help with removing svchost.exe trojan agent

syiram · March 11, 2012

Hello!

I really hope you can help me with my problem.

My computer has been infected with the svchost.exe virus. Everytime I run malwarebytes, it detects 2 things, and it's always the same thing. it doesn't seem to remove the virus.

i have been running and rebooting my laptop in safemode, because when in normal mode, theres a notification like this:

"User Account Control

Do you want to allow the following program to make changes to this computer?

Program name: Windows Command Processor

Verified publisher: Microsoft Windows"

Everytime I click No, it reappears.

Please help. I'm getting quite scared and paranoid!!

syiram · March 11, 2012

Oh, this is the Log from the Malwarebytes scan:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.11.03

Windows 7 x64 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.7600.16385

user :: USER-PC [administrator]

11/3/2012 2:07:40 AM

mbam-log-2012-03-11 (02-07-40).txt

Scan type: Full scan

Scan options disabled: P2P

Objects scanned: 473573

Time elapsed: 1 hour(s), 26 minute(s), 16 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 1412 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

And this is the log from the Avira Scan:

Avira AntiVir Personal

Report file date: Sunday, 11 March, 2012 12:57

Scanning for 3527917 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows 7 x64

Windows version : (plain) [6.1.7600]

Boot mode : Safe mode with network

Username : user

Computer name : USER-PC

Version information:

BUILD.DAT : 10.2.0.707 36070 Bytes 25/1/2012 13:11:00

AVSCAN.EXE : 10.3.0.7 484008 Bytes 1/7/2011 06:27:46

AVSCAN.DLL : 10.0.5.0 47464 Bytes 1/7/2011 06:27:46

LUKE.DLL : 10.3.0.5 45416 Bytes 1/7/2011 06:27:46

LUKERES.DLL : 10.0.0.1 12648 Bytes 10/2/2010 16:40:49

AVSCPLR.DLL : 10.3.0.7 119656 Bytes 1/7/2011 06:27:46

AVREG.DLL : 10.3.0.9 88833 Bytes 13/7/2011 04:40:35

VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 02:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 12:11:43

VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 22:12:26

VBASE003.VDF : 7.11.21.238 4472832 Bytes 1/2/2012 13:06:46

VBASE004.VDF : 7.11.21.239 2048 Bytes 1/2/2012 13:06:47

VBASE005.VDF : 7.11.21.240 2048 Bytes 1/2/2012 13:06:47

VBASE006.VDF : 7.11.21.241 2048 Bytes 1/2/2012 13:06:47

VBASE007.VDF : 7.11.21.242 2048 Bytes 1/2/2012 13:06:47

VBASE008.VDF : 7.11.21.243 2048 Bytes 1/2/2012 13:06:47

VBASE009.VDF : 7.11.21.244 2048 Bytes 1/2/2012 13:06:50

VBASE010.VDF : 7.11.21.245 2048 Bytes 1/2/2012 13:06:50

VBASE011.VDF : 7.11.21.246 2048 Bytes 1/2/2012 13:06:50

VBASE012.VDF : 7.11.21.247 2048 Bytes 1/2/2012 13:06:50

VBASE013.VDF : 7.11.22.33 1486848 Bytes 3/2/2012 13:08:14

VBASE014.VDF : 7.11.22.56 687616 Bytes 3/2/2012 13:30:31

VBASE015.VDF : 7.11.22.92 178176 Bytes 6/2/2012 19:35:20

VBASE016.VDF : 7.11.22.154 144896 Bytes 8/2/2012 22:45:45

VBASE017.VDF : 7.11.22.220 183296 Bytes 13/2/2012 12:49:42

VBASE018.VDF : 7.11.23.34 202752 Bytes 15/2/2012 15:58:39

VBASE019.VDF : 7.11.23.98 126464 Bytes 17/2/2012 15:58:02

VBASE020.VDF : 7.11.23.150 148480 Bytes 20/2/2012 13:47:25

VBASE021.VDF : 7.11.23.224 172544 Bytes 23/2/2012 22:05:59

VBASE022.VDF : 7.11.24.52 219648 Bytes 28/2/2012 11:30:10

VBASE023.VDF : 7.11.24.152 165888 Bytes 5/3/2012 23:03:28

VBASE024.VDF : 7.11.24.153 2048 Bytes 5/3/2012 23:03:29

VBASE025.VDF : 7.11.24.154 2048 Bytes 5/3/2012 23:03:29

VBASE026.VDF : 7.11.24.155 2048 Bytes 5/3/2012 23:03:29

VBASE027.VDF : 7.11.24.156 2048 Bytes 5/3/2012 23:03:29

VBASE028.VDF : 7.11.24.157 2048 Bytes 5/3/2012 23:03:29

VBASE029.VDF : 7.11.24.158 2048 Bytes 5/3/2012 23:03:29

VBASE030.VDF : 7.11.24.159 2048 Bytes 5/3/2012 23:03:29

VBASE031.VDF : 7.11.24.194 148992 Bytes 6/3/2012 23:01:28

Engineversion : 8.2.10.8

AEVDF.DLL : 8.1.2.2 106868 Bytes 28/10/2011 09:43:51

AESCRIPT.DLL : 8.1.4.7 442746 Bytes 23/2/2012 22:06:04

AESCN.DLL : 8.1.8.2 131444 Bytes 29/1/2012 12:35:54

AESBX.DLL : 8.2.4.5 434549 Bytes 3/12/2011 12:15:45

AERDL.DLL : 8.1.9.15 639348 Bytes 9/9/2011 16:58:22

AEPACK.DLL : 8.2.16.3 799094 Bytes 9/2/2012 22:46:52

AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30/12/2011 11:46:11

AEHEUR.DLL : 8.1.4.0 4436342 Bytes 23/2/2012 22:06:03

AEHELP.DLL : 8.1.19.0 254327 Bytes 22/1/2012 11:31:48

AEGEN.DLL : 8.1.5.21 409971 Bytes 3/2/2012 13:08:32

AEEXP.DLL : 8.1.0.23 70005 Bytes 23/2/2012 22:06:04

AEEMU.DLL : 8.1.3.0 393589 Bytes 24/11/2010 10:32:23

AECORE.DLL : 8.1.25.4 201079 Bytes 13/2/2012 12:52:04

AEBB.DLL : 8.1.1.0 53618 Bytes 22/9/2010 06:17:38

AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/1/2010 05:03:38

AVPREF.DLL : 10.0.3.2 44904 Bytes 1/7/2011 06:27:46

AVREP.DLL : 10.0.0.10 174120 Bytes 17/5/2011 15:26:02

AVARKT.DLL : 10.0.26.1 255336 Bytes 1/7/2011 06:27:46

AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 1/7/2011 06:27:46

SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/1/2010 05:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/3/2010 08:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 19/2/2010 07:41:00

RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 1/7/2011 06:27:45

RCTEXT.DLL : 10.0.64.0 97640 Bytes 1/7/2011 06:27:45

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: Default

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: Advanced

Start of the scan: Sunday, 11 March, 2012 12:57

Starting search for hidden objects.

The driver could not be initialized.

The scan of running processes will be started

Scan process 'avscan.exe' - '73' Module(s) have been scanned

Scan process 'mbam.exe' - '60' Module(s) have been scanned

Scan process 'svchost.exe' - '102' Module(s) have been scanned

Module is OK -> <\\.\globalroot\systemroot\svchost.exe>

[WARNING] The file could not be opened!

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '280' files ).

