Mike12345 Posted April 29, 2012 ID:547137 Share Posted April 29, 2012 Hello,One of my computers is proably infected since it has slow internet/browser speeds ( the laptop is brand new) and when I google it says that I have malware and requests human Identification. Since I have Norton, Malwarebytes and Microsoft security essencials installed, I'm not quite sure were is the problem. The DDS and Attach files are included.Thank you for your help,MIke.DDS.txtAttach.txt Link to post Share on other sites More sharing options...
Elise Posted April 30, 2012 ID:547390 Share Posted April 30, 2012 Hello and TWO ANTIVIRUS PROGRAMS---------------------------------------I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove either Norton or MS Security Essentials.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply. Link to post Share on other sites More sharing options...
Mike12345 Posted April 30, 2012 Author ID:547473 Share Posted April 30, 2012 As asked, here's the TDSSKiller logs. No malicous object were found, norton was uninstalled ( it had only few days left anyways) and after trying to google, it still talks about malware.Best regards,Mike.The log:21:06:12.0394 5424 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:4321:06:13.0170 5424 ============================================================21:06:13.0170 5424 Current date / time: 2012/04/30 21:06:13.017021:06:13.0170 5424 SystemInfo:21:06:13.0170 5424 21:06:13.0170 5424 OS Version: 6.1.7601 ServicePack: 1.021:06:13.0170 5424 Product type: Workstation21:06:13.0170 5424 ComputerName: USER-MSI21:06:13.0170 5424 UserName: user21:06:13.0170 5424 Windows directory: C:\windows21:06:13.0170 5424 System windows directory: C:\windows21:06:13.0170 5424 Running under WOW6421:06:13.0170 5424 Processor architecture: Intel x6421:06:13.0170 5424 Number of processors: 821:06:13.0170 5424 Page size: 0x100021:06:13.0170 5424 Boot type: Normal boot21:06:13.0170 5424 ============================================================21:06:13.0800 5424 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004021:06:13.0823 5424 Drive \Device\Harddisk1\DR4 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'21:06:13.0827 5424 ============================================================21:06:13.0827 5424 \Device\Harddisk0\DR0:21:06:13.0827 5424 MBR partitions:21:06:13.0828 5424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1478000, BlocksNum 0xC34B00021:06:13.0843 5424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD7C3800, BlocksNum 0x49D8200021:06:13.0843 5424 \Device\Harddisk1\DR4:21:06:13.0844 5424 MBR partitions:21:06:13.0844 5424 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7470500021:06:13.0844 5424 ============================================================21:06:13.0876 5424 C: <-> \Device\Harddisk0\DR0\Partition021:06:13.0914 5424 D: <-> \Device\Harddisk0\DR0\Partition121:06:13.0946 5424 G: <-> \Device\Harddisk1\DR4\Partition021:06:13.0946 5424 ============================================================21:06:13.0946 5424 Initialize success21:06:13.0946 5424 ============================================================21:10:16.0296 4244 ============================================================21:10:16.0296 4244 Scan started21:10:16.0296 4244 Mode: Manual;21:10:16.0296 4244 ============================================================21:10:16.0683 4244 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys21:10:16.0690 4244 1394ohci - ok21:10:16.0752 4244 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys21:10:16.0760 4244 ACPI - ok21:10:16.0804 4244 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys21:10:16.0806 4244 AcpiPmi - ok21:10:16.0952 4244 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe21:10:16.0957 4244 AdobeFlashPlayerUpdateSvc - ok21:10:17.0040 4244 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys21:10:17.0051 4244 adp94xx - ok21:10:17.0139 4244 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys21:10:17.0148 4244 adpahci - ok21:10:17.0178 4244 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys21:10:17.0183 4244 adpu320 - ok21:10:17.0221 4244 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll21:10:17.0223 4244 AeLookupSvc - ok21:10:17.0301 4244 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys21:10:17.0312 4244 AFD - ok21:10:17.0350 4244 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys21:10:17.0353 4244 agp440 - ok21:10:17.0395 4244 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe21:10:17.0398 4244 ALG - ok21:10:17.0420 4244 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys21:10:17.0422 4244 aliide - ok21:10:17.0446 4244 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys21:10:17.0448 4244 amdide - ok21:10:17.0480 4244 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys21:10:17.0483 4244 AmdK8 - ok21:10:17.0518 4244 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys21:10:17.0521 4244 AmdPPM - ok21:10:17.0563 4244 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys21:10:17.0566 4244 amdsata - ok21:10:17.0602 4244 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys21:10:17.0607 4244 amdsbs - ok21:10:17.0627 4244 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys21:10:17.0629 4244 amdxata - ok21:10:17.0699 4244 AMPPAL (9921e78bc29634235f4bf5809e7e8cde) C:\windows\system32\DRIVERS\AMPPAL.sys21:10:17.0706 4244 AMPPAL - ok21:10:17.0715 4244 AMPPALP (9921e78bc29634235f4bf5809e7e8cde) C:\windows\system32\DRIVERS\amppal.sys21:10:17.0719 4244 AMPPALP - ok21:10:17.0893 4244 AMPPALR3 (83a0e7ba4ae616d3654e700d9c5ff9db) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe21:10:17.0910 4244 AMPPALR3 - ok21:10:18.0059 4244 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys21:10:18.0061 4244 AppID - ok21:10:18.0097 4244 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll21:10:18.0099 4244 AppIDSvc - ok21:10:18.0143 4244 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll21:10:18.0145 4244 Appinfo - ok21:10:18.0183 4244 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys21:10:18.0185 4244 arc - ok21:10:18.0216 4244 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys21:10:18.0218 4244 arcsas - ok21:10:18.0237 4244 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys21:10:18.0239 4244 AsyncMac - ok21:10:18.0279 4244 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys21:10:18.0281 4244 atapi - ok21:10:18.0398 4244 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys21:10:18.0419 4244 athr - ok21:10:18.0612 4244 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll21:10:18.0625 4244 AudioEndpointBuilder - ok21:10:18.0638 4244 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll21:10:18.0643 4244 AudioSrv - ok21:10:18.0681 4244 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll21:10:18.0683 4244 AxInstSV - ok21:10:18.0777 4244 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys21:10:18.0789 4244 b06bdrv - ok21:10:18.0852 4244 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys21:10:18.0858 4244 b57nd60a - ok21:10:18.0905 4244 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll21:10:18.0908 4244 BDESVC - ok21:10:18.0941 4244 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys21:10:18.0943 4244 Beep - ok21:10:19.0028 4244 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll21:10:19.0040 4244 BFE - ok21:10:19.0140 4244 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll21:10:19.0155 4244 BITS - ok21:10:19.0208 4244 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys21:10:19.0210 4244 blbdrive - ok21:10:19.0356 4244 Bluetooth Device Monitor (55b0c8441de7d91a819a39d0351154a2) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe21:10:19.0364 4244 Bluetooth Device Monitor - ok21:10:19.0460 4244 Bluetooth Media Service (7e262330df0c4be4ece853b59b9cbe4c) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe21:10:19.0471 4244 Bluetooth Media Service - ok21:10:19.0560 4244 Bluetooth OBEX Service (8bf4b9956e13871a88a3810074e2e110) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe21:10:19.0565 4244 Bluetooth OBEX Service - ok21:10:19.0755 4244 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys21:10:19.0759 4244 bowser - ok21:10:19.0809 4244 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys21:10:19.0811 4244 BrFiltLo - ok21:10:19.0818 4244 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys21:10:19.0821 4244 BrFiltUp - ok21:10:19.0860 4244 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll21:10:19.0863 4244 Browser - ok21:10:19.0919 4244 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys21:10:19.0926 4244 Brserid - ok21:10:19.0935 4244 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys21:10:19.0937 4244 BrSerWdm - ok21:10:19.0943 4244 