monkey10120

Honorary Members

View Profile See their activity

Posts
25
Joined
June 1, 2012
Last visited
June 17, 2016

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by monkey10120

Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

I reset my router and followed your steps for the proxy, mine was already unchecked. Still no luck
- June 11, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

Alright ill try those steps tonight. Also good news, my fathers work laptop is also getting the same pop up as me from svchost, not as often though. He only brings it home every now and then but it could be the router!
- June 10, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

No luck it came back
- June 9, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

Alright I reset it. I had to close out and run as admin when I got to the IPCONFIG /renew part. Ill touch back in about an hour to let you know how its going.
- June 9, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

yep Im using and router. And there is a pc connected to it by ethernet. The pc connected to it was actually hit with the sirefef virus about 3 weeks ago. It was taken in to get fixed and it was fixed but it is not getting the pop ups i get.
- June 9, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

I got no pop ups but in the log I see the ip's were blocked again. And that was everything but the 3 things not on startup.
- June 8, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

Its been about an hour and it has not popped up. All i got is MBAM and MSE on start up.
- June 8, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

Does it help to know that the pop ups are not happening until about 30-60 min after I start my laptop up?
- June 7, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

I wish I had MBAM installed a long time ago. it might have let me know what program might be pinging that ip. the only thing I installed in the past 2 months was Diablo 3. But I will look through my app and see what updates itself. As long as its not a virus, which like you said, it doesnt seem like one. I think you can close this thread now. Ill just try to find out what app would be causing it. Thanks a lot for the help though!
- June 6, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