Starting the file scan:

Begin scan in 'C:\' <OS>

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\50fc79e4-60da83ce

[0] Archive type: ZIP

--> morale.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2011-3544 exploit

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\d830b3-6911da59

[0] Archive type: ZIP

--> xmltree/alpina.class

[DETECTION] Contains recognition pattern of the EXP/JAVA.Coniz.Gen exploit

--> xmltree/kolibra.class

[DETECTION] Contains recognition pattern of the EXP/JAVA.Coniz.Gen exploit

--> xmltree/umbro.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840 exploit

Begin scan in 'D:\' <DATA>

Beginning disinfection:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\d830b3-6911da59

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840 exploit

[NOTE] The file was moved to the quarantine directory under the name '49de49c6.qua'.

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\50fc79e4-60da83ce

[DETECTION] Contains recognition pattern of the EXP/CVE-2011-3544 exploit

[NOTE] The file was moved to the quarantine directory under the name '51046669.qua'.

End of the scan: Sunday, 11 March, 2012 18:15

Used time: 3:12:29 Hour(s)

The scan has been done completely.

47787 Scanned directories

687463 Files were scanned

4 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

2 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

687458 Files not concerned

6157 Archives were scanned

1 Warnings

2 Notes

Blade81 · March 12, 2012

Hi,

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds file to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
[*]Save both reports to your desktop. Post them back to your topic.

syiram · March 12, 2012

1) DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by user at 19:32:56 on 2012-03-12

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.60.1033.18.3884.2139 [GMT 0:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Users\user\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Users\user\AppData\Local\cfoecahm\kmrsngag.exe

C:\Windows\system32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Users\user\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe

C:\Users\user\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler64.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\WinRAR\WinRAR.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Safari\Safari.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

C:\Windows\system32\consent.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948

uDefault_Page_URL = hxxp://asus.msn.com

uInternet Settings,ProxyOverride = <local>;*.local

uURLSearchHooks: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\tbooVo.dll

uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

mURLSearchHooks: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\tbooVo.dll

mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

mURLSearchHooks: H - No File

mWinlogon: Userinit=C:\WINDOWS\SYSWOW64\userinit.exe,C:\Users\user\AppData\Local\cfoecahm\kmrsngag.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\tbooVo.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\tbooVo.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Facebook Update] "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [googletalk] C:\Users\user\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [KmrSngag] C:\Users\user\AppData\Local\cfoecahm\kmrsngag.exe

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [O2DA] "C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe" /P O2DA

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kmrsngag.exe

StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{53EBBE7C-A7F4-448A-9686-67807E6FEDB8} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{53EBBE7C-A7F4-448A-9686-67807E6FEDB8}\2456C6B696E6 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{EC90CB2F-114D-43B4-A0DE-42618EE8FE32} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

BHO-X64: NCH EN - No File

BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO-X64: Google Dictionary Compression sdch - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\tbooVo.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\tbooVo.dll

TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

TB-X64: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun-x64: [O2DA] "C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe" /P O2DA

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-9-14 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-9-14 269480]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe [2010-4-23 206120]

R2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe [2010-4-23 185640]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-6-9 2314240]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-9 135664]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-6-9 1800808]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-9 135664]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-03-12 19:07:33 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-12 08:36:25 -------- d-----w- C:\Users\user\AppData\Local\{80A676F6-BFB8-4CE6-94A7-49B0ADB21211}

2012-03-12 08:36:15 -------- d-----w- C:\Users\user\AppData\Local\{86C42225-53A0-440E-8D13-828F2901E22B}

2012-03-11 20:35:40 -------- d-----w- C:\Users\user\AppData\Local\{AC1212D6-DD12-4B04-BF3C-6FE203AA399D}

2012-03-11 20:35:23 -------- d-----w- C:\Users\user\AppData\Local\{A5C8DEC0-080A-4B06-8CAF-6ED043403097}

2012-03-11 20:29:47 20480 ----a-w- C:\Windows\svchost.exe

2012-03-11 01:16:45 -------- d-----w- C:\Users\user\AppData\Local\{2ECF88E9-539A-42CA-87AF-260D8D2EBC54}

2012-03-11 01:15:58 -------- d-----w- C:\Users\user\AppData\Local\{06175A83-DE49-4B94-9C52-8A2E5FE348CE}

2012-03-10 05:58:05 -------- d-----w- C:\Users\user\AppData\Local\{116F3631-B9A9-4588-A11F-856B2E50CD7A}

2012-03-10 05:57:52 -------- d-----w- C:\Users\user\AppData\Local\{9878E3E5-80F0-4C19-8633-FEC11D14D433}

2012-03-09 20:01:21 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1466.tmp

2012-03-09 20:01:21 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1465.tmp

2012-03-09 20:01:21 -------- d--h--w- C:\Users\user\AppData\Local\cfoecahm

2012-03-09 17:57:21 -------- d-----w- C:\Users\user\AppData\Local\{BBDADE8F-9D88-407C-9280-38487049D198}

2012-03-09 17:57:11 -------- d-----w- C:\Users\user\AppData\Local\{FD0209E2-ABD4-4532-9C41-9E33A6DBE889}

2012-03-09 10:04:51 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2D729C1C-06AF-41E1-9AA9-F0DA1D0E1715}\mpengine.dll

2012-03-08 23:08:10 -------- d-----w- C:\Users\user\AppData\Local\{AADFCB7C-4BF8-4C38-8382-252A46E68FDC}

2012-03-08 11:05:38 -------- d-----w- C:\Users\user\AppData\Local\{B4103281-2ADF-40FA-B02B-1AB99EEE87FA}

2012-03-08 11:05:28 -------- d-----w- C:\Users\user\AppData\Local\{38C2930A-CD2B-4D48-8320-8C7089BA9D56}

2012-03-07 23:05:03 -------- d-----w- C:\Users\user\AppData\Local\{A1E34DE1-06D0-44CF-9E5A-082D4666ADC3}

2012-03-07 23:04:52 -------- d-----w- C:\Users\user\AppData\Local\{D02A8530-D744-403E-8C8D-65DFB56A16B1}

2012-03-07 11:04:26 -------- d-----w- C:\Users\user\AppData\Local\{6BAFB948-62F2-46C0-BB25-23577B831C62}

2012-03-06 23:04:03 -------- d-----w- C:\Users\user\AppData\Local\{ADBF936C-3E56-4F28-82F5-5CD0B2CA14B5}

2012-03-06 11:03:40 -------- d-----w- C:\Users\user\AppData\Local\{5E86F190-04DC-4A54-A43B-0CE60D47296D}

2012-03-05 23:03:14 -------- d-----w- C:\Users\user\AppData\Local\{CDB6306A-BCFA-484A-99A3-78F699B38F47}

2012-03-05 23:03:03 -------- d-----w- C:\Users\user\AppData\Local\{8EDC4195-129A-43F2-BB89-1D5470B381E3}

2012-03-01 13:21:24 -------- d-----w- C:\Users\user\AppData\Local\{C3F8C453-1A67-4653-9A10-D0C906140DE1}

2012-03-01 13:21:13 -------- d-----w- C:\Users\user\AppData\Local\{E458DE8B-E8F7-4005-A92A-22E3AB895086}

2012-03-01 01:20:48 -------- d-----w- C:\Users\user\AppData\Local\{F4675BD5-A784-491A-9879-241BCF6E58A9}

2012-02-29 13:20:16 -------- d-----w- C:\Users\user\AppData\Local\{5D17DFEC-152E-45E0-B03F-C28E2BB19AED}

2012-02-29 13:20:04 -------- d-----w- C:\Users\user\AppData\Local\{653CEA5D-6345-43AB-AB26-6EDD2114E3AC}