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys21:10:19.0945 4244 BrUsbMdm - ok21:10:19.0951 4244 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys21:10:19.0953 4244 BrUsbSer - ok21:10:19.0988 4244 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys21:10:19.0991 4244 BthEnum - ok21:10:20.0005 4244 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys21:10:20.0008 4244 BTHMODEM - ok21:10:20.0034 4244 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys21:10:20.0037 4244 BthPan - ok21:10:20.0109 4244 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys21:10:20.0121 4244 BTHPORT - ok21:10:20.0183 4244 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll21:10:20.0186 4244 bthserv - ok21:10:20.0263 4244 BTHSSecurityMgr (a5b3e8b2b78c7b3da56a0de490e6718c) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe21:10:20.0267 4244 BTHSSecurityMgr - ok21:10:20.0296 4244 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys21:10:20.0299 4244 BTHUSB - ok21:10:20.0335 4244 btmaux (270fba230e78e25726d065a924589a72) C:\windows\system32\DRIVERS\btmaux.sys21:10:20.0338 4244 btmaux - ok21:10:20.0380 4244 btmhsf (0010a54571f525a97eed8c091e96eaa9) C:\windows\system32\DRIVERS\btmhsf.sys21:10:20.0387 4244 btmhsf - ok21:10:20.0431 4244 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys21:10:20.0434 4244 cdfs - ok21:10:20.0488 4244 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys21:10:20.0493 4244 cdrom - ok21:10:20.0531 4244 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll21:10:20.0534 4244 CertPropSvc - ok21:10:20.0584 4244 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys21:10:20.0587 4244 circlass - ok21:10:20.0643 4244 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys21:10:20.0647 4244 CLFS - ok21:10:20.0731 4244 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe21:10:20.0735 4244 clr_optimization_v2.0.50727_32 - ok21:10:20.0806 4244 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe21:10:20.0810 4244 clr_optimization_v2.0.50727_64 - ok21:10:20.0886 4244 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe21:10:20.0890 4244 clr_optimization_v4.0.30319_32 - ok21:10:20.0941 4244 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe21:10:20.0945 4244 clr_optimization_v4.0.30319_64 - ok21:10:20.0979 4244 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys21:10:20.0981 4244 CmBatt - ok21:10:21.0011 4244 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys21:10:21.0013 4244 cmdide - ok21:10:21.0089 4244 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys21:10:21.0101 4244 CNG - ok21:10:21.0156 4244 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys21:10:21.0159 4244 Compbatt - ok21:10:21.0195 4244 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys21:10:21.0198 4244 CompositeBus - ok21:10:21.0213 4244 COMSysApp - ok21:10:21.0251 4244 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys21:10:21.0252 4244 crcdisk - ok21:10:21.0299 4244 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll21:10:21.0301 4244 CryptSvc - ok21:10:21.0413 4244 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE21:10:21.0417 4244 cvhsvc - ok21:10:21.0478 4244 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll21:10:21.0485 4244 DcomLaunch - ok21:10:21.0555 4244 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll21:10:21.0564 4244 defragsvc - ok21:10:21.0619 4244 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys21:10:21.0623 4244 DfsC - ok21:10:21.0700 4244 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll21:10:21.0708 4244 Dhcp - ok21:10:21.0721 4244 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys21:10:21.0724 4244 discache - ok21:10:21.0761 4244 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys21:10:21.0763 4244 Disk - ok21:10:21.0798 4244 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll21:10:21.0802 4244 Dnscache - ok21:10:21.0842 4244 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll21:10:21.0846 4244 dot3svc - ok21:10:21.0877 4244 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll21:10:21.0881 4244 DPS - ok21:10:21.0913 4244 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys21:10:21.0914 4244 drmkaud - ok21:10:21.0970 4244 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\windows\system32\DRIVERS\dtsoftbus01.sys21:10:21.0973 4244 dtsoftbus01 - ok21:10:22.0070 4244 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys21:10:22.0086 4244 DXGKrnl - ok21:10:22.0134 4244 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll21:10:22.0138 4244 EapHost - ok21:10:22.0411 4244 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys21:10:22.0443 4244 ebdrv - ok21:10:22.0569 4244 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe21:10:22.0572 4244 EFS - ok21:10:22.0751 4244 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe21:10:22.0765 4244 ehRecvr - ok21:10:22.0818 4244 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe21:10:22.0823 4244 ehSched - ok21:10:22.0917 4244 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys21:10:22.0928 4244 elxstor - ok21:10:22.0947 4244 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys21:10:22.0949 4244 ErrDev - ok21:10:23.0031 4244 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll21:10:23.0040 4244 EventSystem - ok21:10:23.0090 4244 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys21:10:23.0095 4244 exfat - ok21:10:23.0128 4244 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys21:10:23.0133 4244 fastfat - ok21:10:23.0216 4244 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe21:10:23.0224 4244 Fax - ok21:10:23.0248 4244 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys21:10:23.0249 4244 fdc - ok21:10:23.0277 4244 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll21:10:23.0279 4244 fdPHost - ok21:10:23.0289 4244 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll21:10:23.0290 4244 FDResPub - ok21:10:23.0320 4244 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys21:10:23.0322 4244 FileInfo - ok21:10:23.0350 4244 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys21:10:23.0351 4244 Filetrace - ok21:10:23.0384 4244 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys21:10:23.0385 4244 flpydisk - ok21:10:23.0418 4244 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys21:10:23.0421 4244 FltMgr - ok21:10:23.0525 4244 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll21:10:23.0540 4244 FontCache - ok21:10:23.0615 4244 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe21:10:23.0617 4244 FontCache3.0.0.0 - ok21:10:23.0675 4244 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys21:10:23.0678 4244 FsDepends - ok21:10:23.0714 4244 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys21:10:23.0717 4244 Fs_Rec - ok21:10:23.0774 4244 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys21:10:23.0780 4244 fvevol - ok21:10:23.0805 4244 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys21:10:23.0808 4244 gagp30kx - ok21:10:23.0908 4244 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll21:10:23.0923 4244 gpsvc - ok21:10:23.0999 4244 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe21:10:24.0001 4244 gusvc - ok21:10:24.0024 4244 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys21:10:24.0025 4244 hcw85cir - ok21:10:24.0083 4244 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys21:10:24.0091 4244 HdAudAddService - ok21:10:24.0167 4244 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys21:10:24.0170 4244 HDAudBus - ok21:10:24.0205 4244 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys21:10:24.0208 4244 HidBatt - ok21:10:24.0235 4244 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys21:10:24.0237 4244 HidBth - ok21:10:24.0252 4244 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys21:10:24.0255 4244 HidIr - ok21:10:24.0282 4244 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll21:10:24.0285 4244 hidserv - ok21:10:24.0331 4244 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys21:10:24.0333 4244 HidUsb - ok21:10:24.0385 4244 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll21:10:24.0389 4244 hkmsvc - ok21:10:24.0427 4244 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll21:10:24.0433 4244 HomeGroupListener - ok21:10:24.0482 4244 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll21:10:24.0489 4244 HomeGroupProvider - ok21:10:24.0508 4244 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys21:10:24.0511 4244 HpSAMD - ok21:10:24.0601 4244 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys21:10:24.0610 4244 HTTP - ok21:10:24.0620 4244 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys21:10:24.0621 4244 hwpolicy - ok21:10:24.0662 4244 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys21:10:24.0664 4244 i8042prt - ok21:10:24.0716 