Jump to content

bennegesserit

Honorary Members
 View Profile  See their activity

  • Posts

    25

  • Joined

  • Last visited

 Content Type 

Everything posted by bennegesserit

  1. bennegesserit
    The registry editor found no key under the "uninstall" heading for java. I'm just not going to worry about it at this point, as I have had no evidence of further infection since it was cleaned. Thank you for all of your assistance, Daniel!
  2. bennegesserit
    Apologies as I was traveling and away from my computer. I have followed your final instructions, ran the combofix uninstall and OTL clean up, etc. I used Revo Uninstaller to try to erase Java from my computer (I suspected that java is how I got the trojan in the first place). When I open "Control Panel" and then "Programs" it lists "Jave (32-bit) on the list (not the list of programs and features). Here is a screen shot: Is this something I should worry about? If I right click on it the only option it gives is "open" (I don't dare tell it to open, for fear that I will actually open!)
  3. bennegesserit
    Thank you very much! Before we close the topic, I do have one question about Java. Is there any reason why I can't have it removed entirely from the computer instead? If so, how can I ensure that it's completely gone?
  4. bennegesserit
    I didn't find an existing OTL installed to delete, so dowloaded from link. Here is OTL.txt: OTL logfile created on: 10/6/2012 11:41:36 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Murdock\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.78 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 57.67% Memory free 7.57 Gb Paging File | 5.80 Gb Available in Paging File | 76.71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 125.03 Gb Total Space | 51.45 Gb Free Space | 41.15% Space Free | Partition Type: NTFS Drive D: | 148.06 Gb Total Space | 53.81 Gb Free Space | 36.34% Space Free | Partition Type: NTFS Computer Name: ASUS-NOTEBOOK | User Name: Murdock | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/06 11:40:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Murdock\Desktop\OTL.exe PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/05/27 20:41:36 | 000,932,528 | ---- | M] () -- C:\Users\Murdock\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2011/12/06 17:21:36 | 000,101,544 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe PRC - [2011/10/18 19:38:26 | 002,319,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2011/10/03 12:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe PRC - [2011/09/13 12:40:30 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011/01/25 13:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010/11/20 07:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2010/10/07 16:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/08/17 16:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010/07/10 00:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe PRC - [2010/01/21 01:22:04 | 000,909,824 | ---- | M] (Sonix Technology Co., Ltd.) -- C:\Windows\vsnp2uvc.exe PRC - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009/11/02 17:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/06/19 12:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009/06/19 12:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ========== Modules (No Company Name) ========== MOD - [2012/05/27 20:41:36 | 000,932,528 | ---- | M] () -- C:\Users\Murdock\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2011/12/06 17:21:34 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/11/02 17:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 17:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2007/07/12 12:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/01/25 16:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/09/20 22:00:09 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/09 13:25:27 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor) SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/07/26 16:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/18 00:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/31 05:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/11/23 05:09:42 | 001,103,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/05 10:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/10/14 11:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/09/23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/09/21 11:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/09/07 04:19:38 | 001,800,832 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2010/08/24 04:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009/07/20 04:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007/07/03 18:05:18 | 000,114,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) DRV:64bit: - [2007/07/03 18:04:44 | 000,142,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2007/07/03 18:04:16 | 000,016,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2007/07/03 18:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV - [2010/07/26 15:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=OSDSRC IE - HKCU\..\SearchScopes\{54946A31-0C8C-4310-9820-F4027128D987}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{6DDED0D8-BD4B-4988-8E01-14A1F02BB09F}: "URL" = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} IE - HKCU\..\SearchScopes\{9B531C9B-CFED-4782-90A3-587A0E5528B2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\..\SearchScopes\{D8C40E9F-9CA5-4DF3-AA54-1569C6EAC8BF}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Murdock\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Murdock\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Murdock\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Murdock\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Murdock\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/09 13:25:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/09 13:25:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/22 16:11:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Murdock\AppData\Roaming\Mozilla\Extensions [2011/11/11 11:39:24 | 000,002,057 | ---- | M] () -- C:\Users\Murdock\AppData\Roaming\Mozilla\Firefox\Profiles\j7peecky.default\searchplugins\youtube-video-search.xml [2012/09/09 13:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/09/09 13:25:31 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/09/02 17:13:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/09/02 17:13:30 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://asus.msn.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: http://asus.msn.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Murdock\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Murdock\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Murdock\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Murdock\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Murdock\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Murdock\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Murdock\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Users\Murdock\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Murdock\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Murdock\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\Murdock\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/09/28 11:09:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix Technology Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Murdock\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://r6mail2.r06tok.epa.gov/dwa85W.cab (IBM Lotus iNotes 8.5 Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B871978-A84B-4521-A645-255CC38D2210}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C243FF1-705F-4545-B908-2A6942263D97}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/10/06 11:40:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Murdock\Desktop\OTL.exe [2012/10/05 19:29:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/10/05 17:35:33 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Murdock\Desktop\ComboFix.exe [2012/10/05 14:16:04 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/09/30 16:06:31 | 000,000,000 | ---D | C] -- C:\FRST [2012/09/29 17:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/09/28 10:54:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/09/28 10:54:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/09/28 10:54:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/09/28 10:54:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/09/28 10:53:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/09/28 10:37:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/09/28 09:07:51 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Murdock\Desktop\tdsskiller.exe [2012/09/27 20:43:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Murdock\Desktop\dds.scr [2012/09/25 21:41:02 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012/09/22 14:43:29 | 000,000,000 | ---D | C] -- C:\Users\Murdock\AppData\Roaming\Malwarebytes [2012/09/22 14:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/22 14:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/09/22 14:38:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/22 14:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/09/21 23:06:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/09/21 23:06:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/09/21 23:06:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/09/21 23:06:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/09/21 23:06:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/09/21 23:06:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/09/21 23:06:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/09/21 23:06:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/09/21 23:06:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/09/21 23:06:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/09/21 23:06:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/09/21 23:06:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/09/21 23:05:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/09/21 23:05:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/09/21 23:05:55 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/09/17 02:16:12 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware [2012/09/14 14:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/09/14 14:49:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/09/14 14:48:39 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012/09/12 09:31:09 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012/09/12 09:31:02 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012/09/12 09:31:02 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012/09/12 09:31:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012/09/09 13:23:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012/10/06 11:40:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Murdock\Desktop\OTL.exe [2012/10/06 11:06:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3051550082-882093396-715400175-1001UA.job [2012/10/06 10:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/10/06 09:01:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/06 09:01:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/06 08:53:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/06 08:53:40 | 3046,805,504 | -HS- | M] () -- C:\hiberfil.sys [2012/10/05 17:35:34 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Murdock\Desktop\ComboFix.exe [2012/10/05 16:06:03 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3051550082-882093396-715400175-1001Core.job [2012/10/05 01:23:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/10/05 01:23:24 | 000,638,766 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/10/05 01:23:24 | 000,111,390 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/10/05 01:21:38 | 000,749,348 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/10/03 22:47:50 | 000,000,512 | ---- | M] () -- C:\MBR.zip [2012/09/29 17:33:31 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012/09/28 11:09:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/09/28 10:39:40 | 587,673,484 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/09/28 09:07:52 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Murdock\Desktop\tdsskiller.exe [2012/09/27 20:43:57 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Murdock\Desktop\dds.scr [2012/09/23 22:43:56 | 122,545,440 | ---- | M] () -- C:\Users\Murdock\Desktop\TomPhillips-Unedited.mp3 [2012/09/22 19:40:55 | 000,001,288 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012/09/20 22:00:08 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/09/20 22:00:08 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/09/17 10:51:03 | 000,005,924 | ---- | M] () -- C:\Windows\wininit.ini [2012/09/17 09:37:27 | 000,762,846 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/09/15 23:39:25 | 000,007,604 | ---- | M] () -- C:\Users\Murdock\AppData\Local\Resmon.ResmonCfg [2012/09/12 09:36:01 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/06 22:21:13 | 000,048,137 | ---- | M] () -- C:\Users\Murdock\Desktop\CarInsurance.pdf ========== Files Created - No Company Name ========== [2012/10/03 23:02:05 | 000,000,512 | ---- | C] () -- C:\MBR.zip [2012/09/28 10:54:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/09/28 10:54:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/09/28 10:54:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/09/28 10:54:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/09/28 10:54:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/09/23 22:42:10 | 122,545,440 | ---- | C] () -- C:\Users\Murdock\Desktop\TomPhillips-Unedited.mp3 [2012/09/15 23:39:25 | 000,007,604 | ---- | C] () -- C:\Users\Murdock\AppData\Local\Resmon.ResmonCfg [2012/09/06 22:21:13 | 000,048,137 | ---- | C] () -- C:\Users\Murdock\Desktop\CarInsurance.pdf [2012/07/05 14:16:05 | 000,005,924 | ---- | C] () -- C:\Windows\wininit.ini [2011/11/02 19:29:14 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011/09/21 19:46:12 | 000,762,846 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/09/21 18:49:10 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2011/09/13 12:39:35 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2011/09/13 12:37:13 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011/07/26 16:20:38 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/07/26 16:14:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011/07/26 15:50:58 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/04/10 21:48:58 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/04/10 21:48:47 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/04/10 21:48:20 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > And here is extras.txt: OTL Extras logfile created on: 10/6/2012 11:41:36 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Murdock\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.78 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 57.67% Memory free 7.57 Gb Paging File | 5.80 Gb Available in Paging File | 76.71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 125.03 Gb Total Space | 51.45 Gb Free Space | 41.15% Space Free | Partition Type: NTFS Drive D: | 148.06 Gb Total Space | 53.81 Gb Free Space | 36.34% Space Free | Partition Type: NTFS Computer Name: ASUS-NOTEBOOK | User Name: Murdock | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06D0694B-D81B-4CD3-BE63-3F0DC86A8FEC}" = lport=445 | protocol=6 | dir=in | app=system | "{1FDC9F3F-D562-4815-9566-9934B652CB40}" = lport=8182 | protocol=6 | dir=in | name=java platform se binary | "{330A9FFA-1A01-4A79-8C4F-F4A32FDA0D34}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{50ECE75A-724C-4A1C-AD97-DECC76458EE9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{5A657558-6A5D-4D1C-B185-156FCCA29D8E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{5D7FB604-FF43-4199-AB22-10B3E93E2CA5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5F186939-563B-4848-96B8-5126CBAE0DED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{63C93786-744C-4E4F-A5B2-51A8E1CD9554}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6623A25F-AEED-4B34-BC6F-77BCDD7C814E}" = lport=2869 | protocol=6 | dir=in | app=system | "{6EE8364B-6456-4515-B4F6-ABC4357EF6B8}" = lport=139 | protocol=6 | dir=in | app=system | "{6F8BF430-C747-4DE3-946B-F5695823A246}" = lport=138 | protocol=17 | dir=in | app=system | "{836711E4-8417-4C26-AD72-6829A1807D18}" = rport=137 | protocol=17 | dir=out | app=system | "{836802A0-3628-46C3-B3F9-B000FE23A904}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8800B010-41FB-4382-8060-E56EFCD29169}" = rport=139 | protocol=6 | dir=out | app=system | "{9ABC8469-4CEA-453F-91C3-68DB9FB9189E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A419844A-DA5F-4DCA-826C-03238AB5F5BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B58F3F73-FFB3-4B8C-85B9-19B6F2522918}" = rport=10243 | protocol=6 | dir=out | app=system | "{B8197E6B-1607-49DF-A3E2-62C3F737A98A}" = rport=445 | protocol=6 | dir=out | app=system | "{BD92CB94-722F-4034-85EB-F07521D8766D}" = lport=10243 | protocol=6 | dir=in | app=system | "{C07859F2-C179-409E-AE53-4ACE133DEE92}" = lport=137 | protocol=17 | dir=in | app=system | "{C7CC7FBC-94F5-4344-AE83-229596992937}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D9FD81A0-F2E6-4E38-875A-91884F750A7E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DEFDC035-C1A4-4AC6-9002-DCFE0A7CFA17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EE6414D0-B0A2-4509-8B58-C78118372C26}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F475936A-E53D-4B5F-934B-CEB20762932F}" = rport=138 | protocol=17 | dir=out | app=system | "{F5F92506-4554-4AB7-9780-48BB97389725}" = lport=5353 | protocol=17 | dir=in | name=java platform se binary | "{FB11DDAE-5CF9-4275-87E9-F0242BE2590C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FDC0586C-F63A-4633-A65D-E0B86B6908E4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{011F1ACB-6CDA-4987-8E96-6D518469312C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{072763EE-6D64-466A-9012-A0FC41E1191A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0A688C6F-50F1-484D-9D2F-12428CA83FFB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0C4A19C4-43DD-4E4A-9168-D17D8B502CC8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0C6ED9E3-0ED0-482F-8D59-014FD8A027E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1774CBB1-4B85-4619-9858-34CB0F4C2D62}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{1E0E323F-9EA3-4975-9281-F9223F284CF9}" = protocol=6 | dir=out | app=system | "{250094B3-71DB-4942-8DA5-B461A0F36DEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{376361BF-C798-4354-B5FA-0545B20D6B7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{37D3408A-0385-4EF1-97E6-427B28E82E64}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4B84762F-3F82-4752-9849-B558C86C1C74}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5267169D-8836-411A-806C-0A0DF81778A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5711F473-ACAB-42CA-A015-C38F53176198}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{60DF25BE-0F2A-4E96-9B65-F2EBA88B43CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{635B9FEA-35BA-4EB3-BFF4-0F4AD639AE93}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{738D0502-5C8B-47D1-ADF8-AEB92164C64A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7B101B76-A5A3-43F2-92EF-9C0AA59451BC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8105C3C7-1C9B-4D15-A8E6-11106B6ABE3A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{895EE8A1-BAE0-4650-81D0-15D9C7D4E684}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{8DCCA839-7189-4B55-8489-BD4EAE831854}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A0243CE7-8C3F-4DFF-B4C6-C78A9DE7906D}" = dir=in | app=c:\users\murdock\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{A101C36B-1F64-47A5-A49E-B6160F13467E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{A12C2A88-BD84-4D35-9007-F3E11E334C1E}" = protocol=6 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe | "{A16691CB-CB6A-4BEC-80A7-CB379324110D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{A8B34CA5-3044-4168-850A-424886BFDFBD}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{AC319765-0B83-4C4F-A104-061848465E03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BB13967E-B485-476B-85BC-B9AFC7EED5CF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{C1912587-14BB-4423-8B21-69BB21D65490}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{C3D17BA0-CD1E-4B24-9C66-9A27EE830052}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C4206BD1-274E-4D01-AB74-488DB2DDCF7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C7F0754A-C0A3-40E9-8ADA-2A7EBA9EDB0B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{C9AFEC62-2EF1-43D3-98F7-A65286E4D47C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{CE9FE738-993A-4ABF-BCC1-A21D7A21AFEC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{D35323A5-C2FB-40C2-A989-F62EBEC99A43}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D509C449-0DFD-4165-9C8B-AA9696E9E680}" = protocol=17 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe | "{D89B9326-60B7-424B-A0EF-E78175332729}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E1F576A0-03DB-40FC-9587-7B336BE728F7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EA3AE0A7-2EE5-4DC1-BA41-AF2BE6EA66E2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{FB33CC14-169E-4969-BF02-CC9C5D45D74A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{FC817473-ED16-4CB7-9AB1-48C1202FD94A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "TCP Query User{47220FEF-C445-4F4D-8694-042AF913546B}C:\users\murdock\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\murdock\appdata\roaming\spotify\spotify.exe | "TCP Query User{4DB008C2-B1B7-406C-9625-4FCC7C745F4F}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | "UDP Query User{C4AE0523-EB27-4603-88C3-F7C14884DB40}C:\users\murdock\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\murdock\appdata\roaming\spotify\spotify.exe | "UDP Query User{E77CBB9B-1FB3-46D2-AB9D-603C0CC3FD94}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources "{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety "{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety "{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{911519EB-BD75-4B3B-BD17-BA3747C9B854}" = Windows Live Family Safety "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}" = Microsoft LifeChat "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety "CutePDF Writer Installation" = CutePDF Writer 2.8 "Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common "{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包 "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{17936630-5344-4F18-9970-616129E2A114}_is1" = Dolby Axon - 1.4.0.1 "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3 "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger "{23181592-0ECD-4A16-81C6-F0424D2DCABF}" = Windows Live UX Platform Language Pack "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer "{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources "{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail "{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库 "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件 "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B64BC516-2406-43AE-A21A-1E387A2343B1}" = Content Manager "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件 "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{E8D7B35C-93B1-317E-9403-2BBBA2154ABF}" = Google Talk Plugin "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AmUStor" = Alcor Micro USB Card Reader "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "AsusScr_K3 Series_ENG" = AsusScr_K3 Series_ENG "Digital Editions" = Adobe Digital Editions "ENTERPRISER" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400 "Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US) "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/29/2012 3:21:27 PM | Computer Name = ASUS-Notebook | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4150 Error - 7/29/2012 4:46:02 PM | Computer Name = ASUS-Notebook | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 7/29/2012 4:46:02 PM | Computer Name = ASUS-Notebook | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1482 Error - 7/29/2012 4:46:02 PM | Computer Name = ASUS-Notebook | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1482 Error - 7/29/2012 11:55:13 PM | Computer Name = ASUS-Notebook | Source = Windows Backup | ID = 4104 Description = Error - 7/30/2012 12:00:10 AM | Computer Name = ASUS-Notebook | Source = Application Error | ID = 1000 Description = Faulting application name: FlashPlayerPlugin_11_3_300_268.exe, version: 11.3.300.268, time stamp: 0x500adb58 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id: 0x17bc Faulting application start time: 0x01cd6dc934250261 Faulting application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 0e330d52-d9fb-11e1-a478-14dae908268f Error - 7/31/2012 8:47:42 AM | Computer Name = ASUS-Notebook | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 8a0 Start Time: 01cd6f1a8f53f2f3 Termination Time: 11 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 7/31/2012 10:09:04 AM | Computer Name = ASUS-Notebook | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 8/1/2012 9:43:29 PM | Computer Name = ASUS-Notebook | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 8/1/2012 9:43:29 PM | Computer Name = ASUS-Notebook | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2231 Error - 8/1/2012 9:43:29 PM | Computer Name = ASUS-Notebook | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2231 [ System Events ] Error - 10/3/2012 10:17:49 PM | Computer Name = ASUS-Notebook | Source = Microsoft Antimalware | ID = 1119 Description = %%860 has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon;samplefilerootkit:_Alureon->Mbr::Alureon Detection Origin: %%844 Detection Type: %%822 Detection Source: %%820 User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: %%809 Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.137.871.0, AS: 1.137.871.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8800.0, NIS: 2.0.8001.0 Error - 10/3/2012 10:22:33 PM | Computer Name = ASUS-Notebook | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials Client Update Package - KB2754296. Error - 10/4/2012 12:09:15 AM | Computer Name = ASUS-Notebook | Source = Microsoft Antimalware | ID = 1119 Description = %%860 has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon;samplefilerootkit:_Alureon->Mbr::Alureon Detection Origin: %%844 Detection Type: %%822 Detection Source: %%820 User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: %%809 Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.137.1049.0, AS: 1.137.1049.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8800.0, NIS: 2.0.8001.0 Error - 10/4/2012 12:16:36 AM | Computer Name = ASUS-Notebook | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials Client Update Package - KB2754296. Error - 10/5/2012 3:05:41 PM | Computer Name = ASUS-Notebook | Source = Service Control Manager | ID = 7034 Description = The Adobe Active File Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 10/5/2012 3:05:41 PM | Computer Name = ASUS-Notebook | Source = Service Control Manager | ID = 7034 Description = The Photoshop Elements Device Connect service terminated unexpectedly. It has done this 1 time(s). Error - 10/5/2012 3:11:25 PM | Computer Name = ASUS-Notebook | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 10/5/2012 3:16:12 PM | Computer Name = ASUS-Notebook | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 10/5/2012 6:43:44 PM | Computer Name = ASUS-Notebook | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 10/5/2012 6:48:47 PM | Computer Name = ASUS-Notebook | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. < End of report >
  5. bennegesserit
    System seems to be behaving normally now. No threats detected. For your information, here is the log that was generated: Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.05.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Murdock :: ASUS-NOTEBOOK [administrator] Protection: Disabled 10/6/2012 8:57:36 AM mbam-log-2012-10-06 (08-57-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204638 Time elapsed: 3 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Thank you so much for your assistance!