2012-02-28 23:45:40 -------- d-----w- C:\Users\user\AppData\Local\{72974022-98A2-4AEE-8139-B64EB59D5FBC}

2012-02-28 23:45:24 -------- d-----w- C:\Users\user\AppData\Local\{BE4A389F-F7E1-4C04-B5EA-7EADEAC08B3E}

2012-02-28 11:16:33 -------- d-----w- C:\Users\user\AppData\Local\{894FDCAF-6E34-4810-9F93-14DD9E23F855}

2012-02-28 11:16:23 -------- d-----w- C:\Users\user\AppData\Local\{33C4675A-109B-4E7C-9298-CAE24AF2AB39}

2012-02-27 23:15:57 -------- d-----w- C:\Users\user\AppData\Local\{4FC3F550-DE6B-4299-9347-177B37235AAD}

2012-02-27 11:15:33 -------- d-----w- C:\Users\user\AppData\Local\{CDED903E-6944-4419-9CC0-10DC932F8E84}

2012-02-27 11:15:23 -------- d-----w- C:\Users\user\AppData\Local\{7FB375B1-8E1F-471F-A601-D76806D45FE5}

2012-02-26 23:14:55 -------- d-----w- C:\Users\user\AppData\Local\{3233C81E-9BF1-4045-B5BA-3F808C11367A}

2012-02-26 11:14:25 -------- d-----w- C:\Users\user\AppData\Local\{1BBA0B39-3297-44CD-9657-128BE72A59B8}

2012-02-26 11:13:59 -------- d-----w- C:\Users\user\AppData\Local\{0C3E06A1-DCE8-46F8-A00B-8A6163BEC398}

2012-02-26 01:41:07 -------- d-----w- C:\Users\user\AppData\Local\{0217A48D-77C6-4799-94C3-CE42321C5814}

2012-02-24 10:22:19 -------- d-----w- C:\Users\user\AppData\Local\{7F01D2D6-158C-437C-B2F6-761C4258875B}

2012-02-24 10:22:18 -------- d-----w- C:\Users\user\AppData\Local\{313C6921-FF95-4DE5-AB25-A017F00E5C11}

2012-02-23 22:05:31 -------- d-----w- C:\Users\user\AppData\Local\{97BB54BC-7A6D-4EB5-B16C-5324872BBA66}

2012-02-23 22:05:16 -------- d-----w- C:\Users\user\AppData\Local\{9F544A34-9C29-4627-9A8C-D046B1B2E097}

2012-02-23 01:47:10 -------- d-----w- C:\Users\user\AppData\Local\{BC962FD3-E674-4CAC-ADDA-11D8C9CD0F88}

2012-02-22 13:46:42 -------- d-----w- C:\Users\user\AppData\Local\{C5AC76A6-68FF-4BD4-9063-E7971AD8A3E0}

2012-02-22 13:46:25 -------- d-----w- C:\Users\user\AppData\Local\{B7F8FD92-1B0E-4B6F-AC72-32AF53C24652}

2012-02-21 13:21:48 -------- d-----w- C:\Users\user\AppData\Local\{E34B69CD-DE9A-4B2A-8110-C43A5BA039F4}

2012-02-21 13:21:37 -------- d-----w- C:\Users\user\AppData\Local\{198EC02A-7360-4485-8738-9F4FD1F07E23}

2012-02-21 01:21:09 -------- d-----w- C:\Users\user\AppData\Local\{4A38D216-E8D9-425A-86D8-6906880792D5}

2012-02-20 11:46:42 -------- d-----w- C:\Users\user\AppData\Local\{3BD3DA12-28E6-4423-92F0-A932EE41D83A}

2012-02-20 11:46:31 -------- d-----w- C:\Users\user\AppData\Local\{FEC75B24-8538-4974-9919-9C27B8B97E8E}

2012-02-19 16:18:21 -------- d-----w- C:\Users\user\AppData\Local\{9AF4AB50-762A-42A0-97CF-1485D2AFF9D5}

2012-02-17 16:00:19 -------- d-----w- C:\Users\user\AppData\Local\{C4D54301-CF86-4BAF-9466-095C1D01DF88}

2012-02-17 03:59:55 -------- d-----w- C:\Users\user\AppData\Local\{7C7FFB2E-35D8-4E6B-AF9B-7C1136274879}

2012-02-16 15:59:32 -------- d-----w- C:\Users\user\AppData\Local\{87EE5BCA-7563-4B6D-9451-F9F3983D0806}

2012-02-16 15:59:30 -------- d-----w- C:\Users\user\AppData\Local\{7A1FA005-7B0C-4497-BCFD-FA6CDCC77440}

2012-02-16 01:37:47 -------- d-----w- C:\Users\user\AppData\Local\{D3673465-22C7-4CD0-AF5E-52F6BC76F226}

2012-02-15 14:47:40 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-15 14:47:40 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-15 14:37:17 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-15 14:37:17 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-15 14:37:15 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-15 14:37:15 634368 ----a-w- C:\Windows\System32\msvcrt.dll

2012-02-15 14:21:06 3143168 ----a-w- C:\Windows\System32\win32k.sys

2012-02-15 14:21:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-15 13:37:20 -------- d-----w- C:\Users\user\AppData\Local\{A8B57E2C-A3FD-4702-BDBF-CAED851E0601}

2012-02-15 01:33:24 -------- d-----w- C:\Users\user\AppData\Local\{C66A54D0-BD72-4C6E-8E27-BF3EC1DA3F1A}

2012-02-14 12:52:08 -------- d-----w- C:\Users\user\AppData\Local\{30A55347-2FA7-4FB4-9175-EC794CC0CF03}

2012-02-14 00:51:45 -------- d-----w- C:\Users\user\AppData\Local\{E45C5463-CB4F-4074-A0C0-441A0B130F7C}

2012-02-13 12:51:22 -------- d-----w- C:\Users\user\AppData\Local\{EC7E731A-22B8-41D0-87A7-1C330F757EA8}

2012-02-13 12:51:11 -------- d-----w- C:\Users\user\AppData\Local\{6B49B7C2-3BD5-4215-8FEB-0B1D92AA94D6}

2012-02-12 13:20:32 -------- d-----w- C:\Users\user\AppData\Local\{6BD13EB4-821C-4E34-B2E6-5F39B9B31DB8}

2012-02-11 23:20:23 -------- d-----w- C:\Users\user\AppData\Local\{D7C02B7B-1E36-4B52-9704-4688A0B796CF}

.

==================== Find3M ====================

.

2012-02-23 09:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-12-16 08:45:22 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-12-16 08:41:26 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-12-16 08:02:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-16 07:58:33 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-12-16 07:26:35 482816 ----a-w- C:\Windows\System32\html.iec

2011-12-16 06:49:33 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-12-16 06:43:48 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-16 06:15:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 19:34:12.75 ===============

2) Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 4/9/2010 9:03:22 AM

System Uptime: 12/3/2012 7:08:27 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | K42Jv

Processor: Intel® Core i5 CPU M 450 @ 2.40GHz | Socket 989 | 2400/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 116 GiB total, 17.839 GiB free.

D: is FIXED (NTFS) - 330 GiB total, 93.692 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}

Description: NVIDIA GeForce GT 335M

Device ID: PCI\VEN_10DE&DEV_0CAF&SUBSYS_14221043&REV_A2\4&179FD7D4&0&0008

Manufacturer: NVIDIA

Name: NVIDIA GeForce GT 335M

PNP Device ID: PCI\VEN_10DE&DEV_0CAF&SUBSYS_14221043&REV_A2\4&179FD7D4&0&0008

Service: nvlddmkm

.