4244 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\drivers\iaStor.sys21:10:24.0719 4244 iaStor - ok21:10:24.0785 4244 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe21:10:24.0788 4244 IAStorDataMgrSvc - ok21:10:24.0863 4244 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys21:10:24.0871 4244 iaStorV - ok21:10:24.0900 4244 iBtFltCoex (de9e40baee2e48fd1e3eb423074c014c) C:\windows\system32\DRIVERS\iBtFltCoex.sys21:10:24.0901 4244 iBtFltCoex - ok21:10:25.0024 4244 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe21:10:25.0033 4244 idsvc - ok21:10:25.0087 4244 IDSVia64 - ok21:10:25.0787 4244 igfx (6383899c5f964d71b0f96b81fbe59bb8) C:\windows\system32\DRIVERS\igdkmd64.sys21:10:25.0977 4244 igfx - ok21:10:26.0120 4244 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys21:10:26.0122 4244 iirsp - ok21:10:26.0231 4244 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll21:10:26.0246 4244 IKEEXT - ok21:10:26.0530 4244 IntcAzAudAddService (c15a21b1e2291952424f361093734f95) C:\windows\system32\drivers\RTKVHD64.sys21:10:26.0561 4244 IntcAzAudAddService - ok21:10:26.0723 4244 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys21:10:26.0732 4244 IntcDAud - ok21:10:26.0750 4244 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys21:10:26.0752 4244 intelide - ok21:10:26.0778 4244 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys21:10:26.0780 4244 intelppm - ok21:10:26.0826 4244 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll21:10:26.0829 4244 IPBusEnum - ok21:10:26.0872 4244 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys21:10:26.0875 4244 IpFilterDriver - ok21:10:26.0965 4244 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll21:10:26.0979 4244 iphlpsvc - ok21:10:26.0995 4244 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys21:10:26.0996 4244 IPMIDRV - ok21:10:27.0010 4244 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys21:10:27.0012 4244 IPNAT - ok21:10:27.0049 4244 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys21:10:27.0050 4244 IRENUM - ok21:10:27.0065 4244 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys21:10:27.0066 4244 isapnp - ok21:10:27.0112 4244 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys21:10:27.0119 4244 iScsiPrt - ok21:10:27.0137 4244 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys21:10:27.0138 4244 kbdclass - ok21:10:27.0176 4244 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys21:10:27.0178 4244 kbdhid - ok21:10:27.0213 4244 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe21:10:27.0214 4244 KeyIso - ok21:10:27.0231 4244 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys21:10:27.0233 4244 KSecDD - ok21:10:27.0262 4244 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys21:10:27.0265 4244 KSecPkg - ok21:10:27.0286 4244 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys21:10:27.0287 4244 ksthunk - ok21:10:27.0339 4244 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll21:10:27.0346 4244 KtmRm - ok21:10:27.0425 4244 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll21:10:27.0432 4244 LanmanServer - ok21:10:27.0462 4244 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll21:10:27.0466 4244 LanmanWorkstation - ok21:10:27.0500 4244 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys21:10:27.0502 4244 lltdio - ok21:10:27.0557 4244 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll21:10:27.0563 4244 lltdsvc - ok21:10:27.0589 4244 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll21:10:27.0592 4244 lmhosts - ok21:10:27.0686 4244 LMS (1584deeae5aa0e3fb045f3d0eac585ea) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe21:10:27.0690 4244 LMS - ok21:10:27.0717 4244 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys21:10:27.0719 4244 LSI_FC - ok21:10:27.0749 4244 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys21:10:27.0751 4244 LSI_SAS - ok21:10:27.0776 4244 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys21:10:27.0777 4244 LSI_SAS2 - ok21:10:27.0811 4244 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys21:10:27.0815 4244 LSI_SCSI - ok21:10:27.0843 4244 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys21:10:27.0846 4244 luafv - ok21:10:27.0888 4244 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys21:10:27.0889 4244 MBAMProtector - ok21:10:28.0011 4244 MBAMService (ba400ed640bca1eae5c727ae17c10207) D:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe21:10:28.0023 4244 MBAMService - ok21:10:28.0063 4244 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\windows\system32\drivers\MBfilt64.sys21:10:28.0066 4244 MBfilt - ok21:10:28.0103 4244 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll21:10:28.0106 4244 Mcx2Svc - ok21:10:28.0147 4244 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys21:10:28.0149 4244 megasas - ok21:10:28.0254 4244 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys21:10:28.0261 4244 MegaSR - ok21:10:28.0314 4244 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\drivers\HECIx64.sys21:10:28.0317 4244 MEIx64 - ok21:10:28.0371 4244 MGHwCtrl - ok21:10:28.0465 4244 Micro Star SCM (71c6748ee8de938532057ef10b4b7e44) C:\Program Files (x86)\S-Bar\MSIService.exe21:10:28.0531 4244 Micro Star SCM - ok21:10:28.0560 4244 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll21:10:28.0562 4244 MMCSS - ok21:10:28.0579 4244 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys21:10:28.0580 4244 Modem - ok21:10:28.0614 4244 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys21:10:28.0616 4244 monitor - ok21:10:28.0640 4244 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys21:10:28.0642 4244 mouclass - ok21:10:28.0679 4244 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys21:10:28.0681 4244 mouhid - ok21:10:28.0708 4244 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys21:10:28.0711 4244 mountmgr - ok21:10:28.0755 4244 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe21:10:28.0758 4244 MozillaMaintenance - ok21:10:28.0821 4244 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys21:10:28.0826 4244 MpFilter - ok21:10:28.0876 4244 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys21:10:28.0881 4244 mpio - ok21:10:28.0902 4244 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys21:10:28.0905 4244 mpsdrv - ok21:10:28.0995 4244 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll21:10:29.0011 4244 MpsSvc - ok21:10:29.0041 4244 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys21:10:29.0043 4244 MRxDAV - ok21:10:29.0071 4244 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys21:10:29.0075 4244 mrxsmb - ok21:10:29.0115 4244 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys21:10:29.0120 4244 mrxsmb10 - ok21:10:29.0151 4244 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys21:10:29.0154 4244 mrxsmb20 - ok21:10:29.0165 4244 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys21:10:29.0167 4244 msahci - ok21:10:29.0191 4244 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys21:10:29.0194 4244 msdsm - ok21:10:29.0230 4244 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe21:10:29.0234 4244 MSDTC - ok21:10:29.0256 4244 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys21:10:29.0258 4244 Msfs - ok21:10:29.0280 4244 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys21:10:29.0282 4244 mshidkmdf - ok21:10:29.0335 4244 MSI Foundation Service (87b9daf6d123ec06c19b41d5295441ad) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe21:10:29.0359 4244 MSI Foundation Service - ok21:10:29.0377 4244 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys21:10:29.0379 4244 msisadrv - ok21:10:29.0435 4244 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll21:10:29.0441 4244 MSiSCSI - ok21:10:29.0447 4244 msiserver - ok21:10:29.0509 4244 MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys21:10:29.0528 4244 MSI_MSIBIOS_010507 - ok21:10:29.0554 4244 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys21:10:29.0557 4244 MSKSSRV - ok21:10:29.0637 4244 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe21:10:29.0638 4244 MsMpSvc - ok21:10:29.0688 4244 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys21:10:29.0691 4244 MSPCLOCK - ok21:10:29.0698 4244 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys21:10:29.0701 4244 MSPQM - ok21:10:29.0800 4244 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys21:10:29.0809 4244 MsRPC - ok21:10:29.0837 4244 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys21:10:29.0838 4244 mssmbios - ok21:10:29.0865 4244 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys21:10:29.0868 4244 MSTEE - ok21:10:29.0876 4244 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys21:10:29.0879 4244 MTConfig - ok21:10:29.0909 4244 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys21:10:29.0912 