Suspect I'm infected - random survey sites-random BSOD

TomSmith · April 12, 2012

My computer keeps freezing, connects to random survey sights and sometimes gets random BSODs. Also, it has been running alot slower.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by l at 22:01:32 on 2012-04-12

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3874.2177 [GMT 1:00]

.

AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\ASUS\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\taskhost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

uRun: [Google Update] "C:\Users\l\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{74109E11-8DDD-4AA5-B0E3-BB6DA9062025} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{E770E0E5-94C4-4017-9506-3E59BBEB4F26} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{E770E0E5-94C4-4017-9506-3E59BBEB4F26} : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-3-31 23208]

R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-3-31 41728]

R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2012-3-31 14720]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-25 17536]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-3-31 3064624]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-9 654408]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-1 2656280]

R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-3-31 63880]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 253600]

S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]

S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-11 21:42:34 -------- d-----w- C:\Users\l\AppData\Roaming\SUPERAntiSpyware.com

2012-04-11 21:42:34 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-04-10 21:40:28 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-10 21:40:27 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-10 21:40:27 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-10 21:36:27 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-10 21:36:27 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-10 21:36:26 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-10 21:36:26 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-10 21:36:26 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-10 21:36:26 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-10 21:36:26 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-09 12:03:38 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-04-09 12:03:38 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2012-04-09 12:03:38 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll

2012-04-09 11:44:57 1550 ----a-w- C:\ProgramData\1333971897.bdinstall.bin

2012-04-09 11:43:32 -------- d-----w- C:\Users\l\AppData\Local\VS Revo Group

2012-04-09 11:42:56 1550 ----a-w- C:\ProgramData\1333971776.bdinstall.bin

2012-04-09 11:42:46 1550 ----a-w- C:\ProgramData\1333971766.bdinstall.bin

2012-04-09 11:42:26 1550 ----a-w- C:\ProgramData\1333971746.bdinstall.bin

2012-04-09 11:42:23 1550 ----a-w- C:\ProgramData\1333971743.bdinstall.bin

2012-04-09 11:42:18 1550 ----a-w- C:\ProgramData\1333971738.bdinstall.bin

2012-04-09 11:42:04 1550 ----a-w- C:\ProgramData\1333971724.bdinstall.bin

2012-04-09 11:41:42 1550 ----a-w- C:\ProgramData\1333971702.bdinstall.bin

2012-04-08 22:05:06 -------- d-----w- C:\Users\l\AppData\Local\COMODO

2012-04-08 21:08:39 -------- d-----w- C:\ProgramData\CPA_VA

2012-04-08 21:07:46 -------- d--h--w- C:\VritualRoot

2012-04-08 20:58:05 -------- d-----w- C:\ProgramData\Comodo

2012-04-08 20:57:44 -------- d-----w- C:\Program Files\COMODO

2012-04-07 23:10:37 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-07 23:10:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-07 23:03:32 167923 ----a-w- C:\ProgramData\1333839702.bdinstall.bin

2012-04-07 22:42:22 265028 ----a-w- C:\ProgramData\1333838068.bdinstall.bin

2012-04-07 22:41:39 -------- d-----w- C:\ProgramData\BDLogging

2012-04-07 22:21:39 -------- d-----w- C:\Users\l\AppData\Roaming\QuickScan

2012-04-07 22:16:47 4584 ----a-w- C:\ProgramData\1333836946.1428.bin

2012-04-07 22:16:47 32465 ----a-w- C:\ProgramData\1333836946.2960.bin

2012-04-07 22:15:58 9479 ----a-w- C:\ProgramData\1333836946.1944.bin

2012-04-07 22:15:58 1697 ----a-w- C:\ProgramData\1333836946.752.bin

2012-04-07 22:15:58 1695 ----a-w- C:\ProgramData\1333836946.864.bin

2012-04-07 22:15:58 10194 ----a-w- C:\ProgramData\1333836946.356.bin

2012-04-07 22:15:49 167538 ----a-w- C:\ProgramData\1333836946.3524.bin

2012-04-07 22:15:48 12238 ----a-w- C:\ProgramData\1333836946.1484.bin

2012-04-07 22:15:46 75705 ----a-w- C:\ProgramData\1333836946.2212.bin

2012-04-07 22:13:51 -------- d-----w- C:\Program Files\Common Files\Bitdefender

2012-04-07 16:14:54 41184 ----a-w- C:\Windows\avastSS.scr

2012-04-07 16:14:27 -------- d-----w- C:\ProgramData\AVAST Software

2012-04-06 20:47:23 647168 ----a-w- C:\Windows\AutoKMS.exe

2012-04-06 20:46:16 78848 ----a-w- C:\Windows\KMSEmulator.exe

2012-04-06 20:43:28 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-03-31 19:00:23 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware

2012-03-31 09:24:34 175616 ----a-w- C:\Windows\SysWow64\unrar.dll

2012-03-31 09:24:27 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

2012-03-30 19:52:39 -------- d-----w- C:\Program Files\HitmanPro

2012-03-14 21:52:32 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 21:51:34 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 21:51:31 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 07:39:56 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-14 07:39:55 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 07:39:54 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 07:39:54 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 07:39:52 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 07:39:52 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 07:39:51 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

.

==================== Find3M ====================

.

2012-04-06 20:43:28 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-11 20:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys

2012-03-11 20:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2012-03-11 20:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2012-03-11 20:13:22 41200 ----a-w- C:\Windows\System32\cmdcsr.dll

2012-03-11 20:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll

2012-03-11 20:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll

2012-03-02 21:55:31 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-03-02 21:55:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-14 18:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe

2012-02-14 18:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe

2012-02-14 18:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe

2012-02-14 18:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe

2012-02-14 18:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe

2012-02-14 18:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe

2012-02-14 18:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe

2012-02-14 18:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe

2012-02-14 18:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll

2012-02-14 18:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll

2012-02-14 18:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys

2012-02-14 18:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin

2012-02-14 18:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin

2012-02-14 18:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll

2012-02-14 18:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin

2012-02-14 18:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin

2012-02-14 18:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll

2012-02-14 18:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll

2012-02-14 18:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll

2012-02-14 18:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2012-02-14 18:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll

2012-02-14 17:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll

2012-02-14 17:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll

2012-02-14 17:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll

2012-02-14 17:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll

2012-02-14 17:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll

2012-02-14 17:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc

2012-02-14 17:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll

2012-02-14 17:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll

2012-02-14 17:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll

2012-02-14 17:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll

2012-02-14 17:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll

2012-02-14 17:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll

2012-02-14 17:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll

2012-02-14 17:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll

2012-02-14 17:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll

2012-02-14 17:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll

2012-02-14 17:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll

2012-02-14 17:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll

2012-01-29 05:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 22:03:05.58 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 29/02/2012 21:50:39

System Uptime: 12/04/2012 21:46:20 (1 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | K53E

Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU 1 | 798/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 575 GiB total, 537.018 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: Bluetooth Module

Device ID: USB\VID_13D3&PID_3304\6&9E5B1B7&0&1

Manufacturer: Atheros Communications

Name: Bluetooth Module

PNP Device ID: USB\VID_13D3&PID_3304\6&9E5B1B7&0&1

Service: BTHUSB

.

Class GUID:

Description: SM Bus Controller

Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_11471043&REV_05\3&11583659&0&FB

Manufacturer:

Name: SM Bus Controller

PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_11471043&REV_05\3&11583659&0&FB

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SASDIFSV

Device ID: ROOT\LEGACY_SASDIFSV\0000

Manufacturer:

Name: SASDIFSV

PNP Device ID: ROOT\LEGACY_SASDIFSV\0000

Service: SASDIFSV

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SASKUTIL

Device ID: ROOT\LEGACY_SASKUTIL\0000

Manufacturer:

Name: SASKUTIL

PNP Device ID: ROOT\LEGACY_SASKUTIL\0000

Service: SASKUTIL

.

==== System Restore Points ===================

.

RP48: 05/04/2012 11:18:59 - Scheduled Checkpoint

RP49: 05/04/2012 21:19:16 - avast! Internet Security Setup

RP50: 05/04/2012 21:30:37 - avast! Internet Security Setup

RP51: 07/04/2012 16:58:35 - avast! Internet Security Setup

RP52: 07/04/2012 17:14:02 - avast! Internet Security Setup

RP53: 08/04/2012 16:09:48 - Windows Update

RP54: 08/04/2012 21:59:50 - Device Driver Package Install: COMODO Network Service

RP55: 09/04/2012 12:32:43 - Restore Operation

RP57: 09/04/2012 12:43:58 - Revo Uninstaller Pro's restore point - Bitdefender Internet Security 2012

RP58: 09/04/2012 13:01:10 - Device Driver Package Install: COMODO Network Service

RP59: 09/04/2012 21:04:27 - Windows Update

RP60: 09/04/2012 22:51:49 - Comodo IS working fine

RP61: 10/04/2012 22:34:29 - Windows Update

RP62: 10/04/2012 22:58:15 - Windows Update

RP63: 12/04/2012 07:35:14 - Windows Update

.