==== System Restore Points ===================

.

RP206: 12/3/2012 10:54:49 AM - Windows Backup

RP207: 12/3/2012 11:03:27 AM - Windows Backup

RP208: 12/3/2012 7:01:48 PM - Windows Backup

.

==== Installed Programs ======================

.

µTorrent

AAA Logo 3.10 Free Trial

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1 MUI

Adobe Shockwave Player 11.5

Alice Greenfingers

Apple Application Support

Apple Software Update

ASUS AI Recovery

ASUS FancyStart

ASUS LifeFrame3

ASUS MultiFrame

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS Virtual Camera

ATK Package

Avira AntiVir Personal - Free Antivirus

AviSynth 2.5

Bing Bar

BlackBerry Desktop Software 6.1

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MP Navigator EX 3.0

Canon MP490 series User Registration

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

Chicken Invaders 2

Conduit Engine

CyberLink LabelPrint

CyberLink Power2Go

D3DX10

Debut Video Capture Software

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Diablo II

DivX Setup

Dream Day Wedding Married in Manhattan

EasyBits GO

Facebook Video Calling 1.1.1.1

Game Park Console

Google Earth

Google Talk (remove only)

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Java Auto Updater

Java 6 Update 18

JMicron Ethernet Adapter NDIS Driver

JMicron Flash Media Controller Driver

Junk Mail filter update

K-Lite Mega Codec Pack 6.3.0

K_Series_ScreenSaver_EN

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Starter 2010 - English

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser (KB973685)

My O2

NCH EN Toolbar

NVIDIA PhysX

NVIDIA Updatus

NWZ-B160 WALKMAN Guide

O2Jam (e-Games) v.3.50

ooVoo

ooVoo Video Chat Toolbar

OpenOffice.org 3.1

Picasa 3

Piggly FREE

Prezi Desktop

QuickTime

Realtek High Definition Audio Driver

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Skype™ 5.5

Smileyville FREE

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

VC80CRTRedist - 8.0.50727.4053

Videora iPod classic Converter 6

VLC media player 1.1.11

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinFlash

WinRAR archiver

Wireless Console 3

YouTube Downloader App 3.00

YouTube FLV to AVI easy converter 5.9.40

.

==== Event Viewer Messages From Past Week ========

.

12/3/2012 7:09:39 PM, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

12/3/2012 7:09:08 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{53EBBE7C-A7F4-448A-9686-67807E6FEDB8} because another computer on the network has the same name. The server could not start.

12/3/2012 7:09:08 PM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 192.168.1.70. The computer with the IP address 192.168.1.72 did not allow the name to be claimed by this computer.

12/3/2012 3:26:03 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

12/3/2012 3:16:27 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/3/2012 3:12:23 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/3/2012 3:12:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/3/2012 3:12:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/3/2012 3:11:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/3/2012 3:11:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/3/2012 3:11:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache spldr Wanarpv6

12/3/2012 3:11:48 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

12/3/2012 3:11:39 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000325f703, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031212-23259-01.

12/3/2012 10:33:45 AM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 192.168.1.70. The computer with the IP address 192.168.1.72 did not allow the name to be claimed by this computer.

11/3/2012 8:39:29 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

11/3/2012 8:31:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000009, 0x0000000000000002, 0x0000000000000001, 0xfffff800032cbf18). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031112-49358-01.

11/3/2012 7:16:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

11/3/2012 2:07:20 AM, Error: Ntfs [137] - The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code.

11/3/2012 12:52:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000269b703, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031112-24024-01.

11/3/2012 12:18:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

11/3/2012 10:53:50 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

11/3/2012 1:47:22 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5.

11/3/2012 1:46:50 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.

.

==== End Of File ===========================

THANK YOU SO MUCH

Blade81 · March 13, 2012

Hi,

I see you've run TDSSKiller there. Could you post back its log in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format), please?

syiram · March 13, 2012

Hi, sorry, but how do I do that?

Sorrryyy I'm really bad with technology.

Blade81 · March 13, 2012

Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.

@ECHO OFF

DIR C:\*.txt >Log.txt

START Log.txt

DEL %0

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.

syiram · March 13, 2012

Okay! Thank you! Here is the content:

Volume in drive C is OS

Volume Serial Number is 14E1-789B

Directory of C:\

09/06/2010 08:52 PM 15,512 devlist.txt

09/06/2010 08:06 AM 233 Pass.txt

09/06/2010 07:59 PM 166 SumHidd.txt

09/06/2010 07:58 PM 98 SumOS.txt

12/03/2012 07:07 PM 85,490 TDSSKiller.2.7.20.0_12.03.2012_19.06.39_log.txt

12/03/2012 07:12 PM 83,010 TDSSKiller.2.7.20.0_12.03.2012_19.11.42_log.txt

6 File(s) 184,509 bytes

0 Dir(s) 18,602,033,152 bytes free

Blade81 · March 13, 2012

Good. Now we know where to look for the log

Open c:\TDSSKiller.2.7.20.0_12.03.2012_19.11.42_log.txt file in notepad and copy-paste its contents back here.

syiram · March 13, 2012

okay! here it is:

19:11:42.0957 6632 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

19:11:43.0169 6632 ============================================================

19:11:43.0169 6632 Current date / time: 2012/03/12 19:11:43.0169

19:11:43.0169 6632 SystemInfo:

19:11:43.0169 6632

19:11:43.0169 6632 OS Version: 6.1.7600 ServicePack: 0.0

19:11:43.0169 6632 Product type: Workstation

19:11:43.0169 6632 ComputerName: USER-PC

19:11:43.0170 6632 UserName: user

19:11:43.0170 6632 Windows directory: C:\Windows

19:11:43.0170 6632 System windows directory: C:\Windows

19:11:43.0170 6632 Running under WOW64

19:11:43.0170 6632 Processor architecture: Intel x64

19:11:43.0170 6632 Number of processors: 4

19:11:43.0170 6632 Page size: 0x1000

19:11:43.0170 6632 Boot type: Normal boot

19:11:43.0170 6632 ============================================================

19:11:44.0165 6632 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:11:44.0174 6632 \Device\Harddisk0\DR0:

19:11:44.0175 6632 MBR used

19:11:44.0175 6632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0xE8E0168

19:11:44.0197 6632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10FF2000, BlocksNum 0x29393800

19:11:44.0320 6632 Initialize success

19:11:44.0320 6632 ============================================================

19:11:59.0931 3340 ============================================================

19:11:59.0931 3340 Scan started

19:11:59.0931 3340 Mode: Manual;

19:11:59.0931 3340 ============================================================

19:12:01.0454 3340 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

19:12:01.0544 3340 1394ohci - ok

19:12:01.0677 3340 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

19:12:01.0695 3340 ACPI - ok

19:12:01.0736 3340 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

19:12:01.0743 3340 AcpiPmi - ok

19:12:01.0809 3340 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

19:12:01.0828 3340 adp94xx - ok

19:12:01.0898 3340 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

19:12:01.0930 3340 adpahci - ok

19:12:02.0010 3340 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

19:12:02.0022 3340 adpu320 - ok

19:12:02.0175 3340 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

19:12:02.0182 3340 AFD - ok

19:12:02.0242 3340 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

19:12:02.0251 3340 agp440 - ok

19:12:02.0356 3340 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

19:12:02.0362 3340 aliide - ok

19:12:02.0386 3340 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

19:12:02.0392 3340 amdide - ok

19:12:02.0424 3340 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

19:12:02.0433 3340 AmdK8 - ok

19:12:02.0461 3340 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

19:12:02.0470 3340 AmdPPM - ok

19:12:02.0510 3340 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

19:12:02.0524 3340 amdsata - ok

19:12:02.0580 3340 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

19:12:02.0593 3340 amdsbs - ok

19:12:02.0625 3340 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

19:12:02.0630 3340 amdxata - ok

19:12:02.0722 3340 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

19:12:02.0730 3340 AppID - ok

19:12:02.0867 3340 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

19:12:02.0876 3340 arc - ok

19:12:02.0956 3340 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

19:12:02.0966 3340 arcsas - ok

19:12:03.0036 3340 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

19:12:03.0041 3340 ASMMAP64 - ok

19:12:03.0175 3340 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:12:03.0181 3340 AsyncMac - ok