4244 Mup - ok21:10:29.0984 4244 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll21:10:29.0998 4244 napagent - ok21:10:30.0071 4244 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys21:10:30.0080 4244 NativeWifiP - ok21:10:30.0215 4244 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys21:10:30.0236 4244 NDIS - ok21:10:30.0262 4244 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys21:10:30.0264 4244 NdisCap - ok21:10:30.0309 4244 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys21:10:30.0312 4244 NdisTapi - ok21:10:30.0328 4244 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys21:10:30.0331 4244 Ndisuio - ok21:10:30.0361 4244 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys21:10:30.0366 4244 NdisWan - ok21:10:30.0384 4244 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys21:10:30.0387 4244 NDProxy - ok21:10:30.0435 4244 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys21:10:30.0438 4244 NetBIOS - ok21:10:30.0476 4244 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys21:10:30.0482 4244 NetBT - ok21:10:30.0526 4244 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe21:10:30.0529 4244 Netlogon - ok21:10:30.0601 4244 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll21:10:30.0611 4244 Netman - ok21:10:30.0664 4244 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll21:10:30.0677 4244 netprofm - ok21:10:30.0776 4244 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe21:10:30.0781 4244 NetTcpPortSharing - ok21:10:31.0511 4244 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\windows\system32\DRIVERS\NETwNs64.sys21:10:31.0699 4244 NETwNs64 - ok21:10:31.0829 4244 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys21:10:31.0832 4244 nfrd960 - ok21:10:31.0876 4244 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys21:10:31.0879 4244 NisDrv - ok21:10:31.0980 4244 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe21:10:31.0987 4244 NisSrv - ok21:10:32.0058 4244 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll21:10:32.0068 4244 NlaSvc - ok21:10:32.0130 4244 NOBU - ok21:10:32.0162 4244 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys21:10:32.0164 4244 Npfs - ok21:10:32.0197 4244 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll21:10:32.0201 4244 nsi - ok21:10:32.0226 4244 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys21:10:32.0228 4244 nsiproxy - ok21:10:32.0386 4244 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys21:10:32.0415 4244 Ntfs - ok21:10:32.0494 4244 NTIOLib_1_0_4 (1b32c54b95121ab1683c7b83b2db4b96) C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys21:10:32.0513 4244 NTIOLib_1_0_4 - ok21:10:32.0647 4244 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys21:10:32.0650 4244 Null - ok21:10:32.0682 4244 nusb3hub (01266516e6e88d183a2b58722eeb4443) C:\windows\system32\drivers\nusb3hub.sys21:10:32.0686 4244 nusb3hub - ok21:10:32.0721 4244 nusb3xhc (5ec04f55cc5f165f21752712437df638) C:\windows\system32\drivers\nusb3xhc.sys21:10:32.0725 4244 nusb3xhc - ok21:10:33.0780 4244 nvlddmkm (6b21520df0fe87df756ee4ee708f8461) C:\windows\system32\DRIVERS\nvlddmkm.sys21:10:34.0048 4244 nvlddmkm - ok21:10:34.0193 4244 nvpciflt (0eb18a2d6386be62afbf6bcfb5e0f0ec) C:\windows\system32\DRIVERS\nvpciflt.sys21:10:34.0195 4244 nvpciflt - ok21:10:34.0246 4244 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys21:10:34.0250 4244 nvraid - ok21:10:34.0281 4244 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys21:10:34.0285 4244 nvstor - ok21:10:34.0480 4244 nvsvc (5267b45236cb793df315bec491325b75) C:\windows\system32\nvvsvc.exe21:10:34.0499 4244 nvsvc - ok21:10:34.0774 4244 nvUpdatusService (bb7cb13633feb42130c897cdbbda273f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe21:10:34.0791 4244 nvUpdatusService - ok21:10:34.0928 4244 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys21:10:34.0932 4244 nv_agp - ok21:10:34.0944 4244 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys21:10:34.0947 4244 ohci1394 - ok21:10:35.0026 4244 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE21:10:35.0030 4244 ose - ok21:10:35.0472 4244 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE21:10:35.0494 4244 osppsvc - ok21:10:35.0633 4244 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll21:10:35.0642 4244 p2pimsvc - ok21:10:35.0698 4244 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll21:10:35.0706 4244 p2psvc - ok21:10:35.0769 4244 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys21:10:35.0773 4244 Parport - ok21:10:35.0796 4244 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys21:10:35.0800 4244 partmgr - ok21:10:35.0841 4244 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll21:10:35.0847 4244 PcaSvc - ok21:10:35.0888 4244 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys21:10:35.0892 4244 pci - ok21:10:35.0909 4244 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys21:10:35.0911 4244 pciide - ok21:10:35.0948 4244 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys21:10:35.0953 4244 pcmcia - ok21:10:35.0980 4244 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys21:10:35.0983 4244 pcw - ok21:10:36.0049 4244 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys21:10:36.0062 4244 PEAUTH - ok21:10:36.0160 4244 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe21:10:36.0164 4244 PerfHost - ok21:10:36.0320 4244 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll21:10:36.0343 4244 pla - ok21:10:36.0407 4244 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll21:10:36.0419 4244 PlugPlay - ok21:10:36.0448 4244 PnkBstrA - ok21:10:36.0485 4244 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll21:10:36.0491 4244 PNRPAutoReg - ok21:10:36.0546 4244 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll21:10:36.0553 4244 PNRPsvc - ok21:10:36.0631 4244 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll21:10:36.0641 4244 PolicyAgent - ok21:10:36.0677 4244 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll21:10:36.0683 4244 Power - ok21:10:36.0746 4244 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys21:10:36.0749 4244 PptpMiniport - ok21:10:36.0773 4244 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys21:10:36.0775 4244 Processor - ok21:10:36.0819 4244 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll21:10:36.0825 4244 ProfSvc - ok21:10:36.0858 4244 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe21:10:36.0860 4244 ProtectedStorage - ok21:10:36.0918 4244 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys21:10:36.0922 4244 Psched - ok21:10:36.0988 4244 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys21:10:36.0991 4244 PxHlpa64 - ok21:10:37.0139 4244 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys21:10:37.0158 4244 ql2300 - ok21:10:37.0300 4244 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys21:10:37.0305 4244 ql40xx - ok21:10:37.0354 4244 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll21:10:37.0363 4244 QWAVE - ok21:10:37.0381 4244 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys21:10:37.0384 4244 QWAVEdrv - ok21:10:37.0411 4244 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys21:10:37.0414 4244 RasAcd - ok21:10:37.0450 4244 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys21:10:37.0453 4244 RasAgileVpn - ok21:10:37.0490 4244 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll21:10:37.0496 4244 RasAuto - ok21:10:37.0524 4244 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys21:10:37.0528 4244 Rasl2tp - ok21:10:37.0580 4244 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll21:10:37.0590 4244 RasMan - ok21:10:37.0638 4244 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys21:10:37.0641 4244 RasPppoe - ok21:10:37.0665 4244 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys21:10:37.0668 4244 RasSstp - ok21:10:37.0713 4244 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys21:10:37.0720 4244 rdbss - ok21:10:37.0751 4244 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys21:10:37.0753 4244 rdpbus - ok21:10:37.0781 4244 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys21:10:37.0783 4244 RDPCDD - ok21:10:37.0801 4244 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys21:10:37.0803 4244 RDPENCDD - ok21:10:37.0820 4244 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys21:10:37.0822 4244 RDPREFMP - ok21:10:37.0869 4244 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys21:10:37.0875 4244 RDPWD - ok21:10:37.0944 4244 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys21:10:37.0950 4244 rdyboost - ok21:10:37.0985 4244 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll21:10:37.0990 4244 RemoteAccess - ok21:10:38.0041 4244 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll21:10:38.0048 4244 RemoteRegistry - ok21:10:38.0093 4244 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys21:10:38.0097 4244 RFCOMM - ok21:10:38.0127 4244 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll21:10:38.0130 4244 RpcEptMapper - ok21:10:38.0160 4244 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe21:10:38.0163 4244 RpcLocator - ok21:10:38.0235 4244 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll21:10:38.0247 4244 RpcSs - ok21:10:38.0288 4244 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys21:10:38.0292 4244 rspndr - ok21:10:38.0358 4244 RSUSBVSTOR (ce0a1d8a59410e698140821e4e69da0d) C:\windows\System32\Drivers\RtsUVStor.sys21:10:38.0365 4244 RSUSBVSTOR - ok21:10:38.0424 4244 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\windows\system32\DRIVERS\Rt64win7.sys21:10:38.0432 4244 RTL8167 - ok21:10:38.0470 4244 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe21:10:38.0473 4244 SamSs - ok21:10:38.0513 4244 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys21:10:38.0516 4244 sbp2port - ok21:10:38.0562 4244 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll21:10:38.0570 4244 SCardSvr - ok21:10:38.0585 4244 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys21:10:38.0588 4244 scfilter - ok21:10:38.0700 4244 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll21:10:38.0719 4244 Schedule - ok21:10:38.0811 4244 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll21:10:38.0814 4244 SCPolicySvc - ok21:10:38.0860 4244 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll21:10:38.0867 4244 SDRSVC - ok21:10:38.0929 4244 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys21:10:38.0932 4244 secdrv - ok21:10:38.0963 4244 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll21:10:38.0968 4244 seclogon - ok21:10:38.0988 4244 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll21:10:38.0993 4244 SENS - ok21:10:39.0028 4244 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll21:10:39.0034 4244 SensrSvc - ok21:10:39.0067 4244 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys21:10:39.0070 4244 Serenum - ok21:10:39.0098 4244 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys21:10:39.0102 4244 Serial - ok21:10:39.0126 4244 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys21:10:39.0128 4244 sermouse - ok21:10:39.0170 4244 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll21:10:39.0174 4244 SessionEnv - ok21:10:39.0191 4244 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys21:10:39.0193 4244 sffdisk - ok21:10:39.0209 4244 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys21:10:39.0210 4244 sffp_mmc - ok21:10:39.0215 4244 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys21:10:39.0217 4244 sffp_sd - ok21:10:39.0222 4244 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys21:10:39.0224 4244 sfloppy - ok21:10:39.0295 4244 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys21:10:39.0307 4244 Sftfs - ok21:10:39.0417 4244 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe21:10:39.0428 4244 sftlist - ok21:10:39.0461 4244 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys21:10:39.0466 4244 Sftplay - ok21:10:39.0478 4244 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys21:10:39.0480 4244 Sftredir - ok21:10:39.0507 4244 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys21:10:39.0509 4244 Sftvol - ok21:10:39.0568 4244 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe21:10:39.0574 4244 sftvsa - ok21:10:39.0672 4244 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll21:10:39.0682 4244 SharedAccess - ok21:10:39.0741 4244 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll21:10:39.0752 4244 ShellHWDetection - ok21:10:39.0790 4244 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys21:10:39.0793 4244 SiSRaid2 - ok21:10:39.0814 4244 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys21:10:39.0818 4244 SiSRaid4 - ok21:10:39.0857 4244 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe21:10:39.0861 4244 SkypeUpdate - ok21:10:39.0904 4244 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys21:10:39.0907 4244 Smb - ok21:10:39.0949 4244 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe21:10:39.0954 4244 SNMPTRAP - ok21:10:39.0990 4244 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys21:10:39.0992 4244 spldr - ok21:10:40.0073 4244 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe21:10:40.0088 4244 Spooler - ok21:10:40.0391 4244 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe21:10:40.0459 4244 sppsvc - ok21:10:40.0576 4244 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll21:10:40.0583 4244 sppuinotify - ok21:10:40.0618 4244 SRTSPX - ok21:10:40.0691 4244 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys21:10:40.0700 4244 srv - ok21:10:40.0749 4244 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys21:10:40.0757 4244 srv2 - ok21:10:40.0793 4244 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys21:10:40.0797 4244 srvnet - ok21:10:40.0850 4244 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll21:10:40.0857 4244 SSDPSRV - ok21:10:40.0882 4244 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll21:10:40.0886 4244 SstpSvc - ok21:10:40.0936 4244 Steam Client Service - ok21:10:40.0981 4244 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys21:10:40.0983 4244 stexstor - ok21:10:41.0074 4244 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll21:10:41.0088 4244 stisvc - ok21:10:41.0114 4244 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys21:10:41.0116 4244 swenum - ok21:10:41.0280 4244 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe21:10:41.0290 4244 SwitchBoard - ok21:10:41.0371 4244 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll21:10:41.0384 4244 swprv - ok21:10:41.0397 4244 SymDS - ok21:10:41.0405 4244 SymEFA - ok21:10:41.0415 4244 SymEvent - ok21:10:41.0588 4244 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll21:10:41.0609 4244 SysMain - ok21:10:41.0758 4244 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll21:10:41.0764 4244 TabletInputService - ok21:10:42.0368 4244 TabletServicePen (5f5ac85de73fd25ad36bf591185ec009) C:\Program Files\Tablet\Pen\Pen_Tablet.exe21:10:42.0393 4244 TabletServicePen - ok21:10:42.0528 4244 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll21:10:42.0539 4244 TapiSrv - ok21:10:42.0566 4244 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll21:10:42.0568 4244 TBS - ok21:10:42.0807 4244 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys21:10:42.0830 4244 Tcpip - ok21:10:43.0110 4244 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys21:10:43.0124 4244 TCPIP6 - ok21:10:43.0268 4244 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys21:10:43.0271 4244 tcpipreg - ok21:10:43.0298 4244 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys21:10:43.0301 4244 TDPIPE - ok21:10:43.0323 4244 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys21:10:43.0325 4244 TDTCP - ok21:10:43.0355 4244 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys21:10:43.0359 4244 tdx - ok21:10:43.0403 4244 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys21:10:43.0406 4244 TermDD - ok21:10:43.0499 4244 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll21:10:43.0513 4244 TermService - ok21:10:43.0529 4244 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll21:10:43.0533 4244 Themes - ok21:10:43.0561 4244 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll21:10:43.0563 4244 THREADORDER - ok21:10:43.0719 4244 TouchServicePen (7446e9d669a3b747bc4d11a82f69a5ed) C:\Program Files\Tablet\Pen\Pen_TouchService.exe21:10:43.0725 4244 TouchServicePen - ok21:10:43.0770 4244 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll21:10:43.0776 4244 TrkWks - ok21:10:43.0840 4244 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe21:10:43.0845 4244 TrustedInstaller - ok21:10:43.0916 4244 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys21:10:43.0919 4244 tssecsrv - ok21:10:43.0940 4244 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys21:10:43.0943 4244 TsUsbFlt - ok21:10:43.0952 4244 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys21:10:43.0955 4244 TsUsbGD - ok21:10:43.0990 4244 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys21:10:43.0994 4244 tunnel - ok21:10:44.0028 4244 TurboB (48743b69ea47c020a792d8649f753f44) C:\windows\system32\DRIVERS\TurboB.sys21:10:44.0048 4244 TurboB - ok21:10:44.0109 4244 TurboBoost (759f59e3ea3802ff23f93dcdb6fe9171) C:\Program Files\Intel\TurboBoost\TurboBoost.exe21:10:44.0142 4244 TurboBoost - ok21:10:44.0180 4244 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys21:10:44.0182 4244 uagp35 - ok21:10:44.0225 4244 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys21:10:44.0230 4244 udfs - ok21:10:44.0257 4244 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe21:10:44.0260 4244 UI0Detect - ok21:10:44.0297 4244 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys21:10:44.0299 4244 uliagpkx - ok21:10:44.0333 4244 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys21:10:44.0335 4244 umbus - ok21:10:44.0360 4244 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys21:10:44.0361 4244 UmPass - ok21:10:44.0626 4244 UNS (fc43877b4625f6eb773c98233eb625c5) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe21:10:44.0647 4244 UNS - ok21:10:44.0798 4244 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll21:10:44.0807 4244 upnphost - ok21:10:44.0877 4244 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys21:10:44.0880 4244 usbccgp - ok21:10:44.0918 4244 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys21:10:44.0921 4244 usbcir - ok21:10:44.0952 4244 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys21:10:44.0955 4244 usbehci - ok21:10:45.0016 4244 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\drivers\usbhub.sys21:10:45.0024 4244 usbhub - ok21:10:45.0057 4244 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys21:10:45.0060 4244 usbohci - ok21:10:45.0070 4244 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys21:10:45.0073 4244 usbprint - ok21:10:45.0095 4244 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS21:10:45.0097 4244 USBSTOR - ok21:10:45.0122 4244 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys21:10:45.0125 4244 usbuhci - ok21:10:45.0171 4244 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys21:10:45.0176 4244 usbvideo - ok21:10:45.0207 4244 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll21:10:45.0211 4244 UxSms - ok21:10:45.0248 4244 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe21:10:45.0251 4244 VaultSvc - ok21:10:45.0280 4244 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys21:10:45.0283 4244 vdrvroot - ok21:10:45.0364 4244 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe21:10:45.0376 4244 vds - ok21:10:45.0414 4244 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys21:10:45.0416 4244 vga - ok21:10:45.0441 4244 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys21:10:45.0444 4244 VgaSave - ok21:10:45.0469 4244 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys21:10:45.0474 4244 vhdmp - ok21:10:45.0491 4244 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys21:10:45.0493 4244 viaide - ok21:10:45.0522 4244 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys21:10:45.0525 4244 volmgr - ok21:10:45.0570 4244 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys21:10:45.0577 4244 volmgrx - ok21:10:45.0627 4244 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys21:10:45.0633 4244 volsnap - ok21:10:45.0680 4244 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys21:10:45.0685 4244 vsmraid - ok21:10:45.0848 4244 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe21:10:45.0869 4244 VSS - ok21:10:46.0002 4244 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys21:10:46.0005 4244 vwifibus - ok21:10:46.0041 4244 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys21:10:46.0044 4244 vwififlt - ok21:10:46.0100 4244 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll21:10:46.0111 4244 W32Time - ok21:10:46.0166 4244 wacmoumonitor (43ce14e1e17da81ea71dfe686805ed07) C:\windows\system32\DRIVERS\wacmoumonitor.sys21:10:46.0168 4244 wacmoumonitor - ok21:10:46.0226 4244 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\windows\system32\DRIVERS\wacommousefilter.sys21:10:46.0229 4244 wacommousefilter - ok21:10:46.0274 4244 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys21:10:46.0277 4244 WacomPen - ok21:10:46.0333 4244 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\windows\system32\DRIVERS\wacomvhid.sys21:10:46.0336 4244 wacomvhid - ok21:10:46.0386 4244 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys21:10:46.0389 4244 WANARP - ok21:10:46.0396 4244 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys21:10:46.0398 4244 Wanarpv6 - ok21:10:46.0524 4244 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe21:10:46.0545 4244 WatAdminSvc - ok21:10:46.0702 4244 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe21:10:46.0724 4244 wbengine - ok21:10:46.0953 4244 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll21:10:46.0959 4244 WbioSrvc - ok21:10:47.0004 4244 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll21:10:47.0012 4244 wcncsvc - ok21:10:47.0019 4244 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll21:10:47.0024 4244 WcsPlugInService - ok21:10:47.0074 4244 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys21:10:47.0076 4244 Wd - ok21:10:47.0152 4244 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys21:10:47.0167 4244 Wdf01000 - ok21:10:47.0194 4244 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll21:10:47.0200 4244 WdiServiceHost - ok21:10:47.0206 4244 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll21:10:47.0211 4244 WdiSystemHost - ok21:10:47.0258 4244 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll21:10:47.0265 4244 WebClient - ok21:10:47.0305 4244 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll21:10:47.0311 4244 Wecsvc - ok21:10:47.0341 4244 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll21:10:47.0345 4244 wercplsupport - ok21:10:47.0383 4244 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll21:10:47.0387 4244 WerSvc - ok21:10:47.0445 4244 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys21:10:47.0448 4244 WfpLwf - ok21:10:47.0486 4244 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys21:10:47.0488 4244 WIMMount - ok21:10:47.0527 4244 WinDefend - ok21:10:47.0540 4244 WinHttpAutoProxySvc - ok21:10:47.0609 4244 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll21:10:47.0615 4244 Winmgmt - ok21:10:47.0819 4244 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll21:10:47.0844 4244 WinRM - ok21:10:48.0053 4244 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll21:10:48.0071 4244 Wlansvc - ok21:10:48.0161 4244 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe21:10:48.0164 4244 wlcrasvc - ok21:10:48.0421 4244 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE21:10:48.0446 4244 wlidsvc - ok21:10:48.0594 4244 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys21:10:48.0597 4244 WmiAcpi - ok21:10:48.0670 4244 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe21:10:48.0676 4244 wmiApSrv - ok21:10:48.0730 4244 WMPNetworkSvc - ok21:10:48.0755 4244 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll21:10:48.0761 4244 WPCSvc - ok21:10:48.0787 4244 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll21:10:48.0792 4244 WPDBusEnum - ok21:10:48.0820 4244 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys21:10:48.0823 4244 ws2ifsl - ok21:10:48.0854 4244 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll21:10:48.0860 4244 wscsvc - ok21:10:48.0865 4244 WSearch - ok21:10:49.0086 4244 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll21:10:49.0111 4244 wuauserv - ok21:10:49.0263 4244 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys21:10:49.0267 4244 WudfPf - ok21:10:49.0322 4244 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys21:10:49.0327 4244 WUDFRd - ok21:10:49.0360 4244 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll21:10:49.0365 4244 wudfsvc - ok21:10:49.0407 4244 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll21:10:49.0415 4244 WwanSvc - ok21:10:49.0473 4244 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR021:10:49.0563 4244 \Device\Harddisk0\DR0 - ok21:10:49.0590 4244 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR421:10:49.0595 4244 \Device\Harddisk1\DR4 - ok21:10:49.0608 4244 Boot (0x1200) (bd52c63ec00eaaf46e7fe967a31fe603) \Device\Harddisk0\DR0\Partition021:10:49.0610 4244 \Device\Harddisk0\DR0\Partition0 - ok21:10:49.0627 4244 Boot (0x1200) (e020ab22ff25f70be409c9c00f7deb61) \Device\Harddisk0\DR0\Partition121:10:49.0630 4244 \Device\Harddisk0\DR0\Partition1 - ok21:10:49.0635 4244 Boot (0x1200) (7a53f04814ce23c67344185075b7128a) \Device\Harddisk1\DR4\Partition021:10:49.0638 4244 \Device\Harddisk1\DR4\Partition0 - ok21:10:49.0639 4244 ============================================================21:10:49.0639 4244 Scan finished21:10:49.0639 4244 ============================================================21:10:49.0660 4124 Detected object count: 021:10:49.0660 4124 Actual detected object count: 021:11:34.0896 5268 Deinitialize success Link to post Share on other sites More sharing options...
Elise Posted April 30, 2012 ID:547495 Share Posted April 30, 2012 Hi again,COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply. Link to post Share on other sites More sharing options...