The report came up with a couple threats. All but 2 are software that came with my laptop. I am not sure what switchboard or Starwindservice is? 12:30:10.0821 5132 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 12:30:12.0834 5132 ============================================================ 12:30:12.0834 5132 Current date / time: 2012/06/06 12:30:12.0834 12:30:12.0834 5132 SystemInfo: 12:30:12.0834 5132 12:30:12.0834 5132 OS Version: 6.1.7601 ServicePack: 1.0 12:30:12.0834 5132 Product type: Workstation 12:30:12.0834 5132 ComputerName: TERMINATOR 12:30:12.0834 5132 UserName: Ryan 12:30:12.0834 5132 Windows directory: C:\Windows 12:30:12.0834 5132 System windows directory: C:\Windows 12:30:12.0834 5132 Running under WOW64 12:30:12.0834 5132 Processor architecture: Intel x64 12:30:12.0834 5132 Number of processors: 8 12:30:12.0834 5132 Page size: 0x1000 12:30:12.0834 5132 Boot type: Normal boot 12:30:12.0834 5132 ============================================================ 12:30:13.0208 5132 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:30:13.0224 5132 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:30:13.0224 5132 ============================================================ 12:30:13.0224 5132 \Device\Harddisk0\DR0: 12:30:13.0224 5132 MBR partitions: 12:30:13.0224 5132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000 12:30:13.0224 5132 \Device\Harddisk1\DR1: 12:30:13.0224 5132 MBR partitions: 12:30:13.0224 5132 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x2AFA800, BlocksNum 0x54A4A800 12:30:13.0224 5132 ============================================================ 12:30:13.0255 5132 C: <-> \Device\Harddisk1\DR1\Partition0 12:30:13.0302 5132 E: <-> \Device\Harddisk0\DR0\Partition0 12:30:13.0302 5132 ============================================================ 12:30:13.0302 5132 Initialize success 12:30:13.0302 5132 ============================================================ 12:30:55.0029 5372 ============================================================ 12:30:55.0029 5372 Scan started 12:30:55.0029 5372 Mode: Manual; SigCheck; TDLFS; 12:30:55.0029 5372 ============================================================ 12:30:55.0434 5372 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 12:30:55.0543 5372 1394ohci - ok 12:30:55.0590 5372 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 12:30:55.0606 5372 ACPI - ok 12:30:55.0606 5372 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 12:30:55.0699 5372 AcpiPmi - ok 12:30:55.0746 5372 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 12:30:55.0762 5372 AdobeFlashPlayerUpdateSvc - ok 12:30:55.0840 5372 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 12:30:55.0855 5372 adp94xx - ok 12:30:55.0887 5372 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 12:30:55.0902 5372 adpahci - ok 12:30:55.0933 5372 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 12:30:55.0949 5372 adpu320 - ok 12:30:55.0949 5372 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 12:30:56.0058 5372 AeLookupSvc - ok 12:30:56.0121 5372 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 12:30:56.0199 5372 AFD - ok 12:30:56.0214 5372 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 12:30:56.0214 5372 agp440 - ok 12:30:56.0230 5372 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 12:30:56.0261 5372 ALG - ok 12:30:56.0292 5372 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 12:30:56.0308 5372 aliide - ok 12:30:56.0355 5372 ALSysIO - ok 12:30:56.0355 5372 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 12:30:56.0370 5372 amdide - ok 12:30:56.0370 5372 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 12:30:56.0401 5372 AmdK8 - ok 12:30:56.0433 5372 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 12:30:56.0464 5372 AmdPPM - ok 12:30:56.0495 5372 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 12:30:56.0511 5372 amdsata - ok 12:30:56.0526 5372 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 12:30:56.0542 5372 amdsbs - ok 12:30:56.0542 5372 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 12:30:56.0557 5372 amdxata - ok 12:30:56.0573 5372 androidusb (9c59bf508c5d408bb348254e0ba2ee30) C:\Windows\system32\Drivers\androidusb.sys 12:30:56.0604 5372 androidusb - ok 12:30:56.0635 5372 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 12:30:56.0776 5372 AppID - ok 12:30:56.0791 5372 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 12:30:56.0838 5372 AppIDSvc - ok 12:30:56.0838 5372 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 12:30:56.0916 5372 Appinfo - ok 12:30:56.0963 5372 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 12:30:56.0994 5372 arc - ok 12:30:56.0994 5372 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 12:30:57.0010 5372 arcsas - ok 12:30:57.0057 5372 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe 12:31:01.0737 5372 ASLDRService - ok 12:31:01.0737 5372 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 12:31:01.0752 5372 ASMMAP64 - ok 12:31:01.0768 5372 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 12:31:01.0783 5372 aspnet_state - ok 12:31:01.0799 5372 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 12:31:01.0861 5372 AsyncMac - ok 12:31:01.0877 5372 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 12:31:01.0877 5372 atapi - ok 12:31:02.0017 5372 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys 12:31:02.0127 5372 athr - ok 12:31:02.0173 5372 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 12:31:02.0189 5372 ATKGFNEXSrv - ok 12:31:02.0220 5372 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 12:31:02.0236 5372 ATKWMIACPIIO - ok 12:31:02.0329 5372 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 12:31:02.0392 5372 AudioEndpointBuilder - ok 12:31:02.0392 5372 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 12:31:02.0423 5372 AudioSrv - ok 12:31:02.0454 5372 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 12:31:02.0532 5372 AxInstSV - ok 12:31:02.0579 5372 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 12:31:02.0641 5372 b06bdrv - ok 12:31:02.0673 5372 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 12:31:02.0751 5372 b57nd60a - ok 12:31:02.0782 5372 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 12:31:02.0829 5372 BDESVC - ok 12:31:02.0844 5372 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 12:31:02.0891 5372 Beep - ok 12:31:02.0953 5372 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 12:31:03.0047 5372 BFE - ok 12:31:03.0125 5372 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 12:31:03.0187 5372 BITS - ok 12:31:03.0234 5372 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 12:31:03.0265 5372 blbdrive - ok 12:31:03.0297 5372 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 12:31:03.0343 5372 bowser - ok 12:31:03.0343 5372 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 12:31:03.0390 5372 BrFiltLo - ok 12:31:03.0406 5372 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 12:31:03.0453 5372 BrFiltUp - ok 12:31:03.0499 5372 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 12:31:03.0546 5372 BridgeMP - ok 12:31:03.0562 5372 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 12:31:03.0609 5372 Browser - ok 12:31:03.0640 5372 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 12:31:03.0687 5372 Brserid - ok 12:31:03.0718 5372 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 12:31:03.0749 5372 BrSerWdm - ok 12:31:03.0749 5372 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 12:31:03.0796 5372 BrUsbMdm - ok 12:31:03.0827 5372 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 12:31:03.0874 5372 BrUsbSer - ok 12:31:03.0889 5372 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 12:31:03.0936 5372 BthEnum - ok 12:31:03.0967 5372 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 12:31:03.0999 5372 BTHMODEM - ok 12:31:04.0030 5372 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 12:31:04.0077 5372 BthPan - ok 12:31:04.0123 5372 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 12:31:04.0186 5372 BTHPORT - ok 12:31:04.0201 5372 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 12:31:04.0233 5372 bthserv - ok 12:31:04.0264 5372 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 12:31:04.0295 5372 BTHUSB - ok 12:31:04.0326 5372 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys 12:31:04.0342 5372 btusbflt - ok 12:31:04.0357 5372 btwaudio (a72a9101f9730db7332714e566614e4d) C:\Windows\system32\drivers\btwaudio.sys 12:31:04.0373 5372 btwaudio - ok 12:31:04.0389 5372 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\Windows\system32\DRIVERS\btwavdt.sys 12:31:04.0404 5372 btwavdt - ok 12:31:04.0482 5372 btwdins (4e63c48e7328a11ed0e9075c18fce782) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 12:31:04.0498 5372 btwdins - ok 12:31:04.0498 5372 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys 12:31:04.0513 5372 btwl2cap - ok 12:31:04.0529 5372 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\Windows\system32\DRIVERS\btwrchid.sys 12:31:04.0545 5372 btwrchid - ok 12:31:04.0545 5372 catchme - ok 12:31:04.0560 5372 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 12:31:04.0607 5372 cdfs - ok 12:31:04.0623 5372 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 12:31:04.0638 5372 cdrom - ok 12:31:04.0669 5372 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 12:31:04.0732 5372 CertPropSvc - ok 12:31:04.0747 5372 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 12:31:04.0779 5372 circlass - ok 12:31:04.0825 5372 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 12:31:04.0825 5372 CLFS - ok 12:31:04.0841 5372 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:31:04.0857 5372 clr_optimization_v2.0.50727_32 - ok 12:31:04.0872 5372 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 12:31:04.0888 5372 clr_optimization_v2.0.50727_64 - ok 12:31:04.0903 5372 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:31:04.0981 5372 clr_optimization_v4.0.30319_32 - ok 12:31:04.0997 5372 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 12:31:05.0044 5372 clr_optimization_v4.0.30319_64 - ok 12:31:05.0059 5372 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 12:31:05.0091 5372 CmBatt - ok 12:31:05.0106 5372 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 12:31:05.0122 5372 cmdide - ok 12:31:05.0184 5372 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 12:31:05.0215 5372 CNG - ok 12:31:05.0231 5372 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 12:31:05.0231 5372 Compbatt - ok 12:31:05.0262 5372 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 12:31:05.0309 5372 CompositeBus - ok 12:31:05.0309 5372 COMSysApp - ok 12:31:05.0340 5372 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys 12:31:05.0356 5372 cpuz135 - ok 12:31:05.0371 5372 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 12:31:05.0371 5372 crcdisk - ok 12:31:05.0403 5372 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe 12:31:05.0434 5372 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning 12:31:05.0434 5372 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1) 12:31:05.0434 5372 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe 12:31:05.0481 5372 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning 12:31:05.0481 5372 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1) 12:31:05.0527 5372 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 12:31:05.0590 5372 CryptSvc - ok 12:31:05.0605 5372 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys 12:31:05.0652 5372 dc3d - ok 12:31:05.0699 5372 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 12:31:05.0761 5372 DcomLaunch - ok 12:31:05.0808 5372 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 12:31:05.0855 5372 defragsvc - ok 12:31:05.0871 5372 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 12:31:05.0933 5372 DfsC - ok 12:31:05.0964 5372 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 12:31:06.0011 5372 Dhcp - ok 12:31:06.0027 5372 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 12:31:06.0089 5372 discache - ok 12:31:06.0089 5372 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 12:31:06.0105 5372 Disk - ok 12:31:06.0120 5372 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 12:31:06.0151 5372 Dnscache - ok 12:31:06.0198 5372 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 12:31:06.0261 5372 dot3svc - ok 12:31:06.0276 5372 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 12:31:06.0323 5372 DPS - ok 12:31:06.0323 5372 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 12:31:06.0354 5372 drmkaud - ok 12:31:06.0432 5372 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 12:31:06.0448 5372 DXGKrnl - ok 12:31:06.0495 5372 DxkgFilter - ok 12:31:06.0510 5372 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 12:31:06.0557 5372 EapHost - ok 12:31:06.0557 5372 easytether - ok 12:31:06.0682 5372 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 12:31:06.0791 5372 ebdrv - ok 12:31:06.0838 5372 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 12:31:06.0885 5372 EFS - ok 12:31:06.0963 5372 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 12:31:07.0056 5372 ehRecvr - ok 12:31:07.0072 5372 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 12:31:07.0119 5372 ehSched - ok 12:31:07.0197 5372 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 12:31:07.0212 5372 elxstor - ok 12:31:07.0228 5372 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 12:31:07.0259 5372 ErrDev - ok 12:31:07.0306 5372 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 12:31:07.0353 5372 EventSystem - ok 12:31:07.0384 5372 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 12:31:07.0431 5372 exfat - ok 12:31:07.0462 5372 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 12:31:07.0509 5372 fastfat - ok 12:31:07.0540 5372 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 12:31:07.0587 5372 Fax - ok 12:31:07.0602 5372 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 12:31:07.0649 5372 fdc - ok 12:31:07.0649 5372 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 12:31:07.0711 5372 fdPHost - ok 12:31:07.0727 5372 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 12:31:07.0774 5372 FDResPub - ok 12:31:07.0774 5372 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 12:31:07.0789 5372 FileInfo - ok 12:31:07.0789 5372 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 12:31:07.0836 5372 Filetrace - ok 12:31:07.0945 5372 FLEXnet Licensing Service 64 (64ab6f28047744b9b19c97459c2ab31b) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe 12:31:08.0070 5372 FLEXnet Licensing Service 64 - ok 12:31:08.0148 5372 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 12:31:08.0179 5372 flpydisk - ok 12:31:08.0211 5372 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 12:31:08.0226 5372 FltMgr - ok 12:31:08.0273 5372 fltsrv (e94e042bc24bb301767a8125d529b705) C:\Windows\system32\DRIVERS\fltsrv.sys 12:31:08.0289 5372 fltsrv - ok 12:31:08.0320 5372 FLxHCIc (d0adbcf2a5316d23ef67dfaa02d5d544) C:\Windows\system32\DRIVERS\FLxHCIc.sys 12:31:08.0382 5372 FLxHCIc - ok 12:31:08.0382 5372 FLxHCIh (f9b6db9727ad2f14ecf84e43eb5279f7) C:\Windows\system32\DRIVERS\FLxHCIh.sys 12:31:08.0413 5372 FLxHCIh - ok 12:31:08.0507 5372 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 12:31:08.0554 5372 FontCache - ok 12:31:08.0569 5372 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:31:08.0569 5372 FontCache3.0.0.0 - ok 12:31:08.0585 5372 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 12:31:08.0585 5372 FsDepends - ok 12:31:08.0616 5372 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys 12:31:08.0616 5372 fssfltr - ok 12:31:08.0710 5372 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 12:31:08.0741 5372 fsssvc - ok 12:31:08.0819 5372 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 12:31:08.0819 5372 Fs_Rec - ok 12:31:08.0850 5372 Futuremark SystemInfo Service (79b4cde2b69ed8ba4011859780a66a4d) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe 12:31:08.0881 5372 Futuremark SystemInfo Service - ok 12:31:08.0928 5372 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 12:31:08.0944 5372 fvevol - ok 12:31:08.0959 5372 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 12:31:08.0975 5372 gagp30kx - ok 12:31:09.0022 5372 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 12:31:09.0069 5372 gpsvc - ok 12:31:09.0069 5372 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:31:09.0084 5372 gupdate - ok 12:31:09.0147 5372 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 12:31:09.0147 5372 gusvc - ok 12:31:09.0178 5372 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys 12:31:09.0193 5372 hamachi - ok 12:31:09.0349 5372 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe 12:31:09.0396 5372 Hamachi2Svc - ok 12:31:09.0490 5372 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 12:31:09.0505 5372 hcw85cir - ok 12:31:09.0537 5372 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 12:31:09.0583 5372 HdAudAddService - ok 12:31:09.0599 5372 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 12:31:09.0630 5372 HDAudBus - ok 12:31:09.0630 5372 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 12:31:09.0677 5372 HidBatt - ok 12:31:09.0708 5372 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 12:31:09.0755 5372 HidBth - ok 12:31:09.0771 5372 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 12:31:09.0802 5372 HidIr - ok 12:31:09.0817 5372 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 12:31:09.0880 5372 hidserv - ok 12:31:09.0911 5372 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 12:31:09.0927 5372 HidUsb - ok 12:31:09.0927 5372 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 12:31:09.0989 5372 hkmsvc - ok 12:31:10.0020 5372 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 12:31:10.0051 5372 HomeGroupListener - ok 12:31:10.0067 5372 