19:12:03.0243 3340 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

19:12:03.0248 3340 atapi - ok

19:12:03.0335 3340 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys

19:12:03.0435 3340 athr - ok

19:12:03.0533 3340 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys

19:12:03.0543 3340 avgntflt - ok

19:12:03.0573 3340 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys

19:12:03.0582 3340 avipbb - ok

19:12:03.0648 3340 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

19:12:03.0670 3340 b06bdrv - ok

19:12:03.0714 3340 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:12:03.0729 3340 b57nd60a - ok

19:12:03.0854 3340 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:12:03.0858 3340 Beep - ok

19:12:03.0929 3340 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

19:12:03.0936 3340 blbdrive - ok

19:12:04.0082 3340 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

19:12:04.0097 3340 bowser - ok

19:12:04.0192 3340 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:12:04.0198 3340 BrFiltLo - ok

19:12:04.0228 3340 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:12:04.0232 3340 BrFiltUp - ok

19:12:04.0300 3340 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:12:04.0313 3340 Brserid - ok

19:12:04.0413 3340 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:12:04.0421 3340 BrSerWdm - ok

19:12:04.0449 3340 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:12:04.0454 3340 BrUsbMdm - ok

19:12:04.0485 3340 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:12:04.0490 3340 BrUsbSer - ok

19:12:04.0546 3340 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

19:12:04.0553 3340 BthEnum - ok

19:12:04.0602 3340 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

19:12:04.0619 3340 BTHMODEM - ok

19:12:04.0712 3340 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

19:12:04.0728 3340 BthPan - ok

19:12:04.0821 3340 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys

19:12:04.0841 3340 BTHPORT - ok

19:12:04.0933 3340 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys

19:12:04.0943 3340 BTHUSB - ok

19:12:05.0041 3340 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys

19:12:05.0047 3340 btusbflt - ok

19:12:05.0109 3340 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys

19:12:05.0116 3340 btwaudio - ok

19:12:05.0234 3340 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys

19:12:05.0241 3340 btwavdt - ok

19:12:05.0360 3340 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

19:12:05.0366 3340 btwl2cap - ok

19:12:05.0402 3340 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys

19:12:05.0407 3340 btwrchid - ok

19:12:05.0454 3340 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:12:05.0462 3340 cdfs - ok

19:12:05.0579 3340 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

19:12:05.0591 3340 cdrom - ok

19:12:05.0688 3340 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

19:12:05.0697 3340 circlass - ok

19:12:05.0753 3340 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:12:05.0759 3340 CLFS - ok

19:12:05.0850 3340 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

19:12:05.0855 3340 CmBatt - ok

19:12:05.0880 3340 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

19:12:05.0886 3340 cmdide - ok

19:12:05.0956 3340 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

19:12:05.0978 3340 CNG - ok

19:12:06.0079 3340 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

19:12:06.0084 3340 Compbatt - ok

19:12:06.0127 3340 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

19:12:06.0135 3340 CompositeBus - ok

19:12:06.0183 3340 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

19:12:06.0190 3340 crcdisk - ok

19:12:06.0320 3340 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

19:12:06.0330 3340 DfsC - ok

19:12:06.0395 3340 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:12:06.0396 3340 discache - ok

19:12:06.0498 3340 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

19:12:06.0506 3340 Disk - ok

19:12:06.0557 3340 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:12:06.0561 3340 drmkaud - ok

19:12:06.0611 3340 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

19:12:06.0628 3340 DXGKrnl - ok

19:12:06.0790 3340 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

19:12:06.0908 3340 ebdrv - ok

19:12:07.0122 3340 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

19:12:07.0155 3340 elxstor - ok

19:12:07.0232 3340 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

19:12:07.0237 3340 ErrDev - ok

19:12:07.0336 3340 ETD (06c94be9d9e1e6411429433a64a76936) C:\Windows\system32\DRIVERS\ETD.sys

19:12:07.0344 3340 ETD - ok

19:12:07.0445 3340 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:12:07.0457 3340 exfat - ok

19:12:07.0487 3340 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:12:07.0496 3340 fastfat - ok

19:12:07.0616 3340 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

19:12:07.0622 3340 fdc - ok

19:12:07.0671 3340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:12:07.0684 3340 FileInfo - ok

19:12:07.0761 3340 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:12:07.0769 3340 Filetrace - ok

19:12:07.0804 3340 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

19:12:07.0810 3340 flpydisk - ok

19:12:07.0885 3340 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

19:12:07.0940 3340 FltMgr - ok

19:12:08.0044 3340 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:12:08.0054 3340 FsDepends - ok

19:12:08.0127 3340 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys

19:12:08.0137 3340 fssfltr - ok

19:12:08.0181 3340 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

19:12:08.0186 3340 Fs_Rec - ok

19:12:08.0244 3340 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

19:12:08.0248 3340 fvevol - ok

19:12:08.0291 3340 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

19:12:08.0300 3340 gagp30kx - ok

19:12:08.0367 3340 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

19:12:08.0374 3340 GEARAspiWDM - ok

19:12:08.0517 3340 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:12:08.0526 3340 hcw85cir - ok

19:12:08.0572 3340 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

19:12:08.0589 3340 HdAudAddService - ok

19:12:08.0668 3340 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:12:08.0682 3340 HDAudBus - ok

19:12:08.0812 3340 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

19:12:08.0819 3340 HECIx64 - ok

19:12:09.0004 3340 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

19:12:09.0017 3340 HidBatt - ok

19:12:09.0064 3340 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

19:12:09.0072 3340 HidBth - ok

19:12:09.0124 3340 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

19:12:09.0132 3340 HidIr - ok

19:12:09.0293 3340 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

19:12:09.0300 3340 HidUsb - ok

19:12:09.0402 3340 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

19:12:09.0411 3340 HpSAMD - ok

19:12:09.0492 3340 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

19:12:09.0512 3340 HTTP - ok

19:12:09.0588 3340 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

19:12:09.0592 3340 hwpolicy - ok

19:12:09.0653 3340 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

19:12:09.0673 3340 i8042prt - ok

19:12:09.0758 3340 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys

19:12:09.0762 3340 iaStor - ok

19:12:09.0823 3340 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

19:12:09.0873 3340 iaStorV - ok

19:12:10.0361 3340 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

19:12:10.0656 3340 igfx - ok

19:12:10.0748 3340 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

19:12:10.0764 3340 iirsp - ok

19:12:10.0893 3340 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

19:12:10.0903 3340 Impcd - ok

19:12:11.0030 3340 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys

19:12:11.0057 3340 IntcAzAudAddService - ok

19:12:11.0243 3340 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys

19:12:11.0257 3340 IntcDAud - ok

19:12:11.0417 3340 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

19:12:11.0423 3340 intelide - ok

19:12:11.0509 3340 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

19:12:11.0515 3340 intelppm - ok

19:12:11.0631 3340 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:12:11.0645 3340 IpFilterDriver - ok