Mike12345 Posted May 1, 2012 Author ID:547757 Share Posted May 1, 2012 Hello agian,Ran combofix, as requested here is the .txtP.S. On the ((other deletions)) part of the log, did it removed those two files ?Log:ComboFix 12-05-01.01 - user 01/05/2012 16:43:47.1.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.60.1033.18.8099.5762 [GMT 8:00]Running from: c:\users\user\Downloads\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\system32\FD.dllc:\windows\system32\ICON.ico..((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))..2012-05-01 08:47 . 2012-05-01 08:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2012-05-01 08:47 . 2012-05-01 08:47 -------- d-----w- c:\users\Default\AppData\Local\temp2012-04-30 16:16 . 2012-04-30 16:16 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E7A6A19-2126-41F1-B2A3-FAB1E1D02C60}\offreg.dll2012-04-30 11:13 . 2012-04-12 17:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E7A6A19-2126-41F1-B2A3-FAB1E1D02C60}\mpengine.dll2012-04-29 11:29 . 2012-04-29 11:29 16200 ----a-w- c:\windows\stinger.sys2012-04-29 11:29 . 2012-04-29 11:35 -------- d-----w- c:\program files (x86)\stinger2012-04-29 07:07 . 2012-04-29 07:07 -------- d-----w- c:\programdata\Microsoft Help2012-04-28 17:21 . 2012-04-12 17:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-04-28 11:34 . 2012-04-28 11:40 -------- d-----w- c:\programdata\SecTaskMan2012-04-27 17:27 . 2012-04-27 17:27 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D2FEE4A-8194-41F3-B6AD-0EB2CE34012A}\gapaengine.dll2012-04-27 17:09 . 2012-04-27 17:09 -------- d-----w- c:\program files (x86)\Microsoft Security Client2012-04-27 17:09 . 2012-04-27 17:09 -------- d-----w- c:\program files\Microsoft Security Client2012-04-27 13:57 . 2012-04-27 13:57 -------- d-----w- c:\programdata\Malwarebytes2012-04-27 13:57 . 2012-04-04 07:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-04-27 12:07 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA1D8ADE-94B9-492A-B696-DE7F5DAD4B41}\mpengine.dll2012-04-26 09:04 . 2012-04-26 09:04 -------- d-----w- c:\program files (x86)\Google2012-04-25 19:19 . 2012-04-25 19:19 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service2012-04-25 04:27 . 2012-04-26 00:31 -------- d-----w- c:\programdata\VirtualizedApplications2012-04-25 01:51 . 2012-04-25 19:00 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client2012-04-22 11:29 . 2012-04-22 11:29 -------- d-----w- c:\program files (x86)\Space International2012-04-18 12:14 . 2012-04-19 18:05 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2012-04-18 12:10 . 2012-04-18 12:11 -------- d-----w- c:\program files (x86)\Origin2012-04-18 12:00 . 2012-04-18 12:00 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins2012-04-18 11:57 . 2012-04-18 11:57 -------- d-----w- c:\programdata\EA Core2012-04-18 11:57 . 2012-04-19 12:06 -------- d-----w- c:\programdata\EA Logs2012-04-18 11:55 . 2012-04-19 18:05 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2012-04-18 11:55 . 2012-04-19 18:04 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02012-04-18 11:55 . 2012-04-18 12:18 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2012-04-16 12:03 . 2012-04-16 12:03 -------- d-----w- c:\programdata\XSettings2012-04-16 06:24 . 2012-04-17 15:48 -------- d-----w- c:\program files (x86)\Origin Games2012-04-16 06:24 . 2012-04-18 12:12 -------- d-----w- c:\programdata\Origin2012-04-16 06:22 . 2012-04-18 11:57 -------- d-----w- c:\programdata\Electronic Arts2012-04-14 12:22 . 2012-04-14 12:22 -------- d-----w- c:\windows\SysWow64\Wat2012-04-14 12:22 . 2012-04-14 12:22 -------- d-----w- c:\windows\system32\Wat2012-04-13 19:05 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe2012-04-13 19:05 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-04-13 19:05 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-04-13 19:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-04-13 19:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll2012-04-13 19:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll2012-04-13 19:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll2012-04-13 19:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-04-13 19:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll2012-04-13 19:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll2012-04-13 10:15 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll2012-04-13 10:15 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll2012-04-13 10:14 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll2012-04-13 10:14 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll2012-04-13 10:11 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll2012-04-13 10:11 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll2012-04-13 10:11 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-04-13 10:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll2012-04-13 10:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll2012-04-13 09:43 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll2012-04-13 09:43 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll2012-04-13 09:34 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys2012-04-13 09:33 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll2012-04-13 09:23 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl2012-04-13 09:23 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl2012-04-13 09:22 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll2012-04-13 09:22 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll2012-04-13 09:01 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys2012-04-13 08:19 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll2012-04-13 08:19 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll2012-04-13 08:19 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys2012-04-13 08:17 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll2012-04-13 08:17 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll2012-04-13 08:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll2012-04-13 08:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll2012-04-13 05:44 . 2010-10-26 21:42 749936 ------w- c:\windows\system32\Pen_Touch_Tablet.dll2012-04-13 05:44 . 2010-10-26 21:42 642928 ------w- c:\windows\SysWow64\Pen_Touch_Tablet.dll2012-04-13 05:44 . 2012-04-13 05:44 -------- d-----w- c:\program files (x86)\TabletPlugins2012-04-13 05:44 . 2010-10-11 19:19 18288 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys2012-04-13 05:44 . 2010-10-11 19:19 12848 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys2012-04-13 05:44 . 2010-10-11 19:19 16168 ----a-w- c:\windows\system32\drivers\wacomvhid.sys2012-04-13 05:44 . 2010-10-26 21:42 600432 ------w- c:\windows\system32\Wintab32.dll2012-04-13 05:44 . 2010-10-26 21:42 506736 ------w- c:\windows\SysWow64\Wintab32.dll2012-04-13 05:43 . 2010-10-26 21:42 756592 ------w- c:\windows\system32\Pen_Tablet.dll2012-04-13 05:43 . 2010-10-26 21:42 650096 ------w- c:\windows\SysWow64\Pen_Tablet.dll2012-04-13 05:43 . 2012-04-13 05:44 -------- d-----w- c:\program files\Tablet2012-04-12 13:31 . 2012-04-14 17:31 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2012-04-12 13:09 . 2012-04-12 13:09 -------- d-----w- c:\programdata\McAfee2012-04-12 13:09 . 2012-04-14 17:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-04-12 13:09 . 2012-04-14 17:31 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-04-12 13:08 . 2012-04-12 13:08 -------- d-----w- c:\windows\system32\Macromed2012-04-12 12:37 . 2012-04-30 13:01 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared2012-04-12 12:27 . 2012-04-12 12:27 -------- d-----w- c:\users\Public\msi2012-04-12 10:24 . 2012-04-12 10:24 -------- d-----w- c:\program files (x86)\My Company Name2012-04-12 10:24 . 2012-04-12 10:24 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared2012-04-12 10:24 . 2012-04-12 10:24 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine2012-04-12 10:24 . 2009-07-08 19:00 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys2012-04-12 10:24 . 2009-06-22 19:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys2012-04-12 10:24 . 2009-06-22 19:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys2012-04-12 10:09 . 2012-04-12 10:09 -------- d-----w- c:\program files\CCleaner2012-04-12 10:00 . 2012-04-12 10:00 -------- d-----w- c:\program files (x86)\Common Files\Skype2012-04-12 10:00 . 2012-04-12 10:00 -------- d-----r- c:\program files (x86)\Skype2012-04-12 10:00 . 