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 12:31:10.0098 5372 HomeGroupProvider - ok 12:31:10.0114 5372 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 12:31:10.0114 5372 HpSAMD - ok 12:31:10.0176 5372 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 12:31:10.0254 5372 HTTP - ok 12:31:10.0254 5372 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 12:31:10.0270 5372 hwpolicy - ok 12:31:10.0317 5372 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 12:31:10.0317 5372 i8042prt - ok 12:31:10.0363 5372 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys 12:31:10.0395 5372 iaStor - ok 12:31:10.0473 5372 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 12:31:10.0488 5372 iaStorV - ok 12:31:10.0551 5372 iDispService (cc95fc792884986fb5655066ed259cdf) C:\Windows\system32\DRIVERS\idisplayminiport.sys 12:31:10.0582 5372 iDispService - ok 12:31:10.0675 5372 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 12:31:10.0738 5372 idsvc - ok 12:31:10.0738 5372 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 12:31:10.0753 5372 iirsp - ok 12:31:10.0816 5372 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 12:31:10.0894 5372 IKEEXT - ok 12:31:11.0050 5372 IntcAzAudAddService (bd9d02f706fcaf28d89f5435f18a4a04) C:\Windows\system32\drivers\RTKVHD64.sys 12:31:11.0097 5372 IntcAzAudAddService - ok 12:31:11.0175 5372 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 12:31:11.0190 5372 intelide - ok 12:31:11.0206 5372 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 12:31:11.0237 5372 intelppm - ok 12:31:11.0237 5372 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 12:31:11.0268 5372 IPBusEnum - ok 12:31:11.0331 5372 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:31:11.0393 5372 IpFilterDriver - ok 12:31:11.0455 5372 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 12:31:11.0502 5372 iphlpsvc - ok 12:31:11.0533 5372 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 12:31:11.0565 5372 IPMIDRV - ok 12:31:11.0596 5372 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 12:31:11.0627 5372 IPNAT - ok 12:31:11.0658 5372 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 12:31:11.0689 5372 IRENUM - ok 12:31:11.0705 5372 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 12:31:11.0721 5372 isapnp - ok 12:31:11.0814 5372 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 12:31:11.0830 5372 iScsiPrt - ok 12:31:11.0877 5372 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 12:31:11.0892 5372 kbdclass - ok 12:31:11.0908 5372 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 12:31:11.0939 5372 kbdhid - ok 12:31:11.0955 5372 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys 12:31:11.0970 5372 kbfiltr - ok 12:31:11.0970 5372 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:31:11.0986 5372 KeyIso - ok 12:31:12.0001 5372 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 12:31:12.0001 5372 KSecDD - ok 12:31:12.0017 5372 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 12:31:12.0033 5372 KSecPkg - ok 12:31:12.0064 5372 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 12:31:12.0111 5372 ksthunk - ok 12:31:12.0142 5372 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 12:31:12.0235 5372 KtmRm - ok 12:31:12.0267 5372 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 12:31:12.0329 5372 LanmanServer - ok 12:31:12.0345 5372 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 12:31:12.0407 5372 LanmanWorkstation - ok 12:31:12.0438 5372 libusb0 (c7d21310ea0a644aa6394de1e46e3d31) C:\Windows\system32\DRIVERS\libusb0.sys 12:31:12.0469 5372 libusb0 - ok 12:31:12.0501 5372 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 12:31:12.0532 5372 lltdio - ok 12:31:12.0735 5372 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 12:31:12.0781 5372 lltdsvc - ok 12:31:12.0797 5372 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 12:31:12.0813 5372 lmhosts - ok 12:31:12.0875 5372 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 12:31:12.0906 5372 LMS - ok 12:31:12.0922 5372 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 12:31:12.0937 5372 LSI_FC - ok 12:31:12.0953 5372 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 12:31:12.0969 5372 LSI_SAS - ok 12:31:12.0969 5372 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 12:31:12.0984 5372 LSI_SAS2 - ok 12:31:13.0000 5372 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 12:31:13.0015 5372 LSI_SCSI - ok 12:31:13.0031 5372 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 12:31:13.0062 5372 luafv - ok 12:31:13.0109 5372 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 12:31:13.0109 5372 MBAMProtector - ok 12:31:13.0218 5372 MBAMService (ba400ed640bca1eae5c727ae17c10207) E:\Malwarebytes' Anti-Malware\mbamservice.exe 12:31:13.0249 5372 MBAMService - ok 12:31:13.0249 5372 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys 12:31:13.0265 5372 MBfilt - ok 12:31:13.0296 5372 Mcx2Svc - ok 12:31:13.0296 5372 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 12:31:13.0312 5372 megasas - ok 12:31:13.0327 5372 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 12:31:13.0343 5372 MegaSR - ok 12:31:13.0359 5372 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 12:31:13.0374 5372 MEIx64 - ok 12:31:13.0483 5372 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 12:31:13.0546 5372 MMCSS - ok 12:31:13.0561 5372 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 12:31:13.0608 5372 Modem - ok 12:31:13.0608 5372 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 12:31:13.0639 5372 monitor - ok 12:31:13.0671 5372 MotioninJoyXFilter (eb03d4164e7f10b601d280413655ade4) C:\Windows\system32\DRIVERS\MijXfilt.sys 12:31:13.0702 5372 MotioninJoyXFilter - ok 12:31:13.0717 5372 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 12:31:13.0717 5372 mouclass - ok 12:31:13.0749 5372 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 12:31:13.0749 5372 mouhid - ok 12:31:13.0780 5372 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 12:31:13.0795 5372 mountmgr - ok 12:31:13.0811 5372 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys 12:31:13.0827 5372 MpFilter - ok 12:31:13.0842 5372 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 12:31:13.0858 5372 mpio - ok 12:31:13.0873 5372 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 12:31:13.0920 5372 mpsdrv - ok 12:31:13.0951 5372 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 12:31:14.0029 5372 MpsSvc - ok 12:31:14.0076 5372 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 12:31:14.0092 5372 MRxDAV - ok 12:31:14.0107 5372 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 12:31:14.0170 5372 mrxsmb - ok 12:31:14.0201 5372 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:31:14.0232 5372 mrxsmb10 - ok 12:31:14.0248 5372 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:31:14.0279 5372 mrxsmb20 - ok 12:31:14.0279 5372 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 12:31:14.0295 5372 msahci - ok 12:31:14.0326 5372 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 12:31:14.0341 5372 msdsm - ok 12:31:14.0357 5372 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 12:31:14.0388 5372 MSDTC - ok 12:31:14.0404 5372 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 12:31:14.0451 5372 Msfs - ok 12:31:14.0451 5372 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 12:31:14.0497 5372 mshidkmdf - ok 12:31:14.0513 5372 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 12:31:14.0513 5372 msisadrv - ok 12:31:14.0529 5372 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 12:31:14.0575 5372 MSiSCSI - ok 12:31:14.0575 5372 msiserver - ok 12:31:14.0591 5372 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 12:31:14.0638 5372 MSKSSRV - ok 12:31:14.0685 5372 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe 12:31:14.0700 5372 MsMpSvc - ok 12:31:14.0731 5372 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 12:31:14.0763 5372 MSPCLOCK - ok 12:31:14.0763 5372 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 12:31:14.0809 5372 MSPQM - ok 12:31:14.0856 5372 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 12:31:14.0872 5372 MsRPC - ok 12:31:14.0872 5372 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 12:31:14.0872 5372 mssmbios - ok 12:31:14.0887 5372 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 12:31:14.0903 5372 MSTEE - ok 12:31:14.0934 5372 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 12:31:14.0965 5372 MTConfig - ok 12:31:14.0981 5372 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 12:31:14.0981 5372 Mup - ok 12:31:15.0012 5372 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 12:31:15.0075 5372 napagent - ok 12:31:15.0121 5372 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 12:31:15.0153 5372 NativeWifiP - ok 12:31:15.0246 5372 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 12:31:15.0262 5372 NDIS - ok 12:31:15.0277 5372 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 12:31:15.0324 5372 NdisCap - ok 12:31:15.0371 5372 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 12:31:15.0418 5372 NdisTapi - ok 12:31:15.0433 5372 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 12:31:15.0480 5372 Ndisuio - ok 12:31:15.0511 5372 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 12:31:15.0543 5372 NdisWan - ok 12:31:15.0589 5372 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 12:31:15.0621 5372 NDProxy - ok 12:31:15.0621 5372 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 12:31:15.0667 5372 NetBIOS - ok 12:31:15.0699 5372 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 12:31:15.0745 5372 NetBT - ok 12:31:15.0761 5372 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:31:15.0777 5372 Netlogon - ok 12:31:15.0808 5372 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 12:31:15.0886 5372 Netman - ok 12:31:15.0917 5372 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:31:15.0948 5372 NetMsmqActivator - ok 12:31:15.0948 5372 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:31:15.0948 5372 NetPipeActivator - ok 12:31:15.0995 5372 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 12:31:16.0026 5372 netprofm - ok 12:31:16.0042 5372 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:31:16.0057 5372 NetTcpActivator - ok 12:31:16.0057 5372 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:31:16.0057 5372 NetTcpPortSharing - ok 12:31:16.0089 5372 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 12:31:16.0104 5372 nfrd960 - ok 12:31:16.0120 5372 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 12:31:16.0120 5372 NisDrv - ok 12:31:16.0151 5372 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe 12:31:16.0167 5372 NisSrv - ok 12:31:16.0198 5372 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 12:31:16.0229 5372 NlaSvc - ok 12:31:16.0245 5372 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 12:31:16.0291 5372 Npfs - ok 12:31:16.0291 5372 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 12:31:16.0338 5372 nsi - ok 12:31:16.0338 5372 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 12:31:16.0385 5372 nsiproxy - ok 12:31:16.0494 5372 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 12:31:16.0541 5372 Ntfs - ok 12:31:16.0650 5372 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 12:31:16.0666 5372 Null - ok 12:31:16.0697 5372 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys 12:31:16.0713 5372 NVHDA - ok 12:31:17.0727 5372 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys 12:31:26.0541 5372 nvlddmkm - ok 12:31:26.0650 5372 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 12:31:26.0665 5372 nvraid - ok 12:31:26.0681 5372 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 12:31:26.0697 5372 nvstor - ok 12:31:26.0759 5372 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe 12:31:26.0821 5372 nvsvc - ok 12:31:26.0915 5372 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 12:31:26.0962 5372 nvUpdatusService - ok 12:31:27.0087 5372 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 12:31:27.0102 5372 nv_agp - ok 12:31:27.0118 5372 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 12:31:27.0149 5372 ohci1394 - ok 12:31:27.0180 5372 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 12:31:27.0196 5372 p2pimsvc - ok 12:31:27.0243 5372 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 12:31:27.0258 5372 p2psvc - ok 12:31:27.0274 5372 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 12:31:27.0321 5372 Parport - ok 12:31:27.0321 5372 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 12:31:27.0336 5372 partmgr - ok 12:31:27.0352 5372 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 12:31:27.0367 5372 PcaSvc - ok 12:31:27.0399 5372 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 12:31:27.0399 5372 pci - ok 12:31:27.0399 5372 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 12:31:27.0414 5372 pciide - ok 12:31:27.0445 5372 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 12:31:27.0461 5372 pcmcia - ok 12:31:27.0461 5372 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 12:31:27.0477 5372 pcw - ok 12:31:27.0508 5372 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 12:31:27.0570 5372 PEAUTH - ok 12:31:27.0617 5372 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 12:31:27.0664 5372 PerfHost - ok 12:31:27.0789 5372 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 12:31:27.0867 5372 pla - ok 12:31:27.0898 5372 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 12:31:27.0945 5372 PlugPlay - ok 12:31:27.0960 5372 PnkBstrA - ok 12:31:27.0960 5372 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 12:31:27.0991 5372 PNRPAutoReg - ok 12:31:28.0023 5372 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 12:31:28.0038 5372 PNRPsvc - ok 12:31:28.0054 5372 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys 12:31:28.0069 5372 Point64 - ok 12:31:28.0116 5372 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 12:31:28.0147 5372 PolicyAgent - ok 12:31:28.0179 5372 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 12:31:28.0225 5372 Power - ok 12:31:28.0257 5372 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 12:31:28.0272 5372 PptpMiniport - ok 12:31:28.0288 5372 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 12:31:28.0335 5372 Processor - ok 12:31:28.0350 5372 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 12:31:28.0397 5372 ProfSvc - ok 12:31:28.0413 5372 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:31:28.0413 5372 ProtectedStorage - ok 12:31:28.0444 5372 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 12:31:28.0491 5372 Psched - ok 12:31:28.0506 5372 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 12:31:28.0522 5372 PxHlpa64 - ok 12:31:28.0600 5372 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 12:31:28.0662 5372 ql2300 - ok 12:31:28.0725 5372 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 12:31:28.0740 5372 ql40xx - ok 12:31:28.0787 5372 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 12:31:28.0803 5372 QWAVE - ok 12:31:28.0803 5372 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 12:31:28.0834 5372 QWAVEdrv - ok 12:31:28.0881 5372 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 12:31:28.0927 5372 RasAcd - ok 12:31:28.0943 5372 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 12:31:28.0974 5372 RasAgileVpn - ok 12:31:29.0005 5372 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 12:31:29.0052 5372 RasAuto - ok 12:31:29.0083 5372 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 12:31:29.0130 5372 Rasl2tp - ok 12:31:29.0177 5372 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 12:31:29.0224 5372 RasMan - ok 12:31:29.0286 5372 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 12:31:29.0302 5372 RasPppoe - ok 12:31:29.0317 5372 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 12:31:29.0364 5372 RasSstp - ok 12:31:29.0395 5372 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 12:31:29.0442 5372 rdbss - ok 12:31:29.0458 5372 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 12:31:29.0489 5372 rdpbus - ok 12:31:29.0489 5372 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 12:31:29.0520 5372 RDPCDD - ok 12:31:29.0520 5372 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 12:31:29.0583 5372 RDPENCDD - ok 12:31:29.0583 5372 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 12:31:29.0661 5372 RDPREFMP - ok 12:31:29.0707 5372 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 12:31:29.0723 5372 RDPWD - ok 12:31:29.0739 5372 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 12:31:29.0754 5372 rdyboost - ok 12:31:29.0785 5372 RemoteAccess - ok 12:31:29.0801 5372 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 12:31:29.0832 5372 RemoteRegistry - ok 12:31:29.0863 5372 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 12:31:29.0910 5372 RFCOMM - ok 12:31:29.0910 5372 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 12:31:29.0973 5372 RpcEptMapper - ok 12:31:29.0973 5372 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 12:31:30.0035 5372 RpcLocator - ok 12:31:30.0082 5372 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 12:31:30.0113 5372 RpcSs - ok 12:31:30.0113 5372 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 12:31:30.0160 5372 rspndr - ok 12:31:30.0222 5372 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys 12:31:30.0238 5372 RSUSBVSTOR - ok 12:31:30.0269 5372 RTCore64 (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys 12:31:30.0285 5372 RTCore64 - ok 12:31:30.0331 5372 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys 12:31:30.0347 5372 RTL8167 - ok 12:31:30.0378 5372 SaiK0CCB (37fe3f97ac8ecab53df56bf275f8d2d5) C:\Windows\system32\DRIVERS\SaiK0CCB.sys 12:31:30.0409 5372 SaiK0CCB - ok 12:31:30.0441 5372 SaiMini (356dc2b0f2b413c6ad2c191ecf2734be) C:\Windows\system32\DRIVERS\SaiMini.sys 12:31:30.0456 5372 SaiMini - ok 12:31:30.0472 5372 SaiNtBus (e47b4067f2c489fbe4c2ae29ef96054e) C:\Windows\system32\drivers\SaiBus.sys 12:31:30.0487 5372 SaiNtBus - ok 12:31:30.0534 5372 SaiU0CCB (950dca50af39563d96eec57ac614366c) C:\Windows\system32\DRIVERS\SaiU0CCB.sys 12:31:30.0565 5372 SaiU0CCB - ok 12:31:30.0565 5372 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:31:30.0565 5372 SamSs - ok 12:31:30.0597 5372 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 12:31:30.0612 5372 sbp2port - ok 12:31:30.0628 5372 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 12:31:30.0690 5372 SCardSvr - ok 12:31:30.0690 5372 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 12:31:30.0721 5372 scfilter - ok 12:31:30.0784 5372 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 12:31:30.0862 5372 Schedule - ok 12:31:30.0862 5372 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 12:31:30.0893 5372 SCPolicySvc - ok 12:31:30.0909 5372 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 12:31:30.0955 5372 SDRSVC - ok 12:31:30.0971 5372 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 12:31:31.0018 5372 secdrv - ok 12:31:31.0018 5372 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 12:31:31.0065 5372 seclogon - ok 12:31:31.0080 5372 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 12:31:31.0127 5372 SENS - ok 12:31:31.0143 5372 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 12:31:31.0174 5372 SensrSvc - ok 12:31:31.0174 5372 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 12:31:31.0189 5372 Serenum - ok 12:31:31.0221 5372 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 12:31:31.0252 5372 Serial - ok 12:31:31.0283 5372 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 12:31:31.0314 5372 sermouse - ok 12:31:31.0330 5372 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 12:31:31.0377 5372 SessionEnv - ok 12:31:31.0408 5372 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 12:31:31.0423 5372 sffdisk - ok 12:31:31.0455 5372 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 12:31:31.0501 5372 sffp_mmc - ok 12:31:31.0517 5372 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 12:31:31.0548 5372 sffp_sd - ok 12:31:31.0579 5372 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 12:31:31.0611 5372 sfloppy - ok 12:31:31.0642 5372 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 12:31:31.0673 5372 SharedAccess - ok 12:31:31.0720 5372 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 12:31:31.0798 5372 ShellHWDetection - ok 12:31:31.0845 5372 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys 12:31:31.0876 5372 SiSGbeLH - ok 12:31:31.0923 5372 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 12:31:31.0938 5372 SiSRaid2 - ok 12:31:31.0985 5372 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 12:31:31.0985 5372 SiSRaid4 - ok 12:31:32.0032 5372 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 12:31:32.0063 5372 Smb - ok 12:31:32.0079 5372 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 12:31:32.0125 5372 SNMPTRAP - ok 12:31:32.0203 5372 SplashtopRemoteService (a23c5c4144605d6b726682a45e10b21b) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe 12:31:32.0219 5372 SplashtopRemoteService - ok 12:31:32.0235 5372 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 12:31:32.0235 5372 spldr - ok 12:31:32.0281 5372 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 12:31:32.0328 5372 Spooler - ok 12:31:32.0500 5372 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 12:31:32.0609 5372 sppsvc - ok 12:31:32.0703 5372 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 12:31:32.0734 5372 sppuinotify - ok 12:31:32.0796 5372 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 12:31:32.0843 5372 srv - ok 12:31:32.0921 5372 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 12:31:32.0983 5372 srv2 - ok 12:31:32.0999 5372 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 12:31:33.0030 5372 srvnet - ok 12:31:33.0046 5372 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 12:31:33.0093 5372 SSDPSRV - ok 12:31:33.0108 5372 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 12:31:33.0155 5372 SstpSvc - ok 12:31:33.0202 5372 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe 12:31:33.0217 5372 SSUService - ok 12:31:33.0249 5372 StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 12:31:33.0264 5372 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning 12:31:33.0264 5372 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1) 12:31:33.0280 5372 Steam Client Service - ok 12:31:33.0311 5372 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 12:31:33.0373 5372 Stereo Service - ok 12:31:33.0405 5372 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 12:31:33.0405 5372 stexstor - ok 12:31:33.0467 5372 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 12:31:33.0498 5372 stisvc - ok 12:31:33.0514 5372 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 12:31:33.0529 5372 swenum - ok 12:31:33.0592 5372 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 12:31:33.0701 5372 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 12:31:33.0701 5372 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 12:31:33.0748 5372 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 12:31:33.0795 5372 swprv - ok 12:31:33.0888 5372 SynTP (bc642d540aedf9a253c74d10c848ebd2) C:\Windows\system32\DRIVERS\SynTP.sys 12:31:33.0919 5372 SynTP - ok 12:31:34.0075 5372 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 12:31:34.0153 5372 SysMain - ok 12:31:34.0231 5372 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 12:31:34.0247 5372 TabletInputService - ok 12:31:34.0263 5372 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 12:31:34.0341 5372 TapiSrv - ok 12:31:34.0356 5372 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 12:31:34.0419 5372 TBS - ok 12:31:34.0590 5372 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 12:31:34.0668 5372 Tcpip - ok 12:31:34.0855 5372 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 12:31:34.0887 5372 TCPIP6 - ok 12:31:34.0965 5372 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 12:31:35.0011 5372 tcpipreg - ok 12:31:35.0043 5372 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 12:31:35.0043 5372 TDPIPE - ok 12:31:35.0074 5372 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 12:31:35.0105 5372 TDTCP - ok 12:31:35.0121 5372 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 12:31:35.0152 5372 tdx - ok 12:31:35.0167 5372 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 12:31:35.0167 5372 TermDD - ok 12:31:35.0230 5372 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 12:31:35.0292 5372 TermService - ok 12:31:35.0308 5372 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 12:31:35.0339 5372 Themes - ok 12:31:35.0339 5372 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 12:31:35.0370 5372 THREADORDER - ok 12:31:35.0386 5372 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 12:31:35.0417 5372 TrkWks - ok 12:31:35.0448 5372 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 12:31:35.0479 5372 TrustedInstaller - ok 12:31:35.0495 5372 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 12:31:35.0542 5372 tssecsrv - ok 12:31:35.0557 5372 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 12:31:35.0589 5372 TsUsbFlt - ok 12:31:35.0620 5372 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 12:31:35.0682 5372 tunnel - ok 12:31:35.0682 5372 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys 12:31:35.0698 5372 TurboB - ok 12:31:35.0713 5372 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe 12:31:35.0729 5372 TurboBoost - ok 12:31:35.0760 5372 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 12:31:35.0776 5372 uagp35 - ok 12:31:35.0791 5372 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 12:31:35.0854 5372 udfs - ok 12:31:35.0869 5372 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 12:31:35.0901 5372 UI0Detect - ok 12:31:35.0916 5372 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 12:31:35.0932 5372 uliagpkx - ok 12:31:35.0963 5372 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 12:31:35.0994 5372 umbus - ok 12:31:35.0994 5372 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 12:31:36.0025 5372 UmPass - ok 12:31:36.0197 5372 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 12:31:36.0228 5372 UNS - ok 12:31:36.0337 5372 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 12:31:36.0384 5372 upnphost - ok 12:31:36.0400 5372 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 12:31:36.0431 5372 usbccgp - ok 12:31:36.0462 5372 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 12:31:36.0493 5372 usbcir - ok 12:31:36.0525 5372 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 12:31:36.0556 5372 usbehci - ok 12:31:36.0587 5372 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 12:31:36.0649 5372 usbhub - ok 12:31:36.0665 5372 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 12:31:36.0696 5372 usbohci - ok 12:31:36.0727 5372 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 12:31:36.0759 5372 usbprint - ok 12:31:36.0774 5372 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:31:36.0805 5372 USBSTOR - ok 12:31:36.0837 5372 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 12:31:36.0868 5372 usbuhci - ok 12:31:36.0899 5372 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 12:31:36.0946 5372 usbvideo - ok 12:31:36.0946 5372 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 12:31:37.0008 5372 UxSms - ok 12:31:37.0008 5372 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:31:37.0024 5372 VaultSvc - ok 12:31:37.0055 5372 VBoxDrv (03837b80ad5d8a00996148ad57c09791) C:\Windows\system32\DRIVERS\VBoxDrv.sys 12:31:37.0071 5372 VBoxDrv - ok 12:31:37.0102 5372 VBoxNetAdp (51cee8e2b356fdc351db20c87f25f5a8) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 12:31:37.0117 5372 VBoxNetAdp - ok 12:31:37.0133 5372 VBoxNetFlt (ce7e80c7367b2adaa023d9004c9f4691) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 12:31:37.0149 5372 VBoxNetFlt - ok 12:31:37.0164 5372 VBoxUSBMon (27c9a9f2fa94140ddcf7b9131e13e1b4) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 12:31:37.0180 5372 VBoxUSBMon - ok 12:31:37.0195 5372 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 12:31:37.0195 5372 vdrvroot - ok 12:31:37.0242 5372 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 12:31:37.0320 5372 vds - ok 12:31:37.0351 5372 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 12:31:37.0351 5372 vga - ok 12:31:37.0367 5372 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 12:31:37.0398 5372 VgaSave - ok 12:31:37.0429 5372 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 12:31:37.0476 5372 vhdmp - ok 12:31:37.0492 5372 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 12:31:37.0507 5372 viaide - ok 12:31:37.0523 5372 VideAceWindowsService (0adf410187b71c9b855721c8d59cec7a) C:\ExpressGateUtil\VAWinService.exe 12:31:37.0570 5372 VideAceWindowsService ( UnsignedFile.Multi.Generic ) - warning 12:31:37.0570 5372 VideAceWindowsService - detected UnsignedFile.Multi.Generic (1) 12:31:37.0585 5372 vidsflt61 (2dfd1eb9de564460003de1605a275e8d) C:\Windows\system32\DRIVERS\vsflt61.sys 12:31:37.0601 5372 vidsflt61 - ok 12:31:37.0617 5372 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 12:31:37.0617 5372 volmgr - ok 12:31:37.0663 5372 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 12:31:37.0679 5372 volmgrx - ok 12:31:37.0710 5372 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 12:31:37.0710 5372 volsnap - ok 12:31:37.0741 5372 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 12:31:37.0757 5372 vsmraid - ok 12:31:37.0835 5372 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 12:31:37.0929 5372 VSS - ok 12:31:38.0038 5372 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 12:31:38.0069 5372 vwifibus - ok 12:31:38.0069 5372 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 12:31:38.0085 5372 vwififlt - ok 12:31:38.0100 5372 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 12:31:38.0100 5372 vwifimp - ok 12:31:38.0147 5372 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 12:31:38.0178 5372 W32Time - ok 12:31:38.0209 5372 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 12:31:38.0256 5372 WacomPen - ok 12:31:38.0272 5372 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 12:31:38.0303 5372 WANARP - ok 12:31:38.0303 5372 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 12:31:38.0334 5372 Wanarpv6 - ok 12:31:38.0412 5372 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 12:31:38.0459 5372 WatAdminSvc - ok 12:31:38.0568 5372 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 12:31:38.0631 5372 wbengine - ok 12:31:38.0709 5372 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 12:31:38.0740 5372 WbioSrvc - ok 12:31:38.0787 5372 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 12:31:38.0818 5372 wcncsvc - ok 12:31:38.0833 5372 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 12:31:38.0865 5372 WcsPlugInService - ok 12:31:38.0896 5372 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 12:31:38.0896 5372 Wd - ok 12:31:38.0958 5372 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 12:31:38.0989 5372 Wdf01000 - ok 12:31:38.0989 5372 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 12:31:39.0083 5372 WdiServiceHost - ok 12:31:39.0083 5372 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 12:31:39.0099 5372 WdiSystemHost - ok 12:31:39.0130 5372 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 12:31:39.0161 5372 WebClient - ok 12:31:39.0208 5372 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 12:31:39.0255 5372 Wecsvc - ok 12:31:39.0270 5372 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 12:31:39.0317 5372 wercplsupport - ok 12:31:39.0333 5372 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 12:31:39.0364 5372 WerSvc - ok 12:31:39.0395 5372 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 12:31:39.0426 5372 WfpLwf - ok 12:31:39.0442 5372 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys 12:31:39.0457 5372 WimFltr - ok 12:31:39.0473 5372 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 12:31:39.0489 5372 WIMMount - ok 12:31:39.0489 5372 WinDefend - ok 12:31:39.0504 5372 WinHttpAutoProxySvc - ok 12:31:39.0535 5372 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 12:31:39.0567 5372 Winmgmt - ok 12:31:39.0738 5372 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 12:31:39.0801 5372 WinRM - ok 12:31:39.0894 5372 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys 12:31:39.0910 5372 WinUSB - ok 12:31:39.0988 5372 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 12:31:40.0050 5372 Wlansvc - ok 12:31:40.0081 5372 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 12:31:40.0081 5372 wlcrasvc - ok 12:31:40.0253 5372 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 12:31:40.0300 5372 wlidsvc - ok 12:31:40.0378 5372 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 12:31:40.0409 5372 WmiAcpi - ok 12:31:40.0440 5372 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 12:31:40.0487 5372 wmiApSrv - ok 12:31:40.0487 5372 WMPNetworkSvc - ok 12:31:40.0487 5372 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 12:31:40.0503 5372 WPCSvc - ok 12:31:40.0518 5372 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 12:31:40.0534 5372 WPDBusEnum - ok 12:31:40.0549 5372 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 12:31:40.0581 5372 ws2ifsl - ok 12:31:40.0596 5372 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 12:31:40.0643 5372 wscsvc - ok 12:31:40.0643 5372 WSearch - ok 12:31:40.0799 5372 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 12:31:40.0908 5372 wuauserv - ok 12:31:40.0986 5372 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 12:31:41.0064 5372 WudfPf - ok 12:31:41.0095 5372 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 12:31:41.0142 5372 WUDFRd - ok 12:31:41.0142 5372 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 12:31:41.0173 5372 wudfsvc - ok 12:31:41.0205 5372 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 12:31:41.0251 5372 WwanSvc - ok 12:31:41.0283 5372 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys 12:31:41.0314 5372 xusb21 - ok 12:31:41.0641 5372 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 12:31:41.0797 5372 \Device\Harddisk0\DR0 - ok 12:31:41.0829 5372 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 12:31:42.0156 5372 \Device\Harddisk1\DR1 - ok 12:31:42.0219 5372 Boot (0x1200) (2aa86d3d9eeb6cb2ff3007e85c3446b3) \Device\Harddisk0\DR0\Partition0 12:31:42.0219 5372 \Device\Harddisk0\DR0\Partition0 - ok 12:31:42.0219 5372 Boot (0x1200) (4aa19da1e3ccd839008e9e0642887ea7) \Device\Harddisk1\DR1\Partition0 12:31:42.0219 5372 \Device\Harddisk1\DR1\Partition0 - ok 12:31:42.0219 5372 ============================================================ 12:31:42.0219 5372 Scan finished 12:31:42.0219 5372 ============================================================ 12:31:42.0234 5392 Detected object count: 5 12:31:42.0234 5392 Actual detected object count: 5 12:32:41.0031 5392 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 12:32:41.0031 5392 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:32:41.0031 5392 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 12:32:41.0031 5392 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:32:41.0031 5392 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user 12:32:41.0031 5392 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:32:41.0031 5392 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 12:32:41.0031 5392 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:32:41.0031 5392 VideAceWindowsService ( UnsignedFile.Multi.Generic ) - skipped by user 12:32:41.0031 5392 VideAceWindowsService ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:32:41.0031 5392 Deinitialize success
- June 6, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

