Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple dllhost.exe *32 in the task manager


  • This topic is locked This topic is locked
18 replies to this topic

#1 ah_10

ah_10

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 21 October 2014 - 10:42 PM

Several programs running in the background suddenly crashed at the same time just a few minutes after I logged on my laptop today. I found in the task manager two suspicious processes, conhost.exe *32 and dllhost.exe *32, about 10 of each, with the numbers increasing. I located a conhost.exe in C:\Users\u_1165\AppData\Local\Temp folder, unlocked all the files in the folder using Unlocker1.9.2, and deleted them all. Then I restarted my laptop. There is no conhost.exe *32 running now but 2~5 dllhost.exe *32 still there. The number of dllhost.exe *32 no longer increases though. 

I really need some help from the experts to get rid of this trojan. 

I noticed multiple chrome.exe *32 in the task manager when I was using the Chrome browser. I am not sure whether or not *32 existed before. 

Thanks in advance! 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421
Run by u_1165 at 22:59:24 on 2014-10-21
Microsoft Windows 7 Home Premium   6.1.7601.1.936.86.1033.18.12185.9231 [GMT -4:00]
.
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\taskeng.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\S-Bar\MSIService.exe
C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Users\u_1165\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\S-Bar\S-Bar.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files (x86)\MSI\KLM\KLM.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\windows\syswow64\dllhost.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\windows\system32\taskmgr.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office15\MsoSync.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://msi.msn.com
uProxyServer = 115.85.64.122:8080
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [Google Update] "C:\Users\u_1165\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [svchost86x.sys] C:\Users\u_1165\AppData\Local\Temp\conhost.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [S-Bar] C:\Program Files (x86)\S-Bar\S-Bar.exe
mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
mRun: [KLM] C:\Program Files (x86)\MSI\KLM\KLM.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\windows\UpdReg.EXE
mRun: [VGAOCAP] C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
mRun: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [{98adaa47-a895-73c1-154b-84a39392d66a}] "C:\Users\u_1165\AppData\Local\Microsoft\{98adaa47-a895-73c1-154b-84a39392d66a}\{98adaa47-a895-73c1-154b-84a39392d66a}.exe"
mExplorerRun: [{98adaa47-a895-73c1-154b-84a39392d66a}] "C:\Users\u_1165\AppData\Local\Microsoft\{98adaa47-a895-73c1-154b-84a39392d66a}\{98adaa47-a895-73c1-154b-84a39392d66a}.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUALCO~1.LNK - C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://portal.duke.edu/CACHE/stc/1/binaries/vpnweb.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1DFF0865-F7F0-43A9-BDEE-47A515F0FF54} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1DFF0865-F7F0-43A9-BDEE-47A515F0FF54}\2416E616E61602241697 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{1DFF0865-F7F0-43A9-BDEE-47A515F0FF54}\2657E6E6970266F627563747 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1DFF0865-F7F0-43A9-BDEE-47A515F0FF54}\2657E6E697F566F62756374702 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1DFF0865-F7F0-43A9-BDEE-47A515F0FF54}\36C6572637 : DHCPNameServer = 10.136.68.68 10.136.68.86
TCP: Interfaces\{1DFF0865-F7F0-43A9-BDEE-47A515F0FF54}\4455B454 : DHCPNameServer = 152.3.72.100 152.3.70.100
TCP: Interfaces\{1DFF0865-F7F0-43A9-BDEE-47A515F0FF54}\9437C616E6460284F65737560235F6574786022456163686 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1DFF0865-F7F0-43A9-BDEE-47A515F0FF54}\E4544574541425D27457563747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E25BD81F-D0A3-4840-AA3F-A389486B1C80} : DHCPNameServer = 68.168.70.171 68.168.71.43
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [THXCfg64] C:\windows\System32\RunDLL32.exe C:\windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\www\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe" -ReFlush "none" "none"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-3-15 16152]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-3-15 28992]
R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\windows\System32\drivers\bflwfx64.sys [2012-3-8 75880]
R1 tmevtmgr;tmevtmgr;C:\windows\System32\drivers\tmevtmgr.sys [2012-3-15 70928]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-15 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-15 2429544]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\S-Bar\MSIService.exe [2011-11-2 160768]
R2 MSI Foundation Service;MSI Foundation Service;C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-7-16 12800]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-3-15 138768]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service --> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [?]
R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2012-3-8 492032]
R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2012-3-15 247072]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2012-1-20 16128]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-9 493248]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-10-13 31216]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-3-15 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-3-15 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-3-15 786200]
R3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\windows\System32\drivers\e22W7x64.sys [2012-3-8 161616]
R3 MBfilt;MBfilt;C:\windows\System32\drivers\MBfilt64.sys [2012-12-7 32344]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-3-15 14136]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\windows\System32\drivers\RtsPStor.sys [2012-3-15 339048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-8-27 441176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-3-15 275912]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-12-13 94720]
S3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-12-13 747008]
S3 ibtfltcoex;ibtfltcoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-1-20 149504]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-10-22 01:13:25 -------- d-----w- C:\Users\u_1165\AppData\Roaming\360SuperKiller
2014-10-22 00:29:04 -------- d-----w- C:\ProgramData\360safe
2014-10-22 00:29:01 -------- d-----w- C:\Users\u_1165\AppData\Roaming\360Login
2014-10-21 23:30:59 -------- d-----w- C:\Program Files\Unlocker
2014-10-21 23:08:33 -------- d-sh--w- C:\$360Section
2014-10-21 23:04:54 -------- d-sh--w- C:\360Rec
2014-10-21 23:02:55 77896 ----a-w- C:\windows\System32\drivers\360AvFlt.sys
2014-10-14 02:41:59 -------- d-----w- C:\Users\u_1165\AppData\Local\Cisco
2014-10-14 02:41:59 -------- d-----w- C:\ProgramData\Cisco
2014-10-14 02:41:59 -------- d-----w- C:\Program Files (x86)\Cisco
2014-10-05 06:14:35 -------- d-----w- C:\Users\u_1165\AppData\Local\Skype
2014-10-05 06:14:31 -------- d-----r- C:\Program Files (x86)\Skype
.
==================== Find3M  ====================
.
.
============= FINISH: 22:59:41.70 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:08 AM

Posted 22 October 2014 - 11:13 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 ah_10

ah_10
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 22 October 2014 - 06:12 PM

Hi Jürgen! Thank you for your prompt reply! 

The two log files have been posted below as instructed. 

I am not a native English speaker, either. You may call me Shao. It's amazing to have you assist me.

As you may see in the "addition.txt", there are some application names in Chinese characters. I installed those applications myself, knowing they shouldn't be threats. However, if you find them suspicious, I will give you more information. Just let me know. 

Thank you. 

 

 

vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
FRST.txt
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by u_1165 (administrator) on U_1165-MSI on 22-10-2014 18:39:12
Running from C:\Users\u_1165\Desktop
Loaded Profile: u_1165 (Available profiles: UpdatusUser & u_1165)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\S-Bar\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Micro-Star International Co.,Ltd.) C:\Program Files (x86)\S-Bar\S-Bar.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
() C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\u_1165\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-16] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [THXCfg64] => C:\windows\system32\RunDLL32.exe C:\windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1646752 2011-12-05] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213824 2011-12-05] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [416992 2011-12-05] (Trend Micro Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [S-Bar] => C:\Program Files (x86)\S-Bar\S-Bar.exe [5499392 2011-11-02] (Micro-Star International Co.,Ltd.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502288 2012-01-03] (MSI)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1522376 2011-12-19] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [VGAOCAP] => C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe [88576 2012-01-31] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-10-13] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [230696 2011-10-13] (CyberLink Corp.)
HKLM-x32\...\Run: [NortonOnlineBackup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1112920 2010-03-05] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [{98adaa47-a895-73c1-154b-84a39392d66a}] => "C:\Users\u_1165\AppData\Local\Microsoft\{98adaa47-a895-73c1-154b-84a39392d66a}\{98adaa47-a895-73c1-154b-84a39392d66a}.exe"
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [{98adaa47-a895-73c1-154b-84a39392d66a}] => "C:\Users\u_1165\AppData\Local\Microsoft\{98adaa47-a895-73c1-154b-84a39392d66a}\{98adaa47-a895-73c1-154b-84a39392d66a}.exe" No File
HKU\S-1-5-21-3763414330-379940420-2629935955-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3763414330-379940420-2629935955-1001\...\Run: [Google Update] => C:\Users\u_1165\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-04] (Google Inc.)
HKU\S-1-5-21-3763414330-379940420-2629935955-1001\...\Run: [svchost86x.sys] => C:\Users\u_1165\AppData\Local\Temp\conhost.exe <===== ATTENTION
HKU\S-1-5-21-3763414330-379940420-2629935955-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [260928 2012-02-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [215360 2012-02-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: 115.85.64.122:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://portal.duke.edu/CACHE/stc/1/binaries/vpnweb.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
Winsock: Catalog9 01 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @cfca.com/SecEditCtl.BOC,version=1.0.0.9 -> C:\windows\system32\npSecEditCtl.BOC.x86.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\u_1165\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\u_1165\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\u_1165\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\u_1165\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\u_1165\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\u_1165\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension [2012-03-15]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2012-03-15]
 
Chrome: 
=======
CHR Profile: C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-21]
CHR Extension: (Google Drive) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-21]
CHR Extension: (Google Search) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-21]
CHR Extension: (Google Wallet) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-21]
CHR Extension: (Unblock Youku) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-09-04]
CHR Extension: (Gmail) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-11-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-16] (MSI) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [138768 2012-01-03] (MSI)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-05] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [492032 2012-03-08] () [File not signed]
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [247072 2011-12-05] (Trend Micro Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [75880 2012-03-08] (Bigfoot Networks, Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161616 2012-03-08] (Qualcomm Atheros, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [91920 2011-12-05] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [167696 2011-12-05] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [70928 2011-12-05] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-12-05] (Trend Micro Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 MGHwCtrl; \??\C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-22 18:39 - 2014-10-22 18:39 - 00020369 _____ () C:\Users\u_1165\Desktop\FRST.txt
2014-10-22 18:36 - 2014-10-22 18:39 - 00000000 ____D () C:\FRST
2014-10-22 18:35 - 2014-10-22 18:36 - 02112000 _____ (Farbar) C:\Users\u_1165\Desktop\FRST64.exe
2014-10-21 22:59 - 2014-10-21 22:59 - 00017594 _____ () C:\Users\u_1165\Desktop\dds.txt
2014-10-21 22:59 - 2014-10-21 22:59 - 00009036 _____ () C:\Users\u_1165\Desktop\attach.txt
2014-10-21 22:38 - 2014-10-21 22:38 - 00688992 ____R (Swearware) C:\Users\u_1165\Desktop\dds.com
2014-10-21 22:17 - 2014-10-21 22:39 - 00000000 ____D () C:\windows\System32\Tasks\360SuperKiller
2014-10-21 21:13 - 2014-10-21 22:17 - 00000000 ____D () C:\Users\u_1165\AppData\Roaming\360SuperKiller
2014-10-21 20:29 - 2014-10-21 22:41 - 00000000 ____D () C:\ProgramData\360safe
2014-10-21 20:29 - 2014-10-21 20:29 - 00000000 ____D () C:\Users\u_1165\AppData\Roaming\360Login
2014-10-21 19:30 - 2014-10-21 19:38 - 00000000 ____D () C:\Program Files\Unlocker
2014-10-21 19:30 - 2014-10-21 19:30 - 00000000 ____D () C:\Users\u_1165\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-10-21 19:28 - 2014-10-21 19:28 - 01078591 _____ () C:\Users\u_1165\Desktop\Unlocker1.9.2.exe
2014-10-21 19:08 - 2014-10-21 22:46 - 00000000 __SHD () C:\$360Section
2014-10-21 19:04 - 2014-10-21 19:04 - 00000000 __SHD () C:\360Rec
2014-10-21 19:02 - 2014-04-22 23:51 - 00077896 _____ (360.cn) C:\windows\system32\Drivers\360AvFlt.sys
2014-10-16 11:16 - 2014-10-16 11:16 - 05687742 _____ () C:\Users\u_1165\Desktop\GT60_English.zip
2014-10-15 18:59 - 2014-10-15 18:59 - 00001229 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Cisco AnyConnect VPN Client.lnk
2014-10-15 18:59 - 2014-10-15 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-10-13 22:41 - 2014-10-15 19:04 - 00000000 ____D () C:\Users\u_1165\AppData\Local\Cisco
2014-10-13 22:41 - 2014-10-15 18:59 - 00000000 ____D () C:\ProgramData\Cisco
2014-10-13 22:41 - 2014-10-15 18:59 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-10-13 22:31 - 2014-10-16 10:53 - 00000086 _____ () C:\Users\u_1165\Desktop\Remote Desktop Connection.txt
2014-10-09 16:55 - 2014-10-09 16:55 - 00000000 ____D () C:\Users\u_1165\AppData\Roaming\Mozilla
2014-10-06 17:35 - 2014-10-19 14:57 - 00000000 ____D () C:\Users\u_1165\Desktop\New cell phone
2014-10-06 17:35 - 2014-10-18 21:08 - 00000000 ____D () C:\Users\u_1165\Desktop\Credit card
2014-10-05 02:14 - 2014-10-05 02:14 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-05 02:14 - 2014-10-05 02:14 - 00000000 ____D () C:\Users\u_1165\AppData\Local\Skype
2014-10-05 02:14 - 2014-10-05 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-26 11:30 - 2014-10-15 22:14 - 00002525 _____ () C:\Users\u_1165\Desktop\sell price.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-22 18:34 - 2009-07-14 00:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 18:34 - 2009-07-14 00:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 18:31 - 2012-12-08 09:44 - 01360486 _____ () C:\windows\WindowsUpdate.log
2014-10-22 18:28 - 2014-05-21 22:32 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 18:28 - 2013-10-04 18:26 - 00004970 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for u_1165-MSI-u_1165 u_1165-MSI
2014-10-22 18:28 - 2013-09-03 15:08 - 00000548 _____ () C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job
2014-10-22 18:28 - 2012-03-15 02:00 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2014-10-22 18:27 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-22 18:27 - 2009-07-14 00:51 - 00148439 _____ () C:\windows\setupact.log
2014-10-21 23:53 - 2014-07-04 21:48 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3763414330-379940420-2629935955-1001UA.job
2014-10-21 23:49 - 2014-05-21 22:32 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-21 22:50 - 2010-11-20 23:47 - 00026540 _____ () C:\windows\PFRO.log
2014-10-21 21:53 - 2014-07-04 21:48 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3763414330-379940420-2629935955-1001Core.job
2014-10-21 21:14 - 2014-05-08 23:25 - 00003556 _____ () C:\windows\System32\Tasks\GarminUpdaterTask
2014-10-21 20:32 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-10-21 19:28 - 2014-08-13 17:27 - 00009402 _____ () C:\Users\u_1165\AppData\Roaming\Comma Separated Values.EML
2014-10-21 00:47 - 2009-07-14 01:13 - 00741900 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-21 00:37 - 2013-10-07 10:11 - 00002176 _____ () C:\Users\u_1165\Desktop\progress tracker.txt
2014-10-20 00:17 - 2013-09-03 15:18 - 00000000 ___RD () C:\Users\u_1165\Documents\MATLAB
2014-10-19 21:06 - 2014-07-12 01:32 - 00001010 _____ () C:\Users\u_1165\Desktop\Memo.txt
2014-10-19 18:44 - 2014-05-21 22:32 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 18:44 - 2014-05-21 22:32 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 18:45 - 2014-05-21 22:35 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-16 19:16 - 2013-09-16 13:44 - 00002054 ____H () C:\Users\u_1165\Documents\Default.rdp
2014-10-16 19:14 - 2009-07-14 01:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-10-13 10:32 - 2013-09-15 19:06 - 00012448 _____ () C:\Users\u_1165\Desktop\Schedule.xlsx
2014-10-11 23:27 - 2012-03-15 02:57 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-10 23:15 - 2013-02-22 13:12 - 00000000 ____D () C:\Users\u_1165\AppData\Roaming\Skype
2014-10-06 17:14 - 2014-07-11 21:48 - 00011266 _____ () C:\Users\u_1165\Desktop\Bills to Pay.xlsx
2014-10-05 02:14 - 2013-02-22 13:12 - 00000000 ____D () C:\ProgramData\Skype
2014-10-03 02:38 - 2014-08-10 19:34 - 00000174 _____ () C:\Users\u_1165\Desktop\everyday dishes.txt
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 00:50
 
==================== End Of Log ============================
 
 
 