2012-04-12 10:00 -------- d-----w- c:\programdata\Skype2012-04-12 09:31 . 2012-04-21 11:51 -------- d-----w- c:\program files (x86)\Common Files\Steam2012-04-12 09:29 . 2012-04-12 09:29 -------- d-----w- c:\programdata\Media Center Programs2012-04-12 09:21 . 2012-04-12 09:21 -------- d-sh--w- c:\windows\ftpcache2012-04-12 09:09 . 2012-04-12 09:18 -------- d-----w- c:\programdata\regid.1986-12.com.adobe2012-04-12 09:04 . 2012-04-12 10:27 -------- d-----w- c:\program files\Common Files\Adobe2012-04-12 09:03 . 2012-04-12 09:03 -------- d-----w- c:\program files (x86)\Adobe Media Player2012-04-12 09:02 . 2012-04-12 09:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR2012-04-12 09:00 . 2012-04-12 10:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe2012-04-12 08:27 . 2012-04-12 08:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys2012-04-12 08:26 . 2012-04-12 09:20 -------- d-----w- c:\programdata\DAEMON Tools Lite2012-04-12 08:13 . 2012-04-12 08:13 -------- d-----w- c:\program files (x86)\Ask.com2012-04-12 08:13 . 2012-04-12 08:13 -------- d-----w- c:\program files (x86)\Foxit Software2012-04-12 08:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll2012-04-12 08:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll2012-04-12 08:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe2012-04-12 08:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll2012-04-12 08:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll2012-04-12 08:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-04-12 08:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys2012-04-12 05:58 . 2012-04-12 05:58 -------- d-----w- c:\programdata\Nuance2012-04-12 05:58 . 2012-04-12 05:58 -------- d-----w- c:\programdata\ScanSoft2012-04-12 05:58 . 2012-04-12 05:58 -------- d-----w- c:\programdata\FLEXnet2012-04-12 05:58 . 2012-04-12 05:58 -------- d-----w- c:\program files (x86)\Nuance2012-04-12 05:57 . 2012-04-12 05:57 6 ----a-w- c:\windows\silentOnce.tmp2012-04-12 05:54 . 2012-04-13 05:45 -------- d-----w- c:\users\user2012-04-12 05:53 . 2012-04-12 05:53 -------- d-----w- C:\Recovery...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-04-12 07:55 . 2011-03-29 02:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr2012-03-20 12:44 . 2012-03-20 12:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2012-03-20 12:44 . 2012-03-20 12:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152].[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288]"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-18 1351680]"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-06 1112920]"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]"Malwarebytes' Anti-Malware"="d:\programs\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408].c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-10-8 198656].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 29361461*Deregistered* - 29361461*Deregistered* - BHDrvx64*Deregistered* - NAVENG*Deregistered* - NAVEX15.Contents of the 'Scheduled Tasks' folder.2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:31].2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067800367-404388841-926343989-1001Core.job- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 11:37].2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067800367-404388841-926343989-1001UA.job- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 11:37]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-04 11780712]"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x1"AppInit_DLLs"=c:\windows\System32\nvinitx.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.ask.com/?l=dis&o=101702mStart Page = hxxp://msi.msn.commLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyServer = 202.171.34.234:3124uInternet Settings,ProxyOverride = 192.168.1.1;<local>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\g88fwusm.default\FF - prefs.js: browser.startup.homepage - www.google.com.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-05-01 16:49:08ComboFix-quarantined-files.txt 2012-05-01 08:49.Pre-Run: 26,413,187,072 bytes freePost-Run: 26,299,207,680 bytes free.- - End Of File - - F6E324B03ED2B872E8B5ED809F0B36C3 Link to post Share on other sites More sharing options...
Elise Posted May 1, 2012 ID:547760 Share Posted May 1, 2012 It looks like you use a proxy server in Malaysia, is this something you have set yourself? Link to post Share on other sites More sharing options...
Mike12345 Posted May 1, 2012 Author ID:547761 Share Posted May 1, 2012 No, i never set it up, nor I really know how to set it. Link to post Share on other sites More sharing options...
Elise Posted May 1, 2012 ID:547762 Share Posted May 1, 2012 In that case lets remove it. Let me know afterwards how things are running.CF-SCRIPT-------------We need to execute a CF-script.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:DDS::uInternet Settings,ProxyServer = 202.171.34.234:3124Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
Mike12345 Posted May 1, 2012 Author ID:547765 Share Posted May 1, 2012 Here you go,I must say, that after running combofix the first time, Internet speed increase drasticaly. If possible, I would like to know what was removed and if any malware/viruses were actually detected. Thank youLog:ComboFix 12-05-01.01 - user 01/05/2012 17:39:28.2.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.60.1033.18.8099.5638 [GMT 8:00]Running from: c:\users\user\Downloads\ComboFix.exeCommand switches used :: c:\users\user\Downloads\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))..2012-05-01 09:42 . 2012-05-01 09:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2012-05-01 09:42 . 2012-05-01 09:42 -------- d-----w- c:\users\Default\AppData\Local\temp2012-05-01 09:37 . 2012-05-01 09:37 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D61F3B96-27EB-406C-B434-39AEB6AF1E75}\offreg.dll2012-05-01 08:49 . 2012-04-12 17:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D61F3B96-27EB-406C-B434-39AEB6AF1E75}\mpengine.dll2012-04-29 11:29 . 2012-04-29 11:29 16200 ----a-w- c:\windows\stinger.sys2012-04-29 11:29 . 2012-04-29 11:35 -------- d-----w- c:\program files (x86)\stinger2012-04-29 07:07 . 2012-04-29 07:07 -------- d-----w- c:\programdata\Microsoft Help2012-04-28 17:21 . 2012-04-12 17:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-04-28 11:34 . 2012-04-28 11:40 -------- d-----w- c:\programdata\SecTaskMan2012-04-27 17:27 . 2012-04-27 17:27 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D2FEE4A-8194-41F3-B6AD-0EB2CE34012A}\gapaengine.dll2012-04-27 17:09 . 2012-04-27 17:09 -------- d-----w- c:\program files (x86)\Microsoft Security Client2012-04-27 17:09 . 2012-04-27 17:09 -------- d-----w- c:\program files\Microsoft Security Client2012-04-27 13:57 . 2012-04-27 13:57 -------- d-----w- c:\programdata\Malwarebytes2012-04-27 13:57 . 2012-04-04 07:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-04-27 12:07 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA1D8ADE-94B9-492A-B696-DE7F5DAD4B41}\mpengine.dll2012-04-26 09:04 . 2012-04-26 09:04 -------- d-----w- c:\program files (x86)\Google2012-04-25 19:19 . 2012-04-25 19:19 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service2012-04-25 04:27 . 2012-04-26 00:31 -------- d-----w- c:\programdata\VirtualizedApplications2012-04-25 01:51 . 2012-04-25 19:00 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client2012-04-22 11:29 . 2012-04-22 11:29 -------- d-----w- c:\program files (x86)\Space International2012-04-18 12:14 . 2012-04-19 18:05 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2012-04-18 12:10 . 2012-04-18 12:11 -------- d-----w- c:\program files (x86)\Origin2012-04-18 12:00 . 2012-04-18 12:00 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins2012-04-18 11:57 . 2012-04-18 11:57 -------- d-----w- c:\programdata\EA Core2012-04-18 11:57 . 2012-04-19 12:06 -------- d-----w- c:\programdata\EA Logs2012-04-18 11:55 . 2012-04-19 18:05 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2012-04-18 11:55 . 2012-04-19 18:04 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02012-04-18 11:55 . 2012-04-18 12:18 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2012-04-16 12:03 . 2012-04-16 12:03 -------- d-----w- c:\programdata\XSettings2012-04-16 06:24 . 2012-04-17 15:48 -------- d-----w- c:\program files (x86)\Origin Games2012-04-16 06:24 . 2012-04-18 12:12 -------- d-----w- c:\programdata\Origin2012-04-16 06:22 . 2012-04-18 11:57 -------- d-----w- c:\programdata\Electronic