19:12:11.0693 3340 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

19:12:11.0705 3340 IPMIDRV - ok

19:12:11.0785 3340 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:12:11.0794 3340 IPNAT - ok

19:12:11.0963 3340 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:12:11.0972 3340 IRENUM - ok

19:12:12.0010 3340 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

19:12:12.0018 3340 isapnp - ok

19:12:12.0058 3340 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

19:12:12.0095 3340 iScsiPrt - ok

19:12:12.0230 3340 JMCR (db917b998cbc15a153c00dd6efc34c13) C:\Windows\system32\DRIVERS\jmcr.sys

19:12:12.0238 3340 JMCR - ok

19:12:12.0292 3340 JME (de4b2249d95c7815d06a39ea5ff4ee53) C:\Windows\system32\DRIVERS\JME.sys

19:12:12.0301 3340 JME - ok

19:12:12.0396 3340 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

19:12:12.0403 3340 kbdclass - ok

19:12:12.0566 3340 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

19:12:12.0575 3340 kbdhid - ok

19:12:12.0673 3340 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys

19:12:12.0677 3340 kbfiltr - ok

19:12:12.0725 3340 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

19:12:12.0740 3340 KSecDD - ok

19:12:12.0826 3340 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

19:12:12.0853 3340 KSecPkg - ok

19:12:12.0942 3340 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:12:12.0948 3340 ksthunk - ok

19:12:13.0064 3340 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:12:13.0072 3340 lltdio - ok

19:12:13.0233 3340 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

19:12:13.0249 3340 LSI_FC - ok

19:12:13.0282 3340 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

19:12:13.0291 3340 LSI_SAS - ok

19:12:13.0328 3340 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:12:13.0337 3340 LSI_SAS2 - ok

19:12:13.0382 3340 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:12:13.0392 3340 LSI_SCSI - ok

19:12:13.0438 3340 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:12:13.0440 3340 luafv - ok

19:12:13.0518 3340 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

19:12:13.0529 3340 megasas - ok

19:12:13.0570 3340 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

19:12:13.0585 3340 MegaSR - ok

19:12:13.0708 3340 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:12:13.0717 3340 Modem - ok

19:12:13.0795 3340 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:12:13.0803 3340 monitor - ok

19:12:13.0901 3340 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

19:12:13.0907 3340 mouclass - ok

19:12:13.0943 3340 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

19:12:13.0951 3340 mouhid - ok

19:12:13.0983 3340 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

19:12:13.0993 3340 mountmgr - ok

19:12:14.0034 3340 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

19:12:14.0047 3340 mpio - ok

19:12:14.0067 3340 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:12:14.0075 3340 mpsdrv - ok

19:12:14.0102 3340 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

19:12:14.0112 3340 MRxDAV - ok

19:12:14.0143 3340 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:12:14.0153 3340 mrxsmb - ok

19:12:14.0199 3340 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:12:14.0215 3340 mrxsmb10 - ok

19:12:14.0235 3340 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:12:14.0244 3340 mrxsmb20 - ok

19:12:14.0275 3340 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

19:12:14.0281 3340 msahci - ok

19:12:14.0307 3340 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

19:12:14.0318 3340 msdsm - ok

19:12:14.0339 3340 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:12:14.0344 3340 Msfs - ok

19:12:14.0400 3340 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:12:14.0405 3340 mshidkmdf - ok

19:12:14.0446 3340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

19:12:14.0453 3340 msisadrv - ok

19:12:14.0541 3340 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:12:14.0545 3340 MSKSSRV - ok

19:12:14.0568 3340 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:12:14.0573 3340 MSPCLOCK - ok

19:12:14.0587 3340 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:12:14.0590 3340 MSPQM - ok

19:12:14.0645 3340 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

19:12:14.0661 3340 MsRPC - ok

19:12:14.0706 3340 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

19:12:14.0712 3340 mssmbios - ok

19:12:14.0742 3340 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:12:14.0747 3340 MSTEE - ok

19:12:14.0770 3340 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

19:12:14.0776 3340 MTConfig - ok

19:12:14.0801 3340 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys

19:12:14.0806 3340 MTsensor - ok

19:12:14.0831 3340 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:12:14.0838 3340 Mup - ok

19:12:15.0007 3340 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:12:15.0023 3340 NativeWifiP - ok

19:12:15.0138 3340 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

19:12:15.0162 3340 NDIS - ok

19:12:15.0189 3340 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:12:15.0196 3340 NdisCap - ok

19:12:15.0231 3340 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:12:15.0237 3340 NdisTapi - ok

19:12:15.0263 3340 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

19:12:15.0275 3340 Ndisuio - ok

19:12:15.0304 3340 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

19:12:15.0315 3340 NdisWan - ok

19:12:15.0347 3340 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

19:12:15.0355 3340 NDProxy - ok

19:12:15.0390 3340 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:12:15.0397 3340 NetBIOS - ok

19:12:15.0420 3340 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

19:12:15.0424 3340 NetBT - ok

19:12:15.0477 3340 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

19:12:15.0488 3340 nfrd960 - ok

19:12:15.0530 3340 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:12:15.0538 3340 Npfs - ok

19:12:15.0562 3340 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:12:15.0562 3340 nsiproxy - ok

19:12:15.0667 3340 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

19:12:15.0730 3340 Ntfs - ok

19:12:15.0804 3340 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:12:15.0809 3340 Null - ok

19:12:16.0148 3340 nvlddmkm (ce62dfd25e51c471517642405addc8bb) C:\Windows\system32\DRIVERS\nvlddmkm.sys

19:12:16.0554 3340 nvlddmkm - ok

19:12:16.0845 3340 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

19:12:16.0854 3340 nvraid - ok

19:12:17.0266 3340 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

19:12:17.0283 3340 nvstor - ok

19:12:17.0712 3340 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

19:12:17.0721 3340 nv_agp - ok

19:12:18.0056 3340 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

19:12:18.0070 3340 ohci1394 - ok

19:12:18.0383 3340 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

19:12:18.0392 3340 Parport - ok

19:12:18.0579 3340 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

19:12:18.0592 3340 partmgr - ok

19:12:18.0812 3340 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

19:12:18.0826 3340 pci - ok

19:12:18.0925 3340 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

19:12:18.0930 3340 pciide - ok

19:12:18.0976 3340 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

19:12:19.0003 3340 pcmcia - ok

19:12:19.0192 3340 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:12:19.0198 3340 pcw - ok

19:12:19.0369 3340 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:12:19.0393 3340 PEAUTH - ok

19:12:19.0537 3340 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

19:12:19.0545 3340 PptpMiniport - ok

19:12:19.0598 3340 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

19:12:19.0606 3340 Processor - ok

19:12:19.0660 3340 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

19:12:19.0670 3340 Psched - ok

19:12:19.0766 3340 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

19:12:19.0833 3340 ql2300 - ok

19:12:19.0940 3340 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

19:12:19.0951 3340 ql40xx - ok

19:12:19.0984 3340 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:12:19.0990 3340 QWAVEdrv - ok

19:12:20.0020 3340 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:12:20.0025 3340 RasAcd - ok

19:12:20.0069 3340 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:12:20.0077 3340 RasAgileVpn - ok

19:12:20.0100 3340 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:12:20.0108 3340 Rasl2tp - ok