Even though the ports are block it is still popping up.
- June 6, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

I blocked the ports from 48000-51000. ill see how that works out
- June 5, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

let me try that. Also while im doing that, is it alright to use eset in chrome? I can open it in IE but when I get to the step where I have to clock start, there is no start button. It is there in chrome though.
- June 5, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

Ill get in safe mode and run that scan. Also I do have firewall up. When I had the sirefef, it took it down and would not let me turn it back on. But It is up now.
- June 5, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

Yeah its back. It was fine for a good 1 1/2 hours. All I did since I wrote last was reboot and checked my gmail 2 mins ago.
- June 5, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

Uninstalled just fine! Thank you very much for your support!
- June 4, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

Alright combofix is done with that script. Is it normal for the computer to restart after the scan then continue to prepare the log after it started beck up? it looks gone! ComboFix 12-06-04.02 - Ryan 06/04/2012 17:57:18.5.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5874 [GMT -5:00] Running from: c:\users\Ryan\Desktop\ComboFix.exe Command switches used :: c:\users\Ryan\Desktop\CFScript.txt AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 ))))))))))))))))))))))))))))))) . . 2012-06-04 23:01 . 2012-06-04 23:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-04 23:01 . 2012-06-04 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-04 15:18 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34737A5B-8810-4260-8CF6-C6DC6A78FD87}\mpengine.dll 2012-06-03 02:04 . 2012-06-03 02:04 -------- d-----w- c:\program files (x86)\ESET 2012-06-02 17:42 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-01 21:00 . 2012-06-01 21:00 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CE6634F-FB9D-4948-A914-47F0E930201A}\gapaengine.dll 2012-06-01 21:00 . 2012-06-01 21:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-06-01 21:00 . 2012-06-01 21:00 -------- d-----w- c:\program files\Microsoft Security Client 2012-06-01 04:52 . 2012-06-01 04:52 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-31 16:25 . 2012-05-31 16:25 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes 2012-05-31 16:25 . 2012-05-31 16:25 -------- d-----w- c:\programdata\Malwarebytes 2012-05-31 16:25 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-31 00:07 . 2012-05-31 00:07 -------- d-----w- c:\windows\system32\wbem\Logs 2012-05-15 22:08 . 2012-05-31 05:01 -------- d-----w- c:\users\Ryan\AppData\Roaming\Ventrilo 2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-05-14 17:48 . 2012-06-03 04:37 -------- d-----w- c:\program files (x86)\Diablo III 2012-05-11 20:33 . 2012-05-12 10:02 -------- d-----w- c:\users\Ryan\Diablo-III-8370-enUS-Installer 2012-05-08 21:57 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-08 21:57 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-08 21:57 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-08 21:57 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-08 21:57 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-08 21:57 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-08 21:57 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-08 21:56 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-08 21:56 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-08 21:56 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-08 21:56 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-08 21:56 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-08 21:56 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-04 23:02 . 2011-04-17 03:35 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-05-15 10:48 . 2012-03-15 19:06 68928 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:48 . 2012-03-15 19:06 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-05-15 10:48 . 2011-10-26 19:34 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-05-15 10:48 . 2011-09-23 06:03 1738048 ----a-w- c:\windows\system32\nvdispco64.dll 2012-05-15 10:48 . 2011-09-23 06:03 1468224 ----a-w- c:\windows\system32\nvgenco64.dll 2012-05-15 10:48 . 2010-10-29 07:54 2741568 ----a-w- c:\windows\system32\nvapi64.dll 2012-05-15 10:48 . 2010-10-29 07:54 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-05-15 09:29 . 2010-10-29 11:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:29 . 2010-10-29 11:38 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:29 . 2010-10-29 11:38 2561856 ----a-w- c:\windows\system32\nvsvcr.dll 2012-05-15 09:29 . 2010-10-29 11:38 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:29 . 2010-10-29 11:38 3149632 ----a-w- c:\windows\system32\nvsvc64.dll 2012-05-15 09:28 . 2010-10-29 11:38 6151488 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-05 02:53 . 2012-04-09 04:36 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-05 02:53 . 2011-06-08 21:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 02:53 . 2012-04-10 23:53 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-29 23:11 . 2012-04-29 23:11 4608 ----a-w- c:\windows\SysWow64\adesk_patcher64.exe 2012-04-18 17:08 . 2011-11-30 04:57 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2012-04-16 00:22 . 2012-04-16 00:22 750488 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-04-16 00:22 . 2011-07-04 22:22 660368 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 18:02 . 2012-04-04 18:02 1285216 ----a-w- c:\windows\system32\drivers\tdrpman.sys 2012-04-04 18:02 . 2012-04-04 18:02 986208 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-04-04 18:01 . 2012-04-04 18:01 211040 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-04-04 18:01 . 2012-04-04 18:01 142944 ----a-w- c:\windows\system32\drivers\vsflt61.sys 2012-04-04 18:01 . 2012-04-04 18:01 310368 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-04-04 18:01 . 2012-04-04 18:01 133728 ----a-w- c:\windows\system32\drivers\fltsrv.sys 2012-04-03 19:19 . 2012-04-08 20:16 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-04-03 19:19 . 2012-04-08 20:16 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-04-03 19:19 . 2012-04-03 19:19 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2012-04-03 19:19 . 2012-04-03 19:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-04-03 19:19 . 2012-04-03 19:19 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll 2012-03-26 05:36 . 2012-03-26 05:36 1817088 ----a-w- c:\windows\SysWow64\Mcx2Svc.dll 2012-03-23 03:19 . 2012-03-23 03:18 726016 ----a-w- c:\windows\SysWow64\7z.dll 2012-03-21 01:44 . 2012-03-21 01:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-21 01:44 . 2012-03-21 01:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-04_21.51.54 ))))))))))))))))))))))))))))))))))))))))) . + 2011-04-17 03:17 . 2012-06-04 22:45 94396 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-04 22:45 38466 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-11 12:32 . 2012-06-04 22:45 24004 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2388485762-2462165164-2089254216-1001_UserData.bin + 2009-07-14 04:46 . 2012-06-04 22:50 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2012-06-04 15:08 . 2012-06-04 15:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-06-04 23:01 . 2012-06-04 23:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-06-03 04:38 476496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-06-04 23:01 476496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 04:45 . 2012-06-01 20:48 7112972 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:45 . 2012-06-04 22:26 7112972 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2011-04-17 03:33 . 2012-06-03 04:38 2826280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-04-17 03:33 . 2012-06-04 23:01 2826280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-05-11 02:47 . 2012-06-04 23:01 10827032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2388485762-2462165164-2089254216-1001-8192.dat - 2011-05-11 02:47 . 2012-06-03 04:38 10827032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2388485762-2462165164-2089254216-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] "VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-09-08 905216] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888] "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-10-15 84464] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-04-17 3058304] "Malwarebytes' Anti-Malware"="e:\malwarebytes' anti-malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ mbam.exe - Shortcut.lnk - e:\malwarebytes' anti-malware\mbam.exe [2012-5-31 981672] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 135664] R2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2012-04-04 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] R3 ALSysIO;ALSysIO;c:\users\Ryan\AppData\Local\Temp\ALSysIO64.sys [x] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-04-17 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-17 79360] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] R3 DxkgFilter;Filtering Dxkg;c:\program files (x86)\iDisplay\idisplay.sys [x] R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-29 1432400] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976] R3 iDispService;iDispService;c:\windows\system32\DRIVERS\idisplayminiport.sys [x] R3 libusb0;libusb-win32 - Kernel Driver 02/04/2012 0.0.0.0;c:\windows\system32\DRIVERS\libusb0.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x] R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-14 86016] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-03-16 531328] S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x] S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Mcx2Svc . Contents of the 'Scheduled Tasks' folder . 2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:53] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 02:39] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 02:39] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001Core.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 23:57] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001UA.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 23:57] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-22 11075176] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648] "ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272] "SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-06-04 18:04:37 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-04 23:04 ComboFix2.txt 2012-06-04 22:36 ComboFix3.txt 2012-06-04 21:53 ComboFix4.txt 2012-06-03 01:56 . Pre-Run: 541,636,132,864 bytes free Post-Run: 541,496,356,864 bytes free . - - End Of File - - C17EE47F74E7FDF42714A74512B5D474
- June 4, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