  6. bennegesserit
    Ah. I accidently closed out combofix before it finished writing. Here it is in its entirety: ComboFix 12-10-04.02 - Murdock 10/05/2012 17:38:22.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3874.1929 [GMT -5:00] Running from: c:\users\Murdock\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 ))))))))))))))))))))))))))))))) . . 2012-10-05 22:48 . 2012-10-05 22:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-05 20:51 . 2012-10-05 20:51 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A44C2B2-543A-4282-8C23-2CCDCBE794FF}\offreg.dll 2012-10-05 19:26 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A44C2B2-543A-4282-8C23-2CCDCBE794FF}\mpengine.dll 2012-10-05 15:17 . 2012-10-05 15:15 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE26576B-43F2-44AE-89B6-E5479C4B0C2F}\gapaengine.dll 2012-10-04 02:27 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-30 21:06 . 2012-09-30 21:06 -------- d-----w- C:\FRST 2012-09-29 22:42 . 2012-09-29 22:42 -------- d-----w- c:\program files (x86)\ESET 2012-09-28 15:37 . 2012-09-28 15:37 -------- d-----w- C:\TDSSKiller_Quarantine 2012-09-26 02:41 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-22 19:43 . 2012-09-22 19:43 -------- d-----w- c:\users\Murdock\AppData\Roaming\Malwarebytes 2012-09-22 19:38 . 2012-09-22 19:38 -------- d-----w- c:\programdata\Malwarebytes 2012-09-22 19:38 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-22 19:38 . 2012-09-22 19:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-22 04:05 . 2012-08-24 10:21 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-09-19 20:18 . 2012-08-28 06:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58D562F8-6F52-4418-8A25-3CF47F4C5DD1}\mpengine.dll 2012-09-17 07:16 . 2012-09-22 23:05 -------- d-----w- c:\windows\Microsoft Antimalware 2012-09-14 19:49 . 2012-09-14 19:49 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-09-14 19:48 . 2012-09-14 19:49 -------- d-----r- c:\program files (x86)\Skype 2012-09-12 15:16 . 2012-02-11 01:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06247F73-5B9A-46DA-828D-7DD2260E63E5}\gapaengine.dll 2012-09-12 14:31 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-12 14:31 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-12 14:31 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 14:31 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 14:31 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-12 14:31 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 14:31 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-04 03:47 . 2012-10-04 04:02 512 ----a-w- C:\MBR.zip 2012-09-29 22:33 . 2011-09-13 17:42 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-09-21 03:00 . 2012-04-02 04:34 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-21 03:00 . 2011-09-29 04:08 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-12 14:32 . 2011-09-22 00:07 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 03:03 . 2011-04-27 20:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-07-18 18:15 . 2012-08-15 00:05 3148800 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Spotify Web Helper"="c:\users\Murdock\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-28 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664] AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-2-3 549040] FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-9-21 12862] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-03-18 74840] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-22 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-11-23 1103976] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - NISDRV . Contents of the 'Scheduled Tasks' folder . 2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 03:00] . 2012-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051550082-882093396-715400175-1001Core.job - c:\users\Murdock\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 03:56] . 2012-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051550082-882093396-715400175-1001UA.job - c:\users\Murdock\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 03:56] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448] "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904] "snp2uvc"="c:\windows\vsnp2uvc.exe" [2010-01-21 909824] "Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU] "LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-28 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-28 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-28 416024] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6C243FF1-705F-4545-B908-2A6942263D97}\44169737F594E6E6: NameServer = 4.2.2.0,4.2.2.2 DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://r6mail2.r06tok.epa.gov/dwa85W.cab FF - ProfilePath - c:\users\Murdock\AppData\Roaming\Mozilla\Firefox\Profiles\j7peecky.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11, d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63, 57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:34,ca,a4,4b,ce,78,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-10-05 17:53:59 ComboFix-quarantined-files.txt 2012-10-05 22:53 . Pre-Run: 55,602,515,968 bytes free Post-Run: 55,290,761,216 bytes free . - - End Of File - - 81CE56B2606D0E9BA1AE24348BB2F299
  7. bennegesserit
    Here is the new combofix log: ComboFix 12-10-04.02 - Murdock 10/05/2012 14:05:45.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3874.2071 [GMT -5:00] Running from: C:\Users\Murdock\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 ))))))))))))))))))))))))))))))) 2012-10-05 19:16:04 . 2012-10-05 19:16:04 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-10-05 15:31:41 . 2012-10-05 15:31:41 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22578ADC-5AC3-4DBA-BC06-F0A0F7DE391F}\offreg.dll 2012-10-05 15:17:00 . 2012-10-05 15:15:36 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE26576B-43F2-44AE-89B6-E5479C4B0C2F}\gapaengine.dll 2012-10-05 15:15:56 . 2012-08-30 05:27:04 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22578ADC-5AC3-4DBA-BC06-F0A0F7DE391F}\mpengine.dll 2012-10-04 02:27:21 . 2012-08-30 05:27:04 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-30 21:06:31 . 2012-09-30 21:06:31 -------- d-----w- C:\FRST 2012-09-29 22:42:42 . 2012-09-29 22:42:42 -------- d-----w- C:\Program Files (x86)\ESET 2012-09-28 15:37:56 . 2012-09-28 15:37:56 -------- d-----w- C:\TDSSKiller_Quarantine 2012-09-26 02:41:02 . 2012-08-21 21:01:00 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe 2012-09-22 19:43:29 . 2012-09-22 19:43:29 -------- d-----w- C:\Users\Murdock\AppData\Roaming\Malwarebytes 2012-09-22 19:38:15 . 2012-09-22 19:38:15 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-22 19:38:10 . 2012-09-07 22:04:46 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-09-22 19:38:09 . 2012-09-22 19:38:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-22 04:05:59 . 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\system32\wininet.dll 2012-09-19 20:18:43 . 2012-08-28 06:49:10 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{58D562F8-6F52-4418-8A25-3CF47F4C5DD1}\mpengine.dll 2012-09-17 07:16:12 . 2012-09-22 23:05:07 -------- d-----w- C:\Windows\Microsoft Antimalware 2012-09-14 19:49:02 . 2012-09-14 19:49:03 -------- d-----w- C:\Program Files (x86)\Common Files\Skype 2012-09-14 19:48:39 . 2012-09-14 19:49:04 -------- d-----r- C:\Program Files (x86)\Skype 2012-09-12 15:16:46 . 2012-02-11 01:42:39 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06247F73-5B9A-46DA-828D-7DD2260E63E5}\gapaengine.dll 2012-09-12 14:31:09 . 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\system32\d3d10level9.dll 2012-09-12 14:31:08 . 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-12 14:31:02 . 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2012-09-12 14:31:02 . 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\system32\drivers\netio.sys 2012-09-12 14:31:02 . 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS 2012-09-12 14:31:01 . 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys 2012-09-12 14:31:00 . 2012-07-04 20:26:03 41472 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-10-04 03:47:50 . 2012-10-04 04:02:05 512 ----a-w- C:\MBR.zip 2012-09-29 22:33:31 . 2011-09-13 17:42:04 45056 ----a-w- C:\Windows\system32\acovcnt.exe 2012-09-21 03:00:08 . 2012-04-02 04:34:54 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-21 03:00:08 . 2011-09-29 04:08:30 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-12 14:32:11 . 2011-09-22 00:07:11 64462936 ----a-w- C:\Windows\system32\MRT.exe 2012-08-31 03:03:48 . 2012-08-31 03:03:48 228768 ----a-w- C:\Windows\system32\drivers\MpFilter.sys 2012-08-31 03:03:48 . 2011-04-27 20:25:24 128456 ----a-w- C:\Windows\system32\drivers\NisDrvWFP.sys 2012-07-18 18:15:06 . 2012-08-15 00:05:59 3148800 ----a-w- C:\Windows\system32\win32k.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 21:07:20 2260480] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 13:25:17 1475584] "Spotify Web Helper"="C:\Users\Murdock\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-28 01:41:36 932528] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 06:16:16 222504] "UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 06:16:16 222504] "SonicMasterTray"="C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 05:45:00 984400] "ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 21:55:42 5732992] "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 21:05:14 170624] "HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 17:29:42 105016] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 20:51:26 919008] "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 23:36:46 30040] "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 12:22:28 59240] "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 23:06:40 421736] "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2011-10-24 19:28:52 421888] "Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 00:38:26 2319536] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664] AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-2-3 549040] FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-9-21 12862] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 09:47:04 98304] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 08:40:50 118784] R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 18:28:36 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 03:00:09 250288] R3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS [2011-03-18 05:36:18 74840] R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 18:25:27 114144] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 03:03:48 128456] R3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-13 02:21:48 368896] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 20:35:57 56832] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2011-05-10 13:06:08 51712] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-22 00:35:32 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 02:10:10 57184] S1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 20:57:20 17024] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 20:51:26 63960] S2 AFBAgent;AFBAgent;C:\Windows\system32\FBAgent.exe [2011-01-25 21:11:56 379520] S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 00:36:14 15416] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 22:04:46 399432] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 22:04:46 676936] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 04:04:12 2655768] S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys [2010-12-31 10:30:10 138024] S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 16:28:16 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 09:55:44 76912] S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-09-07 22:04:46 25928] S3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-21 16:59:38 56344] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys [2010-11-23 10:09:42 1103976] --- Other Services/Drivers In Memory --- *NewlyCreated* - NISDRV Contents of the 'Scheduled Tasks' folder 2012-10-05 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 04:34:54 . 2012-09-21 03:00:09] 2012-09-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051550082-882093396-715400175-1001Core.job - C:\Users\Murdock\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 03:56:12 . 2011-09-24 03:56:10] 2012-10-05 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051550082-882093396-715400175-1001UA.job - C:\Users\Murdock\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 03:56:12 . 2011-09-24 03:56:10] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2009-11-26 05:49:40 70656 ----a-w- C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2009-11-26 05:49:40 70656 ----a-w- C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS WebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 01:48:34 1754448] "ETDCtrl"="C:\Program Files (x86)\Elantech\ETDCtrl.exe" [bU] "AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 08:07:02 361984] "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 06:53:06 2188904] "snp2uvc"="C:\Windows\vsnp2uvc.exe" [2010-01-21 06:22:04 909824] "Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU] "LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 22:51:44 371712] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2011-07-28 20:30:12 167704] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2011-07-28 20:29:58 392472] "Persistence"="C:\Windows\system32\igfxpers.exe" [2011-07-28 20:30:02 416024] "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2012-09-13 02:16:10 1289704] ------- Supplementary Scan ------- uLocal Page = C:\Windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mLocal Page = C:\Windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6C243FF1-705F-4545-B908-2A6942263D97}\44169737F594E6E6: NameServer = 4.2.2.0,4.2.2.2 DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://r6mail2.r06tok.epa.gov/dwa85W.cab FF - ProfilePath - C:\Users\Murdock\AppData\Roaming\Mozilla\Firefox\Profiles\j7peecky.default\ - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file)
  8. bennegesserit
    When I restarted it said that windows failed to boot; however, when I selected "start windows normally," it booted just fine. Not only that, but I did not receive any "threat detected" alerts upon startup this time, so that is promising. Here is the requested fixlog.txt log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2012 01 Ran by SYSTEM at 2012-10-05 01:16:09 Run:1 Running from F:\ ============================================== c:\windows\svchost.exe moved successfully. The operation completed successfully. The operation completed successfully. ==== End of Fixlog ====
  9. bennegesserit
    Quick question: since the corruption is in Windows, does that mean I can safely use my computer while running Ubuntu? (such as check email, etc.)
  10. bennegesserit
    Here is the new FRST Logfile: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2012 01 Ran by SYSTEM at 04-10-2012 13:14:18 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] () HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.) HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2188904 2011-01-17] (Realtek Semiconductor) HKLM\...\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe [909824 2010-01-20] (Sonix Technology Co., Ltd.) HKLM\...\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd [x] HKLM\...\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe" [371712 2009-09-24] (Microsoft Corporation) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation) HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS) HKU\Murdock\...\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\Murdock\...\Run: [spotify Web Helper] "C:\Users\Murdock\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-27] () Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe () ==================== Services (Whitelisted) =================== 2 AdobeActiveFileMonitor; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] () 2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS) 2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation) 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation) 2 PhotoshopElementsDeviceConnect; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] () ==================== Drivers (Whitelisted) ===================== 1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS) 3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( ) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation) 3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.) 3 sscdserd; C:\Windows\System32\Drivers\sscdserd.sys [114856 2007-07-03] (MCCI Corporation) 3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-10-03 20:08 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe 2012-10-03 20:02 - 2012-10-03 19:47 - 00000512 ____A C:\MBR.zip 2012-10-02 07:18 - 2012-10-02 07:18 - 00000512 ____A C:\Users\Murdock\Downloads\MBRbackup.zip 2012-09-30 13:06 - 2012-09-30 13:06 - 00000000 ____D C:\FRST 2012-09-29 19:25 - 2012-09-29 19:25 - 00002785 ____A C:\Users\Murdock\Desktop\eset_online_scanner_results.txt 2012-09-29 14:42 - 2012-09-29 14:42 - 00000000 ____D C:\Program Files (x86)\ESET 2012-09-28 08:16 - 2012-09-28 08:16 - 00021045 ____A C:\ComboFix.txt 2012-09-28 07:54 - 2012-09-28 08:16 - 00000000 ____D C:\Qoobox 2012-09-28 07:54 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-09-28 07:54 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-09-28 07:54 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-09-28 07:54 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-09-28 07:54 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-09-28 07:54 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-09-28 07:54 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-09-28 07:54 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-09-28 07:53 - 2012-09-28 08:11 - 00000000 ____D C:\Windows\erdnt 2012-09-28 07:44 - 2012-09-28 07:44 - 04757745 ____R (Swearware) C:\Users\Murdock\Desktop\ComboFix.exe 2012-09-28 07:39 - 2012-09-28 07:39 - 00266288 ____A C:\Windows\Minidump\092812-34413-01.dmp 2012-09-28 07:37 - 2012-09-28 07:37 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-09-28 06:07 - 2012-09-28 06:07 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Murdock\Desktop\tdsskiller.exe 2012-09-27 18:04 - 2012-09-27 18:04 - 00017169 ____A C:\Users\Murdock\Desktop\Attach.txt 2012-09-27 18:03 - 2012-09-27 18:03 - 00022025 ____A C:\Users\Murdock\Desktop\DDS.txt 2012-09-27 17:43 - 2012-09-27 17:43 - 00607260 ____R (Swearware) C:\Users\Murdock\Desktop\dds.scr 2012-09-25 18:41 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe 2012-09-22 11:43 - 2012-09-22 11:43 - 00000000 ____D C:\Users\Murdock\AppData\Roaming\Malwarebytes 2012-09-22 11:38 - 2012-09-22 11:38 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-09-22 11:38 - 2012-09-22 11:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-22 11:38 - 2012-09-07 14:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-22 09:46 - 2012-09-22 09:46 - 00262144 ____A C:\Windows\Minidump\092212-30139-01.dmp 2012-09-21 20:06 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-09-21 20:06 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-09-21 20:06 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-09-21 20:06 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-09-21 20:06 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-09-21 20:06 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-09-21 20:06 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-09-21 20:06 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-09-21 20:06 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-09-21 20:06 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-09-21 20:06 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-09-21 20:06 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-09-21 20:06 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-09-21 20:06 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-09-21 20:06 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-09-21 20:06 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-09-21 20:06 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-09-21 20:06 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-09-21 20:05 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-09-21 20:05 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-09-21 20:05 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-09-21 20:05 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-09-21 20:05 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-09-21 20:05 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-09-21 20:05 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-09-21 20:05 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-09-21 20:05 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-09-21 20:05 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-09-21 20:05 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-09-21 20:05 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-09-21 20:05 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-09-21 20:05 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-09-16 23:16 - 2012-09-22 15:05 - 00000000 ____D C:\Windows\Microsoft Antimalware 2012-09-15 20:39 - 2012-09-15 20:39 - 00007604 ____A C:\Users\Murdock\AppData\Local\Resmon.ResmonCfg 2012-09-14 11:48 - 2012-09-14 11:49 - 00000000 ___RD C:\Program Files (x86)\Skype 2012-09-12 06:31 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-09-12 06:31 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-09-12 06:31 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-09-12 06:31 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-09-12 06:31 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-09-12 06:31 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-09-12 06:31 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys 2012-09-09 10:23 - 2012-09-09 10:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== 3 Months Modified Files ================== 2012-10-04 13:08 - 2011-02-03 06:35 - 00004602 ____A C:\Windows\AsRecoveryHD.log 2012-10-04 13:07 - 2011-02-03 06:34 - 00044632 ____A C:\Windows\AsFac.log 2012-10-03 20:16 - 2011-09-21 16:46 - 00002148 ____A C:\Windows\epplauncher.mif 2012-10-03 20:16 - 2011-09-13 09:18 - 02003430 ____A C:\Windows\WindowsUpdate.log 2012-10-03 20:15 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-10-03 20:15 