 
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
Addition.txt
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2014
Ran by u_1165 at 2014-10-22 18:39:41
Running from C:\Users\u_1165\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Titanium Internet Security 2012 (Disabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92}
AS: Trend Micro Titanium Internet Security 2012 (Disabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1105.1601 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 3.0.1103.1801 - Micro-Star International Co., Ltd.)
Cisco AnyConnect VPN Client (HKLM-x32\...\{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}) (Version: 2.4.0202 - Cisco Systems, Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4612 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4612 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.0.0.7072 - Thomson Reuters)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
ImageJ 1.47v (HKLM\...\ImageJ_is1) (Version:  - NIH)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1262 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1112.1901 - Micro-Star International Co., Ltd.)
KLM (x32 Version: 1.0.1112.1901 - Micro-Star International Co., Ltd.) Hidden
MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSI HOUSE (HKLM-x32\...\{DA5597C9-9216-44FF-9670-D1E48817B998}) (Version: 10.07.1601 - MSI)
MSI Software Install (HKLM-x32\...\{332EBFE0-C39E-42D1-99B5-ABBBECAD71B6}) (Version: 4.0.1105.1701 - Micro-Star International Co., Ltd.)
MSI VGA Overclock Tool (HKLM-x32\...\{95193654-3EF2-4D17-8503-9F80B56D9ED5}) (Version: 12.01.3101 - MSI)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.13580 - Symantec Corporation)
NVIDIA Control Panel 295.62 (Version: 295.62 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 295.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 295.62 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.7.12 (Version: 1.7.12 - NVIDIA Corporation) Hidden
NVIDIA Update 1.7.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.7.12 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.315 - Qualcomm Atheros)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.315 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.90 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
S-Bar (HKLM-x32\...\{39BDC923-826E-4007-8179-50E7C570E545}) (Version: 21.011.11023 - Micro-Star International Co.,Ltd.)
SecEditCtl.BOC (only remove) (HKLM-x32\...\SecEditCtl.BOC01000009) (Version:  - CFCA)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.006 - MSI)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.14.0 - Synaptics Incorporated)
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.04.01 - Creative Technology Limited)
Trend Micro Titanium (Version: 5.00 - Trend Micro Inc.) Hidden
Trend Micro Titanium Internet Security 2012 (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 5.0 - Trend Micro Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600211) (Version: 1 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813NA}_is1) (Version:  - Wargaming.net)
同花顺免费模拟炒股软件(v8.10.44 Build 2012.6.18) (HKLM-x32\...\同花顺免费模拟炒股软件_is1) (Version:  - 浙江核新同花顺网络信息股份有限公司)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3763414330-379940420-2629935955-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\u_1165\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3763414330-379940420-2629935955-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-3763414330-379940420-2629935955-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\u_1165\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
21-09-2014 04:01:47 Scheduled Checkpoint
29-09-2014 04:29:29 Scheduled Checkpoint
02-10-2014 20:28:13 PROPLUSR
05-10-2014 06:05:51 Removed Skype™ 6.3
12-10-2014 23:39:58 Scheduled Checkpoint
14-10-2014 02:41:35 Installed Cisco AnyConnect Secure Mobility Client
14-10-2014 02:55:34 Revo Uninstaller's restore point - Cisco AnyConnect Diagnostics and Reporting Tool
14-10-2014 02:55:40 Removed Cisco AnyConnect Diagnostics and Reporting Tool
14-10-2014 02:57:30 Revo Uninstaller's restore point - Cisco AnyConnect Start Before Login Module
14-10-2014 02:57:36 Removed Cisco AnyConnect Start Before Login Module
14-10-2014 02:58:20 Revo Uninstaller's restore point - Cisco AnyConnect Secure Mobility Client 
14-10-2014 02:58:27 Removed Cisco AnyConnect Secure Mobility Client
15-10-2014 22:59:29 Installed Cisco AnyConnect VPN Client
22-10-2014 01:12:27 Revo Uninstaller's restore point - 360安全卫士
22-10-2014 02:40:31 Revo Uninstaller's restore point - 360安全卫士
22-10-2014 02:43:56 Revo Uninstaller's restore point - 360杀毒
22-10-2014 02:45:25 Revo Uninstaller's restore point - 360杀毒
22-10-2014 02:46:24 Revo Uninstaller's restore point - 360杀毒
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0105EF09-4523-4EC9-8FD9-741D3A62122D} - \360SuperKiller\360SuperKiller No Task File <==== ATTENTION
Task: {3B27BB4A-F95B-47D3-95D0-EBE996C95726} - System32\Tasks\{24AF0EC0-386E-4A07-A0B2-7C429D3F1F34} => C:\Program Files (x86)\CIRS\MotionControl\MotionControl.exe
Task: {4930CF2D-047F-4B43-B9D5-9511940AFE8C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3763414330-379940420-2629935955-1001UA => C:\Users\u_1165\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)
Task: {4E883542-1528-49E5-966B-25B70EA38E72} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {5422D880-3640-47B4-AE32-4B85E7E3E922} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-27] ()
Task: {6E9580F7-B2FE-40AD-93AB-6E3BD768E6D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-21] (Google Inc.)
Task: {B82399D2-BA8F-4E7A-B169-B404A5A63A94} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3763414330-379940420-2629935955-1001Core => C:\Users\u_1165\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)
Task: {C637DB75-6E1A-4F13-B784-A7F9CC304C67} - System32\Tasks\Microsoft Office 15 Sync Maintenance for u_1165-MSI-u_1165 u_1165-MSI => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {D11D405A-D2C4-493E-970B-36EDEE63568F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-21] (Google Inc.)
Task: {F8E049C5-C15C-4507-AFCD-68150B805021} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3763414330-379940420-2629935955-1001Core.job => C:\Users\u_1165\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3763414330-379940420-2629935955-1001UA.job => C:\Users\u_1165\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-03-08 00:58 - 2012-03-08 00:58 - 00492032 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
2011-05-09 22:46 - 2011-05-09 22:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll
2011-05-09 22:56 - 2011-05-09 22:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll
2011-05-09 22:47 - 2011-05-09 22:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll
2011-05-10 14:32 - 2011-05-10 14:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll
2011-05-09 22:48 - 2011-05-09 22:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll
2012-03-15 02:57 - 2011-12-05 22:05 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2012-03-15 02:57 - 2011-12-05 22:05 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2005-06-07 14:26 - 2005-06-07 14:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR 3.61 Multi\rarext64.dll
2012-03-15 00:33 - 2012-01-05 05:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-15 02:33 - 2010-05-04 14:00 - 00237056 _____ () C:\windows\SYSTEM32\APOMgr64.DLL
2012-03-08 00:58 - 2012-03-08 00:58 - 00549888 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
2012-03-08 00:58 - 2012-03-08 00:58 - 00404992 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modApplications.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00036864 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFeatures.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00025088 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFraps.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00241152 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modGraph.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00062464 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modlcd.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00290304 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNetwork.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00184832 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNpu.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00210944 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOptions.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00055808 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOverview.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00329216 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modSystemInfo.dll
2012-01-31 17:49 - 2012-01-31 17:49 - 00088576 _____ () C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
2014-10-17 18:45 - 2014-10-09 22:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-17 18:45 - 2014-10-09 22:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-17 18:45 - 2014-10-09 22:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-17 18:45 - 2014-10-09 22:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2012-12-07 18:56 - 2012-12-07 18:56 - 00172032 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a21ece5c049c9f429756fd1a3fe55ccd\IsdiInterop.ni.dll
2012-03-15 02:06 - 2011-11-29 21:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\u_1165\AppData\Roaming\Comma Separated Values.EML:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3763414330-379940420-2629935955-500 - Administrator - Disabled)
Guest (S-1-5-21-3763414330-379940420-2629935955-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3763414330-379940420-2629935955-1000 - Limited - Enabled) => C:\Users\UpdatusUser
u_1165 (S-1-5-21-3763414330-379940420-2629935955-1001 - Administrator - Enabled) => C:\Users\u_1165
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/22/2014 06:27:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 10:51:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 10:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 主动防御 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/21/2014 10:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary 360FsFlt mini-filter driver.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/21/2014 10:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary 360Safe Anti Hacker Service.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/21/2014 10:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary BAPIDRV.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/21/2014 10:45:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x68632e65
Faulting process id: 0x1074
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (10/21/2014 10:45:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 主动防御 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/21/2014 10:45:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary 360FsFlt mini-filter driver.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/21/2014 10:45:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary 360Safe Anti Hacker Service.
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (10/22/2014 06:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (10/22/2014 06:29:37 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (10/22/2014 06:28:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/22/2014 06:27:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (10/22/2014 06:27:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
Error: (10/21/2014 10:56:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/21/2014 10:53:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (10/21/2014 10:53:01 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (10/21/2014 10:50:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (10/21/2014 10:50:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (10/22/2014 06:27:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 10:51:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 10:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service 主动防御 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (10/21/2014 10:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary 360FsFlt mini-filter driver.
 
System Error:
The system cannot find the file specified.
 
Error: (10/21/2014 10:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary 360Safe Anti Hacker Service.
 
System Error:
The system cannot find the file specified.
 
Error: (10/21/2014 10:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary BAPIDRV.
 
System Error:
The system cannot find the file specified.
 
Error: (10/21/2014 10:45:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214a5bc6b7unknown0.0.0.000000000c000000568632e65107401cfeda162abbc6bC:\Program Files\Internet Explorer\iexplore.exeunknown87d33127-5995-11e4-a28d-8c89a5029eee
 
Error: (10/21/2014 10:45:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service 主动防御 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (10/21/2014 10:45:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary 360FsFlt mini-filter driver.
 
System Error:
The system cannot find the file specified.
 
Error: (10/21/2014 10:45:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary 360Safe Anti Hacker Service.
 
System Error:
The system cannot find the file specified.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-21 18:35:55.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-21 18:35:55.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 23:14:56.343
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 23:14:56.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-17 21:41:37.966
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-17 21:41:37.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-17 21:41:20.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-17 21:41:20.767
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-11 11:10:19.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-11 11:10:19.212
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 32%
Total physical RAM: 12184.7 MB
Available physical RAM: 8204.66 MB
Total Pagefile: 24367.6 MB
Available Pagefile: 19315.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
 
==================== Drives ================================
 
Drive c: (OS_Install) (Fixed) (Total:552.3 GB) (Free:484.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:368.2 GB) (Free:148.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E0305439)
Partition 1: (Not Active) - (Size=10.9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=552.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=368.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:08 AM

Posted 23 October 2014 - 05:18 AM

Hello Shao!
You are more than welcome here at Bleeping Computer! :)
 
Note:
2014-10-06 17:35 - 2014-10-18 21:08 - 00000000 ____D () C:\Users\u_1165\Desktop\Credit card
2014-10-06 17:14 - 2014-07-11 21:48 - 00011266 _____ () C:\Users\u_1165\Desktop\Bills to Pay.xlsx
warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.
 
Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    Task: {0105EF09-4523-4EC9-8FD9-741D3A62122D} - \360SuperKiller\360SuperKiller No Task File <==== ATTENTION
    HKLM-x32\...\Run: [{98adaa47-a895-73c1-154b-84a39392d66a}] => "C:\Users\u_1165\AppData\Local\Microsoft\{98adaa47-a895-73c1-154b-84a39392d66a}\{98adaa47-a895-73c1-154b-84a39392d66a}.exe"
    HKLM\...\Policies\Explorer\Run: [{98adaa47-a895-73c1-154b-84a39392d66a}] => "C:\Users\u_1165\AppData\Local\Microsoft\{98adaa47-a895-73c1-154b-84a39392d66a}\{98adaa47-a895-73c1-154b-84a39392d66a}.exe" No File
    HKU\S-1-5-21-3763414330-379940420-2629935955-1001\...\Run: [svchost86x.sys] => C:\Users\u_1165\AppData\Local\Temp\conhost.exe <===== ATTENTION
    HKU\S-1-5-21-3763414330-379940420-2629935955-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    C:\Users\u_1165\AppData\Local\Temp\conhost.exe 
    C:\Users\u_1165\AppData\Local\Microsoft\{98adaa47-a895-73c1-154b-84a39392d66a}\
    ProxyServer: 115.85.64.122:8080
    SearchScopes: HKCU - DefaultScope {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = 
    FF Plugin-x32: @cfca.com/SecEditCtl.BOC,version=1.0.0.9 -> C:\windows\system32\npSecEditCtl.BOC.x86.dll No File
    Emptytemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 ah_10

ah_10
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 23 October 2014 - 06:25 PM

After I pressed the Fix button, a warning window popped up saying something like "java script error" and "HKCU", also asking me if I wanted to continue. Because I didn't expect this warning and thought the FRST had failed for some reason, I clicked "no" without too much thinking. Later I realized the FRST was still running and maybe I should have clicked "yes". Now those dllhost.exe *32 are still running after reboot. I suspect I made a wrong choice but since you told me to press the Fix button only once, I would hear what you think I should do next. I will save a snapshot next time a warning or error occurs if you think it useful. 

 

Fixlog.txt and FRST.txt are attached below. 

 

 

 

vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-10-2014

Ran by u_1165 at 2014-10-23 18:46:36 Run:1
Running from C:\Users\u_1165\Desktop
Loaded Profile: u_1165 (Available profiles: UpdatusUser & u_1165)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
Task: {0105EF09-4523-4EC9-8FD9-741D3A62122D} - \360SuperKiller\360SuperKiller No Task File <==== ATTENTION
HKLM-x32\...\Run: [{98adaa47-a895-73c1-154b-84a39392d66a}] => "C:\Users\u_1165\AppData\Local\Microsoft\{98adaa47-a895-73c1-154b-84a39392d66a}\{98adaa47-a895-73c1-154b-84a39392d66a}.exe"
HKLM\...\Policies\Explorer\Run: [{98adaa47-a895-73c1-154b-84a39392d66a}] => "C:\Users\u_1165\AppData\Local\Microsoft\{98adaa47-a895-73c1-154b-84a39392d66a}\{98adaa47-a895-73c1-154b-84a39392d66a}.exe" No File
HKU\S-1-5-21-3763414330-379940420-2629935955-1001\...\Run: [svchost86x.sys] => C:\Users\u_1165\AppData\Local\Temp\conhost.exe <===== ATTENTION
HKU\S-1-5-21-3763414330-379940420-2629935955-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
C:\Users\u_1165\AppData\Local\Temp\conhost.exe 
C:\Users\u_1165\AppData\Local\Microsoft\{98adaa47-a895-73c1-154b-84a39392d66a}\
ProxyServer: 115.85.64.122:8080
SearchScopes: HKCU - DefaultScope {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = 
FF Plugin-x32: @cfca.com/SecEditCtl.BOC,version=1.0.0.9 -> C:\windows\system32\npSecEditCtl.BOC.x86.dll No File
Emptytemp:
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0105EF09-4523-4EC9-8FD9-741D3A62122D}" => Error deleting key. The key could be protected.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0105EF09-4523-4EC9-8FD9-741D3A62122D}" => Error deleting key. The key could be protected.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\360SuperKiller\360SuperKiller" => Error deleting key. The key could be protected.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\{98adaa47-a895-73c1-154b-84a39392d66a} => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{98adaa47-a895-73c1-154b-84a39392d66a} => value deleted successfully.
HKU\S-1-5-21-3763414330-379940420-2629935955-1001\Software\Microsoft\Windows\CurrentVersion\Run\\svchost86x.sys => value deleted successfully.
"HKU\S-1-5-21-3763414330-379940420-2629935955-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-3763414330-379940420-2629935955-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Error deleting key. The key could be protected.
"C:\Users\u_1165\AppData\Local\Temp\conhost.exe" => File/Directory not found.
C:\Users\u_1165\AppData\Local\Microsoft\{98adaa47-a895-73c1-154b-84a39392d66a} => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@cfca.com/SecEditCtl.BOC,version=1.0.0.9" => Key deleted successfully. 

 

 

 

vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by u_1165 (administrator) on U_1165-MSI on 23-10-2014 19:03:12
Running from C:\Users\u_1165\Desktop
Loaded Profile: u_1165 (Available profiles: UpdatusUser & u_1165)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\S-Bar\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Users\u_1165\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Micro-Star International Co.,Ltd.) C:\Program Files (x86)\S-Bar\S-Bar.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
() C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\u_1165\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-16] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [THXCfg64] => C:\windows\system32\RunDLL32.exe C:\windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1646752 2011-12-05] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213824 2011-12-05] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [416992 2011-12-05] (Trend Micro Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [S-Bar] => C:\Program Files (x86)\S-Bar\S-Bar.exe [5499392 2011-11-02] (Micro-Star International Co.,Ltd.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502288 2012-01-03] (MSI)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1522376 2011-12-19] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [VGAOCAP] => C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe [88576 2012-01-31] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-10-13] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [230696 2011-10-13] (CyberLink Corp.)
HKLM-x32\...\Run: [NortonOnlineBackup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1112920 2010-03-05] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3763414330-379940420-2629935955-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3763414330-379940420-2629935955-1001\...\Run: [Google Update] => C:\Users\u_1165\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-04] (Google Inc.)
HKU\S-1-5-21-3763414330-379940420-2629935955-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [260928 2012-02-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [215360 2012-02-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://portal.duke.edu/CACHE/stc/1/binaries/vpnweb.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
Winsock: Catalog9 01 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\u_1165\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\u_1165\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\u_1165\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\u_1165\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\u_1165\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\u_1165\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension [2012-03-15]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2012-03-15]
 
Chrome: 
=======
CHR Profile: C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-21]
CHR Extension: (Google Drive) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-21]
CHR Extension: (Google Search) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-21]
CHR Extension: (Google Wallet) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-21]
CHR Extension: (Unblock Youku) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-09-04]
CHR Extension: (Gmail) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-11-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-16] (MSI) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [138768 2012-01-03] (MSI)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-05] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [492032 2012-03-08] () [File not signed]
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [247072 2011-12-05] (Trend Micro Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [75880 2012-03-08] (Bigfoot Networks, Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161616 2012-03-08] (Qualcomm Atheros, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [91920 2011-12-05] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [167696 2011-12-05] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [70928 2011-12-05] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-12-05] (Trend Micro Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 MGHwCtrl; \??\C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-23 19:03 - 2014-10-23 19:03 - 00019146 _____ () C:\Users\u_1165\Desktop\FRST.txt
2014-10-23 18:44 - 2014-10-23 18:44 - 00001274 _____ () C:\Users\u_1165\Desktop\fixlist.txt
2014-10-22 18:39 - 2014-10-23 18:58 - 00026051 _____ () C:\Users\u_1165\Desktop\FRST1.txt
2014-10-22 18:39 - 2014-10-22 18:40 - 00036040 _____ () C:\Users\u_1165\Desktop\Addition.txt
2014-10-22 18:36 - 2014-10-23 19:03 - 00000000 ____D () C:\FRST
2014-10-22 18:35 - 2014-10-22 18:36 - 02112000 _____ (Farbar) C:\Users\u_1165\Desktop\FRST64.exe
2014-10-21 22:59 - 2014-10-21 22:59 - 00017594 _____ () C:\Users\u_1165\Desktop\dds.txt
2014-10-21 22:59 - 2014-10-21 22:59 - 00009036 _____ () C:\Users\u_1165\Desktop\attach.txt
2014-10-21 22:38 - 2014-10-21 22:38 - 00688992 ____R (Swearware) C:\Users\u_1165\Desktop\dds.com
2014-10-21 22:17 - 2014-10-21 22:39 - 00000000 ____D () C:\windows\System32\Tasks\360SuperKiller
2014-10-21 21:13 - 2014-10-21 22:17 - 00000000 ____D () C:\Users\u_1165\AppData\Roaming\360SuperKiller
2014-10-21 20:29 - 2014-10-21 22:41 - 00000000 ____D () C:\ProgramData\360safe
2014-10-21 20:29 - 2014-10-21 20:29 - 00000000 ____D () C:\Users\u_1165\AppData\Roaming\360Login
2014-10-21 19:30 - 2014-10-21 19:38 - 00000000 ____D () C:\Program Files\Unlocker
2014-10-21 19:30 - 2014-10-21 19:30 - 00000000 ____D () C:\Users\u_1165\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-10-21 19:28 - 2014-10-21 19:28 - 01078591 _____ () C:\Users\u_1165\Desktop\Unlocker1.9.2.exe
2014-10-21 19:08 - 2014-10-21 22:46 - 00000000 __SHD () C:\$360Section
2014-10-21 19:04 - 2014-10-21 19:04 - 00000000 __SHD () C:\360Rec
2014-10-21 19:02 - 2014-04-22 23:51 - 00077896 _____ (360.cn) C:\windows\system32\Drivers\360AvFlt.sys
2014-10-16 11:16 - 2014-10-16 11:16 - 05687742 _____ () C:\Users\u_1165\Desktop\GT60_English.zip
2014-10-15 18:59 - 2014-10-15 18:59 - 00001229 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Cisco AnyConnect VPN Client.lnk
2014-10-15 18:59 - 2014-10-15 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-10-13 22:41 - 2014-10-15 19:04 - 00000000 ____D () C:\Users\u_1165\AppData\Local\Cisco
2014-10-13 22:41 - 2014-10-15 18:59 - 00000000 ____D () C:\ProgramData\Cisco
2014-10-13 22:41 - 2014-10-15 18:59 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-10-13 22:31 - 2014-10-16 10:53 - 00000086 _____ () C:\Users\u_1165\Desktop\Remote Desktop Connection.txt
2014-10-09 16:55 - 2014-10-09 16:55 - 00000000 ____D () C:\Users\u_1165\AppData\Roaming\Mozilla
2014-10-06 17:35 - 2014-10-19 14:57 - 00000000 ____D () C:\Users\u_1165\Desktop\New cell phone
2014-10-06 17:35 - 2014-10-18 21:08 - 00000000 ____D () C:\Users\u_1165\Desktop\Credit card
2014-10-05 02:14 - 2014-10-05 02:14 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-05 02:14 - 2014-10-05 02:14 - 00000000 ____D () C:\Users\u_1165\AppData\Local\Skype
2014-10-05 02:14 - 2014-10-05 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-26 11:30 - 2014-10-15 22:14 - 00002525 _____ () C:\Users\u_1165\Desktop\sell price.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-23 19:01 - 2009-07-14 00:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-23 19:01 - 2009-07-14 00:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-23 18:57 - 2012-12-08 09:44 - 01419007 _____ () C:\windows\WindowsUpdate.log
2014-10-23 18:55 - 2013-10-04 18:26 - 00004970 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for u_1165-MSI-u_1165 u_1165-MSI
2014-10-23 18:55 - 2013-09-03 15:08 - 00000548 _____ () C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job
2014-10-23 18:55 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-10-23 18:54 - 2014-05-21 22:32 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 18:54 - 2012-03-15 02:00 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2014-10-23 18:54 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-23 18:54 - 2009-07-14 00:51 - 00148551 _____ () C:\windows\setupact.log
2014-10-23 18:53 - 2014-07-04 21:48 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3763414330-379940420-2629935955-1001UA.job
2014-10-23 18:50 - 2014-05-21 22:32 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 21:53 - 2014-07-04 21:48 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3763414330-379940420-2629935955-1001Core.job
2014-10-21 22:50 - 2010-11-20 23:47 - 00026540 _____ () C:\windows\PFRO.log
2014-10-21 21:14 - 2014-05-08 23:25 - 00003556 _____ () C:\windows\System32\Tasks\GarminUpdaterTask
2014-10-21 20:32 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-10-21 19:28 - 2014-08-13 17:27 - 00009402 _____ () C:\Users\u_1165\AppData\Roaming\Comma Separated Values.EML
2014-10-21 00:47 - 2009-07-14 01:13 - 00741900 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-21 00:37 - 2013-10-07 10:11 - 00002176 _____ () C:\Users\u_1165\Desktop\progress tracker.txt
2014-10-20 00:17 - 2013-09-03 15:18 - 00000000 ___RD () C:\Users\u_1165\Documents\MATLAB
2014-10-19 21:06 - 2014-07-12 01:32 - 00001010 _____ () C:\Users\u_1165\Desktop\Memo.txt
2014-10-19 18:44 - 2014-05-21 22:32 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 18:44 - 2014-05-21 22:32 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 18:45 - 2014-05-21 22:35 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-16 19:16 - 2013-09-16 13:44 - 00002054 ____H () C:\Users\u_1165\Documents\Default.rdp
2014-10-16 19:14 - 2009-07-14 01:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-10-13 10:32 - 2013-09-15 19:06 - 00012448 _____ () C:\Users\u_1165\Desktop\Schedule.xlsx
2014-10-11 23:27 - 2012-03-15 02:57 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-10 23:15 - 2013-02-22 13:12 - 00000000 ____D () C:\Users\u_1165\AppData\Roaming\Skype
2014-10-06 17:14 - 2014-07-11 21:48 - 00011266 _____ () C:\Users\u_1165\Desktop\Bills to Pay.xlsx
2014-10-05 02:14 - 2013-02-22 13:12 - 00000000 ____D () C:\ProgramData\Skype
2014-10-03 02:38 - 2014-08-10 19:34 - 00000174 _____ () C:\Users\u_1165\Desktop\everyday dishes.txt
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 00:50
 
==================== End Of Log ============================


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:08 AM

Posted 24 October 2014 - 12:37 AM

Hi,

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 ah_10

ah_10
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 24 October 2014 - 01:13 PM

Hi, 

 

I have run Combofix as instructed. The log file is posted below, in which some phrases are in Chinese. I guess it is because I change my computer locale to China. If you have any questions, just let me know. 

 

I didn't receive an error. Do I still need to restart my computer? 

 

Thank you. 

 

 

ComboFix 14-10-24.01 - u_1165 4/2014 Fri  13:43:48.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.936.86.1033.18.12185.9934 [GMT -4:00]
执行位置: c:\users\u_1165\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * 成功创造新还原点
.
.
(((((((((((((((((((((((((((((((((((((((   被删除的档案   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\360Rec
c:\360rec\20141021\190450E.tmp
c:\360rec\20141021\190FCF6.tmp
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct: 
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
.
(((((((((((((((((((((((((  2014-09-24 至 2014-10-24 的新的档案  )))))))))))))))))))))))))))))))
.
.
2014-10-24 17:49 . 2014-10-24 17:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-10-24 17:49 . 2014-10-24 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-22 22:36 . 2014-10-23 23:03 -------- d-----w- C:\FRST
2014-10-22 01:13 . 2014-10-22 02:17 -------- d-----w- c:\users\u_1165\AppData\Roaming\360SuperKiller
2014-10-22 00:29 . 2014-10-22 02:41 -------- d-----w- c:\programdata\360safe
2014-10-22 00:29 . 2014-10-22 00:29 -------- d-----w- c:\users\u_1165\AppData\Roaming\360Login
2014-10-21 23:30 . 2014-10-21 23:38 -------- d-----w- c:\program files\Unlocker
2014-10-21 23:08 . 2014-10-22 02:46 -------- d-----w- C:\$360Section
2014-10-21 23:02 . 2014-04-23 03:51 77896 ----a-w- c:\windows\system32\drivers\360AvFlt.sys
2014-10-14 02:41 . 2014-10-15 23:04 -------- d-----w- c:\users\u_1165\AppData\Local\Cisco
2014-10-14 02:41 . 2014-10-15 22:59 -------- d-----w- c:\program files (x86)\Cisco
2014-10-14 02:41 . 2014-10-15 22:59 -------- d-----w- c:\programdata\Cisco
2014-10-05 06:14 . 2014-10-05 06:14 -------- d-----w- c:\users\u_1165\AppData\Local\Skype
2014-10-05 06:14 . 2014-10-05 06:14 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-10-05 06:14 . 2014-10-05 06:14 -------- d-----r- c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   在三个月内被修改的档案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-29 22:03 . 2011-03-29 01:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((   重要登入点   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-08-27 688984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"S-Bar"="c:\program files (x86)\S-Bar\S-Bar.exe" [2011-11-03 5499392]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-01-03 502288]
"KLM"="c:\program files (x86)\MSI\KLM\KLM.exe" [2011-12-19 1522376]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2011-08-29 1517056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VGAOCAP"="c:\program files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe" [2012-01-31 88576]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-10-13 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCam.exe" [2011-10-13 230696]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-05 1112920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2012-3-8 549888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 MGHwCtrl;MGHwCtrl;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe;c:\program files (x86)\S-Bar\MSIService.exe [x]
S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-17 22:44 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
 ‘计划任务’ 文件夹 里的内容
.
2014-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-22 02:32]
.
2014-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-22 02:32]
.
2014-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3763414330-379940420-2629935955-1001Core.job
- c:\users\u_1165\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-05 01:48]
.
2014-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3763414330-379940420-2629935955-1001UA.job
- c:\users\u_1165\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-05 01:48]
.
2014-10-24 c:\windows\Tasks\MATLAB R2013a Startup Accelerator.job
- c:\program files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-09-03 22:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-12 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-12 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-12 440600]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2011-12-06 1646752]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-12-06 213824]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2011-12-06 416992]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-10 12445288]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://msi.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: bankofchina.com\www
Trusted Zone: boc.cn\ebs
Trusted Zone: boc.cn\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://portal.duke.edu/CACHE/stc/1/binaries/vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2014-10-24  13:52:14
ComboFix-quarantined-files.txt  2014-10-24 17:52
.
Pre-Run: 520,216,047,616 bytes free
Post-Run: 522,149,801,984 bytes free
.
- - End Of File - - AF7150FE71BFCD89A0F111B96FC6CB72


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:08 AM

Posted 24 October 2014 - 01:27 PM

Yes,
please reboot your PC and run a scan with FRST:

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 ah_10

ah_10
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 24 October 2014 - 03:02 PM

I don't see any dllhost.exe *32 in the task manager now. Below are the two log files. 

Does my computer look any better? 

 

vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by u_1165 (administrator) on U_1165-MSI on 24-10-2014 15:53:12
Running from C:\Users\u_1165\Desktop
Loaded Profile: u_1165 (Available profiles: UpdatusUser & u_1165)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\S-Bar\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Micro-Star International Co.,Ltd.) C:\Program Files (x86)\S-Bar\S-Bar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
() C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-16] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [THXCfg64] => C:\windows\system32\RunDLL32.exe C:\windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1646752 2011-12-05] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213824 2011-12-05] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [416992 2011-12-05] (Trend Micro Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [S-Bar] => C:\Program Files (x86)\S-Bar\S-Bar.exe [5499392 2011-11-02] (Micro-Star International Co.,Ltd.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502288 2012-01-03] (MSI)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1522376 2011-12-19] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [VGAOCAP] => C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe [88576 2012-01-31] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-10-13] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [230696 2011-10-13] (CyberLink Corp.)
HKLM-x32\...\Run: [NortonOnlineBackup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1112920 2010-03-05] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3763414330-379940420-2629935955-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-27] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-02-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://portal.duke.edu/CACHE/stc/1/binaries/vpnweb.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
Winsock: Catalog9 01 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\u_1165\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\u_1165\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\u_1165\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\u_1165\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\u_1165\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\u_1165\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension [2012-03-15]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2012-03-15]
 
Chrome: 
=======
CHR Profile: C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-21]
CHR Extension: (Google Drive) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-21]
CHR Extension: (Google Search) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-21]
CHR Extension: (Google Wallet) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-21]
CHR Extension: (Unblock Youku) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-09-04]
CHR Extension: (Gmail) - C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-11-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-16] (MSI) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [138768 2012-01-03] (MSI)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-05] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [492032 2012-03-08] () [File not signed]
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [247072 2011-12-05] (Trend Micro Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [75880 2012-03-08] (Bigfoot Networks, Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161616 2012-03-08] (Qualcomm Atheros, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [91920 2011-12-05] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [167696 2011-12-05] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [70928 2011-12-05] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-12-05] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MGHwCtrl; \??\C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-24 15:53 - 2014-10-24 15:53 - 00017804 _____ () C:\Users\u_1165\Desktop\FRST.txt
2014-10-24 13:52 - 2014-10-24 13:52 - 00017731 _____ () C:\ComboFix.txt
2014-10-24 13:42 - 2014-10-24 13:52 - 00000000 ____D () C:\Qoobox
2014-10-24 13:42 - 2011-06-26 02:45 - 00256000 _____ () C:\windows\PEV.exe
2014-10-24 13:42 - 2010-11-07 13:20 - 00208896 _____ () C:\windows\MBR.exe
2014-10-24 13:42 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-10-24 13:42 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-10-24 13:42 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-10-24 13:42 - 2000-08-30 20:00 - 00098816 _____ () C:\windows\sed.exe
2014-10-24 13:42 - 2000-08-30 20:00 - 00080412 _____ () C:\windows\grep.exe
2014-10-24 13:42 - 2000-08-30 20:00 - 00068096 _____ () C:\windows\zip.exe
2014-10-24 13:41 - 2014-10-24 13:51 - 00000000 ____D () C:\windows\erdnt
2014-10-24 13:05 - 2014-10-24 13:06 - 05583977 ____R (Swearware) C:\Users\u_1165\Desktop\ComboFix.exe
2014-10-22 18:36 - 2014-10-24 15:53 - 00000000 ____D () C:\FRST
2014-10-22 18:35 - 2014-10-22 18:36 - 02112000 _____ (Farbar) C:\Users\u_1165\Desktop\FRST64.exe
2014-10-21 22:17 - 2014-10-21 22:39 - 00000000 ____D () C:\windows\System32\Tasks\360SuperKiller
2014-10-21 21:13 - 2014-10-21 22:17 - 00000000 ____D () C:\Users\u_1165\AppData\Roaming\360SuperKiller
2014-10-21 20:29 - 2014-10-21 22:41 - 00000000 ____D () C:\ProgramData\360safe
2014-10-21 20:29 - 2014-10-21 20:29 - 00000000 ____D () C:\Users\u_1165\AppData\Roaming\360Login
2014-10-21 19:30 - 2014-10-21 19:38 - 00000000 ____D () C:\Program Files\Unlocker
2014-10-21 19:30 - 2014-10-21 19:30 - 00000000 ____D () C:\Users\u_1165\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-10-21 19:28 - 2014-10-21 19:28 - 01078591 _____ () C:\Users\u_1165\Desktop\Unlocker1.9.2.exe
2014-10-21 19:08 - 2014-10-21 22:46 - 00000000 ____D () C:\$360Section
2014-10-21 19:02 - 2014-04-22 23:51 - 00077896 _____ (360.cn) C:\windows\system32\Drivers\360AvFlt.sys
2014-10-16 11:16 - 2014-10-16 11:16 - 05687742 _____ () C:\Users\u_1165\Desktop\GT60_English.zip
2014-10-15 18:59 - 2014-10-15 18:59 - 00001229 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Cisco AnyConnect VPN Client.lnk
2014-10-15 18:59 - 2014-10-15 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-10-13 22:41 - 2014-10-15 19:04 - 00000000 ____D () C:\Users\u_1165\AppData\Local\Cisco
2014-10-13 22:41 - 2014-10-15 18:59 - 00000000 ____D () C:\ProgramData\Cisco
2014-10-13 22:41 - 2014-10-15 18:59 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-10-13 22:31 - 2014-10-16 10:53 - 00000086 _____ () C:\Users\u_1165\Desktop\Remote Desktop Connection.txt
2014-10-09 16:55 - 2014-10-09 16:55 - 00000000 ____D () C:\Users\u_1165\AppData\Roaming\Mozilla
2014-10-06 17:35 - 2014-10-19 14:57 - 00000000 ____D () C:\Users\u_1165\Desktop\New cell phone
2014-10-06 17:35 - 2014-10-18 21:08 - 00000000 ____D () C:\Users\u_1165\Desktop\Credit card
2014-10-05 02:14 - 2014-10-05 02:14 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-05 02:14 - 2014-10-05 02:14 - 00000000 ____D () C:\Users\u_1165\AppData\Local\Skype
2014-10-05 02:14 - 2014-10-05 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-26 11:30 - 2014-10-15 22:14 - 00002525 _____ () C:\Users\u_1165\Desktop\sell price.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-24 15:53 - 2014-07-04 21:48 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3763414330-379940420-2629935955-1001UA.job
2014-10-24 15:49 - 2014-05-21 22:32 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 15:48 - 2013-10-04 18:26 - 00004970 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for u_1165-MSI-u_1165 u_1165-MSI
2014-10-24 15:37 - 2014-05-21 22:32 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 15:37 - 2013-09-03 15:08 - 00000548 _____ () C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job
2014-10-24 15:37 - 2012-12-08 09:44 - 01466232 _____ () C:\windows\WindowsUpdate.log
2014-10-24 15:37 - 2012-03-15 02:00 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2014-10-24 15:31 - 2009-07-14 00:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 15:31 - 2009-07-14 00:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 15:24 - 2010-11-20 23:47 - 00027098 _____ () C:\windows\PFRO.log
2014-10-24 15:24 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-24 15:24 - 2009-07-14 00:51 - 00148663 _____ () C:\windows\setupact.log
2014-10-24 13:52 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-10-24 13:50 - 2009-07-13 22:34 - 00000215 _____ () C:\windows\system.ini
2014-10-23 21:53 - 2014-07-04 21:48 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3763414330-379940420-2629935955-1001Core.job
2014-10-23 18:55 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-10-21 21:14 - 2014-05-08 23:25 - 00003556 _____ () C:\windows\System32\Tasks\GarminUpdaterTask
2014-10-21 20:32 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-10-21 19:28 - 2014-08-13 17:27 - 00009402 _____ () C:\Users\u_1165\AppData\Roaming\Comma Separated Values.EML
2014-10-21 00:47 - 2009-07-14 01:13 - 00741900 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-21 00:37 - 2013-10-07 10:11 - 00002176 _____ () C:\Users\u_1165\Desktop\progress tracker.txt
2014-10-20 00:17 - 2013-09-03 15:18 - 00000000 ___RD () C:\Users\u_1165\Documents\MATLAB
2014-10-19 21:06 - 2014-07-12 01:32 - 00001010 _____ () C:\Users\u_1165\Desktop\Memo.txt
2014-10-19 18:44 - 2014-05-21 22:32 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 18:44 - 2014-05-21 22:32 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 18:45 - 2014-05-21 22:35 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-16 19:16 - 2013-09-16 13:44 - 00002054 ____H () C:\Users\u_1165\Documents\Default.rdp
2014-10-16 19:14 - 2009-07-14 01:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-10-13 10:32 - 2013-09-15 19:06 - 00012448 _____ () C:\Users\u_1165\Desktop\Schedule.xlsx
2014-10-11 23:27 - 2012-03-15 02:57 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-10 23:15 - 2013-02-22 13:12 - 00000000 ____D () C:\Users\u_1165\AppData\Roaming\Skype
2014-10-06 17:14 - 2014-07-11 21:48 - 00011266 _____ () C:\Users\u_1165\Desktop\Bills to Pay.xlsx
2014-10-05 02:14 - 2013-02-22 13:12 - 00000000 ____D () C:\ProgramData\Skype
2014-10-03 02:38 - 2014-08-10 19:34 - 00000174 _____ () C:\Users\u_1165\Desktop\everyday dishes.txt
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 00:50
 