==== Installed Programs ======================

.

Alcor Micro USB Card Reader

ASUS LifeFrame3

Atheros Driver Installation Program

ATK Package

Build Your Own Net Dream (remove only)

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Emsisoft Anti-Malware

Google Chrome

Intel® Management Engine Components

Intel® Processor Graphics

K-Lite Codec Pack 8.6.0 (Basic)

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSVCRT

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Sonic Focus

SopCast 3.5.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Veetle TV

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinFlash

Wireless Console 3

.

==== Event Viewer Messages From Past Week ========

.

12/04/2012 21:46:50, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL

12/04/2012 21:46:40, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

11/04/2012 22:40:48, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

11/04/2012 22:40:48, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

11/04/2012 22:34:29, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

11/04/2012 22:34:28, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

11/04/2012 22:34:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/04/2012 22:34:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/04/2012 22:34:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/04/2012 22:34:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/04/2012 22:34:11, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a2injectiondriver ATKWMIACPIIO cmdGuard discache spldr Wanarpv6

10/04/2012 23:17:08, Error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error The operation completed successfully..

10/04/2012 22:51:18, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

10/04/2012 22:51:18, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/04/2012 22:51:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/04/2012 22:51:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

09/04/2012 13:01:01, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

09/04/2012 12:47:31, Error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).

08/04/2012 21:34:46, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

08/04/2012 21:12:00, Error: Service Control Manager [7034] - The BitDefender Desktop Update Service service terminated unexpectedly. It has done this 1 time(s).

07/04/2012 21:52:43, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

07/04/2012 17:03:55, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

07/04/2012 17:03:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

07/04/2012 17:03:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

07/04/2012 17:02:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

07/04/2012 17:02:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

07/04/2012 17:01:50, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a2injectiondriver AFD ATKWMIACPIIO DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf

07/04/2012 17:01:50, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

07/04/2012 17:01:50, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

07/04/2012 17:01:50, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

07/04/2012 17:01:50, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

07/04/2012 17:01:50, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

07/04/2012 17:01:50, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

07/04/2012 17:01:50, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

07/04/2012 17:01:50, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

07/04/2012 17:01:50, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

07/04/2012 17:01:50, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.12.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

l :: L-PC [administrator]

Protection: Disabled

12/04/2012 21:59:44

mbam-log-2012-04-12 (21-59-44).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 213221

Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Maurice Naggar · April 14, 2012

Hello Tom and welcome to MalwareBytes forums,

Please start with the following and do as much as possible, Do not do anything else on your own. If you have questions, stop and ask first.

Do not do any websurfing of any kind.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

Go to your Desktop
Double-Click the Computer icon.
From the menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders and drives.
Click Apply > OK.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Please read carefully and follow these steps.

Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
Download TDSSKiller and save it to your Desktop.
RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
Then press Start Scan

When the scan is done, it will display a summary screen.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Copy & Paste contents of aswMBR log & Checkup.txt & log from TDSSKILLER.

Use separate replies as needed if logs do not fit into one reply box.

TomSmith · April 14, 2012

First off, thank you for helping me. Your help is appreciated.

Here is the aswMBR log, it did NOT have the "Fix" enabled.

Run date: 2012-04-14 20:51:08

-----------------------------

20:51:08.053 OS Version: Windows x64 6.1.7601 Service Pack 1

20:51:08.053 Number of processors: 4 586 0x2A07

20:51:08.056 ComputerName: L-PC UserName: l

20:51:13.268 Initialize success

20:52:03.495 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

20:52:03.501 Disk 0 Vendor: ST9640423AS 0001SDM1 Size: 610480MB BusType: 11

20:52:03.559 Disk 0 MBR read successfully

20:52:03.565 Disk 0 MBR scan

20:52:03.571 Disk 0 Windows 7 default MBR code

20:52:03.577 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 22003 MB offset 63

20:52:03.592 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 588476 MB offset 45062328

20:52:03.622 Disk 0 scanning C:\Windows\system32\drivers

20:52:12.835 Service scanning

20:52:35.788 Modules scanning

20:52:35.803 Scan finished successfully

20:52:49.364 Disk 0 MBR has been saved successfully to "C:\Users\l\Desktop\MBR.dat"

20:52:49.366 The log file has been saved successfully to "C:\Users\l\Desktop\aswMBR.txt"

Results of screen317's Security Check version 0.99.32

Windows 7 x64 (UAC is disabled!)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