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-10-03 20:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-10-03 20:07 - 2009-07-13 20:51 - 00100720 ____A C:\Windows\setupact.log 2012-10-03 19:47 - 2012-10-03 20:02 - 00000512 ____A C:\MBR.zip 2012-10-03 19:06 - 2011-09-23 19:56 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051550082-882093396-715400175-1001UA.job 2012-10-03 18:59 - 2012-04-01 20:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-10-02 12:08 - 2009-07-13 21:13 - 00749348 ____A C:\Windows\System32\PerfStringBackup.INI 2012-10-02 07:18 - 2012-10-02 07:18 - 00000512 ____A C:\Users\Murdock\Downloads\MBRbackup.zip 2012-09-29 19:25 - 2012-09-29 19:25 - 00002785 ____A C:\Users\Murdock\Desktop\eset_online_scanner_results.txt 2012-09-29 14:33 - 2011-09-13 09:42 - 00045056 ____A C:\Windows\System32\acovcnt.exe 2012-09-29 05:46 - 2011-09-13 09:14 - 00340858 ____A C:\Windows\PFRO.log 2012-09-28 08:16 - 2012-09-28 08:16 - 00021045 ____A C:\ComboFix.txt 2012-09-28 08:09 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-09-28 07:44 - 2012-09-28 07:44 - 04757745 ____R (Swearware) C:\Users\Murdock\Desktop\ComboFix.exe 2012-09-28 07:39 - 2012-09-28 07:39 - 00266288 ____A C:\Windows\Minidump\092812-34413-01.dmp 2012-09-28 07:39 - 2011-12-18 10:55 - 587673484 ____A C:\Windows\MEMORY.DMP 2012-09-28 06:07 - 2012-09-28 06:07 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Murdock\Desktop\tdsskiller.exe 2012-09-27 18:04 - 2012-09-27 18:04 - 00017169 ____A C:\Users\Murdock\Desktop\Attach.txt 2012-09-27 18:03 - 2012-09-27 18:03 - 00022025 ____A C:\Users\Murdock\Desktop\DDS.txt 2012-09-27 17:43 - 2012-09-27 17:43 - 00607260 ____R (Swearware) C:\Users\Murdock\Desktop\dds.scr 2012-09-25 15:19 - 2011-09-23 19:56 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051550082-882093396-715400175-1001Core.job 2012-09-22 16:40 - 2011-09-13 09:40 - 00001288 ____A C:\Windows\System32\ServiceFilter.ini 2012-09-22 09:46 - 2012-09-22 09:46 - 00262144 ____A C:\Windows\Minidump\092212-30139-01.dmp 2012-09-20 19:00 - 2012-04-01 20:34 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-09-20 19:00 - 2011-09-28 20:08 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-09-17 07:51 - 2012-07-05 11:16 - 00005924 ____A C:\Windows\wininit.ini 2012-09-17 06:37 - 2011-09-21 16:46 - 00762846 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-09-15 20:39 - 2012-09-15 20:39 - 00007604 ____A C:\Users\Murdock\AppData\Local\Resmon.ResmonCfg 2012-09-12 06:36 - 2012-08-15 16:56 - 00000129 ____A C:\Windows\System32\MRT.INI 2012-09-12 06:32 - 2011-09-21 16:07 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-09-07 14:04 - 2012-09-22 11:38 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-02 20:34 - 2012-09-02 20:34 - 00262144 ____A C:\Windows\Minidump\090212-23275-01.dmp 2012-08-31 18:46 - 2009-07-13 18:34 - 00444272 ___RA C:\Windows\System32\Drivers\etc\hosts.20120915-215506.backup 2012-08-31 18:40 - 2012-08-31 18:40 - 00347424 ____A (Microsoft Corporation) C:\Users\Murdock\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run.exe 2012-08-27 11:53 - 2009-07-13 21:08 - 00032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-08-24 03:15 - 2012-09-21 20:05 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-24 02:39 - 2012-09-21 20:05 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-24 02:31 - 2012-09-21 20:06 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-24 02:22 - 2012-09-21 20:06 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-24 02:21 - 2012-09-21 20:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-24 02:20 - 2012-09-21 20:06 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-24 02:18 - 2012-09-21 20:06 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-24 02:17 - 2012-09-21 20:05 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-24 02:14 - 2012-09-21 20:06 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-24 02:14 - 2012-09-21 20:05 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-24 02:13 - 2012-09-21 20:05 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-08-24 02:12 - 2012-09-21 20:05 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-24 02:11 - 2012-09-21 20:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-08-24 02:10 - 2012-09-21 20:06 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-24 02:09 - 2012-09-21 20:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-24 02:04 - 2012-09-21 20:06 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-23 23:27 - 2012-09-21 20:05 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-08-23 23:03 - 2012-09-21 20:05 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-08-23 22:59 - 2012-09-21 20:05 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-08-23 22:51 - 2012-09-21 20:06 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-08-23 22:51 - 2012-09-21 20:06 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-08-23 22:51 - 2012-09-21 20:05 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-08-23 22:49 - 2012-09-21 20:06 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-08-23 22:48 - 2012-09-21 20:05 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-08-23 22:47 - 2012-09-21 20:06 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-08-23 22:47 - 2012-09-21 20:06 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-08-23 22:47 - 2012-09-21 20:05 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-08-23 22:45 - 2012-09-21 20:06 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-08-23 22:44 - 2012-09-21 20:06 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-08-23 22:44 - 2012-09-21 20:05 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-08-23 22:43 - 2012-09-21 20:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-08-23 22:40 - 2012-09-21 20:06 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-08-22 10:12 - 2012-09-12 06:31 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-08-22 10:12 - 2012-09-12 06:31 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-08-22 10:12 - 2012-09-12 06:31 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-08-22 10:12 - 2012-09-12 06:31 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-08-21 13:01 - 2012-09-25 18:41 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe 2012-08-15 18:28 - 2009-07-13 20:45 - 00422080 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-13 16:05 - 2009-07-13 18:34 - 00444102 ___RA C:\Windows\System32\Drivers\etc\hosts.20120831-214657.backup 2012-08-13 13:27 - 2012-08-13 13:26 - 00262144 ____A C:\Windows\Minidump\081312-22230-01.dmp 2012-08-12 12:37 - 2012-08-12 12:37 - 00262144 ____A C:\Windows\Minidump\081212-31621-01.dmp 2012-08-02 09:58 - 2012-09-12 06:31 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-08-02 08:57 - 2012-09-12 06:31 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-07-21 19:08 - 2009-07-13 18:34 - 00443619 ___RA C:\Windows\System32\Drivers\etc\hosts.20120813-190507.backup 2012-07-18 10:15 - 2012-08-14 16:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-12 11:43 - 2012-07-12 11:42 - 00264364 ____A C:\Windows\msxml4-KB2721691-enu.LOG 2012-07-12 11:43 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini ATTENTION: ========> Check for possible partition/boot infection: C:\Windows\svchost.exe ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit TDL4: custom:26000022 <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-09-16 19:02:44 Restore point made on: 2012-09-17 17:38:25 Restore point made on: 2012-09-20 18:46:08 Restore point made on: 2012-09-21 20:05:18 Restore point made on: 2012-09-23 18:06:06 Restore point made on: 2012-09-27 17:25:02 Restore point made on: 2012-09-30 17:38:56 Restore point made on: 2012-10-01 19:26:03 Restore point made on: 2012-10-01 20:38:36 Restore point made on: 2012-10-02 07:24:07 Restore point made on: 2012-10-02 13:04:09 Restore point made on: 2012-10-03 18:21:20 Restore point made on: 2012-10-03 20:16:08 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3874.21 MB Available physical RAM: 3308.49 MB Total Pagefile: 3872.36 MB Available Pagefile: 3302.36 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:125.03 GB) (Free:52.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (Data) (Fixed) (Total:148.06 GB) (Free:53.81 GB) NTFS 4 Drive f: () (Removable) (Total:0.93 GB) (Free:0.85 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 1024 KB Disk 1 Online 956 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 25 GB 1024 KB Partition 2 Primary 125 GB 25 GB Partition 0 Extended 148 GB 150 GB Partition 3 Logical 148 GB 150 GB ================================================================================== Disk: 0 Partition 1 Type : 1C Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C OS NTFS Partition 125 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D Data NTFS Partition 148 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 955 MB 20 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT32 Removable 955 MB Healthy ========================================================= Last Boot: 2012-08-31 15:00 ==================== End Of Log =============================
  11. bennegesserit
    Ah, ok. When I tried to restart into windows I got the following error: "Your computer was unable to start." Then it asks, "Do you want to restore your computer using System Restore?" Should I say yes or click cancel?
  12. bennegesserit
    Sorry, didn't attach before. MBR.zip
  13. bennegesserit
    Came back with the following response: Do I send MBR.zip back to you now? If so, here it is from the home folder.
  14. bennegesserit
    Apologies as I did not receive email notification that you replied. I am currently viewing this topic in Ubuntu. I downloaded mbr.zip and saved it into the home folder. I then opened a terminal and typed in the requested command. It came back with the following reply: I'm not sure why it does not see the file in the home folder.
  15. bennegesserit
    When I type in the command it says this: Then the zip file that is not a zip file is generated in the Home Folder.
  16. bennegesserit
    When I tried to extract it, I was told the folder was empty, so if that was created incorrectly, let me know and I'll try again.
  17. bennegesserit
    Attached is the MBRbackup file MBRbackup.zip
  18. bennegesserit
    Thank you for the alternative option. I was able to get Ubunto to boot successfully. What is the next step?
  19. bennegesserit
    Tried again with a different USB and got the same results. More specifically, the later half of the text says the following: I thought I had an old Linux disk handy but no such luck.
  20. bennegesserit
    When I loaded xPUD it asks me to choose a language, then it begins automatically. Then a bunch of lines of text fly by starting with "loading boot/xpud" and it ending with the prompt "sh-4.0#". Not sure what to do at that point. Does this mean I did not copy all the needed files to the USB correctly?
  21. bennegesserit
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2012 01 Ran by SYSTEM at 30-09-2012 13:07:04 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] () HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.) HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2188904 2011-01-17] (Realtek Semiconductor) HKLM\...\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe [909824 2010-01-20] (Sonix Technology Co., Ltd.) HKLM\...\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd [x] HKLM\...\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe" [371712 2009-09-24] (Microsoft Corporation) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation) HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS) HKU\Murdock\...\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\Murdock\...\Run: [spotify Web Helper] "C:\Users\Murdock\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-27] () Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe () ==================== Services (Whitelisted) =================== 2 AdobeActiveFileMonitor; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] () 2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS) 2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation) 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation) 2 PhotoshopElementsDeviceConnect; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] () ==================== Drivers (Whitelisted) ===================== 1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS) 3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( ) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation) 3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.) 3 sscdserd; C:\Windows\System32\Drivers\sscdserd.sys [114856 2007-07-03] (MCCI Corporation) 3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-09-29 20:25 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe 2012-09-29 19:25 - 2012-09-29 19:25 - 00002785 ____A C:\Users\Murdock\Desktop\eset_online_scanner_results.txt 2012-09-29 14:42 - 2012-09-29 14:42 - 00000000 ____D C:\Program Files (x86)\ESET 2012-09-28 08:16 - 2012-09-28 08:16 - 00021045 ____A C:\ComboFix.txt 2012-09-28 07:54 - 2012-09-28 08:16 - 00000000 ____D C:\Qoobox 2012-09-28 07:54 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-09-28 07:54 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-09-28 07:54 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-09-28 07:54 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-09-28 07:54 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-09-28 07:54 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-09-28 07:54 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-09-28 07:54 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-09-28 07:53 - 2012-09-28 08:11 - 00000000 ____D C:\Windows\erdnt 2012-09-28 07:44 - 2012-09-28 07:44 - 04757745 ____R (Swearware) C:\Users\Murdock\Desktop\ComboFix.exe 2012-09-28 07:39 - 2012-09-28 07:39 - 00266288 ____A C:\Windows\Minidump\092812-34413-01.dmp 2012-09-28 07:37 - 2012-09-28 07:37 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-09-28 06:07 - 2012-09-28 06:07 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Murdock\Desktop\tdsskiller.exe 2012-09-27 18:04 - 2012-09-27 18:04 - 00017169 ____A C:\Users\Murdock\Desktop\Attach.txt 2012-09-27 18:03 - 2012-09-27 18:03 - 00022025 ____A C:\Users\Murdock\Desktop\DDS.txt 2012-09-27 17:43 - 2012-09-27 17:43 - 00607260 ____R (Swearware) C:\Users\Murdock\Desktop\dds.scr 2012-09-25 18:41 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe 2012-09-22 11:43 - 2012-09-22 11:43 - 00000000 ____D C:\Users\Murdock\AppData\Roaming\Malwarebytes 2012-09-22 11:38 - 2012-09-22 11:38 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-09-22 11:38 - 2012-09-22 11:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-22 11:38 - 2012-09-07 14:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-22 09:46 - 2012-09-22 09:46 - 00262144 ____A C:\Windows\Minidump\092212-30139-01.dmp 2012-09-21 20:06 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-09-21 20:06 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-09-21 20:06 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-09-21 20:06 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-09-21 20:06 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-09-21 20:06 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-09-21 20:06 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-09-21 20:06 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-09-21 20:06 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-09-21 20:06 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-09-21 20:06 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-09-21 20:06 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-09-21 20:06 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-09-21 20:06 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-09-21 20:06 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-09-21 20:06 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-09-21 20:06 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-09-21 20:06 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-09-21 20:05 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-09-21 20:05 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-09-21 20:05 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-09-21 20:05 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-09-21 20:05 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-09-21 20:05 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-09-21 20:05 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-09-21 20:05 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-09-21 20:05 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-09-21 20:05 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-09-21 20:05 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-09-21 20:05 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-09-21 20:05 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-09-21 20:05 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-09-16 23:16 - 2012-09-22 15:05 - 00000000 ____D C:\Windows\Microsoft Antimalware 2012-09-15 20:39 - 2012-09-15 20:39 - 00007604 ____A C:\Users\Murdock\AppData\Local\Resmon.ResmonCfg 2012-09-14 11:48 - 2012-09-14 11:49 - 00000000 ___RD C:\Program Files (x86)\Skype 2012-09-12 06:31 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-09-12 06:31 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-09-12 06:31 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-09-12 06:31 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-09-12 06:31 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-09-12 06:31 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-09-12 06:31 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys 2012-09-09 10:23 - 2012-09-09 10:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-09-02 20:34 - 2012-09-02 20:34 - 00262144 ____A C:\Windows\Minidump\090212-23275-01.dmp 2012-08-31 18:44 - 2012-08-31 18:44 - 00000000 ____D C:\MATS 2012-08-31 18:40 - 2012-08-31 18:40 - 00347424 ____A (Microsoft Corporation) C:\Users\Murdock\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run.exe ==================== 3 Months Modified Files ================== 2012-09-30 10:02 - 2011-09-13 09:18 - 01778954 ____A C:\Windows\WindowsUpdate.log 2012-09-30 10:00 - 2009-07-13 21:13 - 00749348 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-30 09:59 - 2012-04-01 20:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-30 09:56 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-30 09:56 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-30 09:55 - 2009-07-13 20:51 - 00097956 ____A C:\Windows\setupact.log 2012-09-30 09:48 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-29 20:06 - 2011-09-23 19:56 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051550082-882093396-715400175-1001UA.job 2012-09-29 19:25 - 2012-09-29 19:25 - 00002785 ____A C:\Users\Murdock\Desktop\eset_online_scanner_results.txt 2012-09-29 14:33 - 2011-09-13 09:42 - 00045056 ____A C:\Windows\System32\acovcnt.exe 2012-09-29 05:46 - 2011-09-13 09:14 - 00340858 ____A C:\Windows\PFRO.log 2012-09-28 08:16 - 2012-09-28 08:16 - 00021045 ____A C:\ComboFix.txt 2012-09-28 08:09 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-09-28 07:44 - 2012-09-28 07:44 - 04757745 ____R (Swearware) C:\Users\Murdock\Desktop\ComboFix.exe 2012-09-28 07:39 - 2012-09-28 07:39 - 00266288 ____A C:\Windows\Minidump\092812-34413-01.dmp 2012-09-28 07:39 - 2011-12-18 10:55 - 587673484 ____A C:\Windows\MEMORY.DMP 2012-09-28 06:07 - 2012-09-28 06:07 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Murdock\Desktop\tdsskiller.exe 2012-09-27 18:04 - 2012-09-27 18:04 - 00017169 ____A C:\Users\Murdock\Desktop\Attach.txt 2012-09-27 18:03 - 2012-09-27 18:03 - 00022025 ____A C:\Users\Murdock\Desktop\DDS.txt 2012-09-27 17:43 - 2012-09-27 17:43 - 00607260 ____R (Swearware) C:\Users\Murdock\Desktop\dds.scr 2012-09-25 15:19 - 2011-09-23 19:56 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051550082-882093396-715400175-1001Core.job 2012-09-22 16:40 - 2011-09-13 09:40 - 00001288 ____A C:\Windows\System32\ServiceFilter.ini 2012-09-22 09:46 - 2012-09-22 09:46 - 00262144 ____A C:\Windows\Minidump\092212-30139-01.dmp 2012-09-20 19:00 - 2012-04-01 20:34 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-09-20 19:00 - 2011-09-28 20:08 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-09-17 07:51 - 2012-07-05 11:16 - 00005924 ____A C:\Windows\wininit.ini 2012-09-17 06:37 - 2011-09-21 16:46 - 00762846 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-09-15 20:39 - 2012-09-15 20:39 - 00007604 ____A C:\Users\Murdock\AppData\Local\Resmon.ResmonCfg 2012-09-12 06:36 - 2012-08-15 16:56 - 00000129 ____A C:\Windows\System32\MRT.INI 2012-09-12 06:32 - 2011-09-21 16:07 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-09-09 14:04 - 2011-09-21 16:46 - 00002198 ____A C:\Windows\epplauncher.mif 2012-09-07 14:04 - 2012-09-22 11:38 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-02 20:34 - 2012-09-02 20:34 - 00262144 ____A C:\Windows\Minidump\090212-23275-01.dmp 2012-08-31 18:46 - 2009-07-13 18:34 - 00444272 ___RA C:\Windows\System32\Drivers\etc\hosts.20120915-215506.backup 2012-08-31 18:40 - 2012-08-31 18:40 - 00347424 ____A (Microsoft Corporation) C:\Users\Murdock\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run.exe 2012-08-27 11:53 - 2009-07-13 21:08 - 00032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-08-24 03:15 - 2012-09-21 20:05 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-24 02:39 - 2012-09-21 20:05 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-24 02:31 - 2012-09-21 20:06 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-24 02:22 - 2012-09-21 20:06 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-24 02:21 - 2012-09-21 20:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-24 02:20 - 2012-09-21 20:06 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-24 02:18 - 2012-09-21 20:06 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-24 02:17 - 2012-09-21 20:05 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-24 02:14 - 2012-09-21 20:06 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-24 02:14 - 2012-09-21 20:05 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-24 02:13 - 2012-09-21 20:05 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-08-24 02:12 - 2012-09-21 20:05 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-24 02:11 - 2012-09-21 20:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-08-24 02:10 - 2012-09-21 20:06 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-24 02:09 - 2012-09-21 20:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-24 02:04 - 2012-09-21 20:06 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-23 23:27 - 2012-09-21 20:05 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-08-23 23:03 - 2012-09-21 20:05 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-08-23 22:59 - 2012-09-21 20:05 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-08-23 22:51 - 2012-09-21 20:06 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-08-23 22:51 - 2012-09-21 20:06 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-08-23 22:51 - 2012-09-21 20:05 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-08-23 22:49 - 2012-09-21 20:06 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-08-23 22:48 - 2012-09-21 20:05 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-08-23 22:47 - 2012-09-21 20:06 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-08-23 22:47 - 2012-09-21 20:06 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-08-23 22:47 - 2012-09-21 20:05 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-08-23 22:45 - 2012-09-21 20:06 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-08-23 22:44 - 2012-09-21 20:06 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-08-23 22:44 - 2012-09-21 20:05 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-08-23 22:43 - 2012-09-21 20:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-08-23 22:40 - 2012-09-21 20:06 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-08-22 10:12 - 2012-09-12 06:31 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-08-22 10:12 - 2012-09-12 06:31 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-08-22 10:12 - 2012-09-12 06:31 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-08-22 10:12 - 2012-09-12 06:31 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-08-21 13:01 - 2012-09-25 18:41 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe 2012-08-15 18:28 - 2009-07-13 20:45 - 00422080 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-13 16:05 - 2009-07-13 18:34 - 00444102 ___RA C:\Windows\System32\Drivers\etc\hosts.20120831-214657.backup 2012-08-13 13:27 - 2012-08-13 13:26 - 00262144 ____A C:\Windows\Minidump\081312-22230-01.dmp 2012-08-12 12:37 - 2012-08-12 12:37 - 00262144 ____A C:\Windows\Minidump\081212-31621-01.dmp 2012-08-02 09:58 - 2012-09-12 06:31 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-08-02 08:57 - 2012-09-12 06:31 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-07-21 19:08 - 2009-07-13 18:34 - 00443619 ___RA C:\Windows\System32\Drivers\etc\hosts.20120813-190507.backup 2012-07-18 10:15 - 2012-08-14 16:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-12 11:43 - 2012-07-12 11:42 - 00264364 ____A C:\Windows\msxml4-KB2721691-enu.LOG 2012-07-12 11:43 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini 2012-07-06 12:07 - 2012-08-15 18:08 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys 2012-07-05 09:01 - 2009-07-13 18:34 - 00443089 ___RA C:\Windows\System32\Drivers\etc\hosts.20120721-220832.backup 2012-07-04 14:16 - 2012-08-14 16:06 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 14:13 - 2012-08-14 16:06 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 14:13 - 2012-08-14 16:06 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-07-04 13:16 - 2012-08-14 16:06 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-07-04 13:14 - 2012-08-14 16:06 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-07-04 12:26 - 2012-09-12 06:31 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys ATTENTION: ========> Check for possible partition/boot infection: C:\Windows\svchost.exe ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit TDL4: custom:26000022 <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-09-12 05:55:26 Restore point made on: 2012-09-12 06:31:51 Restore point made on: 2012-09-14 11:46:03 Restore point made on: 2012-09-16 19:02:44 Restore point made on: 2012-09-17 17:38:25 Restore point made on: 2012-09-20 18:46:08 Restore point made on: 2012-09-21 20:05:18 Restore point made on: 2012-09-23 18:06:06 Restore point made on: 2012-09-27 17:25:02 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3874.21 MB Available physical RAM: 3305.24 MB Total Pagefile: 3872.36 MB Available Pagefile: 3299.22 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:125.03 GB) (Free:52.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (Data) (Fixed) (Total:148.06 GB) (Free:53.81 GB) NTFS 4 Drive f: (UDISK 2.0) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 1024 KB Disk 1 Online 246 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 25 GB 1024 KB Partition 2 Primary 125 GB 25 GB Partition 0 Extended 148 GB 150 GB Partition 3 Logical 148 GB 150 GB ================================================================================== Disk: 0 Partition 1 Type : 1C Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C OS NTFS Partition 125 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D Data NTFS Partition 148 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 245 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 0E Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F UDISK 2.0 FAT Removable 245 MB Healthy ========================================================= Last Boot: 2012-08-31 15:00 ==================== End Of Log =============================
  22. bennegesserit
    Here is the MBAM log: Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.29.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Murdock :: ASUS-NOTEBOOK [administrator] Protection: Enabled 9/29/2012 5:19:30 PM mbam-log-2012-09-29 (17-19-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204110 Time elapsed: 3 minute(s), 29 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 5360 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end) Here is the ESET log: C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0004.dta Win32/Olmarik.AWO trojan C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0014.dta Win32/Olmarik.AYI trojan C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm D:\ASUS-NOTEBOOK\Backup Set 2012-01-22 201620\Backup Files 2012-01-22 201620\Backup files 4.zip a variant of Java/TrojanDownloader.Agent.NDJ trojan D:\ASUS-NOTEBOOK\Backup Set 2012-02-05 220201\Backup Files 2012-02-05 220201\Backup files 4.zip a variant of Java/TrojanDownloader.Agent.NDJ trojan D:\ASUS-NOTEBOOK\Backup Set 2012-02-05 220201\Backup Files 2012-03-04 190002\Backup files 3.zip HTML/ScrInject.B.Gen virus D:\ASUS-NOTEBOOK\Backup Set 2012-03-11 204253\Backup Files 2012-03-18 224716\Backup files 5.zip HTML/ScrInject.B.Gen virus D:\ASUS-NOTEBOOK\Backup Set 2012-09-02 230645\Backup Files 2012-09-16 220158\Backup files 2.zip HTML/ScrInject.B.Gen virus So far I do not notice any change in laptop performance. MBAM and MSE still detect threats upon startup.
  23. bennegesserit
    Here is the TDSSKiller log after marking "cure": 10:36:26.0137 1076 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 10:36:27.0260 1076 ============================================================ 10:36:27.0260 1076 Current date / time: 2012/09/28 10:36:27.0260 10:36:27.0260 1076 SystemInfo: 10:36:27.0260 1076 10:36:27.0260 1076 OS Version: 6.1.7601 ServicePack: 1.0 10:36:27.0260 1076 Product type: Workstation 10:36:27.0260 1076 ComputerName: ASUS-NOTEBOOK 10:36:27.0276 1076 UserName: Murdock 10:36:27.0276 1076 Windows directory: C:\Windows 10:36:27.0276 1076 System windows directory: C:\Windows 10:36:27.0276 1076 Running under WOW64 10:36:27.0276 1076 Processor architecture: Intel x64 10:36:27.0276 1076 Number of processors: 2 10:36:27.0276 1076 Page size: 0x1000 10:36:27.0276 1076 Boot type: Normal boot 10:36:27.0276 1076 ============================================================ 10:36:35.0170 1076 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:36:35.0170 1076 ============================================================ 10:36:35.0170 1076 \Device\Harddisk0\DR0: 10:36:35.0170 1076 MBR partitions: 10:36:35.0170 1076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0xFA0E000 10:36:35.0217 1076 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12C0F000, BlocksNum 0x1281F000 10:36:35.0217 1076 ============================================================ 10:36:35.0326 1076 C: <-> \Device\Harddisk0\DR0\Partition1 10:36:35.0420 1076 D: <-> \Device\Harddisk0\DR0\Partition2 10:36:35.0420 1076 ============================================================ 10:36:35.0420 1076 Initialize success 10:36:35.0420 1076 ============================================================ 10:36:51.0862 2696 ============================================================ 10:36:51.0862 2696 Scan started 10:36:51.0862 2696 Mode: Manual; 10:36:51.0862 2696 ============================================================ 10:36:52.0627 2696 ================ Scan system memory ======================== 10:36:52.0627 2696 System memory - ok 10:36:52.0627 2696 ================ Scan services ============================= 10:36:53.0063 2696 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 10:36:53.0079 2696 1394ohci - ok 10:36:53.0141 2696 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 10:36:53.0157 2696 ACPI - ok 10:36:53.0188 2696 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 10:36:53.0188 2696 AcpiPmi - ok 10:36:53.0313 2696 [ E42F7B36B4D8866184E8DF9776CA4226 ] AdobeActiveFileMonitor C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe 10:36:53.0313 2696 AdobeActiveFileMonitor - ok 10:36:53.0407 2696 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 10:36:53.0407 2696 AdobeARMservice - ok 10:36:53.0578 2696 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 10:36:53.0578 2696 AdobeFlashPlayerUpdateSvc - ok 10:36:53.0703 2696 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 10:36:53.0703 2696 adp94xx - ok 10:36:53.0734 2696 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 10:36:53.0750 2696 adpahci - ok 10:36:53.0797 2696 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 10:36:53.0797 2696 adpu320 - ok 10:36:53.0843 2696 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 10:36:53.0859 2696 AeLookupSvc - ok 10:36:53.0921 2696 [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent C:\Windows\system32\FBAgent.exe 10:36:53.0921 2696 AFBAgent - ok 10:36:53.0999 2696 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 10:36:54.0015 2696 AFD - ok 10:36:54.0077 2696 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 10:36:54.0077 2696 agp440 - ok 10:36:54.0124 2696 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 10:36:54.0124 2696 ALG - ok 10:36:54.0171 2696 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 10:36:54.0171 2696 aliide - ok 10:36:54.0202 2696 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 10:36:54.0202 2696 amdide - ok 10:36:54.0249 2696 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 10:36:54.0265 2696 AmdK8 - ok 10:36:54.0265 2696 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 10:36:54.0265 2696 AmdPPM - ok 10:36:54.0358 2696 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 10:36:54.0358 2696 amdsata - ok 10:36:54.0405 2696 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 10:36:54.0405 2696 amdsbs - ok 10:36:54.0436 2696 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 10:36:54.0436 2696 amdxata - ok 10:36:54.0499 2696 [ 92A848F962DA91C631147D566414BB7E ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS 10:36:54.0499 2696 AmUStor - ok 10:36:54.0545 2696 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 10:36:54.0545 2696 AppID - ok 10:36:54.0592 2696 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 10:36:54.0592 2696 AppIDSvc - ok 10:36:54.0623 2696 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 10:36:54.0623 2696 Appinfo - ok 10:36:54.0701 2696 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 10:36:54.0701 2696 Apple Mobile Device - ok 10:36:54.0748 2696 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 10:36:54.0764 2696 arc - ok 10:36:54.0764 2696 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 10:36:54.0779 2696 arcsas - ok 10:36:54.0842 2696 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe 10:36:54.0857 2696 ASLDRService - ok 10:36:54.0889 2696 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 10:36:54.0889 2696 ASMMAP64 - ok 10:36:54.0935 2696 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 10:36:54.0951 2696 AsyncMac - ok 10:36:54.0998 2696 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 10:36:54.0998 2696 atapi - ok 10:36:55.0076 2696 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys 10:36:55.0091 2696 athr - ok 10:36:55.0138 2696 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 10:36:55.0138 2696 ATKGFNEXSrv - ok 10:36:55.0169 2696 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 10:36:55.0169 2696 ATKWMIACPIIO - ok 10:36:55.0247 2696 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 10:36:55.0263 2696 AudioEndpointBuilder - ok 10:36:55.0294 2696 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 10:36:55.0294 2696 AudioSrv - ok 10:36:55.0357 2696 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 10:36:55.0372 2696 AxInstSV - ok 10:36:55.0419 2696 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 10:36:55.0435 2696 b06bdrv - ok 10:36:55.0481 2696 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 10:36:55.0481 2696 b57nd60a - ok 10:36:55.0559 2696 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 10:36:55.0575 2696 BDESVC - ok 10:36:55.0606 2696 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 10:36:55.0606 2696 Beep - ok 10:36:55.0684 2696 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 10:36:55.0700 2696 BFE - ok 10:36:55.0747 2696 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 10:36:55.0778 2696 BITS - ok 10:36:55.0809 2696 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 10:36:55.0809 2696 blbdrive - ok 10:36:55.0934 2696 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 10:36:55.0934 2696 Bonjour Service - ok 10:36:56.0027 2696 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 10:36:56.0027 2696 bowser - ok 10:36:56.0091 2696 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 10:36:56.0091 2696 BrFiltLo - ok 10:36:56.0153 2696 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 10:36:56.0153 2696 BrFiltUp - ok 10:36:56.0200 2696 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 10:36:56.0200 2696 Browser - ok 10:36:56.0231 2696 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 10:36:56.0231 2696 Brserid - ok 10:36:56.0278 2696 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 10:36:56.0278 2696 BrSerWdm - ok 10:36:56.0294 2696 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 10:36:56.0294 2696 BrUsbMdm - ok 10:36:56.0294 2696 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 10:36:56.0294 2696 BrUsbSer - ok 10:36:56.0356 2696 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 10:36:56.0356 2696 BthEnum - ok 10:36:56.0387 2696 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 10:36:56.0403 2696 BTHMODEM - ok 10:36:56.0418 2696 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 10:36:56.0418 2696 BthPan - ok 10:36:56.0465 2696 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 10:36:56.0481 2696 BTHPORT - ok 10:36:56.0528 2696 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 10:36:56.0543 2696 bthserv - ok 10:36:56.0590 2696 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 10:36:56.0590 2696 BTHUSB - ok 10:36:56.0637 2696 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 10:36:56.0637 2696 cdfs - ok 10:36:56.0699 2696 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 10:36:56.0699 2696 cdrom - ok 10:36:56.0746 2696 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 10:36:56.0746 2696 CertPropSvc - ok 10:36:56.0777 2696 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 10:36:56.0777 2696 circlass - ok 10:36:56.0824 2696 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 10:36:56.0824 2696 CLFS - ok 10:36:56.0918 2696 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:36:56.0918 2696 clr_optimization_v2.0.50727_32 - ok 10:36:56.0964 2696 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 10:36:56.0980 2696 clr_optimization_v2.0.50727_64 - ok 10:36:57.0074 2696 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 10:36:57.0074 2696 clr_optimization_v4.0.30319_32 - ok 10:36:57.0136 2696 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 10:36:57.0136 2696 clr_optimization_v4.0.30319_64 - ok 10:36:57.0214 2696 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 10:36:57.0214 2696 CmBatt - ok 10:36:57.0245 2696 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 10:36:57.0245 2696 cmdide - ok 10:36:57.0308 2696 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 10:36:57.0323 2696 CNG - ok 10:36:57.0370 2696 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 10:36:57.0370 2696 Compbatt - ok 10:36:57.0432 2696 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 10:36:57.0448 2696 CompositeBus - ok 10:36:57.0464 2696 COMSysApp - ok 10:36:57.0495 2696 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 10:36:57.0495 2696 crcdisk - ok 10:36:57.0542 2696 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 10:36:57.0542 2696 CryptSvc - ok 10:36:57.0604 2696 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 10:36:57.0620 2696 DcomLaunch - ok 10:36:57.0698 2696 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 10:36:57.0713 2696 defragsvc - ok 10:36:57.0760 2696 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 10:36:57.0776 2696 DfsC - ok 10:36:57.0822 2696 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 10:36:57.0822 2696 Dhcp - ok 10:36:57.0854 2696 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 10:36:57.0854 2696 discache - ok 10:36:57.0900 2696 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 10:36:57.0900 2696 Disk - ok 10:36:57.0932 2696 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 10:36:57.0947 2696 Dnscache - ok 10:36:57.0994 2696 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 10:36:58.0010 2696 dot3svc - ok 10:36:58.0072 2696 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 10:36:58.0072 2696 DPS - ok 10:36:58.0119 2696 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 10:36:58.0119 2696 drmkaud - ok 10:36:58.0181 2696 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 10:36:58.0212 2696 DXGKrnl - ok 10:36:58.0259 2696 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 10:36:58.0275 2696 EapHost - ok 10:36:58.0400 2696 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 10:36:58.0509 2696 ebdrv - ok 10:36:58.0540 2696 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 10:36:58.0540 2696 EFS - ok 10:36:58.0634 2696 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 10:36:58.0649 2696 ehRecvr - ok 10:36:58.0680 2696 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 10:36:58.0680 2696 ehSched - ok 10:36:58.0790 2696 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 10:36:58.0805 2696 elxstor - ok 10:36:58.0821 2696 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 10:36:58.0821 2696 ErrDev - ok 10:36:58.0883 2696 [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys 10:36:58.0883 2696 ETD - ok 10:36:58.0946 2696 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 10:36:58.0961 2696 EventSystem - ok 10:36:59.0039 2696 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 10:36:59.0039 2696 exfat - ok 10:36:59.0070 2696 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 10:36:59.0070 2696 fastfat - ok 10:36:59.0164 2696 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 10:36:59.0180 2696 Fax - ok 10:36:59.0195 2696 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 10:36:59.0195 2696 fdc - ok 10:36:59.0226 2696 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 10:36:59.0226 2696 fdPHost - ok 10:36:59.0258 2696 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 10:36:59.0258 2696 FDResPub - ok 10:36:59.0289 2696 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 10:36:59.0304 2696 FileInfo - ok 10:36:59.0304 2696 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 10:36:59.0320 2696 Filetrace - ok 10:36:59.0320 2696 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 10:36:59.0320 2696 flpydisk - ok 10:36:59.0382 2696 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 10:36:59.0382 2696 FltMgr - ok 10:36:59.0460 2696 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 10:36:59.0492 2696 FontCache - ok 10:36:59.0538 2696 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 10:36:59.0538 2696 FontCache3.0.0.0 - ok 10:36:59.0570 2696 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 10:36:59.0585 2696 FsDepends - ok 10:36:59.0648 2696 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 10:36:59.0663 2696 fssfltr - ok 10:36:59.0835 2696 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 10:36:59.0850 2696 fsssvc - ok 10:36:59.0882 2696 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 10:36:59.0882 2696 Fs_Rec - ok 10:36:59.0928 2696 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 10:36:59.0928 2696 fvevol - ok 10:36:59.0991 2696 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 10:36:59.0991 2696 gagp30kx - ok 10:37:00.0022 2696 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 10:37:00.0022 2696 GEARAspiWDM - ok 10:37:00.0084 2696 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 10:37:00.0100 2696 gpsvc - ok 10:37:00.0147 2696 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 10:37:00.0162 2696 hcw85cir - ok 10:37:00.0209 2696 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 10:37:00.0209 2696 HdAudAddService - ok 10:37:00.0256 2696 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 10:37:00.0256 2696 HDAudBus - ok 10:37:00.0287 2696 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 10:37:00.0287 2696 HidBatt - ok 10:37:00.0303 2696 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 10:37:00.0303 2696 HidBth - ok 10:37:00.0334 2696 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 10:37:00.0334 2696 HidIr - ok 10:37:00.0365 2696 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 10:37:00.0365 2696 hidserv - ok 10:37:00.0412 2696 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 10:37:00.0412 2696 HidUsb - ok 10:37:00.0443 2696 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 10:37:00.0459 2696 hkmsvc - ok 10:37:00.0506 2696 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 10:37:00.0521 2696 HomeGroupListener - ok 10:37:00.0568 2696 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 10:37:00.0568 2696 HomeGroupProvider - ok 10:37:00.0599 2696 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 10:37:00.0599 2696 HpSAMD - ok 10:37:00.0662 2696 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 10:37:00.0677 2696 HTTP - ok 10:37:00.0708 2696 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 10:37:00.0724 2696 hwpolicy - ok 10:37:00.0771 2696 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 10:37:00.0771 2696 i8042prt - ok 10:37:00.0849 2696 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 10:37:00.0849 2696 iaStor - ok 10:37:00.0911 2696 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 10:37:00.0927 2696 iaStorV - ok 10:37:00.0989 2696 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 10:37:01.0005 2696 idsvc - ok 10:37:01.0956 2696 [ 10BB0DC3361C9420CC1B0B2128BB89DB ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 10:37:02.0331 2696 igfx - ok 10:37:02.0424 2696 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 10:37:02.0440 2696 iirsp - ok 10:37:02.0502 2696 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 10:37:02.0518 2696 IKEEXT - ok 10:37:02.0643 2696 [ 02C93EBAA4421418411448FE7FDFD815 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 10:37:02.0690 2696 IntcAzAudAddService - ok 10:37:02.0736 2696 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 10:37:02.0752 2696 IntcDAud - ok 10:37:02.0783 2696 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 10:37:02.0783 2696 intelide - ok 10:37:02.0846 2696 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 10:37:02.0846 2696 intelppm - ok 10:37:02.0877 2696 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 10:37:02.0892 2696 IPBusEnum - ok 10:37:02.0924 2696 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:37:02.0939 2696 IpFilterDriver - ok 10:37:02.0986 2696 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 10:37:03.0002 2696 iphlpsvc - ok 10:37:03.0048 2696 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 10:37:03.0048 2696 IPMIDRV - ok 10:37:03.0080 2696 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 10:37:03.0080 2696 IPNAT - ok 10:37:03.0173 2696 [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 10:37:03.0189 2696 iPod Service - ok 10:37:03.0251 2696 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 10:37:03.0251 2696 IRENUM - ok 10:37:03.0314 2696 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 10:37:03.0314 2696 isapnp - ok 10:37:03.0360 2696 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 10:37:03.0360 2696 iScsiPrt - ok 10:37:03.0392 2696 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 10:37:03.0392 2696 kbdclass - ok 10:37:03.0438 2696 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 10:37:03.0438 2696 kbdhid - ok 10:37:03.0485 2696 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys 10:37:03.0485 2696 kbfiltr - ok 10:37:03.0501 2696 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 10:37:03.0501 2696 KeyIso - ok 10:37:03.0532 2696 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 10:37:03.0548 2696 KSecDD - ok 10:37:03.0579 2696 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 10:37:03.0579 2696 KSecPkg - ok 10:37:03.0626 2696 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 10:37:03.0626 2696 ksthunk - ok 10:37:03.0657 2696 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 10:37:03.0657 2696 KtmRm - ok 10:37:03.0719 2696 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 10:37:03.0719 2696 L1C - ok 10:37:03.0782 2696 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 10:37:03.0782 2696 LanmanServer - ok 10:37:03.0828 2696 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 10:37:03.0828 2696 LanmanWorkstation - ok 10:37:03.0891 2696 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 10:37:03.0891 2696 lltdio - ok 10:37:03.0938 2696 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 10:37:03.0938 2696 lltdsvc - ok 10:37:03.0953 2696 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 10:37:03.0969 2696 lmhosts - ok 10:37:04.0047 2696 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 10:37:04.0047 2696 LMS - ok 10:37:04.0109 2696 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 10:37:04.0109 2696 LSI_FC - ok 10:37:04.0109 2696 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 10:37:04.0125 2696 LSI_SAS - ok 10:37:04.0125 2696 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 10:37:04.0140 2696 LSI_SAS2 - ok 10:37:04.0140 2696 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 10:37:04.0156 2696 LSI_SCSI - ok 10:37:04.0172 2696 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 10:37:04.0172 2696 luafv - ok 10:37:04.0265 2696 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 10:37:04.0265 2696 MBAMProtector - ok 10:37:04.0390 2696 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 10:37:04.0406 2696 MBAMScheduler - ok 10:37:04.0437 2696 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 10:37:04.0452 2696 MBAMService - ok 10:37:04.0484 2696 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 10:37:04.0499 2696 Mcx2Svc - ok 10:37:04.0515 2696 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 10:37:04.0515 2696 megasas - ok 10:37:04.0562 2696 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 10:37:04.0562 2696 MegaSR - ok 10:37:04.0624 2696 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 10:37:04.0624 2696 MEIx64 - ok 10:37:04.0702 2696 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 10:37:04.0702 2696 Microsoft Office Groove Audit Service - ok 10:37:04.0733 2696 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 10:37:04.0733 2696 MMCSS - ok 10:37:04.0749 2696 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 10:37:04.0749 2696 Modem - ok 10:37:04.0811 2696 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 10:37:04.0811 2696 monitor - ok 10:37:04.0842 2696 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 10:37:04.0842 2696 mouclass - ok 10:37:04.0889 2696 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 10:37:04.0889 2696 mouhid - ok 10:37:04.0936 2696 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 10:37:04.0952 2696 mountmgr - ok 10:37:05.0014 2696 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 10:37:05.0030 2696 MozillaMaintenance - ok 10:37:05.0092 2696 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 10:37:05.0092 2696 MpFilter - ok 10:37:05.0123 2696 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 10:37:05.0123 2696 mpio - ok 10:37:05.0139 2696 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 10:37:05.0154 2696 mpsdrv - ok 10:37:05.0217 2696 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 10:37:05.0232 2696 MpsSvc - ok 10:37:05.0295 2696 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 10:37:05.0310 2696 MRxDAV - ok 10:37:05.0342 2696 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 10:37:05.0342 2696 mrxsmb - ok 10:37:05.0373 2696 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:37:05.0388 2696 mrxsmb10 - ok 10:37:05.0420 2696 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:37:05.0420 2696 mrxsmb20 - ok 10:37:05.0451 2696 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 10:37:05.0451 2696 msahci - ok 10:37:05.0482 2696 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 10:37:05.0482 2696 msdsm - ok 10:37:05.0513 2696 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 10:37:05.0529 2696 MSDTC - ok 10:37:05.0576 2696 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 10:37:05.0591 2696 Msfs - ok 10:37:05.0622 2696 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 10:37:05.0622 2696 mshidkmdf - ok 10:37:05.0654 2696 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 10:37:05.0669 2696 msisadrv - ok 10:37:05.0700 2696 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 10:37:05.0716 2696 MSiSCSI - ok 10:37:05.0716 2696 msiserver - ok 10:37:05.0778 2696 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 10:37:05.0778 2696 MSKSSRV - ok 10:37:05.0872 2696 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 10:37:05.0872 2696 MsMpSvc - ok 10:37:05.0919 2696 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 10:37:05.0919 2696 MSPCLOCK - ok 10:37:05.0934 2696 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 10:37:05.0934 2696 MSPQM - ok 10:37:05.0966 2696 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 10:37:05.0981 2696 MsRPC - ok 10:37:06.0012 2696 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 10:37:06.0012 2696 mssmbios - ok 10:37:06.0044 2696 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 10:37:06.0044 2696 MSTEE - ok 10:37:06.0059 2696 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 10:37:06.0059 2696 MTConfig - ok 10:37:06.0075 2696 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 10:37:06.0075 2696 Mup - ok 10:37:06.0122 2696 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 10:37:06.0137 2696 napagent - ok 10:37:06.0200 2696 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 10:37:06.0215 2696 NativeWifiP - ok 10:37:06.0262 2696 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 10:37:06.0293 2696 NDIS - ok 10:37:06.0340 2696 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 10:37:06.0340 2696 NdisCap - ok 10:37:06.0387 2696 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 10:37:06.0387 2696 NdisTapi - ok 10:37:06.0418 2696 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 10:37:06.0418 2696 Ndisuio - ok 10:37:06.0480 2696 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 10:37:06.0480 2696 NdisWan - ok 10:37:06.0512 2696 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 10:37:06.0527 2696 NDProxy - ok 10:37:06.0558 2696 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 10:37:06.0558 2696 NetBIOS - ok 10:37:06.0605 2696 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 10:37:06.0605 2696 NetBT - ok 10:37:06.0652 2696 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 10:37:06.0668 2696 Netlogon - ok 10:37:06.0714 2696 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 10:37:06.0730 2696 Netman - ok 10:37:06.0761 2696 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 10:37:06.0777 2696 netprofm - ok 10:37:06.0792 2696 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 10:37:06.0808 2696 NetTcpPortSharing - ok 10:37:06.0870 2696 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 10:37:06.0870 2696 nfrd960 - ok 10:37:06.0933 2696 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 10:37:06.0948 2696 NisDrv - ok 10:37:06.0995 2696 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 10:37:07.0011 2696 NisSrv - ok 10:37:07.0073 2696 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 10:37:07.0073 2696 NlaSvc - ok 10:37:07.0120 2696 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 10:37:07.0120 2696 Npfs - ok 10:37:07.0151 2696 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 10:37:07.0151 2696 nsi - ok 10:37:07.0167 2696 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 10:37:07.0167 2696 nsiproxy - ok 10:37:07.0245 2696 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 10:37:07.0276 2696 Ntfs - ok 10:37:07.0307 2696 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 10:37:07.0323 2696 Null - ok 10:37:07.0385 2696 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 10:37:07.0385 2696 nvraid - ok 10:37:07.0416 2696 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 10:37:07.0432 2696 nvstor - ok 10:37:07.0463 2696 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 10:37:07.0463 2696 nv_agp - ok 10:37:07.0557 2696 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 10:37:07.0572 2696 odserv - ok 10:37:07.0604 2696 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 10:37:07.0604 2696 ohci1394 - ok 10:37:07.0650 2696 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:37:07.0666 2696 ose - ok 10:37:07.0713 2696 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 10:37:07.0713 2696 p2pimsvc - ok 10:37:07.0775 2696 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 10:37:07.0791 2696 p2psvc - ok 10:37:07.0822 2696 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 10:37:07.0822 2696 Parport - ok 10:37:07.0853 2696 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 10:37:07.0853 2696 partmgr - ok 10:37:07.0884 2696 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 10:37:07.0884 2696 PcaSvc - ok 10:37:07.0916 2696 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 10:37:07.0916 2696 pci - ok 10:37:07.0978 2696 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 10:37:07.0978 2696 pciide - ok 10:37:08.0009 2696 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 10:37:08.0025 2696 pcmcia - ok 10:37:08.0040 2696 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 10:37:08.0040 2696 pcw - ok 10:37:08.0072 2696 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 10:37:08.0087 2696 PEAUTH - ok 10:37:08.0165 2696 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 10:37:08.0165 2696 PerfHost - ok 10:37:08.0290 2696 [ D0F9F362023BF94CF58A1C3CDBBEBE06 ] PhotoshopElementsDeviceConnect C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe 10:37:08.0290 2696 PhotoshopElementsDeviceConnect - ok 10:37:08.0399 2696 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 10:37:08.0430 2696 pla - ok 10:37:08.0477 2696 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 10:37:08.0493 2696 PlugPlay - ok 10:37:08.0524 2696 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 10:37:08.0524 2696 PNRPAutoReg - ok 10:37:08.0571 2696 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 10:37:08.0586 2696 PNRPsvc - ok 10:37:08.0649 2696 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 10:37:08.0664 2696 PolicyAgent - ok 10:37:08.0696 2696 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 10:37:08.0696 2696 Power - ok 10:37:08.0758 2696 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 10:37:08.0758 2696 PptpMiniport - ok 10:37:08.0789 2696 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 10:37:08.0789 2696 Processor - ok 10:37:08.0820 2696 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 10:37:08.0836 2696 ProfSvc - ok 10:37:08.0852 2696 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 10:37:08.0852 2696 ProtectedStorage - ok 10:37:08.0898 2696 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 10:37:08.0898 2696 Psched - ok 10:37:09.0023 2696 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 10:37:09.0054 2696 ql2300 - ok 10:37:09.0070 2696 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 10:37:09.0086 2696 ql40xx - ok 10:37:09.0117 2696 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 10:37:09.0117 2696 QWAVE - ok 10:37:09.0148 2696 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 10:37:09.0148 2696 QWAVEdrv - ok 10:37:09.0148 2696 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 10:37:09.0148 2696 RasAcd - ok 10:37:09.0210 2696 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 10:37:09.0210 2696 RasAgileVpn - ok 10:37:09.0242 2696 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 10:37:09.0242 2696 RasAuto - ok 10:37:09.0288 2696 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 10:37:09.0288 2696 Rasl2tp - ok 10:37:09.0335 2696 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 10:37:09.0351 2696 RasMan - ok 10:37:09.0366 2696 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 10:37:09.0382 2696 RasPppoe - ok 10:37:09.0444 2696 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 10:37:09.0444 2696 RasSstp - ok 10:37:09.0491 2696 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 10:37:09.0491 2696 rdbss - ok 10:37:09.0507 2696 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 10:37:09.0522 2696 rdpbus - ok 10:37:09.0538 2696 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 10:37:09.0538 2696 RDPCDD - ok 10:37:09.0585 2696 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 10:37:09.0585 2696 RDPENCDD - ok 10:37:09.0600 2696 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 10:37:09.0600 2696 RDPREFMP - ok 10:37:09.0647 2696 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 10:37:09.0647 2696 RDPWD - ok 10:37:09.0710 2696 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 10:37:09.0710 2696 rdyboost - ok 10:37:09.0756 2696 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 10:37:09.0788 2696 RemoteAccess - ok 10:37:09.0819 2696 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 10:37:09.0834 2696 RemoteRegistry - ok 10:37:09.0881 2696 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 10:37:09.0881 2696 RFCOMM - ok 10:37:09.0912 2696 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 10:37:09.0912 2696 RpcEptMapper - ok 10:37:09.0928 2696 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 10:37:09.0944 2696 RpcLocator - ok 10:37:09.0990 2696 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 10:37:09.0990 2696 RpcSs - ok 10:37:10.0053 2696 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 10:37:10.0053 2696 rspndr - ok 10:37:10.0131 2696 [ 25AABB94BB2D59F1CA6101290255D2E8 ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys 10:37:10.0146 2696 RTL8192Ce - ok 10:37:10.0162 2696 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 10:37:10.0178 2696 SamSs - ok 10:37:10.0209 2696 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 10:37:10.0209 2696 sbp2port - ok 10:37:10.0271 2696 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 10:37:10.0271 2696 SCardSvr - ok 10:37:10.0318 2696 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 10:37:10.0318 2696 scfilter - ok 10:37:10.0380 2696 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 10:37:10.0412 2696 Schedule - ok 10:37:10.0443 2696 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 10:37:10.0443 2696 SCPolicySvc - ok 10:37:10.0490 2696 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 10:37:10.0490 2696 SDRSVC - ok 10:37:10.0536 2696 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 10:37:10.0552 2696 secdrv - ok 10:37:10.0583 2696 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 10:37:10.0583 2696 seclogon - ok 10:37:10.0599 2696 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 10:37:10.0614 2696 SENS - ok 10:37:10.0630 2696 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 10:37:10.0630 2696 SensrSvc - ok 10:37:10.0646 2696 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 10:37:10.0646 2696 Serenum - ok 10:37:10.0677 2696 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 10:37:10.0677 2696 Serial - ok 10:37:10.0724 2696 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 10:37:10.0724 2696 sermouse - ok 10:37:10.0770 2696 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 10:37:10.0786 2696 SessionEnv - ok 10:37:10.0802 2696 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 10:37:10.0817 2696 sffdisk - ok 10:37:10.0833 2696 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 10:37:10.0833 2696 sffp_mmc - ok 10:37:10.0864 2696 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 10:37:10.0864 2696 sffp_sd - ok 10:37:10.0895 2696 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 10:37:10.0895 2696 sfloppy - ok 10:37:10.0942 2696 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 10:37:10.0958 2696 SharedAccess - ok 10:37:11.0004 2696 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 10:37:11.0020 2696 ShellHWDetection - ok 10:37:11.0036 2696 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys 10:37:11.0036 2696 SiSGbeLH - ok 10:37:11.0051 2696 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 10:37:11.0051 2696 SiSRaid2 - ok 10:37:11.0067 2696 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 10:37:11.0082 2696 SiSRaid4 - ok 10:37:11.0145 2696 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 10:37:11.0145 2696 SkypeUpdate - ok 10:37:11.0176 2696 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 10:37:11.0176 2696 Smb - ok 10:37:11.0238 2696 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 10:37:11.0238 2696 SNMPTRAP - ok 10:37:11.0348 2696 [ C98375D19F9E9966F6201BAE65FB3728 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys 10:37:11.0379 2696 SNP2UVC - ok 10:37:11.0394 2696 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 10:37:11.0426 2696 spldr - ok 10:37:11.0472 2696 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 10:37:11.0488 2696 Spooler - ok 10:37:11.0613 2696 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 10:37:11.0738 2696 sppsvc - ok 10:37:11.0769 2696 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 10:37:11.0769 2696 sppuinotify - ok 10:37:11.0816 2696 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 10:37:11.0816 2696 srv - ok 10:37:11.0847 2696 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 10:37:11.0847 2696 srv2 - ok 10:37:11.0878 2696 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 10:37:11.0878 2696 srvnet - ok 10:37:11.0925 2696 [ 1612881760C9DF7FBB09B6CF1D3BA0DF ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys 10:37:11.0940 2696 sscdbus - ok 10:37:11.0987 2696 [ D7803A687E85189EA2B525CC22093521 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys 10:37:12.0003 2696 sscdmdfl - ok 10:37:12.0034 2696 [ 06DB3D5EB2444083C7F5AF7874765505 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys 10:37:12.0034 2696 sscdmdm - ok 10:37:12.0065 2696 [ 23EBB395609D9CDB8B1074A12254119B ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys 10:37:12.0081 2696 sscdserd - ok 10:37:12.0128 2696 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 10:37:12.0128 2696 SSDPSRV - ok 10:37:12.0143 2696 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 10:37:12.0159 2696 SstpSvc - ok 10:37:12.0174 2696 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 10:37:12.0190 2696 stexstor - ok 10:37:12.0237 2696 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 10:37:12.0252 2696 stisvc - ok 10:37:12.0284 2696 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 10:37:12.0284 2696 swenum - ok 10:37:12.0330 2696 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 10:37:12.0330 2696 swprv - ok 10:37:12.0424 2696 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 10:37:12.0455 2696 SysMain - ok 10:37:12.0486 2696 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 10:37:12.0502 2696 TabletInputService - ok 10:37:12.0533 2696 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 10:37:12.0549 2696 TapiSrv - ok 10:37:12.0580 2696 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 10:37:12.0580 2696 TBS - ok 10:37:12.0689 2696 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 10:37:12.0720 2696 Tcpip - ok 10:37:12.0798 2696 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 10:37:12.0830 2696 TCPIP6 - ok 10:37:12.0861 2696 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 10:37:12.0861 2696 tcpipreg - ok 10:37:12.0923 2696 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 10:37:12.0923 2696 TDPIPE - ok 10:37:12.0954 2696 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 10:37:12.0954 2696 TDTCP - ok 10:37:13.0001 2696 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 10:37:13.0001 2696 tdx - ok 10:37:13.0032 2696 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 10:37:13.0032 2696 TermDD - ok 10:37:13.0064 2696 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 10:37:13.0079 2696 TermService - ok 10:37:13.0110 2696 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 10:37:13.0126 2696 Themes - ok 10:37:13.0142 2696 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 10:37:13.0142 2696 THREADORDER - ok 10:37:13.0157 2696 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 10:37:13.0173 2696 TrkWks - ok 10:37:13.0235 2696 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 10:37:13.0235 2696 TrustedInstaller - ok 10:37:13.0282 2696 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 10:37:13.0282 2696 tssecsrv - ok 10:37:13.0329 2696 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 10:37:13.0329 2696 TsUsbFlt - ok 10:37:13.0407 2696 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 10:37:13.0407 2696 tunnel - ok 10:37:13.0438 2696 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 10:37:13.0438 2696 uagp35 - ok 10:37:13.0500 2696 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 10:37:13.0516 2696 udfs - ok 10:37:13.0547 2696 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 10:37:13.0547 2696 UI0Detect - ok 10:37:13.0610 2696 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 10:37:13.0610 2696 uliagpkx - ok 10:37:13.0672 2696 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 10:37:13.0672 2696 umbus - ok 10:37:13.0719 2696 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 10:37:13.0719 2696 UmPass - ok 10:37:13.0875 2696 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 10:37:13.0906 2696 UNS - ok 10:37:13.0953 2696 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 10:37:13.0968 2696 upnphost - ok 10:37:14.0015 2696 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 10:37:14.0015 2696 USBAAPL64 - ok 10:37:14.0062 2696 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 10:37:14.0062 2696 usbaudio - ok 10:37:14.0093 2696 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 10:37:14.0093 2696 usbccgp - ok 10:37:14.0140 2696 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 10:37:14.0140 2696 usbcir - ok 10:37:14.0171 2696 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 10:37:14.0171 2696 usbehci - ok 10:37:14.0218 2696 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 10:37:14.0218 2696 usbhub - ok 10:37:14.0249 2696 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 10:37:14.0265 2696 usbohci - ok 10:37:14.0312 2696 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 10:37:14.0312 2696 usbprint - ok 10:37:14.0343 2696 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 10:37:14.0343 2696 usbscan - ok 10:37:14.0358 2696 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:37:14.0358 2696 USBSTOR - ok 10:37:14.0374 2696 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 10:37:14.0374 2696 usbuhci - ok 10:37:14.0436 2696 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 10:37:14.0436 2696 usbvideo - ok 10:37:14.0483 2696 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 10:37:14.0499 2696 UxSms - ok 10:37:14.0530 2696 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 10:37:14.0530 2696 VaultSvc - ok 10:37:14.0592 2696 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 10:37:14.0592 2696 vdrvroot - ok 10:37:14.0639 2696 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 10:37:14.0655 2696 vds - ok 10:37:14.0702 2696 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 10:37:14.0717 2696 vga - ok 10:37:14.0733 2696 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 10:37:14.0733 2696 VgaSave - ok 10:37:14.0764 2696 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 10:37:14.0764 2696 vhdmp - ok 10:37:14.0795 2696 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 10:37:14.0811 2696 viaide - ok 10:37:14.0842 2696 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 10:37:14.0842 2696 volmgr - ok 10:37:14.0904 2696 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 10:37:14.0904 2696 volmgrx - ok 10:37:14.0936 2696 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 10:37:14.0951 2696 volsnap - ok 10:37:15.0029 2696 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 10:37:15.0029 2696 vsmraid - ok 10:37:15.0123 2696 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 10:37:15.0154 2696 VSS - ok 10:37:15.0185 2696 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 10:37:15.0185 2696 vwifibus - ok 10:37:15.0216 2696 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 10:37:15.0216 2696 vwififlt - ok 10:37:15.0279 2696 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 10:37:15.0294 2696 W32Time - ok 10:37:15.0326 2696 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 10:37:15.0326 2696 WacomPen - ok 10:37:15.0388 2696 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 10:37:15.0388 2696 WANARP - ok 10:37:15.0404 2696 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 10:37:15.0404 2696 Wanarpv6 - ok 10:37:15.0513 2696 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 10:37:15.0544 2696 WatAdminSvc - ok 10:37:15.0622 2696 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 10:37:15.0653 2696 wbengine - ok 10:37:15.0684 2696 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 10:37:15.0684 2696 WbioSrvc - ok 10:37:15.0747 2696 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 10:37:15.0747 2696 wcncsvc - ok 10:37:15.0778 2696 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 10:37:15.0778 2696 WcsPlugInService - ok 10:37:15.0809 2696 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 10:37:15.0809 2696 Wd - ok 10:37:15.0856 2696 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 10:37:15.0872 2696 Wdf01000 - ok 10:37:15.0872 2696 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 10:37:15.0887 2696 WdiServiceHost - ok 10:37:15.0887 2696 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 10:37:15.0903 2696 WdiSystemHost - ok 10:37:15.0934 2696 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 10:37:15.0950 2696 WebClient - ok 10:37:15.0981 2696 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 10:37:15.0996 2696 Wecsvc - ok 10:37:16.0012 2696 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 10:37:16.0012 2696 wercplsupport - ok 10:37:16.0059 2696 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 10:37:16.0059 2696 WerSvc - ok 10:37:16.0090 2696 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 10:37:16.0090 2696 WfpLwf - ok 10:37:16.0152 2696 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 10:37:16.0152 2696 WimFltr - ok 10:37:16.0168 2696 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 10:37:16.0184 2696 WIMMount - ok 10:37:16.0199 2696 WinDefend - ok 10:37:16.0215 2696 WinHttpAutoProxySvc - ok 10:37:16.0277 2696 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 10:37:16.0277 2696 Winmgmt - ok 10:37:16.0386 2696 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 10:37:16.0418 2696 WinRM - ok 10:37:16.0511 2696 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 10:37:16.0511 2696 WinUsb - ok 10:37:16.0605 2696 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 10:37:16.0620 2696 Wlansvc - ok 10:37:16.0714 2696 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 10:37:16.0714 2696 wlcrasvc - ok 10:37:16.0808 2696 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 10:37:16.0854 2696 wlidsvc - ok 10:37:16.0901 2696 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 10:37:16.0901 2696 WmiAcpi - ok 10:37:16.0948 2696 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 10:37:16.0948 2696 wmiApSrv - ok 10:37:16.0979 2696 WMPNetworkSvc - ok 10:37:17.0010 2696 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 10:37:17.0026 2696 WPCSvc - ok 10:37:17.0073 2696 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 10:37:17.0073 2696 WPDBusEnum - ok 10:37:17.0104 2696 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 10:37:17.0104 2696 ws2ifsl - ok 10:37:17.0135 2696 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 10:37:17.0135 2696 wscsvc - ok 10:37:17.0135 2696 WSearch - ok 10:37:17.0260 2696 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 10:37:17.0307 2696 wuauserv - ok 10:37:17.0338 2696 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 10:37:17.0338 2696 WudfPf - ok 10:37:17.0385 2696 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 10:37:17.0400 2696 WUDFRd - ok 10:37:17.0432 2696 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 10:37:17.0447 2696 wudfsvc - ok 10:37:17.0478 2696 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 10:37:17.0478 2696 WwanSvc - ok 10:37:17.0525 2696 ================ Scan global =============================== 10:37:17.0556 2696 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 10:37:17.0603 2696 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 10:37:17.0619 2696 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 10:37:17.0650 2696 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 10:37:17.0697 2696 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 10:37:17.0712 2696 [Global] - ok 10:37:17.0712 2696 ================ Scan MBR ================================== 10:37:17.0712 2696 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 10:37:17.0712 2696 Suspicious mbr (Forged): \Device\Harddisk0\DR0 10:37:17.0775 2696 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 10:37:17.0775 2696 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 10:37:17.0775 2696 ================ Scan VBR ================================== 10:37:17.0775 2696 [ 2A57E7637956AB4F66B50A01D8C310E0 ] \Device\Harddisk0\DR0\Partition1 10:37:17.0775 2696 \Device\Harddisk0\DR0\Partition1 - ok 10:37:17.0806 2696 [ A9DC61F490CCF928793631B231721B7D ] \Device\Harddisk0\DR0\Partition2 10:37:17.0853 2696 \Device\Harddisk0\DR0\Partition2 - ok 10:37:17.0853 2696 ============================================================ 10:37:17.0853 2696 Scan finished 10:37:17.0853 2696 ============================================================ 10:37:17.0884 0940 Detected object count: 1 10:37:17.0884 0940 Actual detected object count: 1 10:37:58.0679 0940 \Device\Harddisk0\DR0\# - copied to quarantine 10:37:58.0882 0940 \Device\Harddisk0\DR0 - copied to quarantine 10:38:05.0996 0940 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 10:38:06.0120 0940 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 10:38:06.0242 0940 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 10:38:06.0302 0940 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 10:38:06.0372 0940 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 10:38:09.0753 0940 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 10:38:09.0833 0940 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 10:38:09.0843 0940 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 10:38:09.0853 0940 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 10:38:10.0413 0940 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 10:38:10.0533 0940 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 10:38:10.0563 0940 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 10:38:10.0573 0940 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 10:38:10.0803 0940 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 10:38:10.0823 0940 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 10:38:11.0093 0940 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 10:38:11.0103 0940 \Device\Harddisk0\DR0 - ok 10:38:11.0183 0940 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure Here is the ComboFix log: ComboFix 12-09-27.03 - Murdock 09/28/2012 10:58:17.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3874.2538 [GMT -5:00] Running from: c:\users\Murdock\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 ))))))))))))))))))))))))))))))) . . 2012-09-28 16:08 . 2012-09-28 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-28 15:40 . 2012-09-28 15:40 35664 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0622623-079C-405F-957F-6D7D77BDD764}\MpKsl8b429888.sys 2012-09-28 15:38 . 2012-09-28 15:38 208216 ----a-w- c:\windows\system32\drivers\66810697.sys 2012-09-28 15:37 . 2012-09-28 15:37 -------- d-----w- C:\TDSSKiller_Quarantine 2012-09-28 15:27 . 2012-09-28 15:40 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0622623-079C-405F-957F-6D7D77BDD764}\offreg.dll 2012-09-28 01:30 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0622623-079C-405F-957F-6D7D77BDD764}\mpengine.dll 2012-09-26 02:41 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-25 02:46 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-22 19:43 . 2012-09-22 19:43 -------- d-----w- c:\users\Murdock\AppData\Roaming\Malwarebytes 2012-09-22 19:38 . 2012-09-22 19:38 -------- d-----w- c:\programdata\Malwarebytes 2012-09-22 19:38 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-22 19:38 . 2012-09-22 19:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-22 04:05 . 2012-08-24 10:21 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-09-19 20:18 . 2012-08-28 06:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58D562F8-6F52-4418-8A25-3CF47F4C5DD1}\mpengine.dll 2012-09-17 07:16 . 2012-09-22 23:05 -------- d-----w- c:\windows\Microsoft Antimalware 2012-09-14 19:49 . 2012-09-14 19:49 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-09-14 19:48 . 2012-09-14 19:49 -------- d-----r- c:\program files (x86)\Skype 2012-09-12 15:16 . 2012-02-11 01:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06247F73-5B9A-46DA-828D-7DD2260E63E5}\gapaengine.dll 2012-09-12 14:31 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-12 14:31 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-12 14:31 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 14:31 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 14:31 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-12 14:31 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 14:31 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-01 02:44 . 2012-09-01 02:44 -------- d-----w- C:\MATS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-28 15:40 . 2011-09-13 17:42 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-09-21 03:00 . 2012-04-02 04:34 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-21 03:00 . 2011-09-29 04:08 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-12 14:32 . 2011-09-22 00:07 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-07-18 18:15 . 2012-08-15 00:05 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-06 20:07 . 2012-08-16 02:08 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-07-04 22:16 . 2012-08-15 00:06 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-07-04 22:13 . 2012-08-15 00:06 136704 ----a-w- c:\windows\system32\browser.dll 2012-07-04 22:13 . 2012-08-15 00:06 59392 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 21:14 . 2012-08-15 00:06 41984 ----a-w- c:\windows\SysWow64\browcli.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Spotify Web Helper"="c:\users\Murdock\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-28 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664] AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-2-3 549040] FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-9-21 12862] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R0 38600536;38600536;c:\windows\system32\drivers\66810697.sys [2012-09-28 208216] R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-03-18 74840] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-22 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 MpKsl8b429888;MpKsl8b429888;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0622623-079C-405F-957F-6D7D77BDD764}\MpKsl8b429888.sys [2012-09-28 35664] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-11-23 1103976] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL8B429888 . Contents of the 'Scheduled Tasks' folder . 2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 03:00] . 2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051550082-882093396-715400175-1001Core.job - c:\users\Murdock\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 03:56] . 2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051550082-882093396-715400175-1001UA.job - c:\users\Murdock\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 03:56] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904] "snp2uvc"="c:\windows\vsnp2uvc.exe" [2010-01-21 909824] "LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-28 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-28 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-28 416024] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{6C243FF1-705F-4545-B908-2A6942263D97}\44169737F594E6E6: NameServer = 4.2.2.0,4.2.2.2 DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://r6mail2.r06tok.epa.gov/dwa85W.cab FF - ProfilePath - c:\users\Murdock\AppData\Roaming\Mozilla\Firefox\Profiles\j7peecky.default\ FF - prefs.js: browser.search.selectedEngine - YouTube Video Search . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-Syncables - c:\program files (x86)\syncables\syncables desktop\Syncables.exe SafeBoot-38600536.sys Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11, d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63, 57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:34,ca,a4,4b,ce,78,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-09-28 11:16:33 ComboFix-quarantined-files.txt 2012-09-28 16:16 . Pre-Run: 56,365,846,528 bytes free Post-Run: 56,538,832,896 bytes free . - - End Of File - - 16A3B8BE235A72EFC1FD96877FA12FF4
  24. bennegesserit
    Thank you for your prompt reply. Here is the log: 09:13:49.0754 5604 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 09:13:50.0269 5604 ============================================================ 09:13:50.0269 5604 Current date / time: 2012/09/28 09:13:50.0269 09:13:50.0269 5604 SystemInfo: 09:13:50.0269 5604 09:13:50.0269 5604 OS Version: 6.1.7601 ServicePack: 1.0 09:13:50.0269 5604 Product type: Workstation 09:13:50.0269 5604 ComputerName: ASUS-NOTEBOOK 09:13:50.0269 5604 UserName: Murdock 09:13:50.0269 5604 Windows directory: C:\Windows 09:13:50.0269 5604 System windows directory: C:\Windows 09:13:50.0269 5604 Running under WOW64 09:13:50.0269 5604 Processor architecture: Intel x64 09:13:50.0269 5604 Number of processors: 2 09:13:50.0269 5604 Page size: 0x1000 09:13:50.0269 5604 Boot type: Normal boot 09:13:50.0269 5604 ============================================================ 09:13:55.0651 5604 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 09:13:55.0666 5604 ============================================================ 09:13:55.0666 5604 \Device\Harddisk0\DR0: 09:13:55.0666 5604 MBR partitions: 09:13:55.0666 5604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0xFA0E000 09:13:55.0698 5604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12C0F000, BlocksNum 0x1281F000 09:13:55.0698 5604 ============================================================ 09:13:55.0744 5604 C: <-> \Device\Harddisk0\DR0\Partition1 09:13:55.0776 5604 D: <-> \Device\Harddisk0\DR0\Partition2 09:13:55.0776 5604 ============================================================ 09:13:55.0776 5604 Initialize success 09:13:55.0776 5604 ============================================================ 09:13:58.0116 4852 ============================================================ 09:13:58.0116 4852 Scan started 09:13:58.0116 4852 Mode: Manual; 09:13:58.0116 4852 ============================================================ 09:13:58.0334 4852 ================ Scan system memory ======================== 09:13:58.0334 4852 System memory - ok 09:13:58.0334 4852 ================ Scan services ============================= 09:13:58.0568 4852 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 09:13:58.0568 4852 1394ohci - ok 09:13:58.0630 4852 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 09:13:58.0646 4852 ACPI - ok 09:13:58.0693 4852 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 09:13:58.0693 4852 AcpiPmi - ok 09:13:58.0802 4852 [ E42F7B36B4D8866184E8DF9776CA4226 ] AdobeActiveFileMonitor C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe 09:13:58.0802 4852 AdobeActiveFileMonitor - ok 09:13:58.0896 4852 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 09:13:58.0896 4852 AdobeARMservice - ok 09:13:59.0052 4852 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 09:13:59.0067 4852 AdobeFlashPlayerUpdateSvc - ok 09:13:59.0130 4852 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 09:13:59.0145 4852 adp94xx - ok 09:13:59.0176 4852 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 09:13:59.0176 4852 adpahci - ok 09:13:59.0208 4852 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 09:13:59.0208 4852 adpu320 - ok 09:13:59.0254 4852 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 09:13:59.0254 4852 AeLookupSvc - ok 09:13:59.0286 4852 [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent C:\Windows\system32\FBAgent.exe 09:13:59.0301 4852 AFBAgent - ok 09:13:59.0364 4852 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 09:13:59.0364 4852 AFD - ok 09:13:59.0426 4852 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 09:13:59.0426 4852 agp440 - ok 09:13:59.0473 4852 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 09:13:59.0473 4852 ALG - ok 09:13:59.0535 4852 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 09:13:59.0535 4852 aliide - ok 09:13:59.0566 4852 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 09:13:59.0566 4852 amdide - ok 09:13:59.0598 4852 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 09:13:59.0598 4852 AmdK8 - ok 09:13:59.0598 4852 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 09:13:59.0598 4852 AmdPPM - ok 09:13:59.0676 4852 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 09:13:59.0676 4852 amdsata - ok 09:13:59.0707 4852 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 09:13:59.0707 4852 amdsbs - ok 09:13:59.0738 4852 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 09:13:59.0738 4852 amdxata - ok 09:13:59.0800 4852 [ 92A848F962DA91C631147D566414BB7E ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS 09:13:59.0816 4852 AmUStor - ok 09:13:59.0878 4852 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 09:13:59.0878 4852 AppID - ok 09:13:59.0925 4852 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 09:13:59.0925 4852 AppIDSvc - ok 09:13:59.0972 4852 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 09:13:59.0972 4852 Appinfo - ok 09:14:00.0081 4852 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 09:14:00.0097 4852 Apple Mobile Device - ok 09:14:00.0144 4852 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 09:14:00.0144 4852 arc - ok 09:14:00.0144 4852 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 09:14:00.0159 4852 arcsas - ok 09:14:00.0206 4852 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe 09:14:00.0206 4852 ASLDRService - ok 09:14:00.0237 4852 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 09:14:00.0253 4852 ASMMAP64 - ok 09:14:00.0284 4852 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 09:14:00.0300 4852 AsyncMac - ok 09:14:00.0331 4852 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 09:14:00.0331 4852 atapi - ok 09:14:00.0393 4852 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys 09:14:00.0424 4852 athr - ok 09:14:00.0456 4852 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 09:14:00.0456 4852 ATKGFNEXSrv - ok 09:14:00.0502 4852 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 09:14:00.0502 4852 ATKWMIACPIIO - ok 09:14:00.0565 4852 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 09:14:00.0580 4852 AudioEndpointBuilder - ok 09:14:00.0612 4852 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 09:14:00.0612 4852 AudioSrv - ok 09:14:00.0674 4852 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 09:14:00.0674 4852 AxInstSV - ok 09:14:00.0736 4852 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 09:14:00.0736 4852 b06bdrv - ok 09:14:00.0799 4852 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 09:14:00.0799 4852 b57nd60a - ok 09:14:00.0861 4852 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 09:14:00.0877 4852 BDESVC - ok 09:14:00.0924 4852 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 09:14:00.0924 4852 Beep - ok 09:14:01.0002 4852 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 09:14:01.0017 4852 BFE - ok 09:14:01.0048 4852 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 09:14:01.0064 4852 BITS - ok 09:14:01.0111 4852 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 09:14:01.0111 4852 blbdrive - ok 09:14:01.0220 4852 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 09:14:01.0220 4852 Bonjour Service - ok 09:14:01.0282 4852 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 09:14:01.0282 4852 bowser - ok 09:14:01.0329 4852 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 09:14:01.0329 4852 BrFiltLo - ok 09:14:01.0360 4852 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 09:14:01.0360 4852 BrFiltUp - ok 09:14:01.0407 4852 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 09:14:01.0423 4852 Browser - ok 09:14:01.0454 4852 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 09:14:01.0454 4852 Brserid - ok 09:14:01.0470 4852 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 09:14:01.0470 4852 BrSerWdm - ok 09:14:01.0470 4852 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 09:14:01.0485 4852 BrUsbMdm - ok 09:14:01.0485 4852 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 09:14:01.0485 4852 BrUsbSer - ok 09:14:01.0548 4852 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 09:14:01.0548 4852 BthEnum - ok 09:14:01.0579 4852 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 09:14:01.0594 4852 BTHMODEM - ok 09:14:01.0594 4852 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 09:14:01.0594 4852 BthPan - ok 09:14:01.0641 4852 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 09:14:01.0657 4852 BTHPORT - ok 09:14:01.0704 4852 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 09:14:01.0704 4852 bthserv - ok 09:14:01.0735 4852 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 09:14:01.0750 4852 BTHUSB - ok 09:14:01.0782 4852 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 09:14:01.0782 4852 cdfs - ok 09:14:01.0844 4852 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 09:14:01.0844 4852 cdrom - ok 09:14:01.0891 4852 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 09:14:01.0906 4852 CertPropSvc - ok 09:14:01.0938 4852 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 09:14:01.0938 4852 circlass - ok 09:14:02.0000 4852 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 09:14:02.0000 4852 CLFS - ok 09:14:02.0062 4852 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:14:02.0062 4852 clr_optimization_v2.0.50727_32 - ok 09:14:02.0125 4852 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 09:14:02.0125 4852 clr_optimization_v2.0.50727_64 - ok 09:14:02.0203 4852 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:14:02.0203 4852 clr_optimization_v4.0.30319_32 - ok 09:14:02.0265 4852 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 09:14:02.0265 4852 clr_optimization_v4.0.30319_64 - ok 09:14:02.0328 4852 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 09:14:02.0328 4852 CmBatt - ok 09:14:02.0359 4852 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 09:14:02.0359 4852 cmdide - ok 09:14:02.0421 4852 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 09:14:02.0437 4852 CNG - ok 09:14:02.0499 4852 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 09:14:02.0499 4852 Compbatt - ok 09:14:02.0562 4852 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 09:14:02.0562 4852 CompositeBus - ok 09:14:02.0593 4852 COMSysApp - ok 09:14:02.0608 4852 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 09:14:02.0608 4852 crcdisk - ok 09:14:02.0655 4852 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 09:14:02.0655 4852 CryptSvc - ok 09:14:02.0718 4852 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 09:14:02.0733 4852 DcomLaunch - ok 09:14:02.0780 4852 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 09:14:02.0780 4852 defragsvc - ok 09:14:02.0827 4852 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 09:14:02.0842 4852 DfsC - ok 09:14:02.0905 4852 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 09:14:02.0905 4852 Dhcp - ok 09:14:02.0936 4852 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 09:14:02.0936 4852 discache - ok 09:14:02.0983 4852 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 09:14:02.0998 4852 Disk - ok 09:14:03.0030 4852 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 09:14:03.0030 4852 Dnscache - ok 09:14:03.0061 4852 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 09:14:03.0076 4852 dot3svc - ok 09:14:03.0108 4852 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 09:14:03.0139 4852 DPS - ok 09:14:03.0186 4852 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 09:14:03.0186 4852 drmkaud - ok 09:14:03.0248 4852 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 09:14:03.0264 4852 DXGKrnl - ok 09:14:03.0310 4852 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 09:14:03.0310 4852 EapHost - ok 09:14:03.0420 4852 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 09:14:03.0529 4852 ebdrv - ok 09:14:03.0544 4852 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 09:14:03.0560 4852 EFS - ok 09:14:03.0700 4852 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 09:14:03.0700 4852 ehRecvr - ok 09:14:03.0732 4852 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 09:14:03.0747 4852 ehSched - ok 09:14:03.0825 4852 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 09:14:03.0841 4852 elxstor - ok 09:14:03.0872 4852 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 09:14:03.0872 4852 ErrDev - ok 09:14:03.0934 4852 [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys 09:14:03.0934 4852 ETD - ok 09:14:03.0997 4852 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 09:14:04.0012 4852 EventSystem - ok 09:14:04.0075 4852 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 09:14:04.0075 4852 exfat - ok 09:14:04.0106 4852 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 09:14:04.0122 4852 fastfat - ok 09:14:04.0200 4852 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 09:14:04.0215 4852 Fax - ok 09:14:04.0231 4852 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 09:14:04.0231 4852 fdc - ok 09:14:04.0293 4852 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 09:14:04.0293 4852 fdPHost - ok 09:14:04.0309 4852 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 09:14:04.0309 4852 FDResPub - ok 09:14:04.0371 4852 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 09:14:04.0371 4852 FileInfo - ok 09:14:04.0387 4852 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 09:14:04.0402 4852 Filetrace - ok 09:14:04.0418 4852 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 09:14:04.0418 4852 flpydisk - ok 09:14:04.0465 4852 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 09:14:04.0480 4852 FltMgr - ok 09:14:04.0527 4852 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 09:14:04.0558 4852 FontCache - ok 09:14:04.0605 4852 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 09:14:04.0605 4852 FontCache3.0.0.0 - ok 09:14:04.0652 4852 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 09:14:04.0652 4852 FsDepends - ok 09:14:04.0699 4852 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 09:14:04.0699 4852 fssfltr - ok 09:14:04.0808 4852 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 09:14:04.0839 4852 fsssvc - ok 09:14:04.0870 4852 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 09:14:04.0870 4852 Fs_Rec - ok 09:14:04.0902 4852 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 09:14:04.0917 4852 fvevol - ok 09:14:04.0964 4852 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 09:14:04.0964 4852 gagp30kx - ok 09:14:05.0011 4852 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 09:14:05.0011 4852 GEARAspiWDM - ok 09:14:05.0058 4852 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 09:14:05.0073 4852 gpsvc - ok 09:14:05.0104 4852 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 09:14:05.0104 4852 hcw85cir - ok 09:14:05.0151 4852 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 09:14:05.0167 4852 HdAudAddService - ok 09:14:05.0214 4852 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 09:14:05.0214 4852 HDAudBus - ok 09:14:05.0245 4852 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 09:14:05.0245 4852 HidBatt - ok 09:14:05.0260 4852 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 09:14:05.0260 4852 HidBth - ok 09:14:05.0307 4852 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 09:14:05.0307 4852 HidIr - ok 09:14:05.0338 4852 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 09:14:05.0338 4852 hidserv - ok 09:14:05.0401 4852 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 09:14:05.0401 4852 HidUsb - ok 09:14:05.0432 4852 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 09:14:05.0432 4852 hkmsvc - ok 09:14:05.0479 4852 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 09:14:05.0479 4852 HomeGroupListener - ok 09:14:05.0526 4852 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 09:14:05.0526 4852 HomeGroupProvider - ok 09:14:05.0557 4852 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 09:14:05.0557 4852 HpSAMD - ok 09:14:05.0635 4852 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 09:14:05.0650 4852 HTTP - ok 09:14:05.0682 4852 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 09:14:05.0682 4852 hwpolicy - ok 09:14:05.0760 4852 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 09:14:05.0760 4852 i8042prt - ok 09:14:05.0838 4852 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 09:14:05.0853 4852 iaStor - ok 09:14:05.0916 4852 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 09:14:05.0916 4852 iaStorV - ok 09:14:05.0994 4852 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 09:14:06.0009 4852 idsvc - ok 09:14:06.0430 4852 [ 10BB0DC3361C9420CC1B0B2128BB89DB ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 09:14:06.0820 4852 igfx - ok 09:14:06.0945 4852 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 09:14:06.0945 4852 iirsp - ok 09:14:07.0008 4852 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 09:14:07.0023 4852 IKEEXT - ok 09:14:07.0148 4852 [ 02C93EBAA4421418411448FE7FDFD815 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 09:14:07.0195 4852 IntcAzAudAddService - ok 09:14:07.0257 4852 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 09:14:07.0273 4852 IntcDAud - ok 09:14:07.0304 4852 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 09:14:07.0304 4852 intelide - ok 09:14:07.0351 4852 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 09:14:07.0351 4852 intelppm - ok 09:14:07.0398 4852 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 09:14:07.0398 4852 IPBusEnum - ok 09:14:07.0444 4852 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 09:14:07.0444 4852 IpFilterDriver - ok 09:14:07.0522 4852 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 09:14:07.0522 4852 iphlpsvc - ok 09:14:07.0569 4852 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 09:14:07.0569 4852 IPMIDRV - ok 09:14:07.0600 4852 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 09:14:07.0616 4852 IPNAT - ok 09:14:07.0694 4852 [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 09:14:07.0710 4852 iPod Service - ok 09:14:07.0772 4852 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 09:14:07.0772 4852 IRENUM - ok 09:14:07.0803 4852 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 09:14:07.0803 4852 isapnp - ok 09:14:07.0866 4852 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 09:14:07.0866 4852 iScsiPrt - ok 09:14:07.0897 4852 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 09:14:07.0897 4852 kbdclass - ok 09:14:07.0944 4852 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 09:14:07.0944 4852 kbdhid - ok 09:14:07.0990 4852 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys 09:14:07.0990 4852 kbfiltr - ok 09:14:08.0037 4852 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 09:14:08.0037 4852 KeyIso - ok 09:14:08.0068 4852 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 09:14:08.0068 4852 KSecDD - ok 09:14:08.0115 4852 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 09:14:08.0115 4852 KSecPkg - ok 09:14:08.0146 4852 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 09:14:08.0146 4852 ksthunk - ok 09:14:08.0193 4852 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 09:14:08.0193 4852 KtmRm - ok 09:14:08.0240 4852 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 09:14:08.0240 4852 L1C - ok 09:14:08.0318 4852 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 09:14:08.0334 4852 LanmanServer - ok 09:14:08.0365 4852 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 09:14:08.0380 4852 LanmanWorkstation - ok 09:14:08.0427 4852 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 09:14:08.0427 4852 lltdio - ok 09:14:08.0474 4852 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 09:14:08.0474 4852 lltdsvc - ok 09:14:08.0521 4852 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 09:14:08.0521 4852 lmhosts - ok 09:14:08.0599 4852 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 09:14:08.0599 4852 LMS - ok 09:14:08.0661 4852 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 09:14:08.0661 4852 LSI_FC - ok 09:14:08.0677 4852 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 09:14:08.0677 4852 LSI_SAS - ok 09:14:08.0692 4852 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 09:14:08.0692 4852 LSI_SAS2 - ok 09:14:08.0708 4852 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 09:14:08.0708 4852 LSI_SCSI - ok 09:14:08.0724 4852 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 09:14:08.0724 4852 luafv - ok 09:14:08.0802 4852 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 09:14:08.0802 4852 MBAMProtector - ok 09:14:08.0926 4852 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 09:14:08.0926 4852 MBAMScheduler - ok 09:14:08.0973 4852 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 09:14:08.0973 4852 MBAMService - ok 09:14:09.0004 4852 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 09:14:09.0020 4852 Mcx2Svc - ok 09:14:09.0036 4852 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 09:14:09.0036 4852 megasas - ok 09:14:09.0082 4852 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 09:14:09.0082 4852 MegaSR - ok 09:14:09.0129 4852 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 09:14:09.0129 4852 MEIx64 - ok 09:14:09.0223 4852 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 09:14:09.0223 4852 Microsoft Office Groove Audit Service - ok 09:14:09.0254 4852 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 09:14:09.0254 4852 MMCSS - ok 09:14:09.0270 4852 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 09:14:09.0270 4852 Modem - ok 09:14:09.0332 4852 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 09:14:09.0332 4852 monitor - ok 09:14:09.0363 4852 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 09:14:09.0379 4852 mouclass - ok 09:14:09.0410 4852 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 09:14:09.0410 4852 mouhid - ok 09:14:09.0472 4852 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 09:14:09.0472 4852 mountmgr - ok 09:14:09.0535 4852 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 09:14:09.0535 4852 MozillaMaintenance - ok 09:14:09.0597 4852 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 09:14:09.0597 4852 MpFilter - ok 09:14:09.0628 4852 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 09:14:09.0628 4852 mpio - ok 09:14:09.0800 4852 [ 0EBB390B7AEEC45EC061D9870A34FD42 ] MpKsl475aa156 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0622623-079C-405F-957F-6D7D77BDD764}\MpKsl475aa156.sys 09:14:09.0800 4852 MpKsl475aa156 - ok 09:14:09.0831 4852 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 09:14:09.0847 4852 mpsdrv - ok 09:14:09.0894 4852 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 09:14:09.0909 4852 MpsSvc - ok 09:14:09.0956 4852 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 09:14:09.0956 4852 MRxDAV - ok 09:14:10.0003 4852 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 09:14:10.0003 4852 mrxsmb - ok 09:14:10.0034 4852 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 09:14:10.0034 4852 mrxsmb10 - ok 09:14:10.0081 4852 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 09:14:10.0081 4852 mrxsmb20 - ok 09:14:10.0112 4852 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 09:14:10.0112 4852 msahci - ok 09:14:10.0143 4852 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 09:14:10.0143 4852 msdsm - ok 09:14:10.0174 4852 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 09:14:10.0174 4852 MSDTC - ok 09:14:10.0237 4852 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 09:14:10.0237 4852 Msfs - ok 09:14:10.0284 4852 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 09:14:10.0284 4852 mshidkmdf - ok 09:14:10.0315 4852 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 09:14:10.0315 4852 msisadrv - ok 09:14:10.0362 4852 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 09:14:10.0377 4852 MSiSCSI - ok 09:14:10.0377 4852 msiserver - ok 09:14:10.0440 4852 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 09:14:10.0440 4852 MSKSSRV - ok 09:14:10.0533 4852 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 09:14:10.0533 4852 MsMpSvc - ok 09:14:10.0580 4852 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 09:14:10.0580 4852 MSPCLOCK - ok 09:14:10.0596 4852 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 09:14:10.0596 4852 MSPQM - ok 09:14:10.0627 4852 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 09:14:10.0642 4852 MsRPC - ok 09:14:10.0674 4852 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 09:14:10.0674 4852 mssmbios - ok 09:14:10.0705 4852 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 09:14:10.0705 4852 MSTEE - ok 09:14:10.0705 4852 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 09:14:10.0705 4852 MTConfig - ok 09:14:10.0736 4852 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 09:14:10.0736 4852 Mup - ok 09:14:10.0783 4852 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 09:14:10.0798 4852 napagent - ok 09:14:10.0876 4852 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 09:14:10.0876 4852 NativeWifiP - ok 09:14:10.0939 4852 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 09:14:10.0954 4852 NDIS - ok 09:14:10.0986 4852 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 09:14:11.0001 4852 NdisCap - ok 09:14:11.0048 4852 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 09:14:11.0048 4852 NdisTapi - ok 09:14:11.0095 4852 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 09:14:11.0095 4852 Ndisuio - ok 09:14:11.0142 4852 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 09:14:11.0157 4852 NdisWan - ok 09:14:11.0188 4852 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 09:14:11.0188 4852 NDProxy - ok 09:14:11.0235 4852 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 09:14:11.0235 4852 NetBIOS - ok 09:14:11.0266 4852 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 09:14:11.0282 4852 NetBT - ok 09:14:11.0313 4852 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 09:14:11.0313 4852 Netlogon - ok 09:14:11.0391 4852 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 09:14:11.0391 4852 Netman - ok 09:14:11.0469 4852 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 09:14:11.0469 4852 netprofm - ok 09:14:11.0500 4852 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 09:14:11.0500 4852 NetTcpPortSharing - ok 09:14:11.0563 4852 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 09:14:11.0563 4852 nfrd960 - ok 09:14:11.0625 4852 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 09:14:11.0641 4852 NisDrv - ok 09:14:11.0734 4852 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 09:14:11.0734 4852 NisSrv - ok 09:14:11.0797 4852 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 09:14:11.0812 4852 NlaSvc - ok 09:14:11.0844 4852 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 09:14:11.0859 4852 Npfs - ok 09:14:11.0875 4852 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 09:14:11.0890 4852 nsi - ok 09:14:11.0906 4852 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 09:14:11.0906 4852 nsiproxy - ok 09:14:11.0984 4852 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 09:14:12.0015 4852 Ntfs - ok 09:14:12.0031 4852 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 09:14:12.0046 4852 Null - ok 09:14:12.0109 4852 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 09:14:12.0109 4852 nvraid - ok 09:14:12.0140 4852 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 09:14:12.0156 4852 nvstor - ok 09:14:12.0187 4852 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 09:14:12.0202 4852 nv_agp - ok 09:14:12.0280 4852 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 09:14:12.0296 4852 odserv - ok 09:14:12.0327 4852 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 09:14:12.0327 4852 ohci1394 - ok 09:14:12.0405 4852 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 09:14:12.0405 4852 ose - ok 09:14:12.0452 4852 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 09:14:12.0468 4852 p2pimsvc - ok 09:14:12.0514 4852 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 09:14:12.0514 4852 p2psvc - ok 09:14:12.0546 4852 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 09:14:12.0546 4852 Parport - ok 09:14:12.0577 4852 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 09:14:12.0577 4852 partmgr - ok 09:14:12.0608 4852 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 09:14:12.0624 4852 PcaSvc - ok 09:14:12.0639 4852 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 09:14:12.0639 4852 pci - ok 09:14:12.0686 4852 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 09:14:12.0686 4852 pciide - ok 09:14:12.0717 4852 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 09:14:12.0717 4852 pcmcia - ok 09:14:12.0733 4852 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 09:14:12.0748 4852 pcw - ok 09:14:12.0780 4852 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 09:14:12.0780 4852 PEAUTH - ok 09:14:12.0842 4852 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 09:14:12.0858 4852 PerfHost - ok 09:14:12.0951 4852 [ D0F9F362023BF94CF58A1C3CDBBEBE06 ] PhotoshopElementsDeviceConnect C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe 09:14:12.0951 4852 PhotoshopElementsDeviceConnect - ok 09:14:13.0123 4852 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 09:14:13.0154 4852 pla - ok 09:14:13.0201 4852 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 09:14:13.0216 4852 PlugPlay - ok 09:14:13.0232 4852 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 09:14:13.0248 4852 PNRPAutoReg - ok 09:14:13.0263 4852 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 09:14:13.0279 4852 PNRPsvc - ok 09:14:13.0326 4852 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 09:14:13.0341 4852 PolicyAgent - ok 09:14:13.0372 4852 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 09:14:13.0372 4852 Power - ok 09:14:13.0466 4852 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 09:14:13.0466 4852 PptpMiniport - ok 09:14:13.0497 4852 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 09:14:13.0497 4852 Processor - ok 09:14:13.0528 4852 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 09:14:13.0544 4852 ProfSvc - ok 09:14:13.0544 4852 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 09:14:13.0560 4852 ProtectedStorage - ok 09:14:13.0606 4852 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 09:14:13.0606 4852 Psched - ok 09:14:13.0684 4852 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 09:14:13.0716 4852 ql2300 - ok 09:14:13.0731 4852 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 09:14:13.0731 4852 ql40xx - ok 09:14:13.0778 4852 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 09:14:13.0778 4852 QWAVE - ok 09:14:13.0794 4852 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 09:14:13.0794 4852 QWAVEdrv - ok 09:14:13.0794 4852 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 09:14:13.0809 4852 RasAcd - ok 09:14:13.0872 4852 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 09:14:13.0887 4852 RasAgileVpn - ok 09:14:13.0918 4852 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 09:14:13.0918 4852 RasAuto - ok 09:14:13.0965 4852 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 09:14:13.0965 4852 Rasl2tp - ok 09:14:14.0028 4852 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 09:14:14.0043 4852 RasMan - ok 09:14:14.0074 4852 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 09:14:14.0074 4852 RasPppoe - ok 09:14:14.0121 4852 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 09:14:14.0121 4852 RasSstp - ok 09:14:14.0168 4852 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 09:14:14.0184 4852 rdbss - ok 09:14:14.0199 4852 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 09:14:14.0199 4852 rdpbus - ok 09:14:14.0230 4852 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 09:14:14.0230 4852 RDPCDD - ok 09:14:14.0262 4852 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 09:14:14.0262 4852 RDPENCDD - ok 09:14:14.0277 4852 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 09:14:14.0277 4852 RDPREFMP - ok 09:14:14.0324 4852 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 09:14:14.0340 4852 RDPWD - ok 09:14:14.0386 4852 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 09:14:14.0402 4852 rdyboost - ok 09:14:14.0433 4852 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 09:14:14.0449 4852 RemoteAccess - ok 09:14:14.0480 4852 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 09:14:14.0496 4852 RemoteRegistry - ok 09:14:14.0542 4852 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 09:14:14.0542 4852 RFCOMM - ok 09:14:14.0574 4852 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 09:14:14.0574 4852 RpcEptMapper - ok 09:14:14.0589 4852 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 09:14:14.0589 4852 RpcLocator - ok 09:14:14.0652 4852 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 09:14:14.0667 4852 RpcSs - ok 09:14:14.0714 4852 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 09:14:14.0714 4852 rspndr - ok 09:14:14.0808 4852 [ 25AABB94BB2D59F1CA6101290255D2E8 ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys 09:14:14.0823 4852 RTL8192Ce - ok 09:14:14.0839 4852 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 09:14:14.0839 4852 SamSs - ok 09:14:14.0870 4852 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 09:14:14.0870 4852 sbp2port - ok 09:14:14.0932 4852 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 09:14:14.0948 4852 SCardSvr - ok 09:14:14.0979 4852 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 09:14:14.0979 4852 scfilter - ok 09:14:15.0057 4852 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 09:14:15.0073 4852 Schedule - ok 09:14:15.0120 4852 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 09:14:15.0120 4852 SCPolicySvc - ok 09:14:15.0166 4852 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 09:14:15.0166 4852 SDRSVC - ok 09:14:15.0229 4852 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 09:14:15.0229 4852 secdrv - ok 09:14:15.0260 4852 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 09:14:15.0260 4852 seclogon - ok 09:14:15.0291 4852 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 09:14:15.0291 4852 SENS - ok 09:14:15.0307 4852 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 09:14:15.0307 4852 SensrSvc - ok 09:14:15.0322 4852 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 09:14:15.0338 4852 Serenum - ok 09:14:15.0369 4852 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 09:14:15.0369 4852 Serial - ok 09:14:15.0416 4852 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 09:14:15.0416 4852 sermouse - ok 09:14:15.0463 4852 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 09:14:15.0478 4852 SessionEnv - ok 09:14:15.0510 4852 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 09:14:15.0510 4852 sffdisk - ok 09:14:15.0541 4852 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 09:14:15.0541 4852 sffp_mmc - ok 09:14:15.0556 4852 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 09:14:15.0556 4852 sffp_sd - ok 09:14:15.0603 4852 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 09:14:15.0603 4852 sfloppy - ok 09:14:15.0650 4852 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 09:14:15.0666 4852 SharedAccess - ok 09:14:15.0712 4852 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 09:14:15.0712 4852 ShellHWDetection - ok 09:14:15.0744 4852 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys 09:14:15.0744 4852 SiSGbeLH - ok 09:14:15.0759 4852 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 09:14:15.0759 4852 SiSRaid2 - ok 09:14:15.0775 4852 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 09:14:15.0775 4852 SiSRaid4 - ok 09:14:15.0837 4852 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 09:14:15.0837 4852 SkypeUpdate - ok 09:14:15.0868 4852 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 09:14:15.0868 4852 Smb - ok 09:14:15.0946 4852 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 09:14:15.0946 4852 SNMPTRAP - ok 09:14:16.0040 4852 [ C98375D19F9E9966F6201BAE65FB3728 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys 09:14:16.0071 4852 SNP2UVC - ok 09:14:16.0118 4852 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 09:14:16.0118 4852 spldr - ok 09:14:16.0165 4852 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 09:14:16.0180 4852 Spooler - ok 09:14:16.0321 4852 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 09:14:16.0430 4852 sppsvc - ok 09:14:16.0477 4852 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 09:14:16.0477 4852 sppuinotify - ok 09:14:16.0539 4852 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 09:14:16.0539 4852 srv - ok 09:14:16.0570 4852 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 09:14:16.0570 4852 srv2 - ok 09:14:16.0602 4852 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 09:14:16.0602 4852 srvnet - ok 09:14:16.0648 4852 [ 1612881760C9DF7FBB09B6CF1D3BA0DF ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys 09:14:16.0664 4852 sscdbus - ok 09:14:16.0680 4852 [ D7803A687E85189EA2B525CC22093521 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys 09:14:16.0680 4852 sscdmdfl - ok 09:14:16.0726 4852 [ 06DB3D5EB2444083C7F5AF7874765505 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys 09:14:16.0726 4852 sscdmdm - ok 09:14:16.0758 4852 [ 23EBB395609D9CDB8B1074A12254119B ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys 09:14:16.0758 4852 sscdserd - ok 09:14:16.0820 4852 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 09:14:16.0820 4852 SSDPSRV - ok 09:14:16.0836 4852 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 09:14:16.0851 4852 SstpSvc - ok 09:14:16.0867 4852 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 09:14:16.0882 4852 stexstor - ok 09:14:16.0929 4852 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 09:14:16.0945 4852 stisvc - ok 09:14:16.0976 4852 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 09:14:16.0976 4852 swenum - ok 09:14:17.0023 4852 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 09:14:17.0038 4852 swprv - ok 09:14:17.0116 4852 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 09:14:17.0163 4852 SysMain - ok 09:14:17.0194 4852 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 09:14:17.0194 4852 TabletInputService - ok 09:14:17.0226 4852 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 09:14:17.0241 4852 TapiSrv - ok 09:14:17.0272 4852 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 09:14:17.0272 4852 TBS - ok 09:14:17.0382 4852 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 09:14:17.0413 4852 Tcpip - ok 09:14:17.0460 4852 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 09:14:17.0491 4852 TCPIP6 - ok 09:14:17.0538 4852 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 09:14:17.0553 4852 tcpipreg - ok 09:14:17.0600 4852 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 09:14:17.0600 4852 TDPIPE - ok 09:14:17.0631 4852 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 09:14:17.0631 4852 TDTCP - ok 09:14:17.0678 4852 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 09:14:17.0678 4852 tdx - ok 09:14:17.0709 4852 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 09:14:17.0709 4852 TermDD - ok 09:14:17.0740 4852 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 09:14:17.0756 4852 TermService - ok 09:14:17.0803 4852 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 09:14:17.0803 4852 Themes - ok 09:14:17.0834 4852 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 09:14:17.0834 4852 THREADORDER - ok 09:14:17.0865 4852 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 09:14:17.0881 4852 TrkWks - ok 09:14:17.0943 4852 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 09:14:17.0959 4852 TrustedInstaller - ok 09:14:18.0006 4852 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 09:14:18.0006 4852 tssecsrv - ok 09:14:18.0068 4852 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 09:14:18.0068 4852 TsUsbFlt - ok 09:14:18.0146 4852 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 09:14:18.0162 4852 tunnel - ok 09:14:18.0193 4852 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 09:14:18.0193 4852 uagp35 - ok 09:14:18.0240 4852 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 09:14:18.0240 4852 udfs - ok 09:14:18.0286 4852 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 09:14:18.0286 4852 UI0Detect - ok 09:14:18.0333 4852 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 09:14:18.0349 4852 uliagpkx - ok 09:14:18.0396 4852 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 09:14:18.0396 4852 umbus - ok 09:14:18.0427 4852 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 09:14:18.0427 4852 UmPass - ok 09:14:18.0583 4852 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 09:14:18.0614 4852 UNS - ok 09:14:18.0661 4852 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 09:14:18.0661 4852 upnphost - ok 09:14:18.0723 4852 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 09:14:18.0723 4852 USBAAPL64 - ok 09:14:18.0770 4852 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 09:14:18.0770 4852 usbaudio - ok 09:14:18.0801 4852 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 09:14:18.0817 4852 usbccgp - ok 09:14:18.0864 4852 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 09:14:18.0864 4852 usbcir - ok 09:14:18.0879 4852 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 09:14:18.0879 4852 usbehci - ok 09:14:18.0926 4852 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 09:14:18.0942 4852 usbhub - ok 09:14:18.0957 4852 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 09:14:18.0957 4852 usbohci - ok 09:14:19.0020 4852 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 09:14:19.0020 4852 usbprint - ok 09:14:19.0035 4852 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 09:14:19.0051 4852 usbscan - ok 09:14:19.0066 4852 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 09:14:19.0066 4852 USBSTOR - ok 09:14:19.0098 4852 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 09:14:19.0098 4852 usbuhci - ok 09:14:19.0144 4852 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 09:14:19.0160 4852 usbvideo - ok 09:14:19.0191 4852 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 09:14:19.0191 4852 UxSms - ok 09:14:19.0207 4852 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 09:14:19.0207 4852 VaultSvc - ok 09:14:19.0269 4852 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 09:14:19.0269 4852 vdrvroot - ok 09:14:19.0316 4852 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 09:14:19.0332 4852 vds - ok 09:14:19.0394 4852 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 09:14:19.0394 4852 vga - ok 09:14:19.0410 4852 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 09:14:19.0410 4852 VgaSave - ok 09:14:19.0456 4852 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 09:14:19.0456 4852 vhdmp - ok 09:14:19.0488 4852 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 09:14:19.0488 4852 viaide - ok 09:14:19.0519 4852 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 09:14:19.0519 4852 volmgr - ok 09:14:19.0581 4852 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 09:14:19.0597 4852 volmgrx - ok 09:14:19.0628 4852 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 09:14:19.0628 4852 volsnap - ok 09:14:19.0675 4852 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 09:14:19.0675 4852 vsmraid - ok 09:14:19.0862 4852 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 09:14:19.0893 4852 VSS - ok 09:14:19.0909 4852 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 09:14:19.0924 4852 vwifibus - ok 09:14:19.0956 4852 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 09:14:19.0956 4852 vwififlt - ok 09:14:19.0987 4852 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 09:14:20.0002 4852 W32Time - ok 09:14:20.0034 4852 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 09:14:20.0034 4852 WacomPen - ok 09:14:20.0096 4852 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 09:14:20.0096 4852 WANARP - ok 09:14:20.0096 4852 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 09:14:20.0112 4852 Wanarpv6 - ok 09:14:20.0236 4852 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 09:14:20.0252 4852 WatAdminSvc - ok 09:14:20.0330 4852 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 09:14:20.0361 4852 wbengine - ok 09:14:20.0392 4852 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 09:14:20.0408 4852 WbioSrvc - ok 09:14:20.0455 4852 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 09:14:20.0470 4852 wcncsvc - ok 09:14:20.0486 4852 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 09:14:20.0486 4852 WcsPlugInService - ok 09:14:20.0517 4852 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 09:14:20.0517 4852 Wd - ok 09:14:20.0548 4852 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 09:14:20.0564 4852 Wdf01000 - ok 09:14:20.0580 4852 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 09:14:20.0595 4852 WdiServiceHost - ok 09:14:20.0595 4852 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 09:14:20.0595 4852 WdiSystemHost - ok 09:14:20.0658 4852 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 09:14:20.0673 4852 WebClient - ok 09:14:20.0704 4852 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 09:14:20.0720 4852 Wecsvc - ok 09:14:20.0736 4852 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 09:14:20.0736 4852 wercplsupport - ok 09:14:20.0782 4852 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 09:14:20.0782 4852 WerSvc - ok 09:14:20.0814 4852 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 09:14:20.0814 4852 WfpLwf - ok 09:14:20.0876 4852 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 09:14:20.0876 4852 WimFltr - ok 09:14:20.0892 4852 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 09:14:20.0892 4852 WIMMount - ok 09:14:20.0923 4852 WinDefend - ok 09:14:20.0938 4852 WinHttpAutoProxySvc - ok 09:14:20.0985 4852 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 09:14:21.0001 4852 Winmgmt - ok 09:14:21.0079 4852 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 09:14:21.0126 4852 WinRM - ok 09:14:21.0204 4852 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 09:14:21.0204 4852 WinUsb - ok 09:14:21.0266 4852 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 09:14:21.0282 4852 Wlansvc - ok 09:14:21.0375 4852 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 09:14:21.0375 4852 wlcrasvc - ok 09:14:21.0484 4852 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 09:14:21.0516 4852 wlidsvc - ok 09:14:21.0562 4852 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 09:14:21.0562 4852 WmiAcpi - ok 09:14:21.0594 4852 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 09:14:21.0609 4852 wmiApSrv - ok 09:14:21.0640 4852 WMPNetworkSvc - ok 09:14:21.0672 4852 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 09:14:21.0672 4852 WPCSvc - ok 09:14:21.0718 4852 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 09:14:21.0734 4852 WPDBusEnum - ok 09:14:21.0750 4852 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 09:14:21.0750 4852 ws2ifsl - ok 09:14:21.0781 4852 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 09:14:21.0781 4852 wscsvc - ok 09:14:21.0796 4852 WSearch - ok 09:14:21.0890 4852 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 09:14:21.0952 4852 wuauserv - ok 09:14:21.0968 4852 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 09:14:21.0968 4852 WudfPf - ok 09:14:22.0030 4852 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 09:14:22.0046 4852 WUDFRd - ok 09:14:22.0077 4852 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 09:14:22.0093 4852 wudfsvc - ok 09:14:22.0124 4852 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 09:14:22.0124 4852 WwanSvc - ok 09:14:22.0171 4852 ================ Scan global =============================== 09:14:22.0202 4852 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 09:14:22.0233 4852 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 09:14:22.0249 4852 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 09:14:22.0280 4852 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 09:14:22.0327 4852 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 09:14:22.0327 4852 [Global] - ok 09:14:22.0342 4852 ================ Scan MBR ================================== 09:14:22.0358 4852 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 09:14:22.0358 4852 Suspicious mbr (Forged): \Device\Harddisk0\DR0 09:14:22.0420 4852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 09:14:22.0420 4852 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 09:14:22.0420 4852 ================ Scan VBR ================================== 09:14:22.0420 4852 [ 2A57E7637956AB4F66B50A01D8C310E0 ] \Device\Harddisk0\DR0\Partition1 09:14:22.0420 4852 \Device\Harddisk0\DR0\Partition1 - ok 09:14:22.0452 4852 [ A9DC61F490CCF928793631B231721B7D ] \Device\Harddisk0\DR0\Partition2 09:14:22.0452 4852 \Device\Harddisk0\DR0\Partition2 - ok 09:14:22.0467 4852 ============================================================ 09:14:22.0467 4852 Scan finished 09:14:22.0467 4852 ============================================================ 09:14:22.0483 5108 Detected object count: 1 09:14:22.0483 5108 Actual detected object count: 1 09:15:04.0946 5108 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user 09:15:04.0946 5108 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
  25. bennegesserit
    MSE says I am infected with Trojan:Dos/Alureon.A. MBAM says c:\windows\svchost.exe is corrupted with the Trojan. Unable to remove despite multiple attempts. Attached are the requested files. Thank you for your assistance. DDS.txt Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.