I would have never of thought of that, thank you. However, there was no task in there related to Paretologic.
- June 4, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

I uninstalled Regcure which was the maker of Paretologic. I re-ran combofix and here is the log. I noticed the 3 files below were still there so I manually deleted them. So far no pop ups but I will let you know if they come back. 2012-05-30 22:49 . 2012-05-30 22:49 -------- d-----w- c:\users\Ryan\AppData\Roaming\ParetoLogic 2012-05-30 22:49 . 2012-05-30 22:49 -------- d-----w- c:\users\Ryan\AppData\Roaming\DriverCure 2012-05-30 22:48 . 2012-06-04 22:23 -------- d-----w- c:\programdata\ParetoLogic ComboFix 12-06-04.02 - Ryan 06/04/2012 17:29:29.4.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5958 [GMT -5:00] Running from: c:\users\Ryan\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 ))))))))))))))))))))))))))))))) . . 2012-06-04 22:34 . 2012-06-04 22:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-04 22:34 . 2012-06-04 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-04 21:45 . 2012-06-04 21:45 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34737A5B-8810-4260-8CF6-C6DC6A78FD87}\offreg.dll 2012-06-04 15:18 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34737A5B-8810-4260-8CF6-C6DC6A78FD87}\mpengine.dll 2012-06-03 02:04 . 2012-06-03 02:04 -------- d-----w- c:\program files (x86)\ESET 2012-06-02 17:42 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-01 21:00 . 2012-06-01 21:00 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CE6634F-FB9D-4948-A914-47F0E930201A}\gapaengine.dll 2012-06-01 21:00 . 2012-06-01 21:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-06-01 21:00 . 2012-06-01 21:00 -------- d-----w- c:\program files\Microsoft Security Client 2012-06-01 04:52 . 2012-06-01 04:52 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-31 16:25 . 2012-05-31 16:25 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes 2012-05-31 16:25 . 2012-05-31 16:25 -------- d-----w- c:\programdata\Malwarebytes 2012-05-31 16:25 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-31 00:07 . 2012-05-31 00:07 -------- d-----w- c:\windows\system32\wbem\Logs 2012-05-30 22:49 . 2012-05-30 22:49 -------- d-----w- c:\users\Ryan\AppData\Roaming\ParetoLogic 2012-05-30 22:49 . 2012-05-30 22:49 -------- d-----w- c:\users\Ryan\AppData\Roaming\DriverCure 2012-05-30 22:48 . 2012-06-04 22:23 -------- d-----w- c:\programdata\ParetoLogic 2012-05-15 22:08 . 2012-05-31 05:01 -------- d-----w- c:\users\Ryan\AppData\Roaming\Ventrilo 2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-05-14 17:48 . 2012-06-03 04:37 -------- d-----w- c:\program files (x86)\Diablo III 2012-05-11 20:33 . 2012-05-12 10:02 -------- d-----w- c:\users\Ryan\Diablo-III-8370-enUS-Installer 2012-05-08 21:57 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-08 21:57 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-08 21:57 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-08 21:57 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-08 21:57 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-08 21:57 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-08 21:57 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-08 21:56 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-08 21:56 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-08 21:56 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-08 21:56 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-08 21:56 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-08 21:56 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-15 10:48 . 2012-03-15 19:06 68928 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:48 . 2012-03-15 19:06 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-05-15 10:48 . 2011-10-26 19:34 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-05-15 10:48 . 2011-09-23 06:03 1738048 ----a-w- c:\windows\system32\nvdispco64.dll 2012-05-15 10:48 . 2011-09-23 06:03 1468224 ----a-w- c:\windows\system32\nvgenco64.dll 2012-05-15 10:48 . 2010-10-29 07:54 2741568 ----a-w- c:\windows\system32\nvapi64.dll 2012-05-15 10:48 . 2010-10-29 07:54 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-05-15 09:29 . 2010-10-29 11:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:29 . 2010-10-29 11:38 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:29 . 2010-10-29 11:38 2561856 ----a-w- c:\windows\system32\nvsvcr.dll 2012-05-15 09:29 . 2010-10-29 11:38 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:29 . 2010-10-29 11:38 3149632 ----a-w- c:\windows\system32\nvsvc64.dll 2012-05-15 09:28 . 2010-10-29 11:38 6151488 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-05 02:53 . 2012-04-09 04:36 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-05 02:53 . 2011-06-08 21:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 02:53 . 2012-04-10 23:53 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-02 02:34 . 2011-04-17 03:35 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-04-29 23:11 . 2012-04-29 23:11 4608 ----a-w- c:\windows\SysWow64\adesk_patcher64.exe 2012-04-18 17:08 . 2011-11-30 04:57 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2012-04-16 00:22 . 2012-04-16 00:22 750488 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-04-16 00:22 . 2011-07-04 22:22 660368 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 18:02 . 2012-04-04 18:02 1285216 ----a-w- c:\windows\system32\drivers\tdrpman.sys 2012-04-04 18:02 . 2012-04-04 18:02 986208 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-04-04 18:01 . 2012-04-04 18:01 211040 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-04-04 18:01 . 2012-04-04 18:01 142944 ----a-w- c:\windows\system32\drivers\vsflt61.sys 2012-04-04 18:01 . 2012-04-04 18:01 310368 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-04-04 18:01 . 2012-04-04 18:01 133728 ----a-w- c:\windows\system32\drivers\fltsrv.sys 2012-04-03 19:19 . 2012-04-08 20:16 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-04-03 19:19 . 2012-04-08 20:16 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-04-03 19:19 . 2012-04-03 19:19 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2012-04-03 19:19 . 2012-04-03 19:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-04-03 19:19 . 2012-04-03 19:19 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll 2012-03-26 05:36 . 2012-03-26 05:36 1817088 ----a-w- c:\windows\SysWow64\Mcx2Svc.dll 2012-03-23 03:19 . 2012-03-23 03:18 726016 ----a-w- c:\windows\SysWow64\7z.dll 2012-03-21 01:44 . 2012-03-21 01:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-21 01:44 . 2012-03-21 01:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-04_21.51.54 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2012-06-04 22:26 38458 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-11 12:32 . 2012-06-04 22:26 23784 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2388485762-2462165164-2089254216-1001_UserData.bin + 2009-07-14 04:46 . 2012-06-04 22:27 91680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-06-04 22:24 . 2012-06-04 22:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-06-04 15:08 . 2012-06-04 15:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-04 22:24 . 2012-06-04 22:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-04 15:08 . 2012-06-04 15:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 05:01 . 2012-06-04 22:24 476496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-06-03 04:38 476496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 04:45 . 2012-06-04 22:26 7112972 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-06-01 20:48 7112972 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2011-04-17 03:33 . 2012-06-03 04:38 2826280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-04-17 03:33 . 2012-06-04 22:24 2826280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-05-11 02:47 . 2012-06-03 04:38 10827032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2388485762-2462165164-2089254216-1001-8192.dat + 2011-05-11 02:47 . 2012-06-04 22:24 10827032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2388485762-2462165164-2089254216-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] "VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-09-08 905216] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888] "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-10-15 84464] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-04-17 3058304] "Malwarebytes' Anti-Malware"="e:\malwarebytes' anti-malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ mbam.exe - Shortcut.lnk - e:\malwarebytes' anti-malware\mbam.exe [2012-5-31 981672] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 135664] R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-14 86016] R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] R3 ALSysIO;ALSysIO;c:\users\Ryan\AppData\Local\Temp\ALSysIO64.sys [x] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-04-17 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-17 79360] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] R3 DxkgFilter;Filtering Dxkg;c:\program files (x86)\iDisplay\idisplay.sys [x] R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-29 1432400] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976] R3 iDispService;iDispService;c:\windows\system32\DRIVERS\idisplayminiport.sys [x] R3 libusb0;libusb-win32 - Kernel Driver 02/04/2012 0.0.0.0;c:\windows\system32\DRIVERS\libusb0.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x] R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2012-04-04 654408] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-03-16 531328] S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x] S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Mcx2Svc . Contents of the 'Scheduled Tasks' folder . 2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:53] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 02:39] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 02:39] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001Core.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 23:57] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001UA.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 23:57] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-22 11075176] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648] "ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272] "SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-04 17:36:29 ComboFix-quarantined-files.txt 2012-06-04 22:36 ComboFix2.txt 2012-06-04 21:53 ComboFix3.txt 2012-06-03 01:56 . Pre-Run: 541,640,314,880 bytes free Post-Run: 541,573,066,752 bytes free . - - End Of File - - 66CA397048159EFAD779877B9B42FBBB
- June 4, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

it could have. I bought reg cure to help get rid of my sirefef infection because people suggested a registry cleaner. let me uninstall it and see what happens.
- June 4, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

Here is my Combofix log ComboFix 12-06-04.02 - Ryan 06/04/2012 16:47:22.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5828 [GMT -5:00] Running from: c:\users\Ryan\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 ))))))))))))))))))))))))))))))) . . 2012-06-04 21:51 . 2012-06-04 21:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-04 21:51 . 2012-06-04 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-04 21:45 . 2012-06-04 21:45 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34737A5B-8810-4260-8CF6-C6DC6A78FD87}\offreg.dll 2012-06-04 15:18 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34737A5B-8810-4260-8CF6-C6DC6A78FD87}\mpengine.dll 2012-06-03 02:04 . 2012-06-03 02:04 -------- d-----w- c:\program files (x86)\ESET 2012-06-02 17:42 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-01 21:00 . 2012-06-01 21:00 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CE6634F-FB9D-4948-A914-47F0E930201A}\gapaengine.dll 2012-06-01 21:00 . 2012-06-01 21:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-06-01 21:00 . 2012-06-01 21:00 -------- d-----w- c:\program files\Microsoft Security Client 2012-06-01 04:52 . 2012-06-01 04:52 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-31 16:25 . 2012-05-31 16:25 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes 2012-05-31 16:25 . 2012-05-31 16:25 -------- d-----w- c:\programdata\Malwarebytes 2012-05-31 16:25 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-31 00:07 . 2012-05-31 00:07 -------- d-----w- c:\windows\system32\wbem\Logs 2012-05-30 22:49 . 2012-05-30 22:49 -------- d-----w- c:\users\Ryan\AppData\Roaming\ParetoLogic 2012-05-30 22:49 . 2012-05-30 22:49 -------- d-----w- c:\users\Ryan\AppData\Roaming\DriverCure 2012-05-30 22:48 . 2012-05-30 22:48 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic 2012-05-30 22:48 . 2012-05-30 22:48 -------- d-----w- c:\programdata\ParetoLogic 2012-05-30 22:48 . 2012-05-30 22:48 -------- d-----w- c:\program files (x86)\ParetoLogic 2012-05-15 22:08 . 2012-05-31 05:01 -------- d-----w- c:\users\Ryan\AppData\Roaming\Ventrilo 2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-05-14 17:48 . 2012-06-03 04:37 -------- d-----w- c:\program files (x86)\Diablo III 2012-05-11 20:33 . 2012-05-12 10:02 -------- d-----w- c:\users\Ryan\Diablo-III-8370-enUS-Installer 2012-05-08 21:57 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-08 21:57 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-08 21:57 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-08 21:57 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-08 21:57 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-08 21:57 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-08 21:57 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-08 21:56 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-08 21:56 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-08 21:56 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-08 21:56 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-08 21:56 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-08 21:56 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-15 10:48 . 2012-03-15 19:06 68928 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:48 . 2012-03-15 19:06 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-05-15 10:48 . 2011-10-26 19:34 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-05-15 10:48 . 2011-09-23 06:03 1738048 ----a-w- c:\windows\system32\nvdispco64.dll 2012-05-15 10:48 . 2011-09-23 06:03 1468224 ----a-w- c:\windows\system32\nvgenco64.dll 2012-05-15 10:48 . 2010-10-29 07:54 2741568 ----a-w- c:\windows\system32\nvapi64.dll 2012-05-15 10:48 . 2010-10-29 07:54 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-05-15 09:29 . 2010-10-29 11:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:29 . 2010-10-29 11:38 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:29 . 2010-10-29 11:38 2561856 ----a-w- c:\windows\system32\nvsvcr.dll 2012-05-15 09:29 . 2010-10-29 11:38 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:29 . 2010-10-29 11:38 3149632 ----a-w- c:\windows\system32\nvsvc64.dll 2012-05-15 09:28 . 2010-10-29 11:38 6151488 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-05 02:53 . 2012-04-09 04:36 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-05 02:53 . 2011-06-08 21:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 02:53 . 2012-04-10 23:53 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-02 02:34 . 2011-04-17 03:35 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-04-29 23:11 . 2012-04-29 23:11 4608 ----a-w- c:\windows\SysWow64\adesk_patcher64.exe 2012-04-18 17:08 . 2011-11-30 04:57 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2012-04-16 00:22 . 2012-04-16 00:22 750488 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-04-16 00:22 . 2011-07-04 22:22 660368 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 18:02 . 2012-04-04 18:02 1285216 ----a-w- c:\windows\system32\drivers\tdrpman.sys 2012-04-04 18:02 . 2012-04-04 18:02 986208 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-04-04 18:01 . 2012-04-04 18:01 211040 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-04-04 18:01 . 2012-04-04 18:01 142944 ----a-w- c:\windows\system32\drivers\vsflt61.sys 2012-04-04 18:01 . 2012-04-04 18:01 310368 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-04-04 18:01 . 2012-04-04 18:01 133728 ----a-w- c:\windows\system32\drivers\fltsrv.sys 2012-04-03 19:19 . 2012-04-08 20:16 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-04-03 19:19 . 2012-04-08 20:16 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-04-03 19:19 . 2012-04-03 19:19 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2012-04-03 19:19 . 2012-04-03 19:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-04-03 19:19 . 2012-04-03 19:19 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll 2012-03-26 05:36 . 2012-03-26 05:36 1817088 ----a-w- c:\windows\SysWow64\Mcx2Svc.dll 2012-03-23 03:19 . 2012-03-23 03:18 726016 ----a-w- c:\windows\SysWow64\7z.dll 2012-03-21 01:44 . 2012-03-21 01:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-21 01:44 . 2012-03-21 01:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] "VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-09-08 905216] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888] "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-10-15 84464] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-04-17 3058304] "Malwarebytes' Anti-Malware"="e:\malwarebytes' anti-malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ mbam.exe - Shortcut.lnk - e:\malwarebytes' anti-malware\mbam.exe [2012-5-31 981672] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 135664] R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-14 86016] R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] R3 ALSysIO;ALSysIO;c:\users\Ryan\AppData\Local\Temp\ALSysIO64.sys [x] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-04-17 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-17 79360] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] R3 DxkgFilter;Filtering Dxkg;c:\program files (x86)\iDisplay\idisplay.sys [x] R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-29 1432400] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976] R3 iDispService;iDispService;c:\windows\system32\DRIVERS\idisplayminiport.sys [x] R3 libusb0;libusb-win32 - Kernel Driver 02/04/2012 0.0.0.0;c:\windows\system32\DRIVERS\libusb0.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x] R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2012-04-04 654408] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-03-16 531328] S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x] S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Mcx2Svc . Contents of the 'Scheduled Tasks' folder . 2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:53] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 02:39] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 02:39] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001Core.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 23:57] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001UA.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 23:57] . 2012-05-30 c:\windows\Tasks\ParetoLogic Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2012-05-31 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-11-25 02:25] . 2012-06-02 c:\windows\Tasks\RegCure Pro.job - c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2011-12-21 22:46] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-22 11075176] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648] "ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272] "SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-04 16:53:50 ComboFix-quarantined-files.txt 2012-06-04 21:53 ComboFix2.txt 2012-06-03 01:56 . Pre-Run: 542,064,525,312 bytes free Post-Run: 541,881,147,392 bytes free . - - End Of File - - FF441B62F40ED551A2DCA72EA8F935B6
- June 4, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

No I am located in Nebraska! I have been trying to remember what sites I have been on in the past 2 weeks. I could not think of anything. I usually browse the web on my tablet and play games on my pc. I was wondering when I had the sirefef infection if it redirected my web page and I just did not notice at the time.
- June 4, 2012
- 49 replies
Sirefef infection

monkey10120 replied to monkey10120's topic in Resolved Malware Removal Logs

Currently my computer is running fine, its fast as always. But I am receiving a pop-up in the taskbar saying that MBAM blocked an outgoing ip. It alternates between 2 different ips and it says that svchost was the program doing it. here is me MBAM full scan log followed by the ip block log. Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.01.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ryan :: TERMINATOR [administrator] Protection: Enabled 6/3/2012 1:16:40 PM mbam-log-2012-06-02 (13-16-40).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 752291 Time elapsed: 1 hour(s), 33 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) My log on blocked ip addresses 2012/06/04 11:12:37 -0500 TERMINATOR Ryan IP-BLOCK 93.170.52.20 (Type: outgoing, Port: 49657, Process: svchost.exe) 2012/06/04 11:15:34 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.22 (Type: outgoing, Port: 49658, Process: svchost.exe) 2012/06/04 11:18:38 -0500 TERMINATOR Ryan IP-BLOCK 93.170.52.20 (Type: outgoing, Port: 49660, Process: svchost.exe) 2012/06/04 11:21:34 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.22 (Type: outgoing, Port: 49663, Process: svchost.exe) 2012/06/04 11:24:38 -0500 TERMINATOR Ryan IP-BLOCK 93.170.52.20 (Type: outgoing, Port: 49664, Process: svchost.exe) 2012/06/04 11:27:34 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.21 (Type: outgoing, Port: 49666, Process: svchost.exe) 2012/06/04 11:33:34 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.23 (Type: outgoing, Port: 49675, Process: svchost.exe) 2012/06/04 11:36:38 -0500 TERMINATOR Ryan IP-BLOCK 95.215.1.248 (Type: outgoing, Port: 49677, Process: svchost.exe) 2012/06/04 11:39:34 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.21 (Type: outgoing, Port: 49678, Process: svchost.exe) 2012/06/04 11:42:39 -0500 TERMINATOR Ryan IP-BLOCK 93.170.52.30 (Type: outgoing, Port: 49681, Process: svchost.exe) 2012/06/04 11:45:43 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.24 (Type: outgoing, Port: 49682, Process: svchost.exe) 2012/06/04 11:51:43 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.23 (Type: outgoing, Port: 49690, Process: svchost.exe) 2012/06/04 11:54:39 -0500 TERMINATOR Ryan IP-BLOCK 95.215.1.248 (Type: outgoing, Port: 49694, Process: svchost.exe) 2012/06/04 11:57:43 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.23 (Type: outgoing, Port: 49696, Process: svchost.exe) 2012/06/04 12:00:39 -0500 TERMINATOR Ryan IP-BLOCK 93.170.52.20 (Type: outgoing, Port: 49697, Process: svchost.exe) 2012/06/04 12:03:44 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.21 (Type: outgoing, Port: 49771, Process: svchost.exe) 2012/06/04 12:06:40 -0500 TERMINATOR Ryan IP-BLOCK 93.170.52.30 (Type: outgoing, Port: 49774, Process: svchost.exe) 2012/06/04 12:09:44 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.21 (Type: outgoing, Port: 49852, Process: svchost.exe) 2012/06/04 12:12:40 -0500 TERMINATOR Ryan IP-BLOCK 93.170.52.20 (Type: outgoing, Port: 49856, Process: svchost.exe) 2012/06/04 12:15:45 -0500 TERMINATOR Ryan IP-BLOCK 112.175.243.23 (Type: outgoing, Port: 49863, Process: svchost.exe)
- June 4, 2012
- 49 replies
Svchost virus

monkey10120 posted a topic in Resolved Malware Removal Logs

I recently had a sirefef virus and I think I got rid of it but now Malwarebytes pops up in the lower right corner saying it block either 1 of 2 outgoing ip addresses. It pops up ever 30 secs swithcing back and forth between each ip address. I did a scan with TDSS, combofix and ESET online scan, and nothing was found. Here is my DDS log . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Ryan at 18:39:51 on 2012-06-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5689 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\TurboBoost\TurboBoost.exe C:\ExpressGateUtil\VAWinService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\rundll32.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\SmartTechnology\Software\ProfilerU.exe C:\Program Files\SmartTechnology\Software\SaiMfd.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\ExpressGateUtil\VAWinAgent.exe C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Windows\AsScrPro.exe E:\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\SysWOW64\ACEngSvr.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\svchost.exe -k netsvcs E:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\perfmon.exe C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - Google Dictionary Compression sdch BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe mRun: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MBAMEX~1.LNK - E:\Malwarebytes' Anti-Malware\mbam.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\2456C6B696E6E253245383 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\259716E67237 : DhcpNameServer = 192.168.43.1 TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\35A736A7560716E6F67737B696 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\54D6562716C646F416B6D27657563747 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\8497164747023427F677E6023456E6475627 : DhcpNameServer = 4.2.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Google Dictionary Compression sdch BHO-X64: Google Dictionary Compression sdch - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun-x64: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe mRun-x64: [updReg] C:\Windows\UpdReg.EXE mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe mRun-x64: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\system32\DRIVERS\vsflt61.sys --> C:\Windows\system32\DRIVERS\vsflt61.sys [?] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 MBAMService;MBAMService;E:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-31 654408] R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-14 86016] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-11-30 1262400] R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-3-16 531328] R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504] R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-16 2655768] R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?] R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 SaiK0CCB;SaiK0CCB;C:\Windows\system32\DRIVERS\SaiK0CCB.sys --> C:\Windows\system32\DRIVERS\SaiK0CCB.sys [?] R3 SaiU0CCB;SaiU0CCB;C:\Windows\system32\DRIVERS\SaiU0CCB.sys --> C:\Windows\system32\DRIVERS\SaiU0CCB.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-16 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 257696] S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?] S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-4-16 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-16 79360] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-5-11 1432400] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-1-6 130976] S3 iDispService;iDispService;C:\Windows\system32\DRIVERS\idisplayminiport.sys --> C:\Windows\system32\DRIVERS\idisplayminiport.sys [?] S3 libusb0;libusb-win32 - Kernel Driver 02/04/2012 0.0.0.0;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-06-01 21:29:07 -------- d-sh--w- C:\$RECYCLE.BIN 2012-06-01 21:00:26 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9CE6634F-FB9D-4948-A914-47F0E930201A}\gapaengine.dll 2012-06-01 21:00:24 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB79D275-ACF7-4F22-80FD-4ADEDBFB11A0}\mpengine.dll 2012-06-01 21:00:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-06-01 21:00:09 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-06-01 04:52:51 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-31 16:25:47 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes 2012-05-31 16:25:40 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-31 16:25:39 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-31 00:07:26 -------- d-----w- C:\Windows\System32\wbem\Logs 2012-05-30 22:49:44 -------- d-----w- C:\Users\Ryan\AppData\Roaming\ParetoLogic 2012-05-30 22:49:44 -------- d-----w- C:\Users\Ryan\AppData\Roaming\DriverCure 2012-05-30 22:48:29 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic 2012-05-30 22:48:28 -------- d-----w- C:\ProgramData\ParetoLogic 2012-05-30 22:48:28 -------- d-----w- C:\Program Files (x86)\ParetoLogic 2012-05-15 07:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-05-14 17:48:38 -------- d-----w- C:\Program Files (x86)\Diablo III 2012-05-11 20:33:31 -------- d-----w- C:\Users\Ryan\Diablo-III-8370-enUS-Installer 2012-05-08 21:57:20 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-08 21:57:20 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-08 21:57:19 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-08 21:57:18 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-05-08 21:57:17 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-08 21:57:17 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-08 21:57:04 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-08 21:56:58 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-08 21:56:57 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-08 21:56:57 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-08 21:56:57 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-08 21:56:57 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-08 21:56:57 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll . ==================== Find3M ==================== . 2012-05-31 04:38:11 151552 ----a-w- C:\Windows\KMSEmulator.exe 2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll 2012-05-15 09:29:46 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll 2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll 2012-05-05 02:53:30 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-05 02:53:29 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 02:53:19 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-02 02:34:13 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-04-29 23:11:51 4608 ----a-w- C:\Windows\SysWow64\adesk_patcher64.exe 2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll 2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll 2012-04-16 00:22:24 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll 2012-04-16 00:22:24 660368 ----a-w- C:\Windows\System32\deployJava1.dll 2012-04-04 18:02:02 1285216 ----a-w- C:\Windows\System32\drivers\tdrpman.sys 2012-04-04 18:02:00 986208 ----a-w- C:\Windows\System32\drivers\timntr.sys 2012-04-04 18:01:55 211040 ----a-w- C:\Windows\System32\drivers\vididr.sys 2012-04-04 18:01:53 142944 ----a-w- C:\Windows\System32\drivers\vsflt61.sys 2012-04-04 18:01:51 310368 ----a-w- C:\Windows\System32\drivers\snapman.sys 2012-04-04 18:01:50 133728 ----a-w- C:\Windows\System32\drivers\fltsrv.sys 2012-04-03 19:19:10 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys 2012-04-03 19:19:10 166192 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys 2012-04-03 19:19:10 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys 2012-04-03 19:19:10 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys 2012-04-03 19:19:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll 2012-03-26 05:36:37 1817088 ----a-w- C:\Windows\SysWow64\Mcx2Svc.dll 2012-03-23 03:19:22 726016 ----a-w- C:\Windows\SysWow64\7z.dll 2012-03-21 01:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-03-21 01:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys . ============= FINISH: 18:40:17.32 ===============
- June 4, 2012
- 2 replies
Sirefef infection

monkey10120 posted a topic in Resolved Malware Removal Logs

About 2 days ago microsoft security essentials popped up and said I was infected so I checked it out and it said, Trojan Sirefef.w. So I freaked out because it uninstalled my MSE and took down my firewall and could not get it back up and started to look up how to get rid of it because if i removed it, it would keep coming back. So I restored back to May 20th and so far the scan comes up clean but I bought Malwarebytes to make sure. I scanned my pc again in safe mode and it came back clean, but malwarebytes keeps popping up in the corner saying its blocking an outgoing ip(random every time) from svchost.exe. Then I ran TDSS Killer and Combofix. TDSS came up clean and I have a log from Combo fix. I dont know what combo did because I dont know what to look for in the log. But I have All the logs you need, so just tell me what to post and Ill post it right off. Thanks! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Ryan at 18:39:51 on 2012-06-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5689 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\TurboBoost\TurboBoost.exe C:\ExpressGateUtil\VAWinService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\rundll32.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\SmartTechnology\Software\ProfilerU.exe C:\Program Files\SmartTechnology\Software\SaiMfd.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\ExpressGateUtil\VAWinAgent.exe C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Windows\AsScrPro.exe E:\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\SysWOW64\ACEngSvr.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\svchost.exe -k netsvcs E:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\perfmon.exe C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - Google Dictionary Compression sdch BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe mRun: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MBAMEX~1.LNK - E:\Malwarebytes' Anti-Malware\mbam.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\2456C6B696E6E253245383 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\259716E67237 : DhcpNameServer = 192.168.43.1 TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\35A736A7560716E6F67737B696 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\54D6562716C646F416B6D27657563747 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\8497164747023427F677E6023456E6475627 : DhcpNameServer = 4.2.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Google Dictionary Compression sdch BHO-X64: Google Dictionary Compression sdch - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun-x64: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe mRun-x64: [updReg] C:\Windows\UpdReg.EXE mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe mRun-x64: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\system32\DRIVERS\vsflt61.sys --> C:\Windows\system32\DRIVERS\vsflt61.sys [?] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 MBAMService;MBAMService;E:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-31 654408] R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-14 86016] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-11-30 1262400] R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-3-16 531328] R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504] R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-16 2655768] R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?] R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 SaiK0CCB;SaiK0CCB;C:\Windows\system32\DRIVERS\SaiK0CCB.sys --> C:\Windows\system32\DRIVERS\SaiK0CCB.sys [?] R3 SaiU0CCB;SaiU0CCB;C:\Windows\system32\DRIVERS\SaiU0CCB.sys --> C:\Windows\system32\DRIVERS\SaiU0CCB.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-16 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 257696] S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?] S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-4-16 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-16 79360] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-5-11 1432400] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-1-6 130976] S3 iDispService;iDispService;C:\Windows\system32\DRIVERS\idisplayminiport.sys --> C:\Windows\system32\DRIVERS\idisplayminiport.sys [?] S3 libusb0;libusb-win32 - Kernel Driver 02/04/2012 0.0.0.0;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-06-01 21:29:07 -------- d-sh--w- C:\$RECYCLE.BIN 2012-06-01 21:00:26 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9CE6634F-FB9D-4948-A914-47F0E930201A}\gapaengine.dll 2012-06-01 21:00:24 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB79D275-ACF7-4F22-80FD-4ADEDBFB11A0}\mpengine.dll 2012-06-01 21:00:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-06-01 21:00:09 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-06-01 04:52:51 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-31 16:25:47 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes 2012-05-31 16:25:40 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-31 16:25:39 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-31 00:07:26 -------- d-----w- C:\Windows\System32\wbem\Logs 2012-05-30 22:49:44 -------- d-----w- C:\Users\Ryan\AppData\Roaming\ParetoLogic 2012-05-30 22:49:44 -------- d-----w- C:\Users\Ryan\AppData\Roaming\DriverCure 2012-05-30 22:48:29 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic 2012-05-30 22:48:28 -------- d-----w- C:\ProgramData\ParetoLogic 2012-05-30 22:48:28 -------- d-----w- C:\Program Files (x86)\ParetoLogic 2012-05-15 07:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-05-14 17:48:38 -------- d-----w- C:\Program Files (x86)\Diablo III 2012-05-11 20:33:31 -------- d-----w- C:\Users\Ryan\Diablo-III-8370-enUS-Installer 2012-05-08 21:57:20 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-08 21:57:20 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-08 21:57:19 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-08 21:57:18 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-05-08 21:57:17 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-08 21:57:17 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-08 21:57:04 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-08 21:56:58 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-08 21:56:57 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-08 21:56:57 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-08 21:56:57 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-08 21:56:57 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-08 21:56:57 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll . ==================== Find3M ==================== . 2012-05-31 04:38:11 151552 ----a-w- C:\Windows\KMSEmulator.exe 2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll 2012-05-15 09:29:46 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll 2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll 2012-05-05 02:53:30 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-05 02:53:29 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 02:53:19 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-02 02:34:13 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-04-29 23:11:51 4608 ----a-w- C:\Windows\SysWow64\adesk_patcher64.exe 2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll 2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll 2012-04-16 00:22:24 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll 2012-04-16 00:22:24 660368 ----a-w- C:\Windows\System32\deployJava1.dll 2012-04-04 18:02:02 1285216 ----a-w- C:\Windows\System32\drivers\tdrpman.sys 2012-04-04 18:02:00 986208 ----a-w- C:\Windows\System32\drivers\timntr.sys 2012-04-04 18:01:55 211040 ----a-w- C:\Windows\System32\drivers\vididr.sys 2012-04-04 18:01:53 142944 ----a-w- C:\Windows\System32\drivers\vsflt61.sys 2012-04-04 18:01:51 310368 ----a-w- C:\Windows\System32\drivers\snapman.sys 2012-04-04 18:01:50 133728 ----a-w- C:\Windows\System32\drivers\fltsrv.sys 2012-04-03 19:19:10 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys 2012-04-03 19:19:10 166192 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys 2012-04-03 19:19:10 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys 2012-04-03 19:19:10 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys 2012-04-03 19:19:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll 2012-03-26 05:36:37 1817088 ----a-w- C:\Windows\SysWow64\Mcx2Svc.dll 2012-03-23 03:19:22 726016 ----a-w- C:\Windows\SysWow64\7z.dll 2012-03-21 01:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-03-21 01:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys . ============= FINISH: 18:40:17.32 =============== No help at all :-(
- June 1, 2012
- 49 replies

Events

Profiles

Forums

Everything posted by monkey10120

Important Information