19:12:20.0128 3340 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:12:20.0146 3340 RasPppoe - ok

19:12:20.0173 3340 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:12:20.0181 3340 RasSstp - ok

19:12:20.0205 3340 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

19:12:20.0218 3340 rdbss - ok

19:12:20.0242 3340 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

19:12:20.0247 3340 rdpbus - ok

19:12:20.0279 3340 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:12:20.0296 3340 RDPCDD - ok

19:12:20.0423 3340 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:12:20.0433 3340 RDPENCDD - ok

19:12:20.0478 3340 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:12:20.0482 3340 RDPREFMP - ok

19:12:20.0514 3340 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

19:12:20.0525 3340 RDPWD - ok

19:12:20.0586 3340 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

19:12:20.0606 3340 rdyboost - ok

19:12:20.0655 3340 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

19:12:20.0664 3340 RFCOMM - ok

19:12:20.0703 3340 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

19:12:20.0716 3340 RimUsb - ok

19:12:20.0764 3340 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

19:12:20.0770 3340 RimVSerPort - ok

19:12:20.0809 3340 RkHit - ok

19:12:20.0848 3340 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

19:12:20.0856 3340 ROOTMODEM - ok

19:12:20.0944 3340 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:12:20.0953 3340 rspndr - ok

19:12:20.0984 3340 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

19:12:20.0994 3340 sbp2port - ok

19:12:21.0037 3340 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

19:12:21.0044 3340 scfilter - ok

19:12:21.0086 3340 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys

19:12:21.0094 3340 sdbus - ok

19:12:21.0132 3340 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:12:21.0138 3340 secdrv - ok

19:12:21.0167 3340 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

19:12:21.0173 3340 Serenum - ok

19:12:21.0215 3340 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

19:12:21.0223 3340 Serial - ok

19:12:21.0265 3340 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

19:12:21.0271 3340 sermouse - ok

19:12:21.0309 3340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

19:12:21.0320 3340 sffdisk - ok

19:12:21.0342 3340 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

19:12:21.0347 3340 sffp_mmc - ok

19:12:21.0359 3340 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

19:12:21.0362 3340 sffp_sd - ok

19:12:21.0382 3340 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

19:12:21.0387 3340 sfloppy - ok

19:12:21.0446 3340 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

19:12:21.0457 3340 Sftfs - ok

19:12:21.0598 3340 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

19:12:21.0607 3340 Sftplay - ok

19:12:21.0660 3340 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

19:12:21.0665 3340 Sftredir - ok

19:12:21.0694 3340 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

19:12:21.0699 3340 Sftvol - ok

19:12:21.0835 3340 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys

19:12:21.0843 3340 SiSGbeLH - ok

19:12:21.0887 3340 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:12:21.0896 3340 SiSRaid2 - ok

19:12:21.0929 3340 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

19:12:21.0937 3340 SiSRaid4 - ok

19:12:21.0997 3340 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:12:22.0008 3340 Smb - ok

19:12:22.0147 3340 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys

19:12:22.0202 3340 SNP2UVC - ok

19:12:22.0297 3340 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:12:22.0303 3340 spldr - ok

19:12:22.0436 3340 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

19:12:22.0468 3340 srv - ok

19:12:22.0498 3340 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

19:12:22.0515 3340 srv2 - ok

19:12:22.0562 3340 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

19:12:22.0572 3340 srvnet - ok

19:12:22.0612 3340 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

19:12:22.0622 3340 stexstor - ok

19:12:22.0744 3340 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

19:12:22.0748 3340 swenum - ok

19:12:22.0916 3340 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

19:12:22.0941 3340 Tcpip - ok

19:12:23.0189 3340 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

19:12:23.0203 3340 TCPIP6 - ok

19:12:23.0300 3340 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

19:12:23.0306 3340 tcpipreg - ok

19:12:23.0406 3340 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:12:23.0413 3340 TDPIPE - ok

19:12:23.0449 3340 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

19:12:23.0456 3340 TDTCP - ok

19:12:23.0486 3340 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

19:12:23.0492 3340 tdx - ok

19:12:23.0518 3340 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

19:12:23.0524 3340 TermDD - ok

19:12:23.0669 3340 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:12:23.0677 3340 tssecsrv - ok

19:12:23.0719 3340 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

19:12:23.0721 3340 tunnel - ok

19:12:23.0769 3340 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys

19:12:23.0773 3340 TurboB - ok

19:12:23.0809 3340 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

19:12:23.0819 3340 uagp35 - ok

19:12:23.0888 3340 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

19:12:23.0904 3340 udfs - ok

19:12:23.0954 3340 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

19:12:23.0973 3340 uliagpkx - ok

19:12:24.0026 3340 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

19:12:24.0042 3340 umbus - ok

19:12:24.0168 3340 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

19:12:24.0174 3340 UmPass - ok

19:12:24.0237 3340 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

19:12:24.0244 3340 USBAAPL64 - ok

19:12:24.0343 3340 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

19:12:24.0354 3340 usbaudio - ok

19:12:24.0385 3340 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys

19:12:24.0401 3340 usbccgp - ok

19:12:24.0503 3340 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

19:12:24.0517 3340 usbcir - ok

19:12:24.0607 3340 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys

19:12:24.0616 3340 usbehci - ok

19:12:24.0675 3340 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

19:12:24.0693 3340 usbhub - ok

19:12:24.0726 3340 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys

19:12:24.0733 3340 usbohci - ok

19:12:24.0775 3340 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

19:12:24.0782 3340 usbprint - ok

19:12:24.0821 3340 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

19:12:24.0828 3340 usbscan - ok

19:12:24.0862 3340 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:12:24.0877 3340 USBSTOR - ok

19:12:24.0915 3340 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys

19:12:24.0986 3340 usbuhci - ok

19:12:25.0120 3340 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

19:12:25.0132 3340 usbvideo - ok

19:12:25.0187 3340 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

19:12:25.0193 3340 vdrvroot - ok

19:12:25.0238 3340 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:12:25.0244 3340 vga - ok

19:12:25.0282 3340 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:12:25.0292 3340 VgaSave - ok

19:12:25.0324 3340 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

19:12:25.0339 3340 vhdmp - ok

19:12:25.0356 3340 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

19:12:25.0364 3340 viaide - ok

19:12:25.0391 3340 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

19:12:25.0400 3340 volmgr - ok

19:12:25.0432 3340 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

19:12:25.0438 3340 volmgrx - ok

19:12:25.0471 3340 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

19:12:25.0486 3340 volsnap - ok

19:12:25.0530 3340 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

19:12:25.0538 3340 vsmraid - ok

19:12:25.0560 3340 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

19:12:25.0565 3340 vwifibus - ok

19:12:25.0590 3340 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

19:12:25.0597 3340 vwififlt - ok

19:12:25.0634 3340 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

19:12:25.0639 3340 vwifimp - ok

19:12:25.0690 3340 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

19:12:25.0700 3340 WacomPen - ok

19:12:25.0803 3340 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

19:12:25.0812 3340 WANARP - ok

19:12:25.0827 3340 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

19:12:25.0829 3340 Wanarpv6 - ok

19:12:25.0951 3340 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

19:12:25.0961 3340 Wd - ok

19:12:26.0003 3340 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:12:26.0035 3340 Wdf01000 - ok

19:12:26.0161 3340 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:12:26.0166 3340 WfpLwf - ok

19:12:26.0219 3340 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

19:12:26.0232 3340 WimFltr - ok

19:12:26.0310 3340 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:12:26.0317 3340 WIMMount - ok

19:12:26.0429 3340 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

19:12:26.0439 3340 WinUsb - ok

19:12:26.0538 3340 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

19:12:26.0541 3340 WmiAcpi - ok

19:12:26.0598 3340 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:12:26.0603 3340 ws2ifsl - ok

19:12:26.0657 3340 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

19:12:26.0667 3340 WudfPf - ok

19:12:26.0757 3340 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:12:26.0769 3340 WUDFRd - ok

19:12:26.0820 3340 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

19:12:26.0927 3340 \Device\Harddisk0\DR0 - ok

19:12:26.0932 3340 Boot (0x1200) (d8caf89d33b75fd5c8c2588d4b9c408e) \Device\Harddisk0\DR0\Partition0

19:12:26.0935 3340 \Device\Harddisk0\DR0\Partition0 - ok

19:12:26.0953 3340 Boot (0x1200) (5e23e782983a278cf6825110ac527d94) \Device\Harddisk0\DR0\Partition1

19:12:26.0957 3340 \Device\Harddisk0\DR0\Partition1 - ok

19:12:26.0958 3340 ============================================================

19:12:26.0958 3340 Scan finished

19:12:26.0958 3340 ============================================================

19:12:26.0974 5788 Detected object count: 0

19:12:26.0974 5788 Actual detected object count: 0

19:12:33.0549 4172 Deinitialize success

Blade81 · March 14, 2012

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

syiram · March 14, 2012

Okay, thanks! Will all my files be deleted if I run combo fix? I have a back-up stored in the internal hard drive of my computer. Do you think those will be affected? I should run back-up elsewhere if they will be.

Blade81 · March 14, 2012

Hi,

ComboFix won't delete all of your files but it will remove bad items it detects. If you want to backup some important stuff first I recommend you use external hard drive.

syiram · March 16, 2012

Hi, I have run combofix and this is the log. I think my computer is working fine again!!!

ComboFix 12-03-16.03 - user 16/03/2012 14:31:57.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.60.1033.18.3884.2019 [GMT 0:00]

Running from: c:\users\user\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini

c:\programdata\FullRemove.exe

c:\programdata\NOTEPAD.EXE-x.txt

c:\programdata\RUNDLL32.EXE-x.txt

c:\programdata\TorrentEasy\fdmbtsupp.dll

c:\users\user\AppData\Local\ayjiuwuv.log

c:\users\user\AppData\Local\cfoecahm\kmrsngag.exe

c:\users\user\AppData\Local\encxwdut.log

c:\users\user\AppData\Local\mhyxhfpc.log

c:\users\user\AppData\Local\neoqfmps.log

c:\users\user\AppData\Local\qwmfqbyw.log

c:\users\user\AppData\Local\xgsoiuqs.log

c:\users\user\AppData\Roaming\Adobe\plugs

c:\users\user\AppData\Roaming\Adobe\shed

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kmrsngag.exe

c:\windows\svchost.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_RkHit

.

((((((((((((((((((((((((( Files Created from 2012-02-16 to 2012-03-16 )))))))))))))))))))))))))))))))

.

2012-03-16 14:40 . 2012-03-16 14:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-03-16 14:40 . 2012-03-16 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-16 12:02 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AEB2BE0-4AED-4FA7-8682-A467C7FD9AC0}\mpengine.dll

2012-03-15 03:04 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-15 03:04 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-15 03:04 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 17:06 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 17:05 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 17:05 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 17:05 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-14 17:05 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-03-14 17:05 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-14 17:05 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-14 17:05 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2012-03-14 17:05 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2012-03-14 17:05 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2012-03-14 17:05 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-03-14 11:16 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 11:16 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 11:16 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 11:16 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 11:16 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 11:16 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 11:16 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-14 00:04 . 2012-03-14 00:04 -------- d-----w- c:\windows\system32\Macromed

2012-03-12 19:07 . 2012-03-12 19:07 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-09 20:01 . 2012-03-16 14:39 -------- d--h--w- c:\users\user\AppData\Local\cfoecahm

2012-02-15 14:47 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 14:47 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 09:18 . 2011-11-13 14:57 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-03 06:24 . 2012-02-15 14:37 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-01-03 05:44 . 2012-02-15 14:37 478208 ----a-w- c:\windows\SysWow64\timedate.cpl

2011-12-28 03:59 . 2012-02-15 14:21 499200 ----a-w- c:\windows\system32\drivers\afd.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files (x86)\ooVoo_Video_Chat\tbooVo.dll" [2010-12-09 3911776]

"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]

.

[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-12-09 12:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]

2011-01-17 15:54 175912 ----a-w- c:\program files (x86)\NCH_EN\prxtbNCH_.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]

2010-12-09 12:51 3911776 ----a-w- c:\program files (x86)\ooVoo_Video_Chat\tbooVo.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files (x86)\ooVoo_Video_Chat\tbooVo.dll" [2010-12-09 3911776]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-03 137536]

"googletalk"="c:\users\user\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"O2DA"="c:\program files (x86)\O2 Assistant\bin\sprtcmd.exe" [2010-04-23 206120]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 1080608]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-6-9 12862]

SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-6-9 156952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 135664]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-03-27 1800808]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 135664]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files (x86)\O2 Assistant\bin\sprtsvc.exe [2010-04-23 206120]

S2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files (x86)\O2 Assistant\bin\tgsrvc.exe [2010-04-23 185640]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-412975208-2019059206-3477434301-1001Core.job

- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-03 13:45]

.

2012-03-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-412975208-2019059206-3477434301-1001UA.job

- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-03 13:45]

.

2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 20:11]

.

2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 20:11]

.

2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-412975208-2019059206-3477434301-1001Core.job

- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 13:12]

.

2012-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-412975208-2019059206-3477434301-1001UA.job

- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 13:12]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-27 17412200]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

"MRT"="c:\windows\system32\MRT.exe" [2012-03-15 56297240]

"combofix"="c:\combofix\CF24029.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-KmrSngag - c:\users\user\AppData\Local\cfoecahm\kmrsngag.exe

Toolbar-Locked - (no file)

WebBrowser-{E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - (no file)

WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

HKLM-Run-ASUS WebStorage - c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-412975208-2019059206-3477434301-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-412975208-2019059206-3477434301-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\windows\AsScrPro.exe

c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

.

**************************************************************************

.

Completion time: 2012-03-16 14:47:53 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-16 14:47

.

Pre-Run: 18,876,637,184 bytes free

Post-Run: 19,621,859,328 bytes free

.

- - End Of File - - 5CD66DF14FB68D38CB34A5B05FD19D0F

Blade81 · March 16, 2012

Looking better but we're not done yet Please run DDS again and post back its logs.

syiram · March 16, 2012

Hi,

Do I have to delete the previous logs? And do I have to do the whole fixes.bat thing again? Sorry! Like I said before, I'm really bad at these things

Blade81 · March 16, 2012

No, you don't have to delete anything. Just do like earlier here

syiram · March 17, 2012

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by user at 3:48:06 on 2012-03-17

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.60.1033.18.3884.2037 [GMT 0:00]

.

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Elantech\ETDCtrl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Users\user\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe

C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Users\user\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe

C:\Users\user\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler64.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files (x86)\Safari\Safari.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskeng.exe

C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Windows\system32\taskeng.exe

C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948

uInternet Settings,ProxyOverride = ;*.local

uURLSearchHooks: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\tbooVo.dll

uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

mURLSearchHooks: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files (x86)\ooVoo_Video_Chat\tbooVo.dll

mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll