:10:02.0096 2564  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:10:02.0097 2564  mrxsmb20 - ok
22:10:02.0110 2564  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:10:02.0111 2564  msahci - ok
22:10:02.0152 2564  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:10:02.0153 2564  msdsm - ok
22:10:02.0181 2564  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:10:02.0182 2564  MSDTC - ok
22:10:02.0202 2564  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:10:02.0203 2564  Msfs - ok
22:10:02.0233 2564  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:10:02.0233 2564  mshidkmdf - ok
22:10:02.0259 2564  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:10:02.0259 2564  msisadrv - ok
22:10:02.0333 2564  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:10:02.0334 2564  MSiSCSI - ok
22:10:02.0337 2564  msiserver - ok
22:10:02.0393 2564  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:10:02.0394 2564  MSKSSRV - ok
22:10:02.0458 2564  MsMpSvc - ok
22:10:02.0511 2564  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:10:02.0512 2564  MSPCLOCK - ok
22:10:02.0552 2564  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:10:02.0552 2564  MSPQM - ok
22:10:02.0578 2564  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:10:02.0580 2564  MsRPC - ok
22:10:02.0598 2564  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:10:02.0598 2564  mssmbios - ok
22:10:02.0649 2564  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:10:02.0649 2564  MSTEE - ok
22:10:02.0672 2564  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:10:02.0672 2564  MTConfig - ok
22:10:02.0701 2564  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:10:02.0701 2564  Mup - ok
22:10:02.0755 2564  [ F1B096BF8C2A7A5A1E42DC5A13E35952 ] mvusbews        C:\Windows\system32\Drivers\mvusbews.sys
22:10:02.0756 2564  mvusbews - ok
22:10:02.0827 2564  [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:10:02.0829 2564  MyWiFiDHCPDNS - ok
22:10:02.0887 2564  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:10:02.0890 2564  napagent - ok
22:10:02.0947 2564  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:10:02.0948 2564  NativeWifiP - ok
22:10:03.0065 2564  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:10:03.0069 2564  NDIS - ok
22:10:03.0138 2564  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:10:03.0139 2564  NdisCap - ok
22:10:03.0195 2564  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:10:03.0195 2564  NdisTapi - ok
22:10:03.0232 2564  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:10:03.0232 2564  Ndisuio - ok
22:10:03.0265 2564  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:10:03.0266 2564  NdisWan - ok
22:10:03.0279 2564  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:10:03.0280 2564  NDProxy - ok
22:10:03.0339 2564  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:10:03.0339 2564  NetBIOS - ok
22:10:03.0363 2564  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:10:03.0364 2564  NetBT - ok
22:10:03.0402 2564  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:10:03.0403 2564  Netlogon - ok
22:10:03.0445 2564  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:10:03.0448 2564  Netman - ok
22:10:03.0486 2564  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:10:03.0487 2564  NetMsmqActivator - ok
22:10:03.0497 2564  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:10:03.0498 2564  NetPipeActivator - ok
22:10:03.0527 2564  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:10:03.0530 2564  netprofm - ok
22:10:03.0539 2564  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:10:03.0540 2564  NetTcpActivator - ok
22:10:03.0545 2564  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:10:03.0546 2564  NetTcpPortSharing - ok
22:10:04.0160 2564  [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
22:10:04.0198 2564  NETwNs64 - ok
22:10:04.0256 2564  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:10:04.0257 2564  nfrd960 - ok
22:10:04.0380 2564  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:10:04.0380 2564  NisDrv - ok
22:10:04.0382 2564  NisSrv - ok
22:10:04.0416 2564  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:10:04.0418 2564  NlaSvc - ok
22:10:04.0437 2564  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:10:04.0438 2564  Npfs - ok
22:10:04.0492 2564  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:10:04.0493 2564  nsi - ok
22:10:04.0523 2564  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:10:04.0524 2564  nsiproxy - ok
22:10:04.0634 2564  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:10:04.0643 2564  Ntfs - ok
22:10:04.0665 2564  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:10:04.0666 2564  Null - ok
22:10:05.0544 2564  [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:10:05.0601 2564  nvlddmkm - ok
22:10:05.0661 2564  [ 7067753FA8B75A3BDBA5633B4D2A5D0A ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
22:10:05.0662 2564  nvpciflt - ok
22:10:05.0726 2564  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:10:05.0727 2564  nvraid - ok
22:10:05.0765 2564  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:10:05.0767 2564  nvstor - ok
22:10:05.0831 2564  [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:10:05.0836 2564  nvsvc - ok
22:10:06.0013 2564  [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:10:06.0020 2564  nvUpdatusService - ok
22:10:06.0056 2564  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:10:06.0057 2564  nv_agp - ok
22:10:06.0093 2564  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:10:06.0094 2564  ohci1394 - ok
22:10:06.0213 2564  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:10:06.0214 2564  ose - ok
22:10:06.0782 2564  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:10:06.0807 2564  osppsvc - ok
22:10:06.0845 2564  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:10:06.0848 2564  p2pimsvc - ok
22:10:06.0869 2564  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:10:06.0872 2564  p2psvc - ok
22:10:06.0921 2564  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
22:10:06.0922 2564  Parport - ok
22:10:06.0957 2564  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:10:06.0958 2564  partmgr - ok
22:10:06.0995 2564  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:10:06.0996 2564  PcaSvc - ok
22:10:07.0025 2564  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:10:07.0027 2564  pci - ok
22:10:07.0077 2564  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:10:07.0078 2564  pciide - ok
22:10:07.0097 2564  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:10:07.0099 2564  pcmcia - ok
22:10:07.0115 2564  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:10:07.0115 2564  pcw - ok
22:10:07.0197 2564  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:10:07.0200 2564  PEAUTH - ok
22:10:07.0631 2564  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:10:07.0632 2564  PerfHost - ok
22:10:07.0676 2564  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:10:07.0683 2564  pla - ok
22:10:07.0794 2564  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:10:07.0796 2564  PlugPlay - ok
22:10:07.0814 2564  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:10:07.0815 2564  PNRPAutoReg - ok
22:10:07.0890 2564  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:10:07.0892 2564  PNRPsvc - ok
22:10:07.0946 2564  [ 32D374C60778253B81FA76C2FE19E155 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
22:10:07.0946 2564  Point64 - ok
22:10:08.0015 2564  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:10:08.0018 2564  PolicyAgent - ok
22:10:08.0069 2564  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:10:08.0071 2564  Power - ok
22:10:08.0118 2564  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:10:08.0119 2564  PptpMiniport - ok
22:10:08.0146 2564  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
22:10:08.0147 2564  Processor - ok
22:10:08.0191 2564  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:10:08.0193 2564  ProfSvc - ok
22:10:08.0213 2564  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:10:08.0214 2564  ProtectedStorage - ok
22:10:08.0269 2564  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:10:08.0270 2564  Psched - ok
22:10:08.0385 2564  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:10:08.0392 2564  ql2300 - ok
22:10:08.0433 2564  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:10:08.0434 2564  ql40xx - ok
22:10:08.0472 2564  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:10:08.0474 2564  QWAVE - ok
22:10:08.0498 2564  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:10:08.0498 2564  QWAVEdrv - ok
22:10:08.0522 2564  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:10:08.0523 2564  RasAcd - ok
22:10:08.0575 2564  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:10:08.0575 2564  RasAgileVpn - ok
22:10:08.0631 2564  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:10:08.0632 2564  RasAuto - ok
22:10:08.0664 2564  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:10:08.0665 2564  Rasl2tp - ok
22:10:08.0706 2564  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:10:08.0709 2564  RasMan - ok
22:10:08.0741 2564  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:10:08.0742 2564  RasPppoe - ok
22:10:08.0785 2564  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:10:08.0786 2564  RasSstp - ok
22:10:08.0825 2564  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:10:08.0827 2564  rdbss - ok
22:10:08.0856 2564  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:10:08.0857 2564  rdpbus - ok
22:10:08.0881 2564  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:10:08.0882 2564  RDPCDD - ok
22:10:08.0930 2564  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:10:08.0930 2564  RDPENCDD - ok
22:10:08.0952 2564  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:10:08.0952 2564  RDPREFMP - ok
22:10:08.0988 2564  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:10:08.0989 2564  RDPWD - ok
22:10:09.0029 2564  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:10:09.0030 2564  rdyboost - ok
22:10:09.0237 2564  [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:10:09.0241 2564  RegSrvc - ok
22:10:09.0296 2564  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:10:09.0297 2564  RemoteAccess - ok
22:10:09.0342 2564  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:10:09.0343 2564  RemoteRegistry - ok
22:10:09.0418 2564  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:10:09.0419 2564  RFCOMM - ok
22:10:09.0449 2564  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:10:09.0450 2564  RpcEptMapper - ok
22:10:09.0484 2564  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:10:09.0485 2564  RpcLocator - ok
22:10:09.0515 2564  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:10:09.0518 2564  RpcSs - ok
22:10:09.0573 2564  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:10:09.0573 2564  rspndr - ok
22:10:09.0602 2564  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:10:09.0602 2564  SamSs - ok
22:10:09.0636 2564  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:10:09.0637 2564  sbp2port - ok
22:10:09.0674 2564  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:10:09.0675 2564  SCardSvr - ok
22:10:09.0704 2564  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:10:09.0705 2564  scfilter - ok
22:10:09.0806 2564  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:10:09.0812 2564  Schedule - ok
22:10:09.0857 2564  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:10:09.0857 2564  SCPolicySvc - ok
22:10:09.0895 2564  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:10:09.0897 2564  SDRSVC - ok
22:10:09.0954 2564  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:10:09.0954 2564  secdrv - ok
22:10:09.0974 2564  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:10:09.0975 2564  seclogon - ok
22:10:10.0003 2564  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:10:10.0004 2564  SENS - ok
22:10:10.0068 2564  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:10:10.0069 2564  SensrSvc - ok
22:10:10.0092 2564  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:10:10.0093 2564  Serenum - ok
22:10:10.0142 2564  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
22:10:10.0143 2564  Serial - ok
22:10:10.0194 2564  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:10:10.0194 2564  sermouse - ok
22:10:10.0241 2564  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:10:10.0242 2564  SessionEnv - ok
22:10:10.0256 2564  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:10:10.0257 2564  sffdisk - ok
22:10:10.0298 2564  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:10:10.0298 2564  sffp_mmc - ok
22:10:10.0316 2564  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:10:10.0317 2564  sffp_sd - ok
22:10:10.0329 2564  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:10:10.0329 2564  sfloppy - ok
22:10:10.0424 2564  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
22:10:10.0428 2564  Sftfs - ok
22:10:10.0546 2564  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:10:10.0549 2564  sftlist - ok
22:10:10.0590 2564  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:10:10.0591 2564  Sftplay - ok
22:10:10.0613 2564  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:10:10.0614 2564  Sftredir - ok
22:10:10.0630 2564  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
22:10:10.0630 2564  Sftvol - ok
22:10:10.0676 2564  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:10:10.0678 2564  sftvsa - ok
22:10:10.0740 2564  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:10:10.0742 2564  SharedAccess - ok
22:10:10.0777 2564  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:10:10.0780 2564  ShellHWDetection - ok
22:10:10.0845 2564  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
22:10:10.0845 2564  SiSGbeLH - ok
22:10:10.0882 2564  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:10:10.0882 2564  SiSRaid2 - ok
22:10:10.0893 2564  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:10:10.0894 2564  SiSRaid4 - ok
22:10:10.0968 2564  [ 2F5AF9D91D51E832773D4A9EAF65CB33 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:10:10.0969 2564  SkypeUpdate - ok
22:10:11.0031 2564  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:10:11.0032 2564  Smb - ok
22:10:11.0062 2564  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:10:11.0063 2564  SNMPTRAP - ok
22:10:11.0080 2564  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:10:11.0080 2564  spldr - ok
22:10:11.0210 2564  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:10:11.0214 2564  Spooler - ok
22:10:11.0649 2564  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:10:11.0666 2564  sppsvc - ok
22:10:11.0749 2564  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:10:11.0750 2564  sppuinotify - ok
22:10:11.0820 2564  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:10:11.0822 2564  srv - ok
22:10:11.0926 2564  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:10:11.0928 2564  srv2 - ok
22:10:11.0977 2564  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:10:11.0978 2564  srvnet - ok
22:10:12.0025 2564  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:10:12.0027 2564  SSDPSRV - ok
22:10:12.0046 2564  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:10:12.0047 2564  SstpSvc - ok
22:10:12.0099 2564  Steam Client Service - ok
22:10:12.0123 2564  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:10:12.0124 2564  stexstor - ok
22:10:12.0216 2564  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:10:12.0220 2564  stisvc - ok
22:10:12.0256 2564  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:10:12.0257 2564  swenum - ok
22:10:12.0332 2564  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:10:12.0336 2564  swprv - ok
22:10:12.0504 2564  [ CC13EE4AF170ABB99F6449CBB62AB219 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:10:12.0511 2564  SynTP - ok
22:10:12.0591 2564  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:10:12.0600 2564  SysMain - ok
22:10:12.0629 2564  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:10:12.0630 2564  TabletInputService - ok
22:10:12.0649 2564  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:10:12.0652 2564  TapiSrv - ok
22:10:12.0663 2564  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:10:12.0664 2564  TBS - ok
22:10:12.0812 2564  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:10:12.0820 2564  Tcpip - ok
22:10:13.0112 2564  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:10:13.0124 2564  TCPIP6 - ok
22:10:13.0181 2564  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:10:13.0182 2564  tcpipreg - ok
22:10:13.0251 2564  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:10:13.0252 2564  TDPIPE - ok
22:10:13.0290 2564  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:10:13.0290 2564  TDTCP - ok
22:10:13.0326 2564  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:10:13.0327 2564  tdx - ok
22:10:13.0357 2564  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:10:13.0358 2564  TermDD - ok
22:10:13.0472 2564  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:10:13.0477 2564  TermService - ok
22:10:13.0508 2564  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:10:13.0510 2564  Themes - ok
22:10:13.0562 2564  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:10:13.0563 2564  THREADORDER - ok
22:10:13.0703 2564  [ 69D76CE06BB629B69165C81D83A4B03E ] TiMiniService   C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
22:10:13.0704 2564  TiMiniService - ok
22:10:13.0791 2564  [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
22:10:13.0792 2564  tmactmon - ok
22:10:13.0855 2564  [ 360E61217D4E1E333583D0C721057F70 ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
22:10:13.0856 2564  tmcomm - ok
22:10:13.0882 2564  [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
22:10:13.0883 2564  tmevtmgr - ok
22:10:13.0952 2564  [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
22:10:13.0953 2564  tmtdi - ok
22:10:13.0955 2564  toltwpdp - ok
22:10:13.0989 2564  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
22:10:13.0989 2564  TPM - ok
22:10:14.0036 2564  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:10:14.0037 2564  TrkWks - ok
22:10:14.0106 2564  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:10:14.0107 2564  TrustedInstaller - ok
22:10:14.0129 2564  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:10:14.0130 2564  tssecsrv - ok
22:10:14.0173 2564  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:10:14.0174 2564  TsUsbFlt - ok
22:10:14.0234 2564  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:10:14.0235 2564  TsUsbGD - ok
22:10:14.0275 2564  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:10:14.0276 2564  tunnel - ok
22:10:14.0313 2564  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
22:10:14.0314 2564  TurboB - ok
22:10:14.0375 2564  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
22:10:14.0377 2564  TurboBoost - ok
22:10:14.0416 2564  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:10:14.0416 2564  uagp35 - ok
22:10:14.0444 2564  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:10:14.0446 2564  udfs - ok
22:10:14.0482 2564  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:10:14.0484 2564  UI0Detect - ok
22:10:14.0524 2564  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:10:14.0524 2564  uliagpkx - ok
22:10:14.0572 2564  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:10:14.0573 2564  umbus - ok
22:10:14.0613 2564  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:10:14.0614 2564  UmPass - ok
22:10:14.0905 2564  [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:10:14.0917 2564  UNS - ok
22:10:14.0956 2564  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:10:14.0958 2564  upnphost - ok
22:10:15.0012 2564  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:10:15.0013 2564  USBAAPL64 - ok
22:10:15.0051 2564  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:10:15.0052 2564  usbccgp - ok
22:10:15.0084 2564  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:10:15.0085 2564  usbcir - ok
22:10:15.0142 2564  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:10:15.0143 2564  usbehci - ok
22:10:15.0213 2564  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:10:15.0215 2564  usbhub - ok
22:10:15.0245 2564  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:10:15.0245 2564  usbohci - ok
22:10:15.0300 2564  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:10:15.0300 2564  usbprint - ok
22:10:15.0322 2564  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:10:15.0322 2564  USBSTOR - ok
22:10:15.0369 2564  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:10:15.0369 2564  usbuhci - ok
22:10:15.0451 2564  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:10:15.0452 2564  usbvideo - ok
22:10:15.0485 2564  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:10:15.0487 2564  UxSms - ok
22:10:15.0501 2564  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:10:15.0502 2564  VaultSvc - ok
22:10:15.0532 2564  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:10:15.0532 2564  vdrvroot - ok
22:10:15.0586 2564  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:10:15.0589 2564  vds - ok
22:10:15.0622 2564  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:10:15.0623 2564  vga - ok
22:10:15.0655 2564  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:10:15.0656 2564  VgaSave - ok
22:10:15.0711 2564  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:10:15.0713 2564  vhdmp - ok
22:10:15.0792 2564  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:10:15.0793 2564  viaide - ok
22:10:15.0816 2564  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:10:15.0817 2564  volmgr - ok
22:10:15.0904 2564  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:10:15.0906 2564  volmgrx - ok
22:10:15.0954 2564  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:10:15.0956 2564  volsnap - ok
22:10:16.0029 2564  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:10:16.0030 2564  vsmraid - ok
22:10:16.0237 2564  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:10:16.0246 2564  VSS - ok
22:10:16.0302 2564  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:10:16.0303 2564  vwifibus - ok
22:10:16.0314 2564  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:10:16.0314 2564  vwififlt - ok
22:10:16.0356 2564  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:10:16.0356 2564  vwifimp - ok
22:10:16.0456 2564  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:10:16.0459 2564  W32Time - ok
22:10:16.0498 2564  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:10:16.0499 2564  WacomPen - ok
22:10:16.0602 2564  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:10:16.0603 2564  WANARP - ok
22:10:16.0634 2564  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:10:16.0634 2564  Wanarpv6 - ok
22:10:16.0837 2564  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:10:16.0843 2564  WatAdminSvc - ok
22:10:16.0932 2564  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:10:16.0940 2564  wbengine - ok
22:10:16.0963 2564  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:10:16.0965 2564  WbioSrvc - ok
22:10:16.0999 2564  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:10:17.0002 2564  wcncsvc - ok
22:10:17.0029 2564  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:10:17.0031 2564  WcsPlugInService - ok
22:10:17.0057 2564  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
22:10:17.0057 2564  Wd - ok
22:10:17.0123 2564  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:10:17.0127 2564  Wdf01000 - ok
22:10:17.0152 2564  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:10:17.0154 2564  WdiServiceHost - ok
22:10:17.0158 2564  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:10:17.0160 2564  WdiSystemHost - ok
22:10:17.0224 2564  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:10:17.0227 2564  WebClient - ok
22:10:17.0266 2564  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:10:17.0269 2564  Wecsvc - ok
22:10:17.0312 2564  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:10:17.0314 2564  wercplsupport - ok
22:10:17.0336 2564  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:10:17.0338 2564  WerSvc - ok
22:10:17.0435 2564  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:10:17.0436 2564  WfpLwf - ok
22:10:17.0494 2564  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
22:10:17.0495 2564  WimFltr - ok
22:10:17.0523 2564  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:10:17.0523 2564  WIMMount - ok
22:10:17.0582 2564  WinDefend - ok
22:10:17.0601 2564  WinHttpAutoProxySvc - ok
22:10:17.0714 2564  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:10:17.0715 2564  Winmgmt - ok
22:10:17.0775 2564  WinRing0_1_2_0 - ok
22:10:18.0002 2564  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:10:18.0012 2564  WinRM - ok
22:10:18.0118 2564  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:10:18.0119 2564  WinUsb - ok
22:10:18.0236 2564  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:10:18.0241 2564  Wlansvc - ok
22:10:18.0603 2564  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:10:18.0614 2564  wlidsvc - ok
22:10:18.0693 2564  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:10:18.0693 2564  WmiAcpi - ok
22:10:18.0770 2564  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:10:18.0772 2564  wmiApSrv - ok
22:10:18.0846 2564  WMPNetworkSvc - ok
22:10:18.0894 2564  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:10:18.0895 2564  WPCSvc - ok
22:10:18.0956 2564  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:10:18.0958 2564  WPDBusEnum - ok
22:10:18.0989 2564  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:10:18.0989 2564  ws2ifsl - ok
22:10:19.0034 2564  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:10:19.0035 2564  wscsvc - ok
22:10:19.0038 2564  WSearch - ok
22:10:19.0419 2564  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:10:19.0431 2564  wuauserv - ok
22:10:19.0476 2564  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:10:19.0476 2564  WudfPf - ok
22:10:19.0559 2564  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:10:19.0560 2564  WUDFRd - ok
22:10:19.0590 2564  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:10:19.0592 2564  wudfsvc - ok
22:10:19.0659 2564  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:10:19.0662 2564  WwanSvc - ok
22:10:19.0738 2564  ================ Scan global ===============================
22:10:19.0785 2564  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:10:19.0842 2564  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:10:19.0856 2564  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:10:19.0901 2564  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:10:19.0933 2564  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:10:19.0935 2564  [Global] - ok
22:10:19.0936 2564  ================ Scan MBR ==================================
22:10:19.0957 2564  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:10:21.0471 2564  \Device\Harddisk0\DR0 - ok
22:10:21.0472 2564  ================ Scan VBR ==================================
22:10:21.0496 2564  [ 6529203816F6377A41EB33FC3D756331 ] \Device\Harddisk0\DR0\Partition1
22:10:21.0516 2564  \Device\Harddisk0\DR0\Partition1 - ok
22:10:21.0550 2564  [ 734F83D92AD82E54C56FF469C4D5F9A1 ] \Device\Harddisk0\DR0\Partition2
22:10:21.0568 2564  \Device\Harddisk0\DR0\Partition2 - ok
22:10:21.0568 2564  ============================================================
22:10:21.0568 2564  Scan finished
22:10:21.0568 2564  ============================================================
22:10:21.0576 2336  Detected object count: 0
22:10:21.0576 2336  Actual detected object count: 0
 

 

 

 

 

In addition, here is the log from my Malwarebytes scan:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.27.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Erskine :: INDIGO-PC [administrator]

Protection: Enabled

5/27/2013 9:47:18 PM
MBAM-log-2013-05-27 (21-53-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251500
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-211142715-1958942976-3271089698-1002\$R550C48C6 (Rootkit.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-211142715-1958942976-3271089698-1002\$RF8659CFA (Rootkit.0Access) -> No action taken.

(end)
 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 27 May 2013 - 10:12 PM


Hello sefarison

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sefarison

sefarison
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 27 May 2013 - 11:25 PM

# AdwCleaner v2.301 - Logfile created 05/28/2013 at 00:07:01
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Erskine - INDIGO-PC
# Boot Mode : Normal
# Running from : C:\Users\Erskine\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Erskine\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Users\Erskine\AppData\Local\PackageAware
Folder Deleted : C:\Users\Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\8cofi543.default\jetpack

***** [Registry] *****

Key Deleted : HKLM\Software\Freeze.com

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\8cofi543.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [944 octets] - [28/05/2013 00:07:01]

########## EOF - C:\AdwCleaner[S1].txt - [1003 octets] ##########
 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Erskine on Tue 05/28/2013 at  0:12:05.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Erskine\AppData\Roaming\mozilla\firefox\profiles\8cofi543.default\minidumps [123 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/28/2013 at  0:20:00.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

MSE is still borked. :(



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 28 May 2013 - 12:13 AM


Hello sefarison

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sefarison

sefarison
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 28 May 2013 - 12:50 AM

ComboFix 13-05-27.02 - Erskine 05/28/2013   1:35.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7968.5846 [GMT -4:00]
Running from: c:\users\Erskine\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-28 to 2013-05-28  )))))))))))))))))))))))))))))))
.
.
2013-05-28 05:44 . 2013-05-28 05:44    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-28 05:44 . 2013-05-28 05:44    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-05-28 04:12 . 2013-05-28 04:12    --------    d-----w-    c:\windows\ERUNT
2013-05-28 04:11 . 2013-05-28 04:11    --------    d-----w-    C:\JRT
2013-05-28 02:38 . 2013-05-28 03:16    --------    d-----w-    c:\program files (x86)\The Incredible Adventures of Van Helsing
2013-05-27 08:48 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB3DB3D0-5CCC-4A52-9283-3E2FC8BB07CF}\mpengine.dll
2013-05-27 03:40 . 2013-05-27 05:17    --------    d-----w-    c:\program files (x86)\StarDrive
2013-05-27 03:06 . 2013-05-27 03:06    --------    d-----w-    c:\users\Erskine\AppData\Local\Razer
2013-05-27 02:20 . 2013-05-27 22:55    --------    d-----w-    c:\programdata\Razer
2013-05-27 02:20 . 2013-05-27 02:20    --------    d-----w-    c:\program files (x86)\Razer
2013-05-26 00:56 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-25 08:18 . 2013-05-25 08:18    --------    d-----w-    c:\programdata\Microsoft Help
2013-05-25 08:18 . 2013-05-25 08:18    --------    d-----w-    c:\users\Erskine\AppData\Local\Microsoft Help
2013-05-23 23:46 . 2013-05-23 23:46    --------    d-----w-    c:\program files (x86)\Fractal Softworks
2013-05-22 08:37 . 2013-05-22 08:36    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12726609-DF71-436A-AD21-C5C5F1C76700}\gapaengine.dll
2013-05-20 03:07 . 2013-05-20 03:07    --------    d-----w-    C:\GOG Games
2013-05-17 20:39 . 2013-05-17 20:39    --------    d-----w-    c:\users\Erskine\AppData\Roaming\11bitstudios
2013-05-17 20:22 . 2013-05-17 20:38    --------    d-----w-    c:\program files (x86)\Anomaly 2
2013-05-16 17:04 . 2013-05-16 17:04    --------    d-----w-    c:\program files (x86)\Sanctum 2
2013-05-15 14:46 . 2013-04-10 06:01    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 14:46 . 2013-04-10 06:01    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 14:46 . 2011-02-03 11:25    144384    ----a-w-    c:\windows\system32\cdd.dll
2013-05-15 14:46 . 2013-02-27 05:52    14172672    ----a-w-    c:\windows\system32\shell32.dll
2013-05-15 14:46 . 2013-02-27 05:48    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-05-15 14:46 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2013-05-15 14:46 . 2013-02-27 05:52    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2013-05-15 14:46 . 2013-02-27 04:49    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-05-15 14:46 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-15 14:45 . 2013-03-19 05:53    48640    ----a-w-    c:\windows\system32\wwanprotdim.dll
2013-05-15 14:45 . 2013-03-19 05:53    230400    ----a-w-    c:\windows\system32\wwansvc.dll
2013-05-15 14:45 . 2013-04-10 03:30    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-05-11 10:37 . 2013-05-11 10:37    209472    ----a-w-    c:\program files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2013-05-11 09:32 . 2013-05-11 09:32    --------    d-----w-    c:\users\Erskine\AppData\Roaming\StarDrive
2013-05-11 09:15 . 2013-05-11 09:15    --------    d-----w-    c:\program files (x86)\Microsoft XNA
2013-04-30 05:37 . 2013-04-30 05:37    --------    d-----w-    c:\users\Public\Games
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-28 04:09 . 2012-09-12 19:12    387    ----a-w-    c:\users\Erskine\AppData\Roaming\sp_data.sys
2013-05-27 22:54 . 2012-07-17 18:37    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 13:42 . 2012-09-26 15:54    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-15 15:29 . 2012-08-16 16:20    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 15:29 . 2012-08-16 16:20    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29 . 2012-08-16 16:18    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-24 12:16 . 2013-04-24 12:16    905296    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E3B76A8-7957-4E47-B60C-085B69F75E66}\gapaengine.dll
2013-04-24 12:16 . 2012-09-27 23:11    905296    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 05:49 . 2013-05-15 14:46    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 14:46    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 14:46    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 14:46    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 14:46    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:46    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 12:16    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-04 18:50 . 2012-12-21 06:13    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-19 06:04 . 2013-04-10 01:24    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 01:24    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 01:24    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 01:24    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 01:24    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 01:24    112640    ----a-w-    c:\windows\system32\smss.exe
2013-03-16 09:03 . 2013-03-16 09:03    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-16 09:02 . 2012-08-16 16:22    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-03-16 09:02 . 2012-08-16 16:22    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-03-16 08:58 . 2013-03-16 08:59    108448    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-16 08:58 . 2013-03-16 08:59    310688    ----a-w-    c:\windows\system32\javaws.exe
2013-03-16 08:58 . 2013-03-16 08:59    188832    ----a-w-    c:\windows\system32\javaw.exe
2013-03-16 08:58 . 2013-03-16 08:59    188320    ----a-w-    c:\windows\system32\java.exe
2013-03-16 08:58 . 2013-03-16 08:59    963488    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-16 08:58 . 2013-03-16 08:59    1085344    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-15 05:53 . 2013-04-09 04:17    968408    ----a-w-    c:\windows\SysWow64\nvumdshim.dll
2013-03-15 05:53 . 2013-04-09 04:17    9414456    ----a-w-    c:\windows\system32\nvcuda.dll
2013-03-15 05:53 . 2013-04-09 04:17    7959000    ----a-w-    c:\windows\SysWow64\nvcuda.dll
2013-03-15 05:53 . 2013-04-09 04:17    7573816    ----a-w-    c:\windows\system32\nvopencl.dll
2013-03-15 05:53 . 2013-04-09 04:17    6271872    ----a-w-    c:\windows\SysWow64\nvopencl.dll
2013-03-15 05:53 . 2013-04-09 04:17    2913056    ----a-w-    c:\windows\system32\nvcuvid.dll
2013-03-15 05:53 . 2013-04-09 04:17    2728736    ----a-w-    c:\windows\SysWow64\nvcuvid.dll
2013-03-15 05:53 . 2013-04-09 04:17    26956576    ----a-w-    c:\windows\system32\nvoglv64.dll
2013-03-15 05:53 . 2013-04-09 04:17    2539128    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-03-15 05:53 . 2013-04-09 04:17    25256736    ----a-w-    c:\windows\system32\nvcompiler.dll
2013-03-15 05:53 . 2013-04-09 04:17    2355488    ----a-w-    c:\windows\system32\nvcuvenc.dll
2013-03-15 05:53 . 2013-04-09 04:17    20542752    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
2013-03-15 05:53 . 2013-04-09 04:17    1995552    ----a-w-    c:\windows\SysWow64\nvcuvenc.dll
2013-03-15 05:53 . 2013-04-09 04:17    1807136    ----a-w-    c:\windows\system32\nvdispco6431422.dll
2013-03-15 05:53 . 2013-04-09 04:17    17990800    ----a-w-    c:\windows\system32\nvd3dumx.dll
2013-03-15 05:53 . 2013-04-09 04:17    17560352    ----a-w-    c:\windows\SysWow64\nvcompiler.dll
2013-03-15 05:53 . 2013-04-09 04:17    1510176    ----a-w-    c:\windows\system32\nvdispgenco6431422.dll
2013-03-15 05:53 . 2013-04-09 04:17    15042928    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2013-03-15 05:53 . 2013-04-09 04:17    13088000    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-03-15 05:53 . 2013-04-09 04:17    30496    ----a-w-    c:\windows\system32\drivers\nvpciflt.sys
2013-03-15 05:53 . 2013-04-09 04:17    15508512    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2013-04-09 04:17    11048736    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2013-03-15 05:53 . 2012-04-03 11:43    1118776    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-03-15 05:53 . 2012-04-03 11:43    2864144    ----a-w-    c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2012-04-03 11:43    250504    ----a-w-    c:\windows\system32\nvinitx.dll
2013-03-15 05:53 . 2012-04-03 11:43    205184    ----a-w-    c:\windows\SysWow64\nvinit.dll
2013-03-15 04:16 . 2012-04-03 11:44    3477280    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2012-04-03 11:44    6398240    ----a-w-    c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2012-04-03 11:44    877856    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2012-04-03 11:44    76064    ----a-w-    c:\windows\system32\nv3dappshextr.dll
2013-03-15 04:16 . 2012-04-03 11:44    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2012-04-03 11:44    2555680    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-03-15 04:16 . 2012-04-03 11:44    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-03-15 04:16 . 2012-04-03 11:44    1016096    ----a-w-    c:\windows\system32\nv3dappshext.dll
2013-03-13 16:24 . 2012-04-03 11:44    3065455    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-03-03 22:05 . 2013-03-03 22:05    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2013-03-03 22:05 . 2013-03-03 22:05    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2013-03-03 22:05 . 2013-03-03 22:05    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-03-03 22:05 . 2013-03-03 22:05    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-08 11:59    220632    ----a-w-    c:\users\Erskine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-08 11:59    220632    ----a-w-    c:\users\Erskine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-08 11:59    220632    ----a-w-    c:\users\Erskine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-05-12 802136]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-03 1635752]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18643048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-18 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-09-06 75048]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-18 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 toltwpdp;toltwpdp;c:\windows\system32\drivers\toltwpdp.sys [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/04/03 04:56;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-04-20 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 ALSysIO;ALSysIO;c:\users\Erskine\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2011-04-27 20480]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-18 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-03-15 30496]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-17 283200]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-03 277120]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-22 130024]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-22 395752]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-09-19 108656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 15:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-08 11:59    244696    ----a-w-    c:\users\Erskine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-08 11:59    244696    ----a-w-    c:\users\Erskine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-08 11:59    244696    ----a-w-    c:\users\Erskine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09    227840    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09    227840    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-06-13 1212560]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\8cofi543.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-211142715-1958942976-3271089698-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-211142715-1958942976-3271089698-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-28  01:47:43
ComboFix-quarantined-files.txt  2013-05-28 05:47
.
Pre-Run: 47,311,945,728 bytes free
Post-Run: 49,148,211,200 bytes free
.
- - End Of File - - 9A9D3CB5D3100656E0562BD54DC56450
 

 

 

Still cannot access MSE.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 28 May 2013 - 12:52 AM


Hello sefarison



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sefarison

sefarison
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 28 May 2013 - 01:00 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-05-2013
Ran by Erskine (administrator) on 28-05-2013 01:56:04
Running from C:\Users\Erskine\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Farbar) C:\Users\Erskine\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF" [x]
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none" [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-07-21] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3  [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [98088 2011-07-21] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]
HKCU\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED [802136 2013-05-11] (BitTorrent Inc.)
HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18643048 2013-02-28] (Skype Technologies S.A.)
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [3331312 2011-10-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-05] (cyberlink)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-10] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [x]
HKU\UpdatusUser\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED [802136 2013-05-11] (BitTorrent Inc.)
HKU\UpdatusUser\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4272640 2012-09-12] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)
HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\UpdatusUser\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18643048 2013-02-28] (Skype Technologies S.A.)
HKU\UpdatusUser\...\RunOnce: [Uninstall C:\Users\Erskine\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Erskine\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" [x]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [250504 2013-03-15] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Winsock: Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)
Winsock: Catalog5-x64 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\8cofi543.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: EPUBReader - C:\Users\Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\8cofi543.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: DownloadHelper - C:\Users\Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\8cofi543.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Cookies Manager+ - C:\Users\Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\8cofi543.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
FF Extension: scriptish - C:\Users\Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\8cofi543.default\Extensions\scriptish@erikvold.com.xpi
FF Extension: No Name - C:\Users\Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\8cofi543.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\8cofi543.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: No Name - C:\Users\Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\8cofi543.default\Extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-03] (ASUS)
R2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()
R3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-17] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-27] (Marvell Semiconductor, Inc.)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S3 ALSysIO; \??\C:\Users\Erskine\AppData\Local\Temp\ALSysIO64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S1 toltwpdp; \??\C:\Windows\system32\drivers\toltwpdp.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-28 01:55 - 2013-05-28 01:55 - 01915616 ____A (Farbar) C:\Users\Erskine\Desktop\FRST64.exe
2013-05-28 01:55 - 2013-05-28 01:55 - 00000000 ____D C:\FRST
2013-05-28 01:47 - 2013-05-28 01:47 - 00029245 ____A C:\ComboFix.txt
2013-05-28 01:33 - 2013-05-28 01:47 - 00000000 ____D C:\ComboFix
2013-05-28 01:33 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-28 01:33 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-28 01:33 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-28 01:33 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-28 01:33 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-28 01:33 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-28 01:33 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-28 01:33 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-28 01:32 - 2013-05-28 01:47 - 00000000 ____D C:\Qoobox
2013-05-28 01:32 - 2013-05-28 01:46 - 00000000 ____D C:\Windows\erdnt
2013-05-28 01:28 - 2013-05-28 01:28 - 05073915 ____R (Swearware) C:\Users\Erskine\Desktop\ComboFix.exe
2013-05-28 00:20 - 2013-05-28 00:20 - 00000770 ____A C:\Users\Erskine\Desktop\JRT.txt
2013-05-28 00:12 - 2013-05-28 00:12 - 00000000 ____D C:\Windows\ERUNT
2013-05-28 00:11 - 2013-05-28 00:11 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Erskine\Desktop\JRT.exe
2013-05-28 00:11 - 2013-05-28 00:11 - 00000000 ____D C:\JRT
2013-05-28 00:07 - 2013-05-28 00:07 - 00001072 ____A C:\AdwCleaner[S1].txt
2013-05-28 00:04 - 2013-05-28 00:04 - 00632031 ____A C:\Users\Erskine\Desktop\AdwCleaner.exe
2013-05-27 23:43 - 2013-05-27 23:43 - 00000000 ____D C:\Users\Erskine\Documents\NeocoreGames
2013-05-27 23:08 - 2013-05-27 23:08 - 00001024 ____A C:\Users\Public\Desktop\The Incredible Adventures of Van Helsing.lnk
2013-05-27 22:38 - 2013-05-27 23:16 - 00000000 ____D C:\Program Files (x86)\The Incredible Adventures of Van Helsing
2013-05-27 22:11 - 2013-05-27 22:11 - 00000564 ____A C:\Users\Erskine\Desktop\MBR.zip
2013-05-27 22:08 - 2013-05-27 22:08 - 00001921 ____A C:\Users\Erskine\Desktop\aswMBR.txt
2013-05-27 22:08 - 2013-05-27 22:08 - 00000512 ____A C:\Users\Erskine\Desktop\MBR.dat
2013-05-27 21:59 - 2013-05-27 22:01 - 04745728 ____A (AVAST Software) C:\Users\Erskine\Desktop\aswMBR.exe
2013-05-27 21:56 - 2013-05-27 21:56 - 00024135 ____A C:\Users\Erskine\Desktop\dds.txt
2013-05-27 21:56 - 2013-05-27 21:56 - 00007793 ____A C:\Users\Erskine\Desktop\attach.txt
2013-05-27 21:55 - 2013-05-27 21:55 - 00688992 ____R (Swearware) C:\Users\Erskine\Desktop\dds.com
2013-05-27 21:41 - 2013-05-27 21:41 - 02240352 ____A (Kaspersky Lab ZAO) C:\Users\Erskine\Desktop\tdsskiller.exe
2013-05-26 23:56 - 2013-05-26 23:56 - 00000000 ____D C:\Users\Erskine\Documents\Razer
2013-05-26 23:44 - 2013-05-26 23:44 - 00000992 ____A C:\Users\Erskine\Desktop\StarDrive.lnk
2013-05-26 23:40 - 2013-05-27 01:17 - 00000000 ____D C:\Program Files (x86)\StarDrive
2013-05-26 23:06 - 2013-05-26 23:06 - 00000000 ____D C:\Users\Erskine\AppData\Local\Razer
2013-05-26 22:20 - 2013-05-27 18:55 - 00000000 ____D C:\ProgramData\Razer
2013-05-26 22:20 - 2013-05-26 22:20 - 00000000 ____D C:\Program Files (x86)\Razer
2013-05-26 22:17 - 2013-05-26 22:17 - 17727824 ____A (Razer USA Ltd                                               ) C:\Users\Erskine\Desktop\Game_Booster_v3.6.0.exe
2013-05-26 22:08 - 2013-05-26 22:11 - 00000000 ____D C:\Users\Erskine\Desktop\Download
2013-05-26 22:08 - 2013-05-26 22:08 - 00945456 ____A C:\Users\Erskine\Desktop\IObit_Uninstaller_downloader.exe
2013-05-25 04:18 - 2013-05-25 04:18 - 00000000 ____D C:\Users\Erskine\AppData\Local\Microsoft Help
2013-05-25 04:18 - 2013-05-25 04:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-23 19:47 - 2013-05-23 19:47 - 00001227 ____A C:\Users\Public\Desktop\Starsector.lnk
2013-05-23 19:46 - 2013-05-23 19:46 - 00000000 ____D C:\Program Files (x86)\Fractal Softworks
2013-05-19 23:30 - 2013-05-19 23:38 - 00000000 ____D C:\Users\Erskine\Documents\Reus
2013-05-19 23:07 - 2013-05-19 23:07 - 00000000 ____D C:\GOG Games
2013-05-17 16:39 - 2013-05-17 16:39 - 00000000 ____D C:\Users\Erskine\AppData\Roaming\11bitstudios
2013-05-17 16:22 - 2013-05-17 16:38 - 00000000 ____D C:\Program Files (x86)\Anomaly 2
2013-05-16 13:04 - 2013-05-16 13:04 - 00000000 ____D C:\Program Files (x86)\Sanctum 2
2013-05-16 09:36 - 2013-04-05 02:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 09:36 - 2013-04-05 02:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 09:36 - 2013-04-05 02:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-16 09:36 - 2013-04-05 02:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 09:36 - 2013-04-05 02:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 09:36 - 2013-04-05 02:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 09:36 - 2013-04-05 02:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 09:36 - 2013-04-05 02:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 09:36 - 2013-04-05 02:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 09:36 - 2013-04-05 02:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 09:36 - 2013-04-05 02:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-16 09:36 - 2013-04-05 02:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-16 09:36 - 2013-04-05 02:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 09:36 - 2013-04-05 02:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-16 09:36 - 2013-04-05 01:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 09:36 - 2013-04-05 01:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 09:36 - 2013-04-05 01:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 09:36 - 2013-04-05 01:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 09:36 - 2013-04-05 01:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 09:36 - 2013-04-05 01:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 09:36 - 2013-04-05 01:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-16 09:36 - 2013-04-05 01:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 09:36 - 2013-04-05 01:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 09:36 - 2013-04-05 01:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-16 09:36 - 2013-04-05 01:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-16 09:36 - 2013-04-05 01:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 09:36 - 2013-04-05 01:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-16 09:36 - 2013-04-05 00:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 09:36 - 2013-04-05 00:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 09:36 - 2013-04-04 23:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-16 09:36 - 2013-04-04 23:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 10:46 - 2013-04-10 02:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 10:46 - 2013-04-10 02:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 10:46 - 2013-02-27 02:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 10:46 - 2013-02-27 01:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 10:46 - 2013-02-27 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 10:46 - 2013-02-27 01:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 10:46 - 2013-02-27 01:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 10:46 - 2013-02-27 00:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 10:46 - 2013-02-27 00:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 10:46 - 2013-02-27 00:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 10:46 - 2011-02-03 07:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 10:45 - 2013-04-09 23:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 10:45 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 10:45 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-11 07:47 - 2013-05-11 07:49 - 00000000 ____D C:\Users\Erskine\Documents\Stardrive
2013-05-11 05:32 - 2013-05-11 05:32 - 00000000 ____D C:\Users\Erskine\AppData\Roaming\StarDrive
2013-05-11 05:15 - 2013-05-11 05:15 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-05-07 03:06 - 2013-05-07 03:06 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-07 03:06 - 2013-05-07 03:06 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-07 03:06 - 2013-05-07 03:06 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-07 03:06 - 2013-05-07 03:06 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-07 03:06 - 2013-05-07 03:06 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-07 03:06 - 2013-05-07 03:06 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-07 03:06 - 2013-05-07 03:06 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-07 03:06 - 2013-05-07 03:06 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-07 03:06 - 2013-05-07 03:06 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-07 03:01 - 2013-05-07 03:12 - 00007043 ____A C:\Windows\IE10_main.log
2013-04-30 01:42 - 2013-04-30 01:42 - 00001239 ____A C:\Users\Erskine\Desktop\Neverwinter.lnk
2013-04-30 01:37 - 2013-04-30 01:37 - 00000000 ____D C:\Users\Public\Games

==================== One Month Modified Files and Folders =======

2013-05-28 01:55 - 2013-05-28 01:55 - 01915616 ____A (Farbar) C:\Users\Erskine\Desktop\FRST64.exe
2013-05-28 01:55 - 2013-05-28 01:55 - 00000000 ____D C:\FRST
2013-05-28 01:52 - 2012-11-25 01:53 - 00000000 ____D C:\Users\Erskine\AppData\Roaming\Skype
2013-05-28 01:47 - 2013-05-28 01:47 - 00029245 ____A C:\ComboFix.txt
2013-05-28 01:47 - 2013-05-28 01:33 - 00000000 ____D C:\ComboFix
2013-05-28 01:47 - 2013-05-28 01:32 - 00000000 ____D C:\Qoobox
2013-05-28 01:47 - 2009-07-13 23:20 - 00000000 __RHD C:\users\Default
2013-05-28 01:46 - 2013-05-28 01:32 - 00000000 ____D C:\Windows\erdnt
2013-05-28 01:44 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini
2013-05-28 01:29 - 2012-08-16 12:20 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-28 01:28 - 2013-05-28 01:28 - 05073915 ____R (Swearware) C:\Users\Erskine\Desktop\ComboFix.exe
2013-05-28 00:47 - 2012-04-03 07:40 - 01633020 ____A C:\Windows\WindowsUpdate.log
2013-05-28 00:20 - 2013-05-28 00:20 - 00000770 ____A C:\Users\Erskine\Desktop\JRT.txt
2013-05-28 00:15 - 2009-07-14 00:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-28 00:15 - 2009-07-14 00:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-28 00:14 - 2012-08-16 12:20 - 00000000 ____D C:\Users\Erskine\AppData\Roaming\uTorrent
2013-05-28 00:12 - 2013-05-28 00:12 - 00000000 ____D C:\Windows\ERUNT
2013-05-28 00:11 - 2013-05-28 00:11 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Erskine\Desktop\JRT.exe
2013-05-28 00:11 - 2013-05-28 00:11 - 00000000 ____D C:\JRT
2013-05-28 00:09 - 2012-09-12 15:12 - 00000387 ____A C:\Users\Erskine\AppData\Roaming\sp_data.sys
2013-05-28 00:09 - 2012-08-16 13:03 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-28 00:08 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-28 00:08 - 2009-07-14 00:51 - 00072389 ____A C:\Windows\setupact.log
2013-05-28 00:07 - 2013-05-28 00:07 - 00001072 ____A C:\AdwCleaner[S1].txt
2013-05-28 00:04 - 2013-05-28 00:04 - 00632031 ____A C:\Users\Erskine\Desktop\AdwCleaner.exe
2013-05-27 23:43 - 2013-05-27 23:43 - 00000000 ____D C:\Users\Erskine\Documents\NeocoreGames
2013-05-27 23:16 - 2013-05-27 22:38 - 00000000 ____D C:\Program Files (x86)\The Incredible Adventures of Van Helsing
2013-05-27 23:10 - 2011-10-18 00:19 - 00334584 ____A C:\Windows\DirectX.log
2013-05-27 23:08 - 2013-05-27 23:08 - 00001024 ____A C:\Users\Public\Desktop\The Incredible Adventures of Van Helsing.lnk
2013-05-27 22:11 - 2013-05-27 22:11 - 00000564 ____A C:\Users\Erskine\Desktop\MBR.zip
2013-05-27 22:08 - 2013-05-27 22:08 - 00001921 ____A C:\Users\Erskine\Desktop\aswMBR.txt
2013-05-27 22:08 - 2013-05-27 22:08 - 00000512 ____A C:\Users\Erskine\Desktop\MBR.dat
2013-05-27 22:01 - 2013-05-27 21:59 - 04745728 ____A (AVAST Software) C:\Users\Erskine\Desktop\aswMBR.exe
2013-05-27 21:56 - 2013-05-27 21:56 - 00024135 ____A C:\Users\Erskine\Desktop\dds.txt
2013-05-27 21:56 - 2013-05-27 21:56 - 00007793 ____A C:\Users\Erskine\Desktop\attach.txt
2013-05-27 21:55 - 2013-05-27 21:55 - 00688992 ____R (Swearware) C:\Users\Erskine\Desktop\dds.com
2013-05-27 21:41 - 2013-05-27 21:41 - 02240352 ____A (Kaspersky Lab ZAO) C:\Users\Erskine\Desktop\tdsskiller.exe
2013-05-27 21:31 - 2012-04-03 07:51 - 00002224 ____A C:\Windows\System32\AutoRunFilter.ini
2013-05-27 21:30 - 2011-10-17 23:58 - 00232916 ____A C:\Windows\PFRO.log
2013-05-27 21:15 - 2012-08-16 12:15 - 00002198 ____A C:\Windows\epplauncher.mif
2013-05-27 18:55 - 2013-05-26 22:20 - 00000000 ____D C:\ProgramData\Razer
2013-05-27 01:17 - 2013-05-26 23:40 - 00000000 ____D C:\Program Files (x86)\StarDrive
2013-05-26 23:56 - 2013-05-26 23:56 - 00000000 ____D C:\Users\Erskine\Documents\Razer
2013-05-26 23:44 - 2013-05-26 23:44 - 00000992 ____A C:\Users\Erskine\Desktop\StarDrive.lnk
2013-05-26 23:06 - 2013-05-26 23:06 - 00000000 ____D C:\Users\Erskine\AppData\Local\Razer
2013-05-26 22:20 - 2013-05-26 22:20 - 00000000 ____D C:\Program Files (x86)\Razer
2013-05-26 22:17 - 2013-05-26 22:17 - 17727824 ____A (Razer USA Ltd                                               ) C:\Users\Erskine\Desktop\Game_Booster_v3.6.0.exe
2013-05-26 22:11 - 2013-05-26 22:08 - 00000000 ____D C:\Users\Erskine\Desktop\Download
2013-05-26 22:08 - 2013-05-26 22:08 - 00945456 ____A C:\Users\Erskine\Desktop\IObit_Uninstaller_downloader.exe
2013-05-26 22:02 - 2013-04-20 04:15 - 00000000 ____D C:\Users\Erskine\Documents\Mount&Blade Warband
2013-05-26 21:55 - 2013-03-16 01:48 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-05-26 13:34 - 2012-11-13 11:46 - 00000000 ____D C:\Users\Erskine\AppData\Roaming\SoftGrid Client
2013-05-25 04:18 - 2013-05-25 04:18 - 00000000 ____D C:\Users\Erskine\AppData\Local\Microsoft Help
2013-05-25 04:18 - 2013-05-25 04:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-23 19:47 - 2013-05-23 19:47 - 00001227 ____A C:\Users\Public\Desktop\Starsector.lnk
2013-05-23 19:46 - 2013-05-23 19:46 - 00000000 ____D C:\Program Files (x86)\Fractal Softworks
2013-05-21 02:23 - 2012-12-25 19:48 - 00000000 ____D C:\Users\Erskine\AppData\Roaming\RenPy
2013-05-19 23:38 - 2013-05-19 23:30 - 00000000 ____D C:\Users\Erskine\Documents\Reus
2013-05-19 23:14 - 2011-10-18 00:17 - 00789524 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-19 23:14 - 2009-07-14 01:13 - 00789524 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-19 23:07 - 2013-05-19 23:07 - 00000000 ____D C:\GOG Games
2013-05-18 23:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-05-17 16:39 - 2013-05-17 16:39 - 00000000 ____D C:\Users\Erskine\AppData\Roaming\11bitstudios
2013-05-17 16:38 - 2013-05-17 16:22 - 00000000 ____D C:\Program Files (x86)\Anomaly 2
2013-05-17 11:32 - 2012-09-11 17:55 - 00000000 ____D C:\Program Files (x86)\SafeConnect
2013-05-17 11:32 - 2012-08-16 12:00 - 00000000 ____D C:\users\Erskine
2013-05-16 18:07 - 2009-07-14 00:45 - 00278184 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 18:06 - 2012-08-16 12:20 - 00000000 ____D C:\Program Files (x86)\uTorrent
2013-05-16 14:40 - 2012-08-17 19:43 - 00000000 ____D C:\Users\Erskine\Documents\My Games
2013-05-16 13:04 - 2013-05-16 13:04 - 00000000 ____D C:\Program Files (x86)\Sanctum 2
2013-05-16 09:42 - 2012-09-26 11:54 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 11:29 - 2012-08-16 12:20 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 11:29 - 2012-08-16 12:20 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-11 07:49 - 2013-05-11 07:47 - 00000000 ____D C:\Users\Erskine\Documents\Stardrive
2013-05-11 05:32 - 2013-05-11 05:32 - 00000000 ____D C:\Users\Erskine\AppData\Roaming\StarDrive
2013-05-11 05:15 - 2013-05-11 05:15 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-05-07 03:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-07 03:12 - 2013-05-07 03:01 - 00007043 ____A C:\Windows\IE10_main.log
2013-05-07 03:06 - 2013-05-07 03:06 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-07 03:06 - 2013-05-07 03:06 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-07 03:06 - 2013-05-07 03:06 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-07 03:06 - 2013-05-07 03:06 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-07 03:06 - 2013-05-07 03:06 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-07 03:06 - 2013-05-07 03:06 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-07 03:06 - 2013-05-07 03:06 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-07 03:06 - 2013-05-07 03:06 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-07 03:06 - 2013-05-07 03:06 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-07 03:06 - 2013-05-07 03:06 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-07 03:06 - 2013-05-07 03:06 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-03 00:29 - 2012-09-22 04:31 - 00000000 ____D C:\Users\Erskine\Documents\My Library
2013-05-02 11:29 - 2012-08-16 12:18 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-30 01:42 - 2013-04-30 01:42 - 00001239 ____A C:\Users\Erskine\Desktop\Neverwinter.lnk
2013-04-30 01:37 - 2013-04-30 01:37 - 00000000 ____D C:\Users\Public\Games
2013-04-28 22:32 - 2012-11-20 22:25 - 00000000 ____D C:\Users\Erskine\AppData\Local\Last.fm
2013-04-28 20:26 - 2012-08-16 12:19 - 00000000 ____D C:\ProgramData\Adobe
2013-04-28 20:24 - 2012-08-16 12:30 - 00000000 ____D C:\Users\Erskine\AppData\Local\Windows Live

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


Last Boot: 2013-05-25 02:42

==================== End Of Log ============================

 

Attached Files



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 28 May 2013 - 01:13 AM

Hello sefarison



I need you to download this script I have made for you --> Attached File  fixlist.txt   185bytes   2 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sefarison

sefarison
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 28 May 2013 - 03:00 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-05-2013
Ran by Erskine at 2013-05-28 03:28:59 Run:1
Running from C:\Users\Erskine\Desktop
Boot Mode: Normal
==============================================

"C:\Program Files\Windows Defender" => Deleting junctions and unlocking files completed successfully.
"C:\Program Files\Microsoft Security Client" => Deleting junctions and unlocking files completed successfully.

=========  Dir /b /a:l "C:\Program Files" /s =========

File Not Found

========= End of CMD: =========


==== End of Fixlog ====

 

 

Seems to have worked! Any further steps?



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 28 May 2013 - 12:34 PM


Hello sefarison

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sefarison

sefarison
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 28 May 2013 - 04:47 PM

ComboFix 13-05-27.02 - Erskine 05/28/2013  17:33:03.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7968.5283 [GMT -4:00]
Running from: c:\users\Erskine\Desktop\ComboFix.exe
Command switches used :: c:\users\Erskine\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-28 to 2013-05-28  )))))))))))))))))))))))))))))))
.
.
2013-05-28 21:42 . 2013-05-28 21:42    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-05-28 21:42 . 2013-05-28 21:42    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-28 09:27 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EF7EF46-A07C-4D17-9544-DCD3739A03DF}\mpengine.dll
2013-05-28 05:55 . 2013-05-28 07:29    --------    d-----w-    C:\FRST
2013-05-28 04:12 . 2013-05-28 04:12    --------    d-----w-    c:\windows\ERUNT
2013-05-28 04:11 . 2013-05-28 04:11    --------    d-----w-    C:\JRT
2013-05-28 02:38 . 2013-05-28 03:16    --------    d-----w-    c:\program files (x86)\The Incredible Adventures of Van Helsing
2013-05-27 08:48 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-27 03:40 . 2013-05-27 05:17    --------    d-----w-    c:\program files (x86)\StarDrive
2013-05-27 03:06 . 2013-05-27 03:06    --------    d-----w-    c:\users\Erskine\AppData\Local\Razer
2013-05-27 02:20 . 2013-05-27 22:55    --------    d-----w-    c:\programdata\Razer
2013-05-27 02:20 . 2013-05-27 02:20    --------    d-----w-    c:\program files (x86)\Razer
2013-05-25 08:18 . 2013-05-25 08:18    --------    d-----w-    c:\programdata\Microsoft Help
2013-05-25 08:18 . 2013-05-25 08:18    --------    d-----w-    c:\users\Erskine\AppData\Local\Microsoft Help
2013-05-23 23:46 . 2013-05-23 23:46    --------    d-----w-    c:\program files (x86)\Fractal Softworks
2013-05-22 08:37 . 2013-05-22 08:36    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12726609-DF71-436A-AD21-C5C5F1C76700}\gapaengine.dll
2013-05-20 03:07 . 2013-05-20 03:07    --------    d-----w-    C:\GOG Games
2013-05-17 20:39 . 2013-05-17 20:39    --------    d-----w-    c:\users\Erskine\AppData\Roaming\11bitstudios
2013-05-17 20:22 . 2013-05-17 20:38    --------    d-----w-    c:\program files (x86)\Anomaly 2
2013-05-16 17:04 . 2013-05-16 17:04    --------    d-----w-    c:\program files (x86)\Sanctum 2
2013-05-15 14:46 . 2013-04-10 06:01    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 14:46 . 2013-04-10 06:01    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 14:46 . 2011-02-03 11:25    144384    ----a-w-    c:\windows\system32\cdd.dll
2013-05-15 14:46 . 2013-02-27 05:52    14172672    ----a-w-    c:\windows\system32\shell32.dll
2013-05-15 14:46 . 2013-02-27 05:48    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-05-15 14:46 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2013-05-15 14:46 . 2013-02-27 05:52    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2013-05-15 14:46 . 2013-02-27 04:49    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-05-15 14:46 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-15 14:45 . 2013-03-19 05:53    48640    ----a-w-    c:\windows\system32\wwanprotdim.dll
2013-05-15 14:45 . 2013-03-19 05:53    230400    ----a-w-    c:\windows\system32\wwansvc.dll
2013-05-15 14:45 . 2013-04-10 03:30    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-05-11 10:37 . 2013-05-11 10:37    209472    ----a-w-    c:\program files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2013-05-11 09:32 . 2013-05-11 09:32    --------    d-----w-    c:\users\Erskine\AppData\Roaming\StarDrive
2013-05-11 09:15 . 2013-05-11 09:15    --------    d-----w-    c:\program files (x86)\Microsoft XNA
2013-04-30 05:37 . 2013-04-30 05:37    --------    d-----w-    c:\users\Public\Games
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-28 21:26 . 2012-09-12 19:12    387    ----a-w-    c:\users\Erskine\AppData\Roaming\sp_data.sys
2013-05-27 22:54 . 2012-07-17 18:37    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 13:42 . 2012-09-26 15:54    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-15 15:29 . 2012-08-16 16:20    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 15:29 . 2012-08-16 16:20    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29 . 2012-08-16 16:18    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-24 12:16 . 2012-09-27 23:11    905296    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 05:49 . 2013-05-15 14:46    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 14:46    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 14:46    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 14:46    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 14:46    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:46    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 12:16    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-04 18:50 . 2012-12-21 06:13    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-19 06:04 . 2013-04-10 01:24    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 01:24    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 01:24    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 01:24    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 01:24    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 01:24    112640    ----a-w-    c:\windows\system32\smss.exe
2013-03-16 09:03 . 2013-03-16 09:03    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-16 09:02 . 2012-08-16 16:22    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-03-16 09:02 . 2012-08-16 16:22    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-03-16 08:58 . 2013-03-16 08:59    108448    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-16 08:58 . 2013-03-16 08:59    310688    ----a-w-    c:\windows\system32\javaws.exe
2013-03-16 08:58 . 2013-03-16 08:59    188832    ----a-w-    c:\windows\system32\javaw.exe
2013-03-16 08:58 . 2013-03-16 08:59    188320    ----a-w-    c:\windows\system32\java.exe
2013-03-16 08:58 . 2013-03-16 08:59    963488    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-16 08:58 . 2013-03-16 08:59    1085344    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-15 05:53 . 2013-04-09 04:17    968408    ----a-w-    c:\windows\SysWow64\nvumdshim.dll
2013-03-15 05:53 . 2013-04-09 04:17    9414456    ----a-w-    c:\windows\system32\nvcuda.dll
2013-03-15 05:53 . 2013-04-09 04:17    7959000    ----a-w-    c:\windows\SysWow64\nvcuda.dll
2013-03-15 05:53 . 2013-04-09 04:17    7573816    ----a-w-    c:\windows\system32\nvopencl.dll
2013-03-15 05:53 . 2013-04-09 04:17    6271872    ----a-w-    c:\windows\SysWow64\nvopencl.dll
2013-03-15 05:53 . 2013-04-09 04:17    2913056    ----a-w-    c:\windows\system32\nvcuvid.dll
2013-03-15 05:53 . 2013-04-09 04:17    2728736    ----a-w-    c:\windows\SysWow64\nvcuvid.dll
2013-03-15 05:53 . 2013-04-09 04:17    26956576    ----a-w-    c:\windows\system32\nvoglv64.dll
2013-03-15 05:53 . 2013-04-09 04:17    2539128    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-03-15 05:53 . 2013-04-09 04:17    25256736    ----a-w-    c:\windows\system32\nvcompiler.dll
2013-03-15 05:53 . 2013-04-09 04:17    2355488    ----a-w-    c:\windows\system32\nvcuvenc.dll
2013-03-15 05:53 . 2013-04-09 04:17    20542752    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
2013-03-15 05:53 . 2013-04-09 04:17    1995552    ----a-w-    c:\windows\SysWow64\nvcuvenc.dll
2013-03-15 05:53 . 2013-04-09 04:17    1807136    ----a-w-    c:\windows\system32\nvdispco6431422.dll
2013-03-15 05:53 . 2013-04-09 04:17    17990800    ----a-w-    c:\windows\system32\nvd3dumx.dll
2013-03-15 05:53 . 2013-04-09 04:17    17560352    ----a-w-    c:\windows\SysWow64\nvcompiler.dll
2013-03-15 05:53 . 2013-04-09 04:17    1510176    ----a-w-    c:\windows\system32\nvdispgenco6431422.dll
2013-03-15 05:53 . 2013-04-09 04:17    15042928    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2013-03-15 05:53 . 2013-04-09 04:17    13088000    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-03-15 05:53 . 2013-04-09 04:17    30496    ----a-w-    c:\windows\system32\drivers\nvpciflt.sys
2013-03-15 05:53 . 2013-04-09 04:17    15508512    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2013-04-09 04:17    11048736    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2013-03-15 05:53 . 2012-04-03 11:43    1118776    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-03-15 05:53 . 2012-04-03 11:43    2864144    ----a-w-    c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2012-04-03 11:43    250504    ----a-w-    c:\windows\system32\nvinitx.dll
2013-03-15 05:53 . 2012-04-03 11:43    205184    ----a-w-    c:\windows\SysWow64\nvinit.dll
2013-03-15 04:16 . 2012-04-03 11:44    3477280    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2012-04-03 11:44    6398240    ----a-w-    c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2012-04-03 11:44    877856    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2012-04-03 11:44    76064    ----a-w-    c:\windows\system32\nv3dappshextr.dll
2013-03-15 04:16 . 2012-04-03 11:44    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2012-04-03 11:44    2555680    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-03-15 04:16 . 2012-04-03 11:44    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-03-15 04:16 . 2012-04-03 11:44    1016096    ----a-w-    c:\windows\system32\nv3dappshext.dll
2013-03-13 16:24 . 2012-04-03 11:44    3065455    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-03-03 22:05 . 2013-03-03 22:05    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2013-03-03 22:05 . 2013-03-03 22:05    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2013-03-03 22:05 . 2013-03-03 22:05    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-03-03 22:05 . 2013-03-03 22:05    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-08 11:59    220632    ----a-w-    c:\users\Erskine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-08 11:59    220632    ----a-w-    c:\users\Erskine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-08 11:59    220632    ----a-w-    c:\users\Erskine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-05-12 802136]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-03 1635752]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18643048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-18 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-09-06 75048]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-18 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/04/03 04:56;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-04-20 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 ALSysIO;ALSysIO;c:\users\Erskine\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2011-04-27 20480]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-03-15 30496]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-17 283200]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-03 277120]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-22 130024]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-22 395752]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-09-19 108656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 15:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-08 11:59    244696    ----a-w-    c:\users\Erskine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-08 11:59    244696    ----a-w-    c:\users\Erskine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-08 11:59    244696    ----a-w-    c:\users\Erskine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09    227840    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09    227840    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-06-13 1212560]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\8cofi543.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-211142715-1958942976-3271089698-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-211142715-1958942976-3271089698-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-28  17:45:20
ComboFix-quarantined-files.txt  2013-05-28 21:45
ComboFix2.txt  2013-05-28 05:47
.
Pre-Run: 48,439,783,424 bytes free
Post-Run: 48,140,173,312 bytes free
.
- - End Of File - - 150470A14289F3D2BDC7818DAC0E129B
 

 

 

MSE seems to be working fine. I had to turn it off to run ComboFix.



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 28 May 2013 - 05:54 PM


Hello sefarison

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sefarison

sefarison
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 28 May 2013 - 06:16 PM

µTorrent
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Alcor Micro USB Card Reader
Anno 2070
Anomaly 2 © 11 bit studios version 1
Apple Application Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS AI Recovery
ASUS LifeFrame3
ASUS Live Update
ASUS Sonic Focus
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ASUSDVD
AsusScr_K3 Series_ENG
AsusVibe2.0
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATK Package
Avidemux 2.5
Bigasoft Audio Converter 3.7.2.4584
BioShock Infinite v1.0.1384116 / RePack by Baracuda
BOSS
Cheat Engine 6.2
ConvertHelper 2.2
CopyTrans Suite Remove Only
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
DAEMON Tools Lite
Dota 2
Evoland © Shiro Games version 1
Far Cry 3
FileZilla Client 3.5.3
FMOD Programmers API Windows
FTL version 1.01
Haali Media Splitter
HxD Hex Editor version 1.7.7.0
InstantOn for NB
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Java 7 Update 17
Java Auto Updater
JavaFX 2.1.1
Last.fm Scrobbler 2.1.33
LAV Filters 0.51.3
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Reader
Microsoft SkyDrive
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual Basic PowerPacks 10.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Mount&Blade Warband
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
Neverwinter
NVIDIA PhysX
OpenAL
Orcs Must Die 2
PCSX2 - Playstation 2 Emulator
Photo Common
QuickTime
Rags Suite
Realtek High Definition Audio Driver
Reus
RGSS-RTP Standard
Sanctum 2 © CoffeeStainStudios version 1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Sins of a Solar Empire Rebellion © Stardock version 1
Sins of a Solar Empire Rebellion 1.1.4480. RePack by SxSxL
Skype™ 6.3
StarDrive
Starsector by Fractal Softworks LLC
Steam
The Elder Scrolls V Skyrim Dragonborn © Bethesda Softworks version 1
The Incredible Adventures of Van Helsing © NeocoreGames version 1
Torchlight II
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Uplay
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinFlash
Wireless Console 3
XCOM Enemy Unkonown
xy-VSFilter 3.0.0.65
 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 28 May 2013 - 08:15 PM


Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • µTorrent
      Java 7 Update 17
      JavaFX 2.1.1


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 sefarison

sefarison
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 29 May 2013 - 07:00 PM

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.29.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Erskine :: INDIGO-PC [administrator]

Protection: Enabled

5/29/2013 7:48:39 PM
mbam-log-2013-05-29 (19-48-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244008
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:54:41 PM, on 5/29/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\AsScrPro.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Erskine\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: CyberLink Product - 2012/04/03 04:56:07 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TiMiniService - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11869 bytes
 

 

 

 

When I ran MBAM, these steps:

  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.

 

did not appear, as nothing was detected.

 

 

Computer seems fine.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users