==================== End Of Log ============================
 
 

vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2014
Ran by u_1165 at 2014-10-24 15:53:47
Running from C:\Users\u_1165\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Titanium Internet Security 2012 (Disabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92}
AS: Trend Micro Titanium Internet Security 2012 (Disabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1105.1601 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 3.0.1103.1801 - Micro-Star International Co., Ltd.)
Cisco AnyConnect VPN Client (HKLM-x32\...\{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}) (Version: 2.4.0202 - Cisco Systems, Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4612 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4612 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.0.0.7072 - Thomson Reuters)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
ImageJ 1.47v (HKLM\...\ImageJ_is1) (Version:  - NIH)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1262 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1112.1901 - Micro-Star International Co., Ltd.)
KLM (x32 Version: 1.0.1112.1901 - Micro-Star International Co., Ltd.) Hidden
MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSI HOUSE (HKLM-x32\...\{DA5597C9-9216-44FF-9670-D1E48817B998}) (Version: 10.07.1601 - MSI)
MSI Software Install (HKLM-x32\...\{332EBFE0-C39E-42D1-99B5-ABBBECAD71B6}) (Version: 4.0.1105.1701 - Micro-Star International Co., Ltd.)
MSI VGA Overclock Tool (HKLM-x32\...\{95193654-3EF2-4D17-8503-9F80B56D9ED5}) (Version: 12.01.3101 - MSI)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.13580 - Symantec Corporation)
NVIDIA Control Panel 295.62 (Version: 295.62 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 295.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 295.62 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.7.12 (Version: 1.7.12 - NVIDIA Corporation) Hidden
NVIDIA Update 1.7.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.7.12 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.315 - Qualcomm Atheros)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.315 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.90 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
S-Bar (HKLM-x32\...\{39BDC923-826E-4007-8179-50E7C570E545}) (Version: 21.011.11023 - Micro-Star International Co.,Ltd.)
SecEditCtl.BOC (only remove) (HKLM-x32\...\SecEditCtl.BOC01000009) (Version:  - CFCA)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.006 - MSI)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.14.0 - Synaptics Incorporated)
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.04.01 - Creative Technology Limited)
Trend Micro Titanium (Version: 5.00 - Trend Micro Inc.) Hidden
Trend Micro Titanium Internet Security 2012 (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 5.0 - Trend Micro Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600211) (Version: 1 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813NA}_is1) (Version:  - Wargaming.net)
同花顺免费模拟炒股软件(v8.10.44 Build 2012.6.18) (HKLM-x32\...\同花顺免费模拟炒股软件_is1) (Version:  - 浙江核新同花顺网络信息股份有限公司)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3763414330-379940420-2629935955-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\u_1165\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3763414330-379940420-2629935955-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\u_1165\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
02-10-2014 20:28:13 PROPLUSR
05-10-2014 06:05:51 Removed Skype™ 6.3
12-10-2014 23:39:58 Scheduled Checkpoint
14-10-2014 02:41:35 Installed Cisco AnyConnect Secure Mobility Client
14-10-2014 02:55:34 Revo Uninstaller's restore point - Cisco AnyConnect Diagnostics and Reporting Tool
14-10-2014 02:55:40 Removed Cisco AnyConnect Diagnostics and Reporting Tool
14-10-2014 02:57:30 Revo Uninstaller's restore point - Cisco AnyConnect Start Before Login Module
14-10-2014 02:57:36 Removed Cisco AnyConnect Start Before Login Module
14-10-2014 02:58:20 Revo Uninstaller's restore point - Cisco AnyConnect Secure Mobility Client 
14-10-2014 02:58:27 Removed Cisco AnyConnect Secure Mobility Client
15-10-2014 22:59:29 Installed Cisco AnyConnect VPN Client
22-10-2014 01:12:27 Revo Uninstaller's restore point - 360安全卫士
22-10-2014 02:40:31 Revo Uninstaller's restore point - 360安全卫士
22-10-2014 02:43:56 Revo Uninstaller's restore point - 360杀毒
22-10-2014 02:45:25 Revo Uninstaller's restore point - 360杀毒
22-10-2014 02:46:24 Revo Uninstaller's restore point - 360杀毒
24-10-2014 17:42:11 ComboFix created restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-10-24 13:50 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0105EF09-4523-4EC9-8FD9-741D3A62122D} - \360SuperKiller\360SuperKiller No Task File <==== ATTENTION
Task: {3B27BB4A-F95B-47D3-95D0-EBE996C95726} - System32\Tasks\{24AF0EC0-386E-4A07-A0B2-7C429D3F1F34} => C:\Program Files (x86)\CIRS\MotionControl\MotionControl.exe
Task: {4930CF2D-047F-4B43-B9D5-9511940AFE8C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3763414330-379940420-2629935955-1001UA => C:\Users\u_1165\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)
Task: {4E883542-1528-49E5-966B-25B70EA38E72} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {5422D880-3640-47B4-AE32-4B85E7E3E922} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-27] ()
Task: {6E9580F7-B2FE-40AD-93AB-6E3BD768E6D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-21] (Google Inc.)
Task: {B82399D2-BA8F-4E7A-B169-B404A5A63A94} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3763414330-379940420-2629935955-1001Core => C:\Users\u_1165\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)
Task: {C637DB75-6E1A-4F13-B784-A7F9CC304C67} - System32\Tasks\Microsoft Office 15 Sync Maintenance for u_1165-MSI-u_1165 u_1165-MSI => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {D11D405A-D2C4-493E-970B-36EDEE63568F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-21] (Google Inc.)
Task: {F8E049C5-C15C-4507-AFCD-68150B805021} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3763414330-379940420-2629935955-1001Core.job => C:\Users\u_1165\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3763414330-379940420-2629935955-1001UA.job => C:\Users\u_1165\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-03-08 00:58 - 2012-03-08 00:58 - 00492032 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
2011-05-09 22:46 - 2011-05-09 22:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll
2011-05-09 22:56 - 2011-05-09 22:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll
2011-05-09 22:47 - 2011-05-09 22:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll
2011-05-10 14:32 - 2011-05-10 14:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll
2011-05-09 22:48 - 2011-05-09 22:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll
2012-03-15 02:57 - 2011-12-05 22:05 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2012-03-15 02:57 - 2011-12-05 22:05 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2005-06-07 14:26 - 2005-06-07 14:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR 3.61 Multi\rarext64.dll
2012-03-15 00:33 - 2012-01-05 05:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-15 02:33 - 2010-05-04 14:00 - 00237056 _____ () C:\windows\SYSTEM32\APOMgr64.DLL
2012-03-08 00:58 - 2012-03-08 00:58 - 00549888 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
2012-03-08 00:58 - 2012-03-08 00:58 - 00404992 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modApplications.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00036864 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFeatures.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00025088 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFraps.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00241152 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modGraph.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00062464 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modlcd.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00290304 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNetwork.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00184832 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNpu.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00210944 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOptions.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00055808 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOverview.dll
2012-03-08 00:58 - 2012-03-08 00:58 - 00329216 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modSystemInfo.dll
2012-01-31 17:49 - 2012-01-31 17:49 - 00088576 _____ () C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
2012-12-07 18:56 - 2012-12-07 18:56 - 00172032 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a21ece5c049c9f429756fd1a3fe55ccd\IsdiInterop.ni.dll
2012-03-15 02:06 - 2011-11-29 21:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\u_1165\AppData\Roaming\Comma Separated Values.EML:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3763414330-379940420-2629935955-500 - Administrator - Disabled)
Guest (S-1-5-21-3763414330-379940420-2629935955-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3763414330-379940420-2629935955-1000 - Limited - Enabled) => C:\Users\UpdatusUser
u_1165 (S-1-5-21-3763414330-379940420-2629935955-1001 - Administrator - Enabled) => C:\Users\u_1165
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/24/2014 03:26:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/24/2014 01:42:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8
Faulting module name: kernel32.dll, version: 6.1.7601.17651, time stamp: 0x4e211318
Exception code: 0xc0000005
Fault offset: 0x000113b0
Faulting process id: 0x2300
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (10/24/2014 00:59:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/23/2014 06:54:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/23/2014 06:46:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64.exe, version: 22.10.2014.0, time stamp: 0x54480c14
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc00000fd
Fault offset: 0x0000000000057080
Faulting process id: 0x17c4
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
 
Error: (10/23/2014 06:40:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/22/2014 06:27:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 10:51:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 10:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service 主动防御 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/21/2014 10:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary 360FsFlt mini-filter driver.
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (10/24/2014 03:26:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (10/24/2014 03:26:56 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (10/24/2014 03:24:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (10/24/2014 03:24:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
Error: (10/24/2014 01:57:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (10/24/2014 01:50:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/24/2014 01:49:33 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (10/24/2014 01:47:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/24/2014 01:23:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/24/2014 01:01:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
 
Microsoft Office Sessions:
=========================
Error: (10/24/2014 03:26:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/24/2014 01:42:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe0.0.0.04e06cfe8kernel32.dll6.1.7601.176514e211318c0000005000113b0230001cfefb1cdaaf3beC:\32788R22FWJFW\License\iexplore.exeC:\windows\syswow64\kernel32.dll0e10bd26-5ba5-11e4-a87e-8c89a5029eee
 
Error: (10/24/2014 00:59:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/23/2014 06:54:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/23/2014 06:46:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64.exe22.10.2014.054480c14ntdll.dll6.1.7601.177254ec4aa8ec00000fd000000000005708017c401cfef13193c1895C:\Users\u_1165\Desktop\FRST64.exeC:\windows\SYSTEM32\ntdll.dll72375e75-5b06-11e4-adea-8c89a5029eee
 
Error: (10/23/2014 06:40:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/22/2014 06:27:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 10:51:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 10:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service 主动防御 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (10/21/2014 10:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary 360FsFlt mini-filter driver.
 
System Error:
The system cannot find the file specified.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-24 13:49:33.387
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-24 13:49:33.387
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-22 19:01:54.333
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-22 19:01:54.298
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-22 18:54:58.535
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-22 18:54:58.495
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-21 18:35:55.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-21 18:35:55.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 23:14:56.343
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 23:14:56.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 16%
Total physical RAM: 12184.7 MB
Available physical RAM: 10185.1 MB
Total Pagefile: 24367.6 MB
Available Pagefile: 22085.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: (OS_Install) (Fixed) (Total:552.3 GB) (Free:486.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:368.2 GB) (Free:148.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E0305439)
Partition 1: (Not Active) - (Size=10.9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=552.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=368.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:08 AM

Posted 24 October 2014 - 03:19 PM

I don't see any dllhost.exe *32 in the task manager now. Below are the two log files. 
Does my computer look any better?


Of course! :)
ComboFix has killed the infection.

Let's do a final check up:

Step 1


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 ah_10

ah_10
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 25 October 2014 - 09:35 AM

Thank you, Jürgen! I feel so relieved to hear that the infection has been killed. 
 
My laptop looks fine now but I did see an instance of dllhost.exe *32 and two of dllhost.exe after I ran the ESET report. They all disappeared in seconds though. I rebooted my laptop and have since watched the task manager for two hours. Two instances of dllhost.exe occasionally come and go. No dllhost.exe *32 observed. I am wondering if it is possible that this infection is hiding somewhere or the instance of dllhost.exe *32 I saw was just remnants of the killed infection. 
 
I also found a tiny problem with the looking of the Diagnose Connection Problems button in my IE. I remember it should look like a rounded rectangle with blue edge. However it is now gray and rectangular, pretty much like the Win98 style. I didn't find an option to insert images in reply. Otherwise I could show you what it looks like. I am totally fine with the looking but I just wonder if this change has to do with the infection? 
 
 
Below is the log file from ESET online scanner. 
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=208c0e8b5d1a26448dbb5aa4ced3c523
# engine=20771
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-25 05:36:55
# local_time=2014-10-25 01:36:55 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Trend Micro Titanium Internet Security 2012'
# compatibility_mode=518 16777213 100 98 81499121 90160283 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 59035998 165758865 0 0
# scanned=506260
# found=3
# cleaned=0
# scan_time=5451
sh=73C98F1721958026BEB496BFCF15FB9A28B3B7A0 ft=1 fh=9a28cb911a364095 vn="Win32/DownWare.L potentially unwanted application" ac=I fn="C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001fae"
sh=F1EFF6451CED129C0E5C0A510955F234A01158A0 ft=1 fh=332b4278a72373e2 vn="a variant of Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\Users\u_1165\Desktop\Unlocker1.9.2.exe"
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ potentially unwanted application" ac=I fn="D:\Software Installers\PDFCreator-1_7_1_setup.exe"
 


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:08 AM

Posted 25 October 2014 - 09:55 AM

I didn't find an option to insert images in reply.


Hi,
does this work for you?

post-155276-0-19034800-1406371428.png
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 ah_10

ah_10
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 25 October 2014 - 10:32 AM

Here it is.  :lol:

Attached Files



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:08 AM

Posted 25 October 2014 - 01:50 PM

Yes, you are right! :)
But, you should update to IE 11 later anyway.
 
tqvkemt9.png
 

Two instances of dllhost.exe occasionally come and go. No dllhost.exe *32 observed. I am wondering if it is possible that this infection is hiding somewhere or the instance of dllhost.exe *32 I saw was just remnants of the killed infection.

 
Please note: the dllhost.exe is a legit system file! :)
http://blog.trendmicro.com/trendlabs-security-intelligence/poweliks-malware-hides-in-windows-registry/

 

 

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:

    C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001fae
    C:\Users\u_1165\Desktop\Unlocker1.9.2.exe
    D:\Software Installers\PDFCreator-1_7_1_setup.exe
    AlternateDataStreams: C:\Users\u_1165\AppData\Roaming\Comma Separated Values.EML:OECustomProperty
    Task: {0105EF09-4523-4EC9-8FD9-741D3A62122D} - \360SuperKiller\360SuperKiller No Task File <==== ATTENTION
    2014-10-21 22:17 - 2014-10-21 22:39 - 00000000 ____D () C:\windows\System32\Tasks\360SuperKiller
    SearchScopes: HKCU - DefaultScope {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL =
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!


  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

 

Step 2

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

Edited by deeprybka, 25 October 2014 - 01:51 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 ah_10

ah_10
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 26 October 2014 - 10:48 AM

Thanks for the information. I haven't seen any dllhost.exe *32 in the task manager since my last post. This should be a good news.  :)

 

Below are the log files. 

 

 

vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2014
Ran by u_1165 at 2014-10-26 11:20:42 Run:2
Running from C:\Users\u_1165\Desktop
Loaded Profile: u_1165 (Available profiles: UpdatusUser & u_1165)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001fae
C:\Users\u_1165\Desktop\Unlocker1.9.2.exe
D:\Software Installers\PDFCreator-1_7_1_setup.exe
AlternateDataStreams: C:\Users\u_1165\AppData\Roaming\Comma Separated Values.EML:OECustomProperty
Task: {0105EF09-4523-4EC9-8FD9-741D3A62122D} - \360SuperKiller\360SuperKiller No Task File <==== ATTENTION
2014-10-21 22:17 - 2014-10-21 22:39 - 00000000 ____D () C:\windows\System32\Tasks\360SuperKiller
SearchScopes: HKCU - DefaultScope {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL =
*****************
 
C:\Users\u_1165\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001fae => Moved successfully.
C:\Users\u_1165\Desktop\Unlocker1.9.2.exe => Moved successfully.
D:\Software Installers\PDFCreator-1_7_1_setup.exe => Moved successfully.
C:\Users\u_1165\AppData\Roaming\Comma Separated Values.EML => ":OECustomProperty" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0105EF09-4523-4EC9-8FD9-741D3A62122D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0105EF09-4523-4EC9-8FD9-741D3A62122D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\360SuperKiller\360SuperKiller" => Key deleted successfully.
C:\windows\System32\Tasks\360SuperKiller => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
 
==== End of Fixlog ====
 
 
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
TDSSKiller.3.0.0.40_26.10.2014_11.22.50_log.txt
 
11:22:50.0747 0x167c  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
11:22:56.0659 0x167c  ============================================================
11:22:56.0659 0x167c  Current date / time: 2014/10/26 11:22:56.0659
11:22:56.0659 0x167c  SystemInfo:
11:22:56.0659 0x167c  
11:22:56.0659 0x167c  OS Version: 6.1.7601 ServicePack: 1.0
11:22:56.0659 0x167c  Product type: Workstation
11:22:56.0659 0x167c  ComputerName: U_1165-MSI
11:22:56.0659 0x167c  UserName: u_1165
11:22:56.0659 0x167c  Windows directory: C:\windows
11:22:56.0659 0x167c  System windows directory: C:\windows
11:22:56.0659 0x167c  Running under WOW64
11:22:56.0659 0x167c  Processor architecture: Intel x64
11:22:56.0659 0x167c  Number of processors: 8
11:22:56.0659 0x167c  Page size: 0x1000
11:22:56.0659 0x167c  Boot type: Normal boot
11:22:56.0659 0x167c  ============================================================
11:22:56.0971 0x167c  KLMD registered as C:\windows\system32\drivers\75737469.sys
11:22:57.0439 0x167c  System UUID: {86CF8E0F-8BF8-C3C4-E6B7-A3C38CD17E02}
11:22:57.0813 0x167c  Drive \Device\Harddisk0\DR0 - Size: 0xE8E1300000 ( 931.52 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:22:57.0829 0x167c  ============================================================
11:22:57.0829 0x167c  \Device\Harddisk0\DR0:
11:22:57.0829 0x167c  MBR partitions:
11:22:57.0829 0x167c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x160B000, BlocksNum 0x45098800
11:22:57.0829 0x167c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x466A3800, BlocksNum 0x2E065800
11:22:57.0829 0x167c  ============================================================
11:22:57.0860 0x167c  C: <-> \Device\Harddisk0\DR0\Partition1
11:22:57.0891 0x167c  D: <-> \Device\Harddisk0\DR0\Partition2
11:22:57.0891 0x167c  ============================================================
11:22:57.0891 0x167c  Initialize success
11:22:57.0891 0x167c  ============================================================
11:23:44.0651 0x15bc  ============================================================
11:23:44.0651 0x15bc  Scan started
11:23:44.0651 0x15bc  Mode: Manual; SigCheck; TDLFS; 
11:23:44.0651 0x15bc  ============================================================
11:23:44.0651 0x15bc  KSN ping started
11:23:58.0629 0x15bc  KSN ping finished: true
11:23:59.0159 0x15bc  ================ Scan system memory ========================
11:23:59.0159 0x15bc  System memory - ok
11:23:59.0159 0x15bc  ================ Scan services =============================
11:23:59.0300 0x15bc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
11:23:59.0378 0x15bc  1394ohci - ok
11:23:59.0393 0x15bc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
11:23:59.0409 0x15bc  ACPI - ok
11:23:59.0440 0x15bc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
11:23:59.0471 0x15bc  AcpiPmi - ok
11:23:59.0549 0x15bc  [ 11A52CF7B265631DEEB24C6149309EFF, CBA25D358185FD4BE261C6C1B518AD60F5D27D5FB418098AB262B10F5A11C178 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:23:59.0549 0x15bc  AdobeARMservice - ok
11:23:59.0581 0x15bc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
11:23:59.0612 0x15bc  adp94xx - ok
11:23:59.0627 0x15bc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
11:23:59.0643 0x15bc  adpahci - ok
11:23:59.0659 0x15bc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
11:23:59.0659 0x15bc  adpu320 - ok
11:23:59.0674 0x15bc  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
11:23:59.0815 0x15bc  AeLookupSvc - ok
11:23:59.0846 0x15bc  [ D5B031C308A409A0A576BFF4CF083D30, 081FCB53C65BC48093AEA5B067757F04C5C92F920D32A4DF01DD1DFF6B2FB20D ] AFD             C:\windows\system32\drivers\afd.sys
11:23:59.0893 0x15bc  AFD - ok
11:23:59.0908 0x15bc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
11:23:59.0924 0x15bc  agp440 - ok
11:23:59.0924 0x15bc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
11:23:59.0971 0x15bc  ALG - ok
11:23:59.0971 0x15bc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
11:23:59.0986 0x15bc  aliide - ok
11:24:00.0002 0x15bc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
11:24:00.0002 0x15bc  amdide - ok
11:24:00.0017 0x15bc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
11:24:00.0033 0x15bc  AmdK8 - ok
11:24:00.0049 0x15bc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
11:24:00.0080 0x15bc  AmdPPM - ok
11:24:00.0095 0x15bc  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
11:24:00.0111 0x15bc  amdsata - ok
11:24:00.0127 0x15bc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
11:24:00.0142 0x15bc  amdsbs - ok
11:24:00.0142 0x15bc  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
11:24:00.0158 0x15bc  amdxata - ok
11:24:00.0236 0x15bc  [ 1B7D1F0A0DFADBC797C16364792A7AA5, 0F56D0AE094BED2D0ACB8CD4C06264C429B0E08A0597744747C4D3DF77860BE2 ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
11:24:00.0267 0x15bc  Amsp - ok
11:24:00.0283 0x15bc  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
11:24:00.0329 0x15bc  AppID - ok
11:24:00.0329 0x15bc  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
11:24:00.0361 0x15bc  AppIDSvc - ok
11:24:00.0376 0x15bc  [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo         C:\windows\System32\appinfo.dll
11:24:00.0407 0x15bc  Appinfo - ok
11:24:00.0423 0x15bc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
11:24:00.0439 0x15bc  arc - ok
11:24:00.0439 0x15bc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
11:24:00.0439 0x15bc  arcsas - ok
11:24:00.0454 0x15bc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
11:24:00.0517 0x15bc  AsyncMac - ok
11:24:00.0532 0x15bc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
11:24:00.0548 0x15bc  atapi - ok
11:24:00.0595 0x15bc  [ E857EEE6B92AAA473EBB3465ADD8F7E7, 1C7E4737E649A025B3C4974A4F7D1353EAB85561FC8ED54E5C22A777E1A189B3 ] athr            C:\windows\system32\DRIVERS\athrx.sys
11:24:00.0657 0x15bc  athr - ok
11:24:00.0704 0x15bc  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:24:00.0766 0x15bc  AudioEndpointBuilder - ok
11:24:00.0766 0x15bc  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
11:24:00.0797 0x15bc  AudioSrv - ok
11:24:00.0844 0x15bc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
11:24:00.0891 0x15bc  AxInstSV - ok
11:24:00.0922 0x15bc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
11:24:00.0969 0x15bc  b06bdrv - ok
11:24:01.0000 0x15bc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
11:24:01.0047 0x15bc  b57nd60a - ok
11:24:01.0063 0x15bc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
11:24:01.0109 0x15bc  BDESVC - ok
11:24:01.0141 0x15bc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
11:24:01.0187 0x15bc  Beep - ok
11:24:01.0219 0x15bc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
11:24:01.0265 0x15bc  BFE - ok
11:24:01.0297 0x15bc  [ A547A67CD2E6E0354A2EFDBE939C2E6C, 83CFB1511687F0975D4D074801F1B85CF3AB51674938E432B9292305C42BD40D ] BfLwf           C:\windows\system32\DRIVERS\bflwfx64.sys
11:24:01.0312 0x15bc  BfLwf - ok
11:24:01.0343 0x15bc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\system32\qmgr.dll
11:24:01.0390 0x15bc  BITS - ok
11:24:01.0406 0x15bc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\drivers\blbdrive.sys
11:24:01.0421 0x15bc  blbdrive - ok
11:24:01.0515 0x15bc  [ 05981C3E51D827ED6B8101A54B05E392, FD010159BEC7B88C3A784844A4796D5DAEBA21788A377D12457F59A961E8D77E ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
11:24:01.0531 0x15bc  Bluetooth Device Monitor - ok
11:24:01.0577 0x15bc  [ BBFAF63BF768047FE2441B4139E803E3, 20079C578507D34C9A30FFE23A8B22D8A9E7079A994295C833A885EC193E577A ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
11:24:01.0593 0x15bc  Bluetooth Media Service - ok
11:24:01.0640 0x15bc  [ 41D8F56E6BBE0111244D87BE2FA90374, 8B73471825B929FEC0367E3B6B6FE346E22ADFB356BE61A01C3EC7CC6F5986D7 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
11:24:01.0655 0x15bc  Bluetooth OBEX Service - ok
11:24:01.0687 0x15bc  [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser          C:\windows\system32\DRIVERS\bowser.sys
11:24:01.0718 0x15bc  bowser - ok
11:24:01.0733 0x15bc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
11:24:01.0765 0x15bc  BrFiltLo - ok
11:24:01.0765 0x15bc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
11:24:01.0780 0x15bc  BrFiltUp - ok
11:24:01.0811 0x15bc  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
11:24:01.0843 0x15bc  BridgeMP - ok
11:24:01.0858 0x15bc  [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser         C:\windows\System32\browser.dll
11:24:01.0905 0x15bc  Browser - ok
11:24:01.0921 0x15bc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
11:24:01.0952 0x15bc  Brserid - ok
11:24:01.0967 0x15bc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
11:24:01.0983 0x15bc  BrSerWdm - ok
11:24:01.0999 0x15bc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
11:24:02.0030 0x15bc  BrUsbMdm - ok
11:24:02.0030 0x15bc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
11:24:02.0045 0x15bc  BrUsbSer - ok
11:24:02.0061 0x15bc  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\windows\system32\DRIVERS\BthEnum.sys
11:24:02.0077 0x15bc  BthEnum - ok
11:24:02.0092 0x15bc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
11:24:02.0108 0x15bc  BTHMODEM - ok
11:24:02.0123 0x15bc  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
11:24:02.0155 0x15bc  BthPan - ok
11:24:02.0170 0x15bc  [ 64C198198501F7560EE41D8D1EFA7952, 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0 ] BTHPORT         C:\windows\system32\Drivers\BTHport.sys
11:24:02.0186 0x15bc  BTHPORT - ok
11:24:02.0201 0x15bc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
11:24:02.0233 0x15bc  bthserv - ok
11:24:02.0233 0x15bc  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\system32\Drivers\BTHUSB.sys
11:24:02.0248 0x15bc  BTHUSB - ok
11:24:02.0264 0x15bc  [ 988CC6CC49303665D3B2435C51505C3F, 5217A7A1BAD77EBF4E5D68D191FCFD7CE4FB96ABB91638383A077BE9CE794EE3 ] btmaux          C:\windows\system32\DRIVERS\btmaux.sys
11:24:02.0279 0x15bc  btmaux - ok
11:24:02.0326 0x15bc  [ 2B4B508AFAC2A563931AF1FE875A5B16, F6A5261BD3FB8AE7BF26F32B681A15E56317EF8A9D8AB84B9B6BCA66F5484698 ] btmhsf          C:\windows\system32\DRIVERS\btmhsf.sys
11:24:02.0373 0x15bc  btmhsf - ok
11:24:02.0389 0x15bc  catchme - ok
11:24:02.0404 0x15bc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
11:24:02.0467 0x15bc  cdfs - ok
11:24:02.0482 0x15bc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
11:24:02.0513 0x15bc  cdrom - ok
11:24:02.0560 0x15bc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
11:24:02.0607 0x15bc  CertPropSvc - ok
11:24:02.0623 0x15bc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
11:24:02.0638 0x15bc  circlass - ok
11:24:02.0669 0x15bc  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
11:24:02.0685 0x15bc  CLFS - ok
11:24:02.0732 0x15bc  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:24:02.0747 0x15bc  clr_optimization_v2.0.50727_32 - ok
11:24:02.0779 0x15bc  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:24:02.0794 0x15bc  clr_optimization_v2.0.50727_64 - ok
11:24:02.0825 0x15bc  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:24:02.0857 0x15bc  clr_optimization_v4.0.30319_32 - ok
11:24:02.0872 0x15bc  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:24:02.0888 0x15bc  clr_optimization_v4.0.30319_64 - ok
11:24:02.0919 0x15bc  [ E13A438F9E51DD034730678E33B73290, 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
11:24:02.0919 0x15bc  clwvd - ok
11:24:02.0935 0x15bc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
11:24:02.0950 0x15bc  CmBatt - ok
11:24:02.0966 0x15bc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
11:24:02.0981 0x15bc  cmdide - ok
11:24:03.0013 0x15bc  [ C4943B6C962E4B82197542447AD599F4, C854B2C4B525CF175E83ACF70712C378E826EBC1E87E591937BE9698DCD0019D ] CNG             C:\windows\system32\Drivers\cng.sys
11:24:03.0059 0x15bc  CNG - ok
11:24:03.0075 0x15bc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
11:24:03.0075 0x15bc  Compbatt - ok
11:24:03.0091 0x15bc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
11:24:03.0106 0x15bc  CompositeBus - ok
11:24:03.0106 0x15bc  COMSysApp - ok
11:24:03.0169 0x15bc  [ DB84D759193FDEDF82144E565108037E, 34568245095CFB2482C4E5BDFF94E5A213F81EE1813A18EF35867EDB32BC0B59 ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe
11:24:03.0184 0x15bc  cphs - ok
11:24:03.0200 0x15bc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
11:24:03.0200 0x15bc  crcdisk - ok
11:24:03.0215 0x15bc  [ 15597883FBE9B056F276ADA3AD87D9AF, B347E0B11228E38313C59C8ED984253A8A1FF482ED137CF5F488C4AFD6B08857 ] CryptSvc        C:\windows\system32\cryptsvc.dll
11:24:03.0247 0x15bc  CryptSvc - ok
11:24:03.0293 0x15bc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
11:24:03.0325 0x15bc  DcomLaunch - ok
11:24:03.0356 0x15bc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
11:24:03.0387 0x15bc  defragsvc - ok
11:24:03.0403 0x15bc  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
11:24:03.0434 0x15bc  DfsC - ok
11:24:03.0465 0x15bc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
11:24:03.0496 0x15bc  Dhcp - ok
11:24:03.0512 0x15bc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
11:24:03.0543 0x15bc  discache - ok
11:24:03.0559 0x15bc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
11:24:03.0559 0x15bc  Disk - ok
11:24:03.0590 0x15bc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
11:24:03.0637 0x15bc  Dnscache - ok
11:24:03.0668 0x15bc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
11:24:03.0715 0x15bc  dot3svc - ok
11:24:03.0746 0x15bc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
11:24:03.0793 0x15bc  DPS - ok
11:24:03.0824 0x15bc  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
11:24:03.0824 0x15bc  drmkaud - ok
11:24:03.0855 0x15bc  [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
11:24:03.0871 0x15bc  DXGKrnl - ok
11:24:03.0902 0x15bc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
11:24:03.0933 0x15bc  EapHost - ok
11:24:04.0027 0x15bc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
11:24:04.0105 0x15bc  ebdrv - ok
11:24:04.0120 0x15bc  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS             C:\windows\System32\lsass.exe
11:24:04.0151 0x15bc  EFS - ok
11:24:04.0229 0x15bc  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
11:24:04.0292 0x15bc  ehRecvr - ok
11:24:04.0323 0x15bc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
11:24:04.0354 0x15bc  ehSched - ok
11:24:04.0401 0x15bc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
11:24:04.0432 0x15bc  elxstor - ok
11:24:04.0432 0x15bc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
11:24:04.0448 0x15bc  ErrDev - ok
11:24:04.0479 0x15bc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
11:24:04.0526 0x15bc  EventSystem - ok
11:24:04.0541 0x15bc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
11:24:04.0573 0x15bc  exfat - ok
11:24:04.0588 0x15bc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
11:24:04.0619 0x15bc  fastfat - ok
11:24:04.0666 0x15bc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
11:24:04.0713 0x15bc  Fax - ok
11:24:04.0729 0x15bc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
11:24:04.0744 0x15bc  fdc - ok
11:24:04.0744 0x15bc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
11:24:04.0791 0x15bc  fdPHost - ok
11:24:04.0791 0x15bc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
11:24:04.0822 0x15bc  FDResPub - ok
11:24:04.0838 0x15bc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
11:24:04.0853 0x15bc  FileInfo - ok
11:24:04.0869 0x15bc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
11:24:04.0885 0x15bc  Filetrace - ok
11:24:04.0885 0x15bc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
11:24:04.0900 0x15bc  flpydisk - ok
11:24:04.0916 0x15bc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
11:24:04.0931 0x15bc  FltMgr - ok
11:24:04.0963 0x15bc  [ 5C4CB4086FB83115B153E47ADD961A0C, 0C3AB7D04BEB3A8FDE00B0C86E6FE064B1CEBB3E4DE1A29CD27830806FA300B3 ] FontCache       C:\windows\system32\FntCache.dll
11:24:05.0041 0x15bc  FontCache - ok
11:24:05.0072 0x15bc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:24:05.0072 0x15bc  FontCache3.0.0.0 - ok
11:24:05.0087 0x15bc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
11:24:05.0087 0x15bc  FsDepends - ok
11:24:05.0103 0x15bc  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
11:24:05.0119 0x15bc  Fs_Rec - ok
11:24:05.0134 0x15bc  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
11:24:05.0134 0x15bc  fvevol - ok
11:24:05.0150 0x15bc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
11:24:05.0165 0x15bc  gagp30kx - ok
11:24:05.0259 0x15bc  [ ED62B15B73209101759042A48C027F9E, 3D36E8B4550AE54CFF7FEC415BCC9B37FBA39F2B8FB79C1ECC0FF2BB410481DD ] Garmin Core Update Service C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
11:24:05.0275 0x15bc  Garmin Core Update Service - ok
11:24:05.0306 0x15bc  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
11:24:05.0368 0x15bc  gpsvc - ok
11:24:05.0446 0x15bc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:24:05.0462 0x15bc  gupdate - ok
11:24:05.0462 0x15bc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:24:05.0477 0x15bc  gupdatem - ok
11:24:05.0493 0x15bc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
11:24:05.0524 0x15bc  hcw85cir - ok
11:24:05.0555 0x15bc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:24:05.0602 0x15bc  HdAudAddService - ok
11:24:05.0602 0x15bc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
11:24:05.0633 0x15bc  HDAudBus - ok
11:24:05.0633 0x15bc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
11:24:05.0649 0x15bc  HidBatt - ok
11:24:05.0665 0x15bc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
11:24:05.0680 0x15bc  HidBth - ok
11:24:05.0696 0x15bc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
11:24:05.0711 0x15bc  HidIr - ok
11:24:05.0727 0x15bc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\System32\hidserv.dll
11:24:05.0758 0x15bc  hidserv - ok
11:24:05.0774 0x15bc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
11:24:05.0789 0x15bc  HidUsb - ok
11:24:05.0805 0x15bc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
11:24:05.0852 0x15bc  hkmsvc - ok
11:24:05.0867 0x15bc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:24:05.0899 0x15bc  HomeGroupListener - ok
11:24:05.0930 0x15bc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:24:05.0961 0x15bc  HomeGroupProvider - ok
11:24:05.0977 0x15bc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
11:24:05.0992 0x15bc  HpSAMD - ok
11:24:06.0023 0x15bc  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
11:24:06.0070 0x15bc  HTTP - ok
11:24:06.0086 0x15bc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
11:24:06.0086 0x15bc  hwpolicy - ok
11:24:06.0101 0x15bc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
11:24:06.0117 0x15bc  i8042prt - ok
11:24:06.0133 0x15bc  [ C224331A54571C8C9162F7714400BBBD, C2CA4881ACD46071E67435BE5E3DB133D0743B026FD20D6D6E26B2FE7A03FCAA ] iaStor          C:\windows\system32\drivers\iaStor.sys
11:24:06.0148 0x15bc  iaStor - ok
11:24:06.0211 0x15bc  [ 7D4B9A48430ED57ACA6373B71D5904CA, 6ED72DAA7A4951142F036364E8F237E74246EF3E9EA089448DEF15380DAB0DB3 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
11:24:06.0226 0x15bc  IAStorDataMgrSvc - ok
11:24:06.0257 0x15bc  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
11:24:06.0289 0x15bc  iaStorV - ok
11:24:06.0320 0x15bc  [ 9E3D44CE737388F6BBBB6DD4A1C1847C, 98FD10D07E5801870282D6D0226051193B7D12EF3C8B84DB8365B446E02499DB ] ibtfltcoex      C:\windows\system32\DRIVERS\iBtFltCoex.sys
11:24:06.0335 0x15bc  ibtfltcoex - ok
11:24:06.0429 0x15bc  [ 3CC7B3BB1A9EA201A040883EDFAA67A0, F543A779BA8CBFD5E0B939844B9CB47A2C05A400C693635F520438C18FFDFAF1 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
11:24:06.0476 0x15bc  IconMan_R - ok
11:24:06.0538 0x15bc  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:24:06.0554 0x15bc  idsvc - ok
11:24:06.0881 0x15bc  [ 54E37A4E66B2CA1C38E9728FAD5F9822, C53500674DD96909A34C3975C81D9325E4DAC0753A3E99535246BF7BADF19EF4 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
11:24:07.0381 0x15bc  igfx - ok
11:24:07.0427 0x15bc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
11:24:07.0427 0x15bc  iirsp - ok
11:24:07.0459 0x15bc  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\windows\System32\ikeext.dll
11:24:07.0521 0x15bc  IKEEXT - ok
11:24:07.0661 0x15bc  [ BB0D3D57C25D6C5215077A8FAA7AD4B3, 886B543BB75F01F8EE7C8BC1603189259248B8EC397BD851ECBBB0DDAE1D2D69 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
11:24:07.0739 0x15bc  IntcAzAudAddService - ok
11:24:07.0786 0x15bc  [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
11:24:07.0817 0x15bc  IntcDAud - ok
11:24:07.0833 0x15bc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
11:24:07.0849 0x15bc  intelide - ok
11:24:07.0864 0x15bc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\drivers\intelppm.sys
11:24:07.0895 0x15bc  intelppm - ok
11:24:07.0911 0x15bc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
11:24:07.0973 0x15bc  IPBusEnum - ok
11:24:07.0989 0x15bc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
11:24:08.0020 0x15bc  IpFilterDriver - ok
11:24:08.0051 0x15bc  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
11:24:08.0098 0x15bc  iphlpsvc - ok
11:24:08.0098 0x15bc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
11:24:08.0114 0x15bc  IPMIDRV - ok
11:24:08.0114 0x15bc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
11:24:08.0145 0x15bc  IPNAT - ok
11:24:08.0161 0x15bc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
11:24:08.0176 0x15bc  IRENUM - ok
11:24:08.0176 0x15bc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
11:24:08.0176 0x15bc  isapnp - ok
11:24:08.0207 0x15bc  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
11:24:08.0207 0x15bc  iScsiPrt - ok
11:24:08.0239 0x15bc  [ 8E4577C6E0D3114170509159DE658907, 2FC7F96766537716503AB1BAD7EBDB2F16F3CE1584AF4261D57C6A4E00E1A417 ] iusb3hcs        C:\windows\system32\drivers\iusb3hcs.sys
11:24:08.0239 0x15bc  iusb3hcs - ok
11:24:08.0254 0x15bc  [ FE76346E9B57DA575BD1B3BD0CCAD7FF, 8961A08326F66E9FDF63912797C605FEEC23F9B0453D132AB6897DA98BC9AEAB ] iusb3hub        C:\windows\system32\DRIVERS\iusb3hub.sys
11:24:08.0270 0x15bc  iusb3hub - ok
11:24:08.0301 0x15bc  [ 1008CD90DA2198FFD250298DEB9DF160, 2CBA5FF2369861E8F8A55799AFFFC8E5B331A8BD17B559641E87A4C6C0D70206 ] iusb3xhc        C:\windows\system32\DRIVERS\iusb3xhc.sys
11:24:08.0317 0x15bc  iusb3xhc - ok
11:24:08.0317 0x15bc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
11:24:08.0332 0x15bc  kbdclass - ok
11:24:08.0332 0x15bc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
11:24:08.0348 0x15bc  kbdhid - ok
11:24:08.0348 0x15bc  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso          C:\windows\system32\lsass.exe
11:24:08.0363 0x15bc  KeyIso - ok
11:24:08.0379 0x15bc  [ DA1E991A61CFDD755A589E206B97644B, 25581D8C0F18ED8D1A8536E9E4BCE3D3AE88E6F74E4BB3C749553F0AADD6C289 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
11:24:08.0379 0x15bc  KSecDD - ok
11:24:08.0395 0x15bc  [ 7E33198D956943A4F11A5474C1E9106F, 4E9694A67549F0156B675AFAAAA10B0A77F4DB5BE9915722132ACF5529172C52 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
11:24:08.0410 0x15bc  KSecPkg - ok
11:24:08.0410 0x15bc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
11:24:08.0457 0x15bc  ksthunk - ok
11:24:08.0488 0x15bc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
11:24:08.0551 0x15bc  KtmRm - ok
11:24:08.0582 0x15bc  [ 19A1E658E858CB93CCA526438086881E, 3D89394ED156040B5FDB84C8ABC26AE986D3456BBF53077FEFDA8FF824FB6493 ] L1C             C:\windows\system32\DRIVERS\e22w7x64.sys
11:24:08.0582 0x15bc  L1C - ok
11:24:08.0613 0x15bc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\System32\srvsvc.dll
11:24:08.0660 0x15bc  LanmanServer - ok
11:24:08.0691 0x15bc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:24:08.0707 0x15bc  LanmanWorkstation - ok
11:24:08.0738 0x15bc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
11:24:08.0753 0x15bc  lltdio - ok
11:24:08.0785 0x15bc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
11:24:08.0816 0x15bc  lltdsvc - ok
11:24:08.0831 0x15bc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
11:24:08.0863 0x15bc  lmhosts - ok
11:24:08.0878 0x15bc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
11:24:08.0894 0x15bc  LSI_FC - ok
11:24:08.0909 0x15bc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
11:24:08.0909 0x15bc  LSI_SAS - ok
11:24:08.0925 0x15bc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
11:24:08.0925 0x15bc  LSI_SAS2 - ok
11:24:08.0941 0x15bc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
11:24:08.0941 0x15bc  LSI_SCSI - ok
11:24:08.0956 0x15bc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
11:24:08.0987 0x15bc  luafv - ok
11:24:09.0019 0x15bc  [ 8FF2D95CBA49B405C5DE27039FF0BF35, 03BF7FC7F1C2C76EDB583BA342EA1C325DB8058517744EF2A78529D3938F4DC1 ] MBfilt          C:\windows\system32\drivers\MBfilt64.sys
11:24:09.0019 0x15bc  MBfilt - ok
11:24:09.0034 0x15bc  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
11:24:09.0065 0x15bc  Mcx2Svc - ok
11:24:09.0081 0x15bc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
11:24:09.0097 0x15bc  megasas - ok
11:24:09.0112 0x15bc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
11:24:09.0128 0x15bc  MegaSR - ok
11:24:09.0159 0x15bc  [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
11:24:09.0159 0x15bc  MEIx64 - ok
11:24:09.0190 0x15bc  MGHwCtrl - ok
11:24:09.0253 0x15bc  [ 71C6748EE8DE938532057EF10B4B7E44, 455175332156939B3CDA4511A2A6C213ABBFDB85EEECA98B6AB014C994F532C4 ] Micro Star SCM  C:\Program Files (x86)\S-Bar\MSIService.exe
11:24:09.0268 0x15bc  Micro Star SCM - detected UnsignedFile.Multi.Generic ( 1 )
11:24:12.0201 0x15bc  Detect skipped due to KSN trusted
11:24:12.0201 0x15bc  Micro Star SCM - ok
11:24:12.0279 0x15bc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
11:24:12.0373 0x15bc  MMCSS - ok
11:24:12.0388 0x15bc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
11:24:12.0435 0x15bc  Modem - ok
11:24:12.0435 0x15bc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
11:24:12.0451 0x15bc  monitor - ok
11:24:12.0482 0x15bc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
11:24:12.0482 0x15bc  mouclass - ok
11:24:12.0513 0x15bc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
11:24:12.0529 0x15bc  mouhid - ok
11:24:12.0529 0x15bc  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
11:24:12.0544 0x15bc  mountmgr - ok
11:24:12.0560 0x15bc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
11:24:12.0560 0x15bc  mpio - ok
11:24:12.0591 0x15bc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
11:24:12.0622 0x15bc  mpsdrv - ok
11:24:12.0638 0x15bc  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
11:24:12.0685 0x15bc  MpsSvc - ok
11:24:12.0700 0x15bc  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
11:24:12.0716 0x15bc  MRxDAV - ok
11:24:12.0747 0x15bc  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
11:24:12.0794 0x15bc  mrxsmb - ok
11:24:12.0825 0x15bc  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
11:24:12.0841 0x15bc  mrxsmb10 - ok
11:24:12.0856 0x15bc  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
11:24:12.0872 0x15bc  mrxsmb20 - ok
11:24:12.0887 0x15bc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
11:24:12.0887 0x15bc  msahci - ok
11:24:12.0887 0x15bc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
11:24:12.0903 0x15bc  msdsm - ok
11:24:12.0919 0x15bc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
11:24:12.0934 0x15bc  MSDTC - ok
11:24:12.0950 0x15bc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
11:24:12.0981 0x15bc  Msfs - ok
11:24:12.0981 0x15bc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
11:24:13.0028 0x15bc  mshidkmdf - ok
11:24:13.0043 0x15bc  [ 87B9DAF6D123EC06C19B41D5295441AD, 2066EA70D85B9F17CA3121D69DB25E2E17C4AFAECB68CC97FFF4A3062099FF0C ] MSI Foundation Service C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
11:24:13.0059 0x15bc  MSI Foundation Service - detected UnsignedFile.Multi.Generic ( 1 )
11:24:15.0134 0x1610  Object required for P2P: [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC
11:24:15.0867 0x15bc  Detect skipped due to KSN trusted
11:24:15.0867 0x15bc  MSI Foundation Service - ok
11:24:15.0914 0x15bc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
11:24:15.0929 0x15bc  msisadrv - ok
11:24:16.0007 0x15bc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
11:24:16.0070 0x15bc  MSiSCSI - ok
11:24:16.0070 0x15bc  msiserver - ok
11:24:16.0101 0x15bc  [ C72ADF8436182E12B1B7E04390CE4C5B, 6C5E926983A0781E642E1A5F4B8DA5F41DAFB7423FC6005AC638F10E54CFCC10 ] MSI_SuperCharger C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
11:24:16.0117 0x15bc  MSI_SuperCharger - ok
11:24:16.0132 0x15bc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
11:24:16.0195 0x15bc  MSKSSRV - ok
11:24:16.0195 0x15bc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
11:24:16.0241 0x15bc  MSPCLOCK - ok
11:24:16.0241 0x15bc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
11:24:16.0273 0x15bc  MSPQM - ok
11:24:16.0288 0x15bc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
11:24:16.0304 0x15bc  MsRPC - ok
11:24:16.0319 0x15bc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
11:24:16.0319 0x15bc  mssmbios - ok
11:24:16.0335 0x15bc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
11:24:16.0366 0x15bc  MSTEE - ok
11:24:16.0382 0x15bc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
11:24:16.0382 0x15bc  MTConfig - ok
11:24:16.0397 0x15bc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
11:24:16.0413 0x15bc  Mup - ok
11:24:16.0429 0x15bc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
11:24:16.0475 0x15bc  napagent - ok
11:24:16.0491 0x15bc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
11:24:16.0522 0x15bc  NativeWifiP - ok
11:24:16.0553 0x15bc  [ C38B8AE57F78915905064A9A24DC1586, 5A24A490AC5DB4FCC745182BDBAEA8836E8FBEC635609AE4CF51DAC3A30A8221 ] NDIS            C:\windows\system32\drivers\ndis.sys
11:24:16.0585 0x15bc  NDIS - ok
11:24:16.0585 0x15bc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
11:24:16.0616 0x15bc  NdisCap - ok
11:24:16.0647 0x15bc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
11:24:16.0678 0x15bc  NdisTapi - ok
11:24:16.0678 0x15bc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
11:24:16.0709 0x15bc  Ndisuio - ok
11:24:16.0725 0x15bc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
11:24:16.0756 0x15bc  NdisWan - ok
11:24:16.0772 0x15bc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
11:24:16.0803 0x15bc  NDProxy - ok
11:24:16.0819 0x15bc  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:24:16.0834 0x15bc  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
11:24:18.0207 0x1610  Object send P2P result: true
11:24:19.0658 0x15bc  Detect skipped due to KSN trusted
11:24:19.0658 0x15bc  Net Driver HPZ12 - ok
11:24:19.0720 0x15bc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
11:24:19.0767 0x15bc  NetBIOS - ok
11:24:19.0829 0x15bc  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
11:24:19.0876 0x15bc  NetBT - ok
11:24:19.0876 0x15bc  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon        C:\windows\system32\lsass.exe
11:24:19.0876 0x15bc  Netlogon - ok
11:24:19.0923 0x15bc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
11:24:19.0954 0x15bc  Netman - ok
11:24:19.0970 0x15bc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
11:24:20.0017 0x15bc  netprofm - ok
11:24:20.0032 0x15bc  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:24:20.0048 0x15bc  NetTcpPortSharing - ok
11:24:20.0297 0x15bc  [ B51E9AD4F4E4F8DBE0AB882756BC5DAB, 74E975F3BF39B360C466A0CEEEF545D1B814EE1AEFF6B2FCDD81A33FA276FBF3 ] NETwNs64        C:\windows\system32\DRIVERS\NETwNs64.sys
11:24:20.0594 0x15bc  NETwNs64 - ok
11:24:20.0609 0x15bc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
11:24:20.0625 0x15bc  nfrd960 - ok
11:24:20.0641 0x15bc  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\windows\System32\nlasvc.dll
11:24:20.0672 0x15bc  NlaSvc - ok
11:24:20.0687 0x15bc  NOBU - ok
11:24:20.0703 0x15bc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
11:24:20.0734 0x15bc  Npfs - ok
11:24:20.0734 0x15bc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
11:24:20.0797 0x15bc  nsi - ok
11:24:20.0797 0x15bc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
11:24:20.0828 0x15bc  nsiproxy - ok
11:24:20.0890 0x15bc  [ A2F74975097F52A00745F9637451FDD8, C681DDBD3382C477C2A030E828B5CFB529CB57C7847BD9AFF25E2A5E58B2DAF3 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
11:24:20.0921 0x15bc  Ntfs - ok
11:24:20.0984 0x15bc  [ 3F39F013168428C8E505A7B9E6CBA8A2, 6F1FF29E2E710F6D064DC74E8E011331D807C32CC2A622CBE507FD4B4D43F8F4 ] NTIOLib_1_0_3   C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys
11:24:20.0999 0x15bc  NTIOLib_1_0_3 - ok
11:24:20.0999 0x15bc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
11:24:21.0046 0x15bc  Null - ok
11:24:21.0327 0x15bc  [ 67428BB28210D22743CC5B3C032CBC57, F10113DA8633B81C8303E8DFDA0B4053E4B2BF54D1AB8F72D21D0193F6B7B2E6 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
11:24:21.0561 0x15bc  nvlddmkm - ok
11:24:21.0686 0x15bc  [ 2AFE430C06494691DD97CBB20A982544, 8549EC54F39AB44B3C155A56FA8B9AD300D4320DFCDAD7894848F163CD65FE1D ] nvpciflt        C:\windows\system32\DRIVERS\nvpciflt.sys
11:24:21.0701 0x15bc  nvpciflt - ok
11:24:21.0764 0x15bc  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
11:24:21.0779 0x15bc  nvraid - ok
11:24:21.0811 0x15bc  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
11:24:21.0826 0x15bc  nvstor - ok
11:24:21.0873 0x15bc  [ D594841129E5902A67430C01F59EB20C, 343E81DA152372FD03D2A7512E63F7C4FF1ED55067CC97935378346995E6923F ] nvsvc           C:\windows\system32\nvvsvc.exe
11:24:21.0904 0x15bc  nvsvc - ok
11:24:22.0029 0x15bc  [ CFE798F2095D6F23F9127CDED4547814, 45FA8538B8C870F380955825A17AE981657678928A5332972DE0A33BB5085BF7 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:24:22.0076 0x15bc  nvUpdatusService - ok
11:24:22.0091 0x15bc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
11:24:22.0107 0x15bc  nv_agp - ok
11:24:22.0107 0x15bc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
11:24:22.0123 0x15bc  ohci1394 - ok
11:24:22.0169 0x15bc  [ B9C125314A025127FE562C116D614AA3, 79C46C0BACEBBB5B8E1C162766B21587365A100BBAD01171C77B995C514BC7D6 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:24:22.0185 0x15bc  ose64 - ok
11:24:22.0372 0x15bc  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:24:22.0481 0x15bc  osppsvc - ok
11:24:22.0513 0x15bc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
11:24:22.0544 0x15bc  p2pimsvc - ok
11:24:22.0575 0x15bc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
11:24:22.0606 0x15bc  p2psvc - ok
11:24:22.0606 0x15bc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
11:24:22.0637 0x15bc  Parport - ok
11:24:22.0637 0x15bc  [ 871EADAC56B0A4C6512BBE32753CCF79, F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180 ] partmgr         C:\windows\system32\drivers\partmgr.sys
11:24:22.0653 0x15bc  partmgr - ok
11:24:22.0669 0x15bc  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
11:24:22.0684 0x15bc  PcaSvc - ok
11:24:22.0700 0x15bc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
11:24:22.0715 0x15bc  pci - ok
11:24:22.0747 0x15bc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
11:24:22.0747 0x15bc  pciide - ok
11:24:22.0762 0x15bc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
11:24:22.0762 0x15bc  pcmcia - ok
11:24:22.0778 0x15bc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
11:24:22.0793 0x15bc  pcw - ok
11:24:22.0809 0x15bc  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
11:24:22.0856 0x15bc  PEAUTH - ok
11:24:22.0934 0x15bc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
11:24:22.0949 0x15bc  PerfHost - ok
11:24:23.0012 0x15bc  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
11:24:23.0074 0x15bc  pla - ok
11:24:23.0121 0x15bc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
11:24:23.0152 0x15bc  PlugPlay - ok
11:24:23.0183 0x15bc  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:24:23.0199 0x15bc  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
11:24:25.0991 0x15bc  Detect skipped due to KSN trusted
11:24:25.0991 0x15bc  Pml Driver HPZ12 - ok
11:24:26.0038 0x15bc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
11:24:26.0069 0x15bc  PNRPAutoReg - ok
11:24:26.0085 0x15bc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
11:24:26.0101 0x15bc  PNRPsvc - ok
11:24:26.0194 0x15bc  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
11:24:26.0257 0x15bc  PolicyAgent - ok
11:24:26.0272 0x15bc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
11:24:26.0303 0x15bc  Power - ok
11:24:26.0303 0x15bc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
11:24:26.0335 0x15bc  PptpMiniport - ok
11:24:26.0350 0x15bc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
11:24:26.0366 0x15bc  Processor - ok
11:24:26.0381 0x15bc  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\windows\system32\profsvc.dll
11:24:26.0413 0x15bc  ProfSvc - ok
11:24:26.0428 0x15bc  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\windows\system32\lsass.exe
11:24:26.0444 0x15bc  ProtectedStorage - ok
11:24:26.0459 0x15bc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
11:24:26.0491 0x15bc  Psched - ok
11:24:26.0553 0x15bc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
11:24:26.0584 0x15bc  ql2300 - ok
11:24:26.0600 0x15bc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
11:24:26.0615 0x15bc  ql40xx - ok
11:24:26.0662 0x15bc  [ 165BF7E379FAA483E0185B2A0B0970D8, D83E2B94481277E9F7D44EC87186BEC075B5A671B394889CD891E28C5E55C328 ] Qualcomm Atheros Killer Service C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
11:24:26.0693 0x15bc  Qualcomm Atheros Killer Service - detected UnsignedFile.Multi.Generic ( 1 )
11:24:29.0626 0x15bc  Detect skipped due to KSN trusted
11:24:29.0626 0x15bc  Qualcomm Atheros Killer Service - ok
11:24:29.0735 0x15bc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
11:24:29.0782 0x15bc  QWAVE - ok
11:24:29.0798 0x15bc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
11:24:29.0829 0x15bc  QWAVEdrv - ok
11:24:29.0845 0x15bc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
11:24:29.0891 0x15bc  RasAcd - ok
11:24:29.0907 0x15bc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
11:24:29.0938 0x15bc  RasAgileVpn - ok
11:24:29.0954 0x15bc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
11:24:30.0001 0x15bc  RasAuto - ok
11:24:30.0016 0x15bc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
11:24:30.0047 0x15bc  Rasl2tp - ok
11:24:30.0063 0x15bc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
11:24:30.0094 0x15bc  RasMan - ok
11:24:30.0110 0x15bc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
11:24:30.0141 0x15bc  RasPppoe - ok
11:24:30.0157 0x15bc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
11:24:30.0172 0x15bc  RasSstp - ok
11:24:30.0188 0x15bc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
11:24:30.0235 0x15bc  rdbss - ok
11:24:30.0250 0x15bc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
11:24:30.0266 0x15bc  rdpbus - ok
11:24:30.0281 0x15bc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
11:24:30.0313 0x15bc  RDPCDD - ok
11:24:30.0328 0x15bc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
11:24:30.0359 0x15bc  RDPENCDD - ok
11:24:30.0375 0x15bc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
11:24:30.0406 0x15bc  RDPREFMP - ok
11:24:30.0406 0x15bc  [ 15B66C206B5CB095BAB980553F38ED23, 3CA50786A8D3D6BAF145AFD22C1ED92C2EB39F5D6AF4F6B09B69610FDE0C5B24 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
11:24:30.0437 0x15bc  RDPWD - ok
11:24:30.0453 0x15bc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
11:24:30.0469 0x15bc  rdyboost - ok
11:24:30.0484 0x15bc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
11:24:30.0515 0x15bc  RemoteAccess - ok
11:24:30.0531 0x15bc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
11:24:30.0562 0x15bc  RemoteRegistry - ok
11:24:30.0593 0x15bc  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
11:24:30.0609 0x15bc  RFCOMM - ok
11:24:30.0625 0x15bc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
11:24:30.0656 0x15bc  RpcEptMapper - ok
11:24:30.0671 0x15bc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
11:24:30.0687 0x15bc  RpcLocator - ok
11:24:30.0718 0x15bc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
11:24:30.0749 0x15bc  RpcSs - ok
11:24:30.0781 0x15bc  [ 33404B769915388BE7162D9ED58422AC, F1488A0D16F8B067B4FCE7771FF3E29AB2804632ACB2ECE086D0644820BC353B ] RSPCIESTOR      C:\windows\system32\DRIVERS\RtsPStor.sys
11:24:30.0796 0x15bc  RSPCIESTOR - ok
11:24:30.0812 0x15bc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
11:24:30.0843 0x15bc  rspndr - ok
11:24:30.0843 0x15bc  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs           C:\windows\system32\lsass.exe
11:24:30.0843 0x15bc  SamSs - ok
11:24:30.0859 0x15bc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
11:24:30.0874 0x15bc  sbp2port - ok
11:24:30.0890 0x15bc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
11:24:30.0921 0x15bc  SCardSvr - ok
11:24:30.0937 0x15bc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
11:24:30.0968 0x15bc  scfilter - ok
11:24:31.0015 0x15bc  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
11:24:31.0061 0x15bc  Schedule - ok
11:24:31.0077 0x15bc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
11:24:31.0108 0x15bc  SCPolicySvc - ok
11:24:31.0108 0x15bc  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\windows\system32\DRIVERS\sdbus.sys
11:24:31.0139 0x15bc  sdbus - ok
11:24:31.0155 0x15bc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
11:24:31.0171 0x15bc  SDRSVC - ok
11:24:31.0186 0x15bc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
11:24:31.0202 0x15bc  secdrv - ok
11:24:31.0217 0x15bc  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
11:24:31.0249 0x15bc  seclogon - ok
11:24:31.0264 0x15bc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\system32\sens.dll
11:24:31.0295 0x15bc  SENS - ok
11:24:31.0311 0x15bc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
11:24:31.0342 0x15bc  SensrSvc - ok
11:24:31.0342 0x15bc  Ser2pl - ok
11:24:31.0358 0x15bc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
11:24:31.0389 0x15bc  Serenum - ok
11:24:31.0420 0x15bc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
11:24:31.0451 0x15bc  Serial - ok
11:24:31.0483 0x15bc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
11:24:31.0498 0x15bc  sermouse - ok
11:24:31.0514 0x15bc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
11:24:31.0561 0x15bc  SessionEnv - ok
11:24:31.0561 0x15bc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
11:24:31.0576 0x15bc  sffdisk - ok
11:24:31.0576 0x15bc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
11:24:31.0592 0x15bc  sffp_mmc - ok
11:24:31.0592 0x15bc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
11:24:31.0607 0x15bc  sffp_sd - ok
11:24:31.0607 0x15bc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
11:24:31.0623 0x15bc  sfloppy - ok
11:24:31.0654 0x15bc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
11:24:31.0701 0x15bc  SharedAccess - ok
11:24:31.0717 0x15bc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:24:31.0763 0x15bc  ShellHWDetection - ok
11:24:31.0779 0x15bc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
11:24:31.0779 0x15bc  SiSRaid2 - ok
11:24:31.0795 0x15bc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
11:24:31.0810 0x15bc  SiSRaid4 - ok
11:24:31.0857 0x15bc  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
11:24:31.0873 0x15bc  SkypeUpdate - ok
11:24:31.0888 0x15bc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
11:24:31.0904 0x15bc  Smb - ok
11:24:31.0935 0x15bc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
11:24:31.0966 0x15bc  SNMPTRAP - ok
11:24:31.0966 0x15bc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
11:24:31.0982 0x15bc  spldr - ok
11:24:32.0013 0x15bc  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\windows\System32\spoolsv.exe
11:24:32.0060 0x15bc  Spooler - ok
11:24:32.0153 0x15bc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
11:24:32.0263 0x15bc  sppsvc - ok
11:24:32.0278 0x15bc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
11:24:32.0309 0x15bc  sppuinotify - ok
11:24:32.0325 0x15bc  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
11:24:32.0356 0x15bc  srv - ok
11:24:32.0387 0x15bc  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
11:24:32.0403 0x15bc  srv2 - ok
11:24:32.0419 0x15bc  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
11:24:32.0434 0x15bc  srvnet - ok
11:24:32.0450 0x15bc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
11:24:32.0497 0x15bc  SSDPSRV - ok
11:24:32.0512 0x15bc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
11:24:32.0543 0x15bc  SstpSvc - ok
11:24:32.0543 0x15bc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
11:24:32.0559 0x15bc  stexstor - ok
11:24:32.0590 0x15bc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
11:24:32.0606 0x15bc  stisvc - ok
11:24:32.0621 0x15bc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\drivers\swenum.sys
11:24:32.0621 0x15bc  swenum - ok
11:24:32.0653 0x15bc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
11:24:32.0684 0x15bc  swprv - ok
11:24:32.0731 0x15bc  [ F4DB1D9E6A42D491F0F8E21854301C0B, 7B038121D85D7C147C2FA8D5D34BF44B8792E7CD6E468C9884A109A0B6C9E84A ] SynTP           C:\windows\system32\drivers\SynTP.sys
11:24:32.0762 0x15bc  SynTP - ok
11:24:32.0824 0x15bc  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
11:24:32.0871 0x15bc  SysMain - ok
11:24:32.0887 0x15bc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
11:24:32.0902 0x15bc  TabletInputService - ok
11:24:32.0918 0x15bc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
11:24:32.0949 0x15bc  TapiSrv - ok
11:24:32.0965 0x15bc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
11:24:32.0996 0x15bc  TBS - ok
11:24:33.0074 0x15bc  [ FC62769E7BFF2896035AEED399108162, 82170042482E6D843F96D52AF6920F172B1D46D03456EF2E66C1D919EE0E3B46 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
11:24:33.0121 0x15bc  Tcpip - ok
11:24:33.0152 0x15bc  [ FC62769E7BFF2896035AEED399108162, 82170042482E6D843F96D52AF6920F172B1D46D03456EF2E66C1D919EE0E3B46 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
11:24:33.0183 0x15bc  TCPIP6 - ok
11:24:33.0199 0x15bc  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
11:24:33.0230 0x15bc  tcpipreg - ok
11:24:33.0230 0x15bc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
11:24:33.0261 0x15bc  TDPIPE - ok
11:24:33.0277 0x15bc  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
11:24:33.0292 0x15bc  TDTCP - ok
11:24:33.0308 0x15bc  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
11:24:33.0339 0x15bc  tdx - ok
11:24:33.0355 0x15bc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\drivers\termdd.sys
11:24:33.0370 0x15bc  TermDD - ok
11:24:33.0386 0x15bc  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
11:24:33.0433 0x15bc  TermService - ok
11:24:33.0433 0x15bc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
11:24:33.0464 0x15bc  Themes - ok
11:24:33.0479 0x15bc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
11:24:33.0495 0x15bc  THREADORDER - ok
11:24:33.0542 0x15bc  [ FD93717DB421D1E7B7DFF9FCCADCA476, 33D501F6C40358D61F160D05B1DDB2A10FA76AD84782D1FA3F1A5FA077A6B683 ] TiMiniService   C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
11:24:33.0573 0x15bc  TiMiniService - ok
11:24:33.0589 0x15bc  [ E386DD8EC68C67CA3E2A3ABDC1DF5C56, 73331A8CFD10373B0C0B3A48E0F126CA149809D8F20FD5654DBC02DAC53355B3 ] tmactmon        C:\windows\system32\DRIVERS\tmactmon.sys
11:24:33.0589 0x15bc  tmactmon - ok
11:24:33.0604 0x15bc  [ AB011C569487FD65C8944DDF8CBB2572, C552B7FA0A9A7D93D370359DA166E3597756F9C566B264522E2579B0E4BB8AEC ] tmcomm          C:\windows\system32\DRIVERS\tmcomm.sys
11:24:33.0604 0x15bc  tmcomm - ok
11:24:33.0620 0x15bc  [ 8870A3D7305455B47ADCCD226F8E51BC, 8E2B18DC27A923FAE0FB51C937A626BC6C45021EBFE2AC7313754BB9A14CF346 ] tmevtmgr        C:\windows\system32\DRIVERS\tmevtmgr.sys
11:24:33.0635 0x15bc  tmevtmgr - ok
11:24:33.0651 0x15bc  [ 48951FBFFFCAE52FADFCDFB76ED19749, A0D4B3944DCB8583864A5DC61C0FF7F437409FC4F3437DD3A83E62D9F22BDB25 ] tmtdi           C:\windows\system32\DRIVERS\tmtdi.sys
11:24:33.0651 0x15bc  tmtdi - ok
11:24:33.0667 0x15bc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
11:24:33.0713 0x15bc  TrkWks - ok
11:24:33.0745 0x15bc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:24:33.0760 0x15bc  TrustedInstaller - ok
11:24:33.0776 0x15bc  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
11:24:33.0807 0x15bc  tssecsrv - ok
11:24:33.0823 0x15bc  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
11:24:33.0838 0x15bc  TsUsbFlt - ok
11:24:33.0838 0x15bc  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
11:24:33.0838 0x15bc  TsUsbGD - ok
11:24:33.0854 0x15bc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
11:24:33.0869 0x15bc  tunnel - ok
11:24:33.0901 0x15bc  [ 20155CF5FB9F7902178D7D5CDC7C0F90, 151043D6F1D7D3419FB4AA8D76229CFF99ECAA89297421C2137DE609E5A2B368 ] TurboB          C:\windows\system32\DRIVERS\TurboB.sys
11:24:33.0901 0x15bc  TurboB - ok
11:24:33.0932 0x15bc  [ E00FC2B80837C29817A3A082717B8C48, 8028C16FB0579EADAAA092B5F197125C716AF1C64C43F9FADF725D3E1109F1BD ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
11:24:33.0947 0x15bc  TurboBoost - ok
11:24:33.0963 0x15bc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
11:24:33.0963 0x15bc  uagp35 - ok
11:24:33.0979 0x15bc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
11:24:34.0025 0x15bc  udfs - ok
11:24:34.0041 0x15bc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
11:24:34.0057 0x15bc  UI0Detect - ok
11:24:34.0072 0x15bc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
11:24:34.0072 0x15bc  uliagpkx - ok
11:24:34.0072 0x15bc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
11:24:34.0088 0x15bc  umbus - ok
11:24:34.0103 0x15bc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
11:24:34.0119 0x15bc  UmPass - ok
11:24:34.0135 0x15bc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
11:24:34.0181 0x15bc  upnphost - ok
11:24:34.0197 0x15bc  [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
11:24:34.0213 0x15bc  usbccgp - ok
11:24:34.0228 0x15bc  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\windows\system32\drivers\usbcir.sys
11:24:34.0244 0x15bc  usbcir - ok
11:24:34.0259 0x15bc  [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
11:24:34.0259 0x15bc  usbehci - ok
11:24:34.0275 0x15bc  [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
11:24:34.0306 0x15bc  usbhub - ok
11:24:34.0306 0x15bc  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\windows\system32\drivers\usbohci.sys
11:24:34.0322 0x15bc  usbohci - ok
11:24:34.0353 0x15bc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
11:24:34.0369 0x15bc  usbprint - ok
11:24:34.0384 0x15bc  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
11:24:34.0415 0x15bc  USBSTOR - ok
11:24:34.0415 0x15bc  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
11:24:34.0431 0x15bc  usbuhci - ok
11:24:34.0478 0x15bc  [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
11:24:34.0525 0x15bc  usbvideo - ok
11:24:34.0540 0x15bc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
11:24:34.0603 0x15bc  UxSms - ok
11:24:34.0618 0x15bc  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc        C:\windows\system32\lsass.exe
11:24:34.0634 0x15bc  VaultSvc - ok
11:24:34.0649 0x15bc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
11:24:34.0649 0x15bc  vdrvroot - ok
11:24:34.0681 0x15bc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
11:24:34.0712 0x15bc  vds - ok
11:24:34.0712 0x15bc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
11:24:34.0727 0x15bc  vga - ok
11:24:34.0743 0x15bc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
11:24:34.0759 0x15bc  VgaSave - ok
11:24:34.0774 0x15bc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
11:24:34.0790 0x15bc  vhdmp - ok
11:24:34.0790 0x15bc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
11:24:34.0805 0x15bc  viaide - ok
11:24:34.0821 0x15bc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
11:24:34.0821 0x15bc  volmgr - ok
11:24:34.0852 0x15bc  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
11:24:34.0868 0x15bc  volmgrx - ok
11:24:34.0883 0x15bc  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\windows\system32\drivers\volsnap.sys
11:24:34.0899 0x15bc  volsnap - ok
11:24:34.0946 0x15bc  [ E4D2305EBB9DE0871A1E13294D0F349B, 260A90502AA39E7F34A57964EA1C324D484D5441F9B74333ECD948B9E6192E4F ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
11:24:34.0961 0x15bc  vpnagent - ok
11:24:34.0993 0x15bc  [ 0E4DF91E83DA5739FFB18535D4DB10AA, E7B607274650214AC7869DAECD945CE34454C0645A540F8B4CF3A1B93D8C0CB3 ] vpnva           C:\windows\system32\DRIVERS\vpnva64.sys
11:24:35.0008 0x15bc  vpnva - ok
11:24:35.0024 0x15bc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
11:24:35.0039 0x15bc  vsmraid - ok
11:24:35.0102 0x15bc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
11:24:35.0180 0x15bc  VSS - ok
11:24:35.0180 0x15bc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
11:24:35.0195 0x15bc  vwifibus - ok
11:24:35.0211 0x15bc  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
11:24:35.0227 0x15bc  vwififlt - ok
11:24:35.0242 0x15bc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
11:24:35.0273 0x15bc  W32Time - ok
11:24:35.0273 0x15bc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
11:24:35.0289 0x15bc  WacomPen - ok
11:24:35.0305 0x15bc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
11:24:35.0336 0x15bc  WANARP - ok
11:24:35.0351 0x15bc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
11:24:35.0367 0x15bc  Wanarpv6 - ok
11:24:35.0429 0x15bc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
11:24:35.0492 0x15bc  wbengine - ok
11:24:35.0507 0x15bc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
11:24:35.0523 0x15bc  WbioSrvc - ok
11:24:35.0539 0x15bc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
11:24:35.0570 0x15bc  wcncsvc - ok
11:24:35.0585 0x15bc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:24:35.0601 0x15bc  WcsPlugInService - ok
11:24:35.0617 0x15bc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
11:24:35.0617 0x15bc  Wd - ok
11:24:35.0648 0x15bc  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
11:24:35.0679 0x15bc  Wdf01000 - ok
11:24:35.0695 0x15bc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
11:24:35.0741 0x15bc  WdiServiceHost - ok
11:24:35.0741 0x15bc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
11:24:35.0757 0x15bc  WdiSystemHost - ok
11:24:35.0773 0x15bc  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\windows\System32\webclnt.dll
11:24:35.0804 0x15bc  WebClient - ok
11:24:35.0819 0x15bc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
11:24:35.0851 0x15bc  Wecsvc - ok
11:24:35.0866 0x15bc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
11:24:35.0897 0x15bc  wercplsupport - ok
11:24:35.0929 0x15bc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
11:24:35.0960 0x15bc  WerSvc - ok
11:24:35.0960 0x15bc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
11:24:35.0991 0x15bc  WfpLwf - ok
11:24:35.0991 0x15bc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
11:24:36.0007 0x15bc  WIMMount - ok
11:24:36.0022 0x15bc  WinDefend - ok
11:24:36.0022 0x15bc  WinHttpAutoProxySvc - ok
11:24:36.0069 0x15bc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
11:24:36.0116 0x15bc  Winmgmt - ok
11:24:36.0163 0x15bc  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
11:24:36.0225 0x15bc  WinRM - ok
11:24:36.0287 0x15bc  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
11:24:36.0319 0x15bc  WinUsb - ok
11:24:36.0365 0x15bc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
11:24:36.0412 0x15bc  Wlansvc - ok
11:24:36.0443 0x15bc  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:24:36.0459 0x15bc  wlcrasvc - ok
11:24:36.0553 0x15bc  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:24:36.0599 0x15bc  wlidsvc - ok
11:24:36.0631 0x15bc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
11:24:36.0646 0x15bc  WmiAcpi - ok
11:24:36.0662 0x15bc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
11:24:36.0677 0x15bc  wmiApSrv - ok
11:24:36.0709 0x15bc  WMPNetworkSvc - ok
11:24:36.0724 0x15bc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
11:24:36.0755 0x15bc  WPCSvc - ok
11:24:36.0771 0x15bc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
11:24:36.0802 0x15bc  WPDBusEnum - ok
11:24:36.0818 0x15bc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
11:24:36.0849 0x15bc  ws2ifsl - ok
11:24:36.0865 0x15bc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\system32\wscsvc.dll
11:24:36.0896 0x15bc  wscsvc - ok
11:24:36.0896 0x15bc  WSearch - ok
11:24:36.0974 0x15bc  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\windows\system32\wuaueng.dll
11:24:37.0036 0x15bc  wuauserv - ok
11:24:37.0052 0x15bc  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
11:24:37.0083 0x15bc  WudfPf - ok
11:24:37.0114 0x15bc  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
11:24:37.0130 0x15bc  WUDFRd - ok
11:24:37.0145 0x15bc  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
11:24:37.0177 0x15bc  wudfsvc - ok
11:24:37.0192 0x15bc  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\windows\System32\wwansvc.dll
11:24:37.0223 0x15bc  WwanSvc - ok
11:24:37.0239 0x15bc  ================ Scan global ===============================
11:24:37.0255 0x15bc  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
11:24:37.0270 0x15bc  [ EB6A48CC998E1090E44E8E7F1009A640, 94001F8AEB2A398E7C267C90183ABED2AFA6FC4C219027C861C6C1329093464A ] C:\windows\system32\winsrv.dll
11:24:37.0270 0x15bc  [ EB6A48CC998E1090E44E8E7F1009A640, 94001F8AEB2A398E7C267C90183ABED2AFA6FC4C219027C861C6C1329093464A ] C:\windows\system32\winsrv.dll
11:24:37.0301 0x15bc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
11:24:37.0317 0x15bc  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
11:24:37.0317 0x15bc  [ Global ] - ok
11:24:37.0317 0x15bc  ================ Scan MBR ==================================
11:24:37.0348 0x15bc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:24:37.0613 0x15bc  \Device\Harddisk0\DR0 - ok
11:24:37.0613 0x15bc  ================ Scan VBR ==================================
11:24:37.0613 0x15bc  [ ADEF132D2887DBCC6BCB3B5882AEFF4C ] \Device\Harddisk0\DR0\Partition1
11:24:37.0645 0x15bc  \Device\Harddisk0\DR0\Partition1 - ok
11:24:37.0660 0x15bc  [ B8437B8A5FC3307CF521B77BD31D268D ] \Device\Harddisk0\DR0\Partition2
11:24:37.0660 0x15bc  \Device\Harddisk0\DR0\Partition2 - ok
11:24:37.0660 0x15bc  ================ Scan generic autorun ======================
11:24:37.0723 0x15bc  [ E800FE44562B1872F617C87AD8F20225, E357389586F5D3E97B43432CCDD57D485F2F3AD694B29A936DDF9502824DD0C0 ] C:\windows\system32\igfxtray.exe
11:24:37.0738 0x15bc  IgfxTray - ok
11:24:37.0769 0x15bc  [ 5D3342A551557882AF07A4861C11C70E, 0B65A3CE37A517A6CAB36F3BC3BA5893112F9F90DB336269CDB15CD195BADC52 ] C:\windows\system32\hkcmd.exe
11:24:37.0785 0x15bc  HotKeysCmds - ok
11:24:37.0816 0x15bc  [ FAE1F99BB09C4D3A6F914669C37FCB65, AABD1B917D253D74FE62B182CFBC20F0CE234E9A5A7A0EEB7EB607E5B96422C0 ] C:\windows\system32\igfxpers.exe
11:24:37.0832 0x15bc  Persistence - ok
11:24:37.0832 0x15bc  SynTPEnh - ok
11:24:37.0832 0x15bc  BTMTrayAgent - ok
11:24:37.0847 0x15bc  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\windows\system32\RunDLL32.exe
11:24:37.0879 0x15bc  THXCfg64 - ok
11:24:37.0957 0x15bc  [ 6E1167D58165CEDE021EA6190C5728CF, 5E95A924C9B330A102B3DD226797738B8AB4654434D642D2E135C9A4A69B3992 ] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe
11:24:38.0003 0x15bc  VizorHtmlDialog.exe - ok
11:24:38.0050 0x15bc  [ 0B7379C94F8824CE61A1F73712CE34BC, 40C899594EE82504DEC9EC1A5C86FCFC3031DE930BDFBC72A29F5CAC4AB1E05C ] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
11:24:38.0066 0x15bc  Trend Micro Client Framework - ok
11:24:38.0097 0x15bc  [ EEA2DA8349F58F59B19CE0D49C73B63B, CE65B584CE1D1A50A5EE6FC3D0C231F3B6E173B91E8F3C0C81AFEB06AE7AC5BD ] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe
11:24:38.0113 0x15bc  Trend Micro Titanium - ok
11:24:38.0393 0x15bc  [ 4320A7045EC51CCC554E607B1CE0FA26, 67BBCD69B54C4C02A91BA4D0960C4F31675DE3C5B06C74852061A754FCF4E0E0 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
11:24:38.0627 0x15bc  RTHDVCPL - ok
11:24:38.0643 0x15bc  IntelTBRunOnce - ok
11:24:38.0659 0x15bc  [ 766AE515B1749F2141E418CC6C08515B, 02DDB5A7DB8278AA47A951604818E73DB69155DBF1ECD06B6E11926204EADAE7 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
11:24:38.0674 0x15bc  IAStorIcon - ok
11:24:38.0705 0x15bc  [ 6364FA7D825B600251A4D1DE7D6FF695, 1BEDD2E9DCE4C50FE7FE644D5DDD447DF79975D666CE128F945DD776E46AFC60 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
11:24:38.0705 0x15bc  USB3MON - ok
11:24:38.0846 0x15bc  [ B9CEA2F47A12AC0FB47963808C21764E, C03B1AE907A2A19842EA11677B5001D391F102E7E2FC14859F27DD1286771A9B ] C:\Program Files (x86)\S-Bar\S-Bar.exe
11:24:38.0986 0x15bc  S-Bar - detected UnsignedFile.Multi.Generic ( 1 )
11:24:41.0763 0x15bc  Detect skipped due to KSN trusted
11:24:41.0763 0x15bc  S-Bar - ok
11:24:41.0888 0x15bc  [ 2FD32328C48D021E680D11E8EE8C68A0, A93EBF8917A0ED4406503346072537048B71EA6A1679D9D9AD1C5A99EE976FE7 ] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
11:24:41.0919 0x15bc  Super-Charger - ok
11:24:41.0981 0x15bc  [ 7743D65164A2417320366063530CC050, 5B9DE2057670D0F6EA06E83568DC05374D0C1BFA942B593162200C694D821977 ] C:\Program Files (x86)\MSI\KLM\KLM.exe
11:24:42.0028 0x15bc  KLM - detected UnsignedFile.Multi.Generic ( 1 )
11:24:44.0836 0x15bc  Detect skipped due to KSN trusted
11:24:44.0836 0x15bc  KLM - ok
11:24:45.0008 0x15bc  [ E02A512F30FC2A02A9CADEEC375FC969, AEE7397EE8268FD56563EA4D98C025460C3513E7E35D57B40ADF34C8E626BF80 ] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
11:24:45.0055 0x15bc  THX Audio Control Panel - detected UnsignedFile.Multi.Generic ( 1 )
11:24:47.0847 0x15bc  Detect skipped due to KSN trusted
11:24:47.0847 0x15bc  THX Audio Control Panel - ok
11:24:47.0863 0x15bc  [ C419DF63E0121D72411285780C2FC6CC, F47F854D327C589D174D3BB5B55D5C05F5ACA73DF52A6BEF47596B9010190291 ] C:\windows\UpdReg.EXE
11:24:47.0894 0x15bc  UpdReg - detected UnsignedFile.Multi.Generic ( 1 )
11:24:50.0842 0x15bc  Detect skipped due to KSN trusted
11:24:50.0842 0x15bc  UpdReg - ok
11:24:50.0905 0x15bc  [ 2FE348AB5C61574DE094B11C0675EA9C, D4572FACC8D8D22AFB1C0C1A1CC22449F29AB78C696FE34EE0CC80EEFE7149B8 ] C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
11:24:50.0936 0x15bc  VGAOCAP - detected UnsignedFile.Multi.Generic ( 1 )
11:24:54.0181 0x15bc  Detect skipped due to KSN trusted
11:24:54.0181 0x15bc  VGAOCAP - ok
11:24:54.0274 0x15bc  [ B00F98FF6FE8682FF941BEB2559BF191, EB443E294C5609F426BF6EE388F3A4B71EFE2C6A8216C0F6DE7AE6DB382BF620 ] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
11:24:54.0290 0x15bc  YouCam Mirage - ok
11:24:54.0290 0x15bc  [ 15A69FE13459EF81FB2105CC986AF394, 2078EAFEA0F00D155EDE6DA40BFBE6E8347DB19078FBD52DFA2122FB439BD9E9 ] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
11:24:54.0305 0x15bc  YouCam Tray - ok
11:24:54.0352 0x15bc  [ B52DB388BA6A1C7F5F4D64E5F32295BA, 042BCEAC7339A40AF6C2A9D56838B931020020EC355B57FD0493AD81439AE728 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
11:24:54.0368 0x15bc  NortonOnlineBackup - ok
11:24:54.0430 0x15bc  [ 47C1DE0A890613FFCFF1D67648EEDF90, 5821567D7DD99623257AEA794023EF4200E6E17FD09656B40D97C44A35C701BB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
11:24:54.0461 0x15bc  Adobe ARM - ok
11:24:54.0571 0x15bc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:24:54.0633 0x15bc  Sidebar - ok
11:24:54.0664 0x15bc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:24:54.0711 0x15bc  mctadmin - ok
11:24:54.0789 0x15bc  [ 1D87E7DC8EF970EB4472477ED357A306, 82577233B058465D5C8AE8DF9A216D34BDDC2AD451BE6E770F7913DC224A496D ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
11:24:54.0820 0x15bc  GarminExpressTrayApp - ok
11:24:54.0898 0x15bc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Users\u_1165\AppData\Local\Google\Update\GoogleUpdate.exe
11:24:54.0898 0x15bc  Google Update - ok
11:24:54.0898 0x15bc  Waiting for KSN requests completion. In queue: 7
11:24:55.0912 0x15bc  Waiting for KSN requests completion. In queue: 7
11:24:56.0926 0x15bc  Waiting for KSN requests completion. In queue: 7
11:24:57.0940 0x15bc  Waiting for KSN requests completion. In queue: 7
11:24:59.0079 0x15bc  AV detected via SS2: Trend Micro Titanium Internet Security 2012, C:\Program Files\Trend Micro\Titanium\wschandler.exe ( 5.0.0.1365 ), 0x40000 ( disabled : updated )
11:24:59.0110 0x15bc  Win FW state via NFP2: enabled
11:25:12.0994 0x15bc  ============================================================
11:25:12.0994 0x15bc  Scan finished
11:25:12.0994 0x15bc  ============================================================
11:25:12.0994 0x1638  Detected object count: 0
11:25:12.0994 0x1638  Actual detected object count: 0





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users