Emsisoft Anti-Malware a2service.exe

``````````End of Log````````````

20:57:33.0807 3884 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

20:57:34.0067 3884 ============================================================

20:57:34.0067 3884 Current date / time: 2012/04/14 20:57:34.0067

20:57:34.0067 3884 SystemInfo:

20:57:34.0067 3884

20:57:34.0067 3884 OS Version: 6.1.7601 ServicePack: 1.0

20:57:34.0067 3884 Product type: Workstation

20:57:34.0067 3884 ComputerName: L-PC

20:57:34.0068 3884 UserName: l

20:57:34.0068 3884 Windows directory: C:\Windows

20:57:34.0068 3884 System windows directory: C:\Windows

20:57:34.0068 3884 Running under WOW64

20:57:34.0068 3884 Processor architecture: Intel x64

20:57:34.0068 3884 Number of processors: 4

20:57:34.0068 3884 Page size: 0x1000

20:57:34.0068 3884 Boot type: Normal boot

20:57:34.0068 3884 ============================================================

20:57:36.0616 3884 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:57:36.0636 3884 \Device\Harddisk0\DR0:

20:57:36.0637 3884 MBR used

20:57:36.0637 3884 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF98B8, BlocksNum 0x47D5E1F8

20:57:36.0675 3884 Initialize success

20:57:36.0675 3884 ============================================================

20:57:48.0990 2184 ============================================================

20:57:48.0991 2184 Scan started

20:57:48.0991 2184 Mode: Manual; SigCheck; TDLFS;

20:57:48.0991 2184 ============================================================

20:57:49.0869 2184 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:57:50.0060 2184 1394ohci - ok

20:57:50.0197 2184 a2acc (922ab7cc2c12c38dc2c4074af893d5fb) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys

20:57:50.0281 2184 a2acc - ok

20:57:50.0424 2184 a2AntiMalware (84d0d8fe2ca825ef6a6a647e2d37f692) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

20:57:50.0582 2184 a2AntiMalware - ok

20:57:50.0616 2184 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys

20:57:50.0639 2184 A2DDA - ok

20:57:50.0670 2184 a2injectiondriver (905cda5a8d86f733df8000909b4916ed) C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys

20:57:50.0694 2184 a2injectiondriver - ok

20:57:50.0724 2184 a2util (e41d79682a209f72f4f578cfd4a53952) C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys

20:57:50.0747 2184 a2util - ok

20:57:50.0872 2184 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:57:50.0912 2184 ACPI - ok

20:57:50.0956 2184 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:57:51.0020 2184 AcpiPmi - ok

20:57:51.0131 2184 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:57:51.0160 2184 AdobeFlashPlayerUpdateSvc - ok

20:57:51.0229 2184 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

20:57:51.0278 2184 adp94xx - ok

20:57:51.0299 2184 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

20:57:51.0340 2184 adpahci - ok

20:57:51.0400 2184 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

20:57:51.0432 2184 adpu320 - ok

20:57:51.0491 2184 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

20:57:51.0607 2184 AeLookupSvc - ok

20:57:51.0720 2184 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

20:57:51.0781 2184 AFD - ok

20:57:51.0834 2184 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:57:51.0861 2184 agp440 - ok

20:57:51.0894 2184 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

20:57:51.0930 2184 ALG - ok

20:57:51.0954 2184 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:57:51.0979 2184 aliide - ok

20:57:52.0011 2184 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:57:52.0036 2184 amdide - ok

20:57:52.0143 2184 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

20:57:52.0191 2184 AmdK8 - ok

20:57:52.0205 2184 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

20:57:52.0237 2184 AmdPPM - ok

20:57:52.0292 2184 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

20:57:52.0321 2184 amdsata - ok

20:57:52.0339 2184 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

20:57:52.0372 2184 amdsbs - ok

20:57:52.0409 2184 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

20:57:52.0434 2184 amdxata - ok

20:57:52.0501 2184 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:57:52.0590 2184 AppID - ok

20:57:52.0629 2184 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

20:57:52.0722 2184 AppIDSvc - ok

20:57:52.0774 2184 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

20:57:52.0864 2184 Appinfo - ok

20:57:52.0936 2184 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

20:57:52.0964 2184 arc - ok

20:57:52.0979 2184 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

20:57:53.0008 2184 arcsas - ok

20:57:53.0102 2184 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

20:57:53.0127 2184 ASLDRService - ok

20:57:53.0142 2184 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

20:57:53.0163 2184 ASMMAP64 - ok

20:57:53.0278 2184 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:57:53.0368 2184 AsyncMac - ok

20:57:53.0401 2184 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:57:53.0426 2184 atapi - ok

20:57:53.0561 2184 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys

20:57:53.0736 2184 athr - ok

20:57:53.0837 2184 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

20:57:53.0864 2184 ATKGFNEXSrv - ok

20:57:53.0903 2184 ATKWMIACPIIO (ac31727f9946e9009480708e4d1b9986) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

20:57:53.0925 2184 ATKWMIACPIIO - ok

20:57:54.0050 2184 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:57:54.0160 2184 AudioEndpointBuilder - ok

20:57:54.0180 2184 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:57:54.0285 2184 AudioSrv - ok

20:57:54.0385 2184 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys

20:57:54.0420 2184 avchv - ok

20:57:54.0498 2184 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

20:57:54.0567 2184 AxInstSV - ok

20:57:54.0629 2184 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

20:57:54.0674 2184 b06bdrv - ok

20:57:54.0742 2184 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:57:54.0783 2184 b57nd60a - ok

20:57:54.0835 2184 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

20:57:54.0880 2184 BDESVC - ok

20:57:54.0921 2184 bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys

20:57:54.0948 2184 bdsandbox - ok

20:57:54.0980 2184 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:57:55.0070 2184 Beep - ok

20:57:55.0155 2184 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

20:57:55.0267 2184 BFE - ok

20:57:55.0339 2184 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

20:57:55.0459 2184 BITS - ok

20:57:55.0519 2184 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

20:57:55.0552 2184 blbdrive - ok

20:57:55.0614 2184 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:57:55.0657 2184 bowser - ok

20:57:55.0696 2184 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:57:55.0768 2184 BrFiltLo - ok

20:57:55.0792 2184 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:57:55.0833 2184 BrFiltUp - ok

20:57:55.0872 2184 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

20:57:55.0965 2184 BridgeMP - ok

20:57:56.0054 2184 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

20:57:56.0148 2184 Browser - ok

20:57:56.0192 2184 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:57:56.0255 2184 Brserid - ok

20:57:56.0270 2184 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:57:56.0308 2184 BrSerWdm - ok

20:57:56.0323 2184 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:57:56.0360 2184 BrUsbMdm - ok

20:57:56.0375 2184 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:57:56.0405 2184 BrUsbSer - ok

20:57:56.0501 2184 BtFilter (0f4c980b9612abdb25bcabf0c660c058) C:\Windows\system32\DRIVERS\btfilter.sys

20:57:56.0548 2184 BtFilter - ok

20:57:56.0600 2184 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

20:57:56.0641 2184 BTHMODEM - ok

20:57:56.0700 2184 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

20:57:56.0766 2184 BTHPORT - ok

20:57:56.0817 2184 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

20:57:56.0910 2184 bthserv - ok

20:57:56.0943 2184 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

20:57:56.0975 2184 BTHUSB - ok

20:57:57.0037 2184 catchme - ok

20:57:57.0086 2184 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:57:57.0179 2184 cdfs - ok

20:57:57.0232 2184 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

20:57:57.0268 2184 cdrom - ok

20:57:57.0333 2184 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:57:57.0424 2184 CertPropSvc - ok

20:57:57.0463 2184 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

20:57:57.0502 2184 circlass - ok

20:57:57.0548 2184 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:57:57.0592 2184 CLFS - ok

20:57:57.0661 2184 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:57:57.0684 2184 clr_optimization_v2.0.50727_32 - ok

20:57:57.0731 2184 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:57:57.0756 2184 clr_optimization_v2.0.50727_64 - ok

20:57:57.0873 2184 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:57:57.0900 2184 clr_optimization_v4.0.30319_32 - ok

20:57:57.0979 2184 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:57:58.0005 2184 clr_optimization_v4.0.30319_64 - ok

20:57:58.0090 2184 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

20:57:58.0144 2184 CmBatt - ok

20:57:58.0361 2184 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

20:57:58.0555 2184 cmdAgent - ok

20:57:58.0659 2184 cmderd (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys

20:57:58.0684 2184 cmderd - ok

20:57:58.0734 2184 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys

20:57:58.0783 2184 cmdGuard - ok

20:57:59.0230 2184 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys

20:57:59.0255 2184 cmdHlp - ok

20:57:59.0284 2184 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:57:59.0311 2184 cmdide - ok

20:57:59.0370 2184 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

20:57:59.0448 2184 CNG - ok

20:57:59.0540 2184 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

20:57:59.0567 2184 Compbatt - ok

20:57:59.0633 2184 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

20:57:59.0687 2184 CompositeBus - ok

20:57:59.0713 2184 COMSysApp - ok

20:57:59.0781 2184 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe

20:57:59.0820 2184 cphs - ok

20:57:59.0860 2184 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

20:57:59.0888 2184 crcdisk - ok

20:57:59.0947 2184 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

20:58:00.0042 2184 CryptSvc - ok

20:58:00.0083 2184 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:58:00.0192 2184 DcomLaunch - ok

20:58:00.0238 2184 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

20:58:00.0340 2184 defragsvc - ok

20:58:00.0393 2184 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:58:00.0483 2184 DfsC - ok

20:58:00.0544 2184 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

20:58:00.0644 2184 Dhcp - ok

20:58:00.0688 2184 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:58:00.0779 2184 discache - ok

20:58:00.0808 2184 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

20:58:00.0836 2184 Disk - ok

20:58:00.0880 2184 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

20:58:00.0932 2184 Dnscache - ok

20:58:00.0997 2184 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

20:58:01.0096 2184 dot3svc - ok

20:58:01.0144 2184 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

20:58:01.0237 2184 DPS - ok

20:58:01.0295 2184 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:58:01.0333 2184 drmkaud - ok

20:58:01.0395 2184 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:58:01.0476 2184 DXGKrnl - ok

20:58:01.0514 2184 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

20:58:01.0611 2184 EapHost - ok

20:58:01.0829 2184 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

20:58:01.0995 2184 ebdrv - ok

20:58:02.0071 2184 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

20:58:02.0103 2184 EFS - ok

20:58:02.0195 2184 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

20:58:02.0267 2184 ehRecvr - ok

20:58:02.0299 2184 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

20:58:02.0340 2184 ehSched - ok

20:58:02.0409 2184 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

20:58:02.0458 2184 elxstor - ok

20:58:02.0498 2184 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:58:02.0529 2184 ErrDev - ok

20:58:02.0601 2184 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

20:58:02.0705 2184 EventSystem - ok

20:58:02.0782 2184 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:58:02.0879 2184 exfat - ok

20:58:02.0907 2184 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:58:03.0004 2184 fastfat - ok

20:58:03.0077 2184 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

20:58:03.0145 2184 Fax - ok

20:58:03.0159 2184 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

20:58:03.0190 2184 fdc - ok

20:58:03.0272 2184 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

20:58:03.0365 2184 fdPHost - ok

20:58:03.0388 2184 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

20:58:03.0481 2184 FDResPub - ok

20:58:03.0537 2184 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:58:03.0568 2184 FileInfo - ok

20:58:03.0582 2184 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:58:03.0696 2184 Filetrace - ok

20:58:03.0709 2184 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

20:58:03.0741 2184 flpydisk - ok

20:58:03.0820 2184 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:58:03.0859 2184 FltMgr - ok

20:58:03.0929 2184 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

20:58:04.0016 2184 FontCache - ok

20:58:04.0074 2184 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:58:04.0096 2184 FontCache3.0.0.0 - ok

20:58:04.0149 2184 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:58:04.0177 2184 FsDepends - ok

20:58:04.0245 2184 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

20:58:04.0270 2184 Fs_Rec - ok

20:58:04.0321 2184 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:58:04.0365 2184 fvevol - ok

20:58:04.0402 2184 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:58:04.0431 2184 gagp30kx - ok

20:58:04.0511 2184 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

20:58:04.0620 2184 gpsvc - ok

20:58:04.0650 2184 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:58:04.0685 2184 hcw85cir - ok

20:58:04.0776 2184 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

20:58:04.0826 2184 HdAudAddService - ok

20:58:04.0899 2184 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

20:58:04.0940 2184 HDAudBus - ok

20:58:04.0982 2184 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

20:58:05.0014 2184 HidBatt - ok

20:58:05.0041 2184 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

20:58:05.0081 2184 HidBth - ok

20:58:05.0095 2184 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

20:58:05.0134 2184 HidIr - ok

20:58:05.0159 2184 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

20:58:05.0250 2184 hidserv - ok

20:58:05.0310 2184 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

20:58:05.0342 2184 HidUsb - ok

20:58:05.0391 2184 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

20:58:05.0481 2184 hkmsvc - ok

20:58:05.0546 2184 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

20:58:05.0584 2184 HomeGroupListener - ok

20:58:05.0602 2184 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

20:58:05.0638 2184 HomeGroupProvider - ok

20:58:05.0691 2184 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:58:05.0719 2184 HpSAMD - ok

20:58:05.0755 2184 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:58:05.0937 2184 HTTP - ok

20:58:06.0090 2184 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:58:06.0115 2184 hwpolicy - ok

20:58:06.0192 2184 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

20:58:06.0224 2184 i8042prt - ok

20:58:06.0300 2184 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

20:58:06.0346 2184 iaStorV - ok

20:58:06.0444 2184 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:58:06.0496 2184 idsvc - ok

20:58:07.0000 2184 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys

20:58:07.0708 2184 igfx - ok

20:58:07.0835 2184 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

20:58:07.0862 2184 iirsp - ok

20:58:07.0926 2184 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

20:58:08.0043 2184 IKEEXT - ok

20:58:08.0085 2184 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys

20:58:08.0112 2184 inspect - ok

20:58:08.0170 2184 IntcAzAudAddService - ok

20:58:08.0221 2184 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

20:58:08.0272 2184 IntcDAud - ok

20:58:08.0308 2184 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:58:08.0333 2184 intelide - ok

20:58:08.0364 2184 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:58:08.0396 2184 intelppm - ok

20:58:08.0439 2184 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

20:58:08.0535 2184 IPBusEnum - ok

20:58:08.0560 2184 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:58:08.0649 2184 IpFilterDriver - ok

20:58:08.0792 2184 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

20:58:08.0900 2184 iphlpsvc - ok

20:58:08.0944 2184 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:58:08.0976 2184 IPMIDRV - ok

20:58:09.0017 2184 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:58:09.0108 2184 IPNAT - ok

20:58:09.0127 2184 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:58:09.0168 2184 IRENUM - ok

20:58:09.0194 2184 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:58:09.0219 2184 isapnp - ok

20:58:09.0253 2184 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:58:09.0291 2184 iScsiPrt - ok

20:58:09.0337 2184 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

20:58:09.0364 2184 kbdclass - ok

20:58:09.0418 2184 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

20:58:09.0449 2184 kbdhid - ok

20:58:09.0501 2184 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:58:09.0531 2184 KeyIso - ok

20:58:09.0589 2184 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

20:58:09.0616 2184 KSecDD - ok

20:58:09.0676 2184 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

20:58:09.0707 2184 KSecPkg - ok

20:58:09.0758 2184 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:58:09.0847 2184 ksthunk - ok

20:58:09.0880 2184 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

20:58:09.0985 2184 KtmRm - ok

20:58:10.0041 2184 L1C (655a5d8e80869781cce23760ada7e695) C:\Windows\system32\DRIVERS\L1C62x64.sys

20:58:10.0072 2184 L1C - ok

20:58:10.0142 2184 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

20:58:10.0245 2184 LanmanServer - ok

20:58:10.0306 2184 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

20:58:10.0403 2184 LanmanWorkstation - ok

20:58:10.0473 2184 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:58:10.0564 2184 lltdio - ok

20:58:10.0596 2184 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

20:58:10.0699 2184 lltdsvc - ok

20:58:10.0712 2184 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

20:58:10.0804 2184 lmhosts - ok

20:58:10.0898 2184 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

20:58:10.0937 2184 LMS - ok

20:58:11.0003 2184 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:58:11.0032 2184 LSI_FC - ok

20:58:11.0048 2184 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:58:11.0076 2184 LSI_SAS - ok

20:58:11.0093 2184 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:58:11.0122 2184 LSI_SAS2 - ok

20:58:11.0139 2184 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:58:11.0169 2184 LSI_SCSI - ok

20:58:11.0233 2184 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:58:11.0326 2184 luafv - ok

20:58:11.0784 2184 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

20:58:11.0811 2184 MBAMProtector - ok

20:58:11.0875 2184 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

20:58:11.0920 2184 MBAMService - ok

20:58:11.0972 2184 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

20:58:12.0008 2184 Mcx2Svc - ok

20:58:12.0067 2184 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

20:58:12.0092 2184 megasas - ok

20:58:12.0112 2184 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

20:58:12.0151 2184 MegaSR - ok

20:58:12.0200 2184 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

20:58:12.0224 2184 MEIx64 - ok

20:58:12.0418 2184 Microsoft SharePoint Workspace Audit Service - ok

20:58:12.0510 2184 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:58:12.0607 2184 MMCSS - ok

20:58:12.0646 2184 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:58:12.0737 2184 Modem - ok

20:58:12.0760 2184 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:58:12.0798 2184 monitor - ok

20:58:12.0864 2184 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

20:58:12.0890 2184 mouclass - ok

20:58:12.0934 2184 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:58:12.0965 2184 mouhid - ok

20:58:13.0018 2184 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:58:13.0046 2184 mountmgr - ok

20:58:13.0101 2184 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:58:13.0132 2184 mpio - ok

20:58:13.0162 2184 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:58:13.0257 2184 mpsdrv - ok

20:58:13.0303 2184 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

20:58:13.0433 2184 MpsSvc - ok

20:58:13.0479 2184 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:58:13.0528 2184 MRxDAV - ok

20:58:13.0576 2184 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:58:13.0617 2184 mrxsmb - ok

20:58:13.0662 2184 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:58:13.0702 2184 mrxsmb10 - ok

20:58:13.0743 2184 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:58:13.0773 2184 mrxsmb20 - ok

20:58:13.0827 2184 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:58:13.0853 2184 msahci - ok

20:58:13.0890 2184 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:58:13.0922 2184 msdsm - ok

20:58:13.0969 2184 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

20:58:14.0008 2184 MSDTC - ok

20:58:14.0066 2184 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:58:14.0181 2184 Msfs - ok

20:58:14.0210 2184 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:58:14.0301 2184 mshidkmdf - ok

20:58:14.0394 2184 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:58:14.0419 2184 msisadrv - ok

20:58:14.0514 2184 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

20:58:14.0610 2184 MSiSCSI - ok

20:58:14.0623 2184 msiserver - ok

20:58:14.0664 2184 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:58:14.0753 2184 MSKSSRV - ok

20:58:14.0768 2184 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:58:14.0857 2184 MSPCLOCK - ok

20:58:14.0872 2184 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:58:14.0962 2184 MSPQM - ok

20:58:15.0023 2184 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:58:15.0065 2184 MsRPC - ok

20:58:15.0098 2184 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

20:58:15.0125 2184 mssmbios - ok

20:58:15.0168 2184 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:58:15.0259 2184 MSTEE - ok

20:58:15.0273 2184 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

20:58:15.0303 2184 MTConfig - ok

20:58:15.0342 2184 mtqjxm - ok

20:58:15.0360 2184 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:58:15.0387 2184 Mup - ok

20:58:15.0450 2184 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

20:58:15.0555 2184 napagent - ok

20:58:15.0651 2184 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:58:15.0702 2184 NativeWifiP - ok

20:58:15.0715 2184 nckkof - ok

20:58:15.0803 2184 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

20:58:15.0869 2184 NDIS - ok

20:58:15.0918 2184 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:58:16.0009 2184 NdisCap - ok

20:58:16.0035 2184 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:58:16.0124 2184 NdisTapi - ok

20:58:16.0215 2184 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:58:16.0307 2184 Ndisuio - ok

20:58:16.0360 2184 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:58:16.0455 2184 NdisWan - ok

20:58:16.0484 2184 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:58:16.0572 2184 NDProxy - ok

20:58:16.0617 2184 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:58:16.0709 2184 NetBIOS - ok

20:58:16.0791 2184 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:58:16.0888 2184 NetBT - ok

20:58:16.0955 2184 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:58:16.0986 2184 Netlogon - ok

20:58:17.0036 2184 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

20:58:17.0140 2184 Netman - ok

20:58:17.0172 2184 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

20:58:17.0275 2184 netprofm - ok

20:58:17.0344 2184 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:58:17.0368 2184 NetTcpPortSharing - ok

20:58:17.0413 2184 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

20:58:17.0445 2184 nfrd960 - ok

20:58:17.0508 2184 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

20:58:17.0608 2184 NlaSvc - ok

20:58:17.0623 2184 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:58:17.0715 2184 Npfs - ok

20:58:17.0760 2184 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

20:58:17.0852 2184 nsi - ok

20:58:17.0866 2184 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:58:17.0959 2184 nsiproxy - ok

20:58:18.0053 2184 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

20:58:18.0184 2184 Ntfs - ok

20:58:18.0233 2184 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:58:18.0323 2184 Null - ok

20:58:18.0361 2184 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

20:58:18.0393 2184 nvraid - ok

20:58:18.0435 2184 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

20:58:18.0468 2184 nvstor - ok

20:58:18.0523 2184 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:58:18.0552 2184 nv_agp - ok

20:58:18.0582 2184 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:58:18.0614 2184 ohci1394 - ok

20:58:18.0724 2184 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:58:18.0749 2184 ose - ok

20:58:18.0956 2184 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

20:58:19.0177 2184 osppsvc - ok

20:58:19.0293 2184 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:58:19.0336 2184 p2pimsvc - ok

20:58:19.0366 2184 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

20:58:19.0413 2184 p2psvc - ok

20:58:19.0452 2184 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

20:58:19.0485 2184 Parport - ok

20:58:19.0519 2184 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

20:58:19.0546 2184 partmgr - ok

20:58:19.0563 2184 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

20:58:19.0614 2184 PcaSvc - ok

20:58:19.0663 2184 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:58:19.0696 2184 pci - ok

20:58:19.0725 2184 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:58:19.0750 2184 pciide - ok

20:58:19.0785 2184 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

20:58:19.0821 2184 pcmcia - ok

20:58:19.0836 2184 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:58:19.0862 2184 pcw - ok

20:58:19.0898 2184 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:58:20.0010 2184 PEAUTH - ok

20:58:20.0088 2184 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

20:58:20.0123 2184 PerfHost - ok

20:58:20.0224 2184 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

20:58:20.0380 2184 pla - ok

20:58:20.0458 2184 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

20:58:20.0503 2184 PlugPlay - ok

20:58:20.0550 2184 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

20:58:20.0585 2184 PNRPAutoReg - ok

20:58:20.0621 2184 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:58:20.0661 2184 PNRPsvc - ok

20:58:20.0711 2184 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

20:58:20.0815 2184 PolicyAgent - ok

20:58:20.0868 2184 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

20:58:20.0966 2184 Power - ok

20:58:21.0027 2184 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:58:21.0115 2184 PptpMiniport - ok

20:58:21.0155 2184 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

20:58:21.0188 2184 Processor - ok

20:58:21.0242 2184 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

20:58:21.0339 2184 ProfSvc - ok

20:58:21.0389 2184 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:58:21.0419 2184 ProtectedStorage - ok

20:58:21.0476 2184 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:58:21.0565 2184 Psched - ok

20:58:21.0639 2184 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

20:58:21.0744 2184 ql2300 - ok

20:58:21.0761 2184 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

20:58:21.0791 2184 ql40xx - ok

20:58:21.0836 2184 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

20:58:21.0889 2184 QWAVE - ok

20:58:22.0215 2184 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:58:22.0438 2184 QWAVEdrv - ok

20:58:22.0480 2184 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:58:22.0572 2184 RasAcd - ok

20:58:22.0620 2184 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:58:22.0710 2184 RasAgileVpn - ok

20:58:22.0733 2184 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

20:58:22.0828 2184 RasAuto - ok

20:58:22.0869 2184 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:58:22.0959 2184 Rasl2tp - ok

20:58:22.0993 2184 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

20:58:23.0116 2184 RasMan - ok

20:58:23.0166 2184 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:58:23.0256 2184 RasPppoe - ok

20:58:23.0273 2184 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:58:23.0365 2184 RasSstp - ok

20:58:23.0416 2184 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:58:23.0513 2184 rdbss - ok

20:58:23.0533 2184 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

20:58:23.0573 2184 rdpbus - ok

20:58:23.0638 2184 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:58:23.0729 2184 RDPCDD - ok

20:58:23.0762 2184 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:58:23.0852 2184 RDPENCDD - ok

20:58:23.0870 2184 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:58:23.0959 2184 RDPREFMP - ok

20:58:23.0992 2184 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

20:58:24.0026 2184 RDPWD - ok

20:58:24.0064 2184 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:58:24.0099 2184 rdyboost - ok

20:58:24.0141 2184 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

20:58:24.0238 2184 RemoteAccess - ok

20:58:24.0291 2184 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

20:58:24.0390 2184 RemoteRegistry - ok

20:58:24.0420 2184 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

20:58:24.0517 2184 RpcEptMapper - ok

20:58:24.0556 2184 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

20:58:24.0591 2184 RpcLocator - ok

20:58:24.0648 2184 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:58:24.0750 2184 RpcSs - ok

20:58:24.0824 2184 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:58:24.0916 2184 rspndr - ok

20:58:24.0956 2184 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:58:24.0987 2184 SamSs - ok

20:58:25.0414 2184 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Users\l\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS

20:58:25.0438 2184 SASDIFSV - ok

20:58:25.0860 2184 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Users\l\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS

20:58:25.0883 2184 SASKUTIL - ok

20:58:26.0002 2184 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:58:26.0030 2184 sbp2port - ok

20:58:26.0078 2184 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

20:58:26.0178 2184 SCardSvr - ok

20:58:26.0221 2184 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:58:26.0308 2184 scfilter - ok

20:58:26.0381 2184 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

20:58:26.0526 2184 Schedule - ok

20:58:26.0572 2184 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:58:26.0658 2184 SCPolicySvc - ok

20:58:26.0699 2184 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

20:58:26.0737 2184 SDRSVC - ok

20:58:26.0795 2184 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:58:26.0885 2184 secdrv - ok

20:58:26.0905 2184 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

20:58:27.0011 2184 seclogon - ok

20:58:27.0051 2184 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

20:58:27.0146 2184 SENS - ok

20:58:27.0170 2184 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

20:58:27.0211 2184 SensrSvc - ok

20:58:27.0257 2184 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

20:58:27.0288 2184 Serenum - ok

20:58:27.0318 2184 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

20:58:27.0352 2184 Serial - ok

20:58:27.0557 2184 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

20:58:27.0590 2184 sermouse - ok

20:58:27.0647 2184 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

20:58:27.0742 2184 SessionEnv - ok

20:58:27.0760 2184 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:58:27.0795 2184 sffdisk - ok

20:58:27.0823 2184 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:58:27.0850 2184 sffp_mmc - ok

20:58:27.0881 2184 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:58:27.0917 2184 sffp_sd - ok

20:58:27.0944 2184 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

20:58:27.0974 2184 sfloppy - ok

20:58:28.0025 2184 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

20:58:28.0129 2184 SharedAccess - ok

20:58:28.0181 2184 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

20:58:28.0283 2184 ShellHWDetection - ok

20:58:28.0297 2184 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:58:28.0324 2184 SiSRaid2 - ok

20:58:28.0341 2184 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

20:58:28.0369 2184 SiSRaid4 - ok

20:58:28.0426 2184 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:58:28.0518 2184 Smb - ok

20:58:28.0595 2184 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

20:58:28.0630 2184 SNMPTRAP - ok

20:58:28.0673 2184 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:58:28.0698 2184 spldr - ok

20:58:28.0746 2184 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

20:58:28.0851 2184 Spooler - ok

20:58:28.0977 2184 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

20:58:29.0162 2184 sppsvc - ok

20:58:29.0195 2184 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

20:58:29.0290 2184 sppuinotify - ok

20:58:29.0367 2184 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:58:29.0426 2184 srv - ok

20:58:29.0469 2184 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:58:29.0511 2184 srv2 - ok

20:58:29.0535 2184 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:58:29.0571 2184 srvnet - ok

20:58:29.0625 2184 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

20:58:29.0723 2184 SSDPSRV - ok

20:58:29.0742 2184 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

20:58:29.0838 2184 SstpSvc - ok

20:58:29.0871 2184 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

20:58:29.0897 2184 stexstor - ok

20:58:29.0960 2184 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

20:58:30.0026 2184 stisvc - ok

20:58:30.0067 2184 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

20:58:30.0091 2184 swenum - ok

20:58:30.0136 2184 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

20:58:30.0246 2184 swprv - ok

20:58:30.0324 2184 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

20:58:30.0437 2184 SysMain - ok

20:58:30.0487 2184 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

20:58:30.0536 2184 TabletInputService - ok

20:58:30.0580 2184 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

20:58:30.0681 2184 TapiSrv - ok

20:58:30.0713 2184 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

20:58:30.0807 2184 TBS - ok

20:58:30.0915 2184 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

20:58:31.0051 2184 Tcpip - ok

20:58:31.0168 2184 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

20:58:31.0266 2184 TCPIP6 - ok

20:58:31.0342 2184 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:58:31.0430 2184 tcpipreg - ok

20:58:31.0481 2184 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:58:31.0510 2184 TDPIPE - ok

20:58:31.0554 2184 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

20:58:31.0587 2184 TDTCP - ok

20:58:31.0629 2184 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:58:31.0718 2184 tdx - ok

20:58:31.0761 2184 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

20:58:31.0788 2184 TermDD - ok

20:58:31.0836 2184 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

20:58:31.0949 2184 TermService - ok

20:58:31.0983 2184 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

20:58:32.0028 2184 Themes - ok

20:58:32.0059 2184 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:58:32.0151 2184 THREADORDER - ok

20:58:32.0177 2184 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

20:58:32.0275 2184 TrkWks - ok

20:58:32.0327 2184 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

20:58:32.0419 2184 TrustedInstaller - ok

20:58:32.0482 2184 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:58:32.0569 2184 tssecsrv - ok

20:58:32.0613 2184 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:58:32.0643 2184 TsUsbFlt - ok

20:58:32.0722 2184 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:58:32.0812 2184 tunnel - ok

20:58:32.0841 2184 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

20:58:32.0868 2184 uagp35 - ok

20:58:32.0896 2184 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:58:32.0992 2184 udfs - ok

20:58:33.0041 2184 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

20:58:33.0078 2184 UI0Detect - ok

20:58:33.0145 2184 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:58:33.0172 2184 uliagpkx - ok

20:58:33.0204 2184 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

20:58:33.0235 2184 umbus - ok

20:58:33.0279 2184 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

20:58:33.0311 2184 UmPass - ok

20:58:33.0479 2184 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

20:58:33.0605 2184 UNS - ok

20:58:33.0660 2184 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

20:58:33.0761 2184 upnphost - ok

20:58:33.0817 2184 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

20:58:33.0848 2184 usbccgp - ok

20:58:33.0898 2184 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:58:33.0938 2184 usbcir - ok

20:58:33.0969 2184 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

20:58:33.0998 2184 usbehci - ok

20:58:34.0045 2184 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

20:58:34.0084 2184 usbhub - ok

20:58:34.0106 2184 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

20:58:34.0135 2184 usbohci - ok

20:58:34.0187 2184 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

20:58:34.0224 2184 usbprint - ok

20:58:34.0253 2184 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

20:58:34.0282 2184 USBSTOR - ok

20:58:34.0306 2184 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

20:58:34.0334 2184 usbuhci - ok

20:58:34.0418 2184 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

20:58:34.0461 2184 usbvideo - ok

20:58:34.0514 2184 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

20:58:34.0610 2184 UxSms - ok

20:58:34.0659 2184 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:58:34.0688 2184 VaultSvc - ok

20:58:34.0752 2184 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:58:34.0780 2184 vdrvroot - ok

20:58:34.0854 2184 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

20:58:34.0961 2184 vds - ok

20:58:35.0004 2184 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:58:35.0040 2184 vga - ok

20:58:35.0067 2184 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:58:35.0159 2184 VgaSave - ok

20:58:35.0204 2184 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:58:35.0238 2184 vhdmp - ok

20:58:35.0276 2184 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:58:35.0301 2184 viaide - ok

20:58:35.0333 2184 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:58:35.0363 2184 volmgr - ok

20:58:35.0423 2184 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:58:35.0465 2184 volmgrx - ok

20:58:35.0510 2184 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:58:35.0550 2184 volsnap - ok

20:58:35.0595 2184 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

20:58:35.0629 2184 vsmraid - ok

20:58:35.0728 2184 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

20:58:35.0902 2184 VSS - ok

20:58:35.0966 2184 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

20:58:36.0002 2184 vwifibus - ok

20:58:36.0036 2184 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

20:58:36.0077 2184 vwififlt - ok

20:58:36.0234 2184 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

20:58:36.0339 2184 W32Time - ok

20:58:36.0385 2184 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

20:58:36.0414 2184 WacomPen - ok

20:58:36.0463 2184 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:58:36.0551 2184 WANARP - ok

20:58:36.0566 2184 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:58:36.0654 2184 Wanarpv6 - ok

20:58:36.0754 2184 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

20:58:36.0853 2184 WatAdminSvc - ok

20:58:36.0961 2184 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

20:58:37.0076 2184 wbengine - ok

20:58:37.0128 2184 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

20:58:37.0177 2184 WbioSrvc - ok

20:58:37.0218 2184 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

20:58:37.0275 2184 wcncsvc - ok

20:58:37.0299 2184 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

20:58:37.0330 2184 WcsPlugInService - ok

20:58:37.0376 2184 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

20:58:37.0401 2184 Wd - ok

20:58:37.0429 2184 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:58:37.0497 2184 Wdf01000 - ok

20:58:37.0515 2184 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:58:37.0581 2184 WdiServiceHost - ok

20:58:37.0619 2184 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:58:37.0667 2184 WdiSystemHost - ok

20:58:37.0795 2184 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

20:58:37.0848 2184 WebClient - ok

20:58:37.0877 2184 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

20:58:37.0978 2184 Wecsvc - ok

20:58:38.0003 2184 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

20:58:38.0098 2184 wercplsupport - ok

20:58:38.0130 2184 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

20:58:38.0225 2184 WerSvc - ok

20:58:38.0350 2184 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:58:38.0438 2184 WfpLwf - ok

20:58:38.0455 2184 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:58:38.0481 2184 WIMMount - ok

20:58:38.0497 2184 WinDefend - ok

20:58:38.0509 2184 WinHttpAutoProxySvc - ok

20:58:38.0575 2184 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

20:58:38.0672 2184 Winmgmt - ok

20:58:38.0765 2184 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

20:58:38.0943 2184 WinRM - ok

20:58:39.0052 2184 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

20:58:39.0135 2184 Wlansvc - ok

20:58:39.0305 2184 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:58:39.0415 2184 wlidsvc - ok

20:58:39.0524 2184 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

20:58:39.0577 2184 WmiAcpi - ok

20:58:39.0660 2184 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

20:58:39.0699 2184 wmiApSrv - ok

20:58:39.0729 2184 WMPNetworkSvc - ok

20:58:39.0768 2184 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

20:58:39.0801 2184 WPCSvc - ok

20:58:39.0854 2184 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

20:58:39.0920 2184 WPDBusEnum - ok

20:58:39.0965 2184 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:58:40.0053 2184 ws2ifsl - ok

20:58:40.0083 2184 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

20:58:40.0130 2184 wscsvc - ok

20:58:40.0142 2184 WSearch - ok

20:58:40.0248 2184 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

20:58:40.0443 2184 wuauserv - ok

20:58:40.0502 2184 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:58:40.0593 2184 WudfPf - ok

20:58:40.0674 2184 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:58:40.0765 2184 WUDFRd - ok

20:58:40.0795 2184 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

20:58:40.0886 2184 wudfsvc - ok

20:58:40.0940 2184 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

20:58:40.0993 2184 WwanSvc - ok

20:58:41.0022 2184 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:58:41.0253 2184 \Device\Harddisk0\DR0 - ok

20:58:41.0259 2184 Boot (0x1200) (34b22effe637c363c323d0f3b2978508) \Device\Harddisk0\DR0\Partition0

20:58:41.0262 2184 \Device\Harddisk0\DR0\Partition0 - ok

20:58:41.0263 2184 ============================================================

20:58:41.0263 2184 Scan finished

20:58:41.0263 2184 ============================================================

20:58:41.0286 2236 Detected object count: 0

20:58:41.0286 2236 Actual detected object count: 0

Maurice Naggar · April 14, 2012

The aswMBR & TDSSKILLER logs do not show an abnormality.

Tom,

Take a look to see why your Comodo antivirus and the Comodo firewall "may" be off. They should be ON at all times (there may be an occasion as we go into future tools that I 'may' ask you to temporarily turn off the antivirus.

But normally, your firewall and antivirus should be ON.)

Tell me what you find on these !

Step 2

Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
>> from here <<
Quit all programs that you may have started.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on Scan button at upper right of screen.
Wait until the Status box shows "Scan Finished"
Click on Report and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop

Step 3

Please download Listparts64

Run the tool, click Scan and post the log (Result.txt) it makes.

Reply with findings on antivirus, and Copy & Paste the RKReport & Result logs

TomSmith · April 14, 2012

I had no idea that COMODO was off. It's turned back on now.

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: l [Admin rights]

Mode: Scan -- Date: 04/14/2012 21:25:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{74109E11-8DDD-4AA5-B0E3-BB6DA9062025} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{E770E0E5-94C4-4017-9506-3E59BBEB4F26} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{74109E11-8DDD-4AA5-B0E3-BB6DA9062025} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{E770E0E5-94C4-4017-9506-3E59BBEB4F26} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9640423AS ATA Device +++++

--- User ---

[MBR] a97325a6bc3870f7dc2b5c50e8d2fc5c

[bSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062328 | Size: 588476 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

ListParts by Farbar Version: 12-03-2012 03

Ran by l (administrator) on 14-04-2012 at 21:27:10

Windows 7 (X64)

Running From: C:\Users\l\Desktop

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 46%

Total physical RAM: 3874.21 MB

Available physical RAM: 2081.02 MB

Total Pagefile: 7746.62 MB

Available Pagefile: 5706.7 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:574.68 GB) (Free:544.91 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 596 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 21 GB 31 KB

Partition 2 Primary 574 GB 21 GB

======================================================================================================

Disk: 0

Partition 1

Type : 1C

Hidden: Yes

Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C NTFS Partition 574 GB Healthy System (partition with boot components)

======================================================================================================

****** End Of Log ******

Maurice Naggar · April 14, 2012

The Listparts run is good. We need to do a fix or two with RogueKiller.

Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Right-Click RogueKiller and select Run as Administrator.
Wait until Prescan finishes.
On the RogueKiller console, click the Registry tab.
Then press the Delete button.
Next, click the DNS tab if enabled, and then click on the DNS Fix button
When done, logoff & Restart the system.
The log will be found as RKreport
Copy & Paste the contents into next reply.

Step 2

Next, an online scan for viruses & malware on ESET website. Follow these directions:

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> type in Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

Accept the Terms of Use and press Start button;
Approve the install of the required ActiveX Control, then follow on-screen instructions;
Enable (check) the Remove found threats option, and run the scan.
After the scan completes, the Details tab in the Results window will display what was found and removed.
- A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad or Wordpad.
The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/us/online-scanner/faq
- It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
  (And the prompt re-enabling when finished.)
- If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
- Do not use the system while the scan is running. Once the full scan is underway, go take a long break

Re-enable the antivirus program.

Reply with copy of the RKReport and Eset scan log

TomSmith · April 14, 2012

I will run the Eset Online Scanner tomorrow since it's nearly 12AM here. RKreport had 5 logs. Here they are:

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: l [Admin rights]

Mode: Scan -- Date: 04/14/2012 21:25:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{74109E11-8DDD-4AA5-B0E3-BB6DA9062025} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{E770E0E5-94C4-4017-9506-3E59BBEB4F26} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{74109E11-8DDD-4AA5-B0E3-BB6DA9062025} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{E770E0E5-94C4-4017-9506-3E59BBEB4F26} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9640423AS ATA Device +++++

--- User ---

[MBR] a97325a6bc3870f7dc2b5c50e8d2fc5c

[bSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062328 | Size: 588476 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: l [Admin rights]

Mode: Scan -- Date: 04/14/2012 23:11:58

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{74109E11-8DDD-4AA5-B0E3-BB6DA9062025} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{E770E0E5-94C4-4017-9506-3E59BBEB4F26} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{74109E11-8DDD-4AA5-B0E3-BB6DA9062025} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{E770E0E5-94C4-4017-9506-3E59BBEB4F26} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9640423AS ATA Device +++++

--- User ---

[MBR] a97325a6bc3870f7dc2b5c50e8d2fc5c

[bSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062328 | Size: 588476 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

ogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: l [Admin rights]

Mode: Remove -- Date: 04/14/2012 23:12:09

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{74109E11-8DDD-4AA5-B0E3-BB6DA9062025} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{E770E0E5-94C4-4017-9506-3E59BBEB4F26} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{74109E11-8DDD-4AA5-B0E3-BB6DA9062025} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{E770E0E5-94C4-4017-9506-3E59BBEB4F26} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9640423AS ATA Device +++++

--- User ---

[MBR] a97325a6bc3870f7dc2b5c50e8d2fc5c

[bSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062328 | Size: 588476 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: l [Admin rights]

Mode: DNSFix -- Date: 04/14/2012 23:12:31

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{74109E11-8DDD-4AA5-B0E3-BB6DA9062025} : NameServer (8.26.56.26,156.154.70.22) -> REPLACED ()

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{E770E0E5-94C4-4017-9506-3E59BBEB4F26} : NameServer (8.26.56.26,156.154.70.22) -> REPLACED ()

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{74109E11-8DDD-4AA5-B0E3-BB6DA9062025} : NameServer (8.26.56.26,156.154.70.22) -> REPLACED ()

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{E770E0E5-94C4-4017-9506-3E59BBEB4F26} : NameServer (8.26.56.26,156.154.70.22) -> REPLACED ()

Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: l [Admin rights]

Mode: DNSFix -- Date: 04/14/2012 23:12:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[5].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

TomSmith · April 14, 2012

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=1619089906ea4a42a736655fe104fe86

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-14 11:09:58

# local_time=2012-04-15 12:09:58 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=3073 16777213 80 71 8092 10128299 0 0

# compatibility_mode=5893 16776574 100 94 3719697 86907335 0 0

# compatibility_mode=8192 67108863 100 0 19038 19038 0 0

# scanned=99459

# found=0

# cleaned=0

# scan_time=2713

Maurice Naggar · April 14, 2012

OK. The Eset online scan found nothing. For a bit of cleanup, go ahead & delete the RKreport(1).txt thru RKReport(4).txt

I'd like for you to run a special tool next. Do not run anything else at all for the duration.

Do not start the download unless you are ready to proceed with the run post-haste. This typically takes less than an hour.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn off your antivirus program :excl: Leave your firewall on.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

When done, Turn ON your antivirus :excl:

Reply with a copy of the C:\Combofix.txt log

TomSmith · April 15, 2012

ComboFix 12-04-15.01 - l 15/04/2012 12:08:06.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3874.2528 [GMT 1:00]

Running from: c:\users\l\Desktop\ComboFix.exe

AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}

FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))

.

2012-04-15 11:17 . 2012-04-15 11:17 -------- d-----w- c:\users\Family\AppData\Local\temp

2012-04-15 11:17 . 2012-04-15 11:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-14 20:26 . 2012-04-14 20:26 -------- d-----w- C:\VritualRoot

2012-04-14 19:47 . 2012-04-14 19:47 -------- d-----w- c:\program files (x86)\ERUNT

2012-04-14 17:07 . 2012-04-14 17:07 -------- d-----w- c:\program files (x86)\ESET

2012-04-14 15:42 . 2012-04-14 15:42 -------- d-----w- C:\CCE_Quarantine

2012-04-14 14:35 . 2012-04-14 14:35 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-13 20:34 . 2012-04-13 20:34 -------- d-----w- c:\programdata\Kaspersky Lab

2012-04-12 22:17 . 2012-04-12 22:17 -------- d-----w- c:\users\Family\AppData\Roaming\Malwarebytes

2012-04-11 21:42 . 2012-04-11 21:42 -------- d-----w- c:\users\l\AppData\Roaming\SUPERAntiSpyware.com

2012-04-11 21:42 . 2012-04-11 21:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-04-10 21:40 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-10 21:40 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-10 21:40 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-10 21:36 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-10 21:36 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-10 21:36 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-10 21:36 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-10 21:36 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-10 21:36 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-10 21:36 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-09 12:03 . 2012-04-09 12:03 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-04-09 12:03 . 2012-04-09 12:03 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2012-04-09 12:03 . 2012-04-09 12:03 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2012-04-09 11:44 . 2012-04-09 11:44 1550 ----a-w- c:\programdata\1333971897.bdinstall.bin

2012-04-09 11:43 . 2012-04-09 11:43 -------- d-----w- c:\users\l\AppData\Local\VS Revo Group

2012-04-09 11:42 . 2012-04-09 11:42 1550 ----a-w- c:\programdata\1333971776.bdinstall.bin

2012-04-09 11:42 . 2012-04-09 11:42 1550 ----a-w- c:\programdata\1333971766.bdinstall.bin

2012-04-09 11:42 . 2012-04-09 11:42 1550 ----a-w- c:\programdata\1333971746.bdinstall.bin

2012-04-09 11:42 . 2012-04-09 11:42 1550 ----a-w- c:\programdata\1333971743.bdinstall.bin

2012-04-09 11:42 . 2012-04-09 11:42 1550 ----a-w- c:\programdata\1333971738.bdinstall.bin

2012-04-09 11:42 . 2012-04-09 11:42 1550 ----a-w- c:\programdata\1333971724.bdinstall.bin

2012-04-09 11:41 . 2012-04-09 11:41 1550 ----a-w- c:\programdata\1333971702.bdinstall.bin

2012-04-08 22:05 . 2012-04-08 22:05 -------- d-----w- c:\users\l\AppData\Local\COMODO

2012-04-08 21:08 . 2012-04-09 19:57 -------- d-----w- c:\programdata\CPA_VA

2012-04-08 20:58 . 2012-04-09 11:59 -------- d-----w- c:\programdata\Comodo

2012-04-08 20:57 . 2012-04-09 19:57 -------- d-----w- c:\program files\COMODO

2012-04-07 23:10 . 2012-04-10 08:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-07 23:10 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-07 23:03 . 2012-04-07 23:03 167923 ----a-w- c:\programdata\1333839702.bdinstall.bin

2012-04-07 22:42 . 2012-04-07 22:42 265028 ----a-w- c:\programdata\1333838068.bdinstall.bin

2012-04-07 22:41 . 2012-04-07 22:41 -------- d-----w- c:\programdata\BDLogging

2012-04-07 22:21 . 2012-04-07 22:21 -------- d-----w- c:\users\l\AppData\Roaming\QuickScan

2012-04-07 22:16 . 2012-04-07 22:28 32465 ----a-w- c:\programdata\1333836946.2960.bin

2012-04-07 22:16 . 2012-04-07 22:16 4584 ----a-w- c:\programdata\1333836946.1428.bin

2012-04-07 22:15 . 2012-04-07 22:27 9479 ----a-w- c:\programdata\1333836946.1944.bin

2012-04-07 22:15 . 2012-04-07 22:21 1697 ----a-w- c:\programdata\1333836946.752.bin

2012-04-07 22:15 . 2012-04-07 22:19 1695 ----a-w- c:\programdata\1333836946.864.bin

2012-04-07 22:15 . 2012-04-07 22:28 167538 ----a-w- c:\programdata\1333836946.3524.bin

2012-04-07 22:15 . 2012-04-07 22:28 75705 ----a-w- c:\programdata\1333836946.2212.bin

2012-04-07 22:13 . 2012-04-09 11:37 -------- d-----w- c:\program files\Common Files\Bitdefender

2012-04-07 16:14 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-04-07 16:14 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-04-07 16:14 . 2012-04-07 22:08 -------- d-----w- c:\programdata\AVAST Software

2012-04-06 20:43 . 2012-04-14 14:35 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-03-31 19:00 . 2012-04-15 11:18 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware

2012-03-31 09:24 . 2011-03-02 11:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll

2012-03-31 09:24 . 2012-03-31 09:24 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack

2012-03-30 19:52 . 2012-03-30 19:52 -------- d-----w- c:\program files\HitmanPro

2012-03-28 10:03 . 2012-03-28 10:03 -------- d-----w- c:\users\Family\AppData\Local\Diagnostics

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-14 14:35 . 2012-02-29 22:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-11 20:13 . 2012-03-11 20:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2012-03-11 20:13 . 2012-03-11 20:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2012-03-11 20:13 . 2012-03-11 20:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys

2012-03-11 20:13 . 2012-03-11 20:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll

2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll

2012-03-11 20:13 . 2012-03-11 20:13 389840 ----a-w- c:\windows\system32\guard64.dll

2012-03-02 21:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-03-02 21:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-03-01 21:37 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-02-20 01:05 . 2012-03-01 07:39 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCFE6335-4301-4E19-8F93-D8085E0A1F1D}\mpengine.dll

2012-02-17 06:38 . 2012-03-14 07:39 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 07:39 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 07:39 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 07:39 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-14 18:55 . 2012-02-14 18:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe

2012-02-14 18:55 . 2012-02-14 18:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe

2012-02-14 18:55 . 2012-02-14 18:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe

2012-02-14 18:55 . 2012-02-14 18:55 440600 ----a-w- c:\windows\system32\igfxpers.exe

2012-02-14 18:55 . 2012-02-14 18:55 398616 ----a-w- c:\windows\system32\hkcmd.exe

2012-02-14 18:55 . 2012-02-14 18:55 250136 ----a-w- c:\windows\system32\igfxext.exe

2012-02-14 18:55 . 2012-02-14 18:55 184600 ----a-w- c:\windows\system32\difx64.exe

2012-02-14 18:55 . 2012-02-14 18:55 170264 ----a-w- c:\windows\system32\igfxtray.exe

2012-02-14 18:53 . 2012-02-14 18:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll

2012-02-14 18:47 . 2012-02-14 18:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll

2012-02-14 18:47 . 2012-02-14 18:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2012-02-14 18:47 . 2012-02-14 18:47 963912 ----a-w- c:\windows\system32\igkrng600.bin

2012-02-14 18:47 . 2012-02-14 18:47 79360 ----a-w- c:\windows\system32\igdde64.dll

2012-02-14 18:47 . 2012-02-14 18:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin

2012-02-14 18:44 . 2012-02-29 21:55 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll

2012-02-14 18:44 . 2012-02-14 18:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll

2012-02-14 18:42 . 2012-02-29 21:55 9605632 ----a-w- c:\windows\system32\igd10umd64.dll

2012-02-14 18:35 . 2012-02-14 18:35 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2012-02-14 18:07 . 2012-02-14 18:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll

2012-02-14 17:59 . 2012-02-14 17:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2012-02-14 17:57 . 2012-02-14 17:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc

2012-02-14 17:57 . 2012-02-14 17:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc

2012-02-14 17:57 . 2012-02-14 17:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc

2012-02-14 17:57 . 2012-02-14 17:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc

2012-02-14 17:57 . 2012-02-14 17:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc

2012-02-14 17:57 . 2012-02-14 17:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc

2012-02-14 17:57 . 2012-02-14 17:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc

2012-02-14 17:57 . 2012-02-14 17:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc

2012-02-14 17:57 . 2012-02-14 17:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc

2012-02-14 17:57 . 2012-02-14 17:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc

2012-02-14 17:57 . 2012-02-14 17:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc

2012-02-14 17:57 . 2012-02-14 17:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl

2012-02-14 17:57 . 2012-02-14 17:57 386048 ----a-w- c:\windows\system32\igfxpph.dll

2012-02-14 17:57 . 2012-02-14 17:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll

2012-02-14 17:57 . 2012-02-29 21:55 28672 ----a-w- c:\windows\system32\igfxexps.dll

2012-02-14 17:57 . 2012-02-29 21:55 63488 ----a-w- c:\windows\system32\igfxsrvc.dll

2012-02-14 17:56 . 2012-02-29 21:55 110592 ----a-w- c:\windows\system32\hccutils.dll

2012-02-14 17:56 . 2012-02-14 17:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2012-02-14 17:56 . 2012-02-14 17:56 430080 ----a-w- c:\windows\system32\igfxdev.dll

2012-02-14 17:56 . 2012-02-14 17:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll

2012-02-14 17:56 . 2012-02-14 17:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc

2012-02-14 17:56 . 2012-02-14 17:56 142336 ----a-w- c:\windows\system32\igfxdo.dll

2012-02-14 17:56 . 2012-02-14 17:56 9007616 ----a-w- c:\windows\system32\igfxress.dll

2012-02-14 17:55 . 2012-02-14 17:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll

2012-02-14 17:54 . 2012-02-14 17:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll

2012-02-14 17:53 . 2012-02-14 17:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll

2012-02-14 17:53 . 2012-02-14 17:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll

2012-02-14 17:53 . 2012-02-14 17:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll

2012-02-14 17:53 . 2012-02-14 17:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll

2012-02-14 17:53 . 2012-02-14 17:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll

2012-02-14 17:53 . 2012-02-14 17:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll

2012-02-14 17:53 . 2012-02-14 17:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll

2012-02-14 17:53 . 2012-02-14 17:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll

2012-02-10 06:36 . 2012-03-14 21:51 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 21:51 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-03 18:27 . 2012-02-03 18:27 93200 ----a-w- c:\windows\system32\drivers\inspect.sys

2012-02-03 04:34 . 2012-03-14 21:52 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-29 05:10 . 2012-03-01 07:39 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-25 06:38 . 2012-03-14 07:39 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:38 . 2012-03-14 07:39 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:33 . 2012-03-14 07:39 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-18 2319536]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R0 mtqjxm;mtqjxm; [x]

R0 nckkof;nckkof; [x]

R1 SASDIFSV;SASDIFSV;c:\users\l\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]

R1 SASKUTIL;SASKUTIL;c:\users\l\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-02 63880]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]

R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]

S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2011-11-02 41728]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-04-14 3065128]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 14:35]

.

2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-202137972-4065337361-2662209299-1000Core.job

- c:\users\l\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 22:35]

.

2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-202137972-4065337361-2662209299-1000UA.job

- c:\users\l\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 22:35]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.co.uk/

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)

ShellIconOverlayIdentifiers-{152C96EB-288E-4EDC-B7C6-D21F8250ADF3} - (no file)

ShellIconOverlayIdentifiers-{342DAA0B-D796-460D-8566-901E08A1CCAD} - (no file)

ShellIconOverlayIdentifiers-{57595DAE-1AE1-4D97-A49E-67CBB53B52DF} - (no file)

ShellIconOverlayIdentifiers-{33816773-98AE-4723-ADE0-EBE54C8B5A67} - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

"Key"="ActionsPane3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]

"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]

"0"="Microsoft Actions Pane 3"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

.

**************************************************************************

.

Completion time: 2012-04-15 12:29:38 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-15 11:29

.

Pre-Run: 584,663,465,984 bytes free

Post-Run: 584,360,067,072 bytes free

.

- - End Of File - - 4AF0C0FB7F1A3A4850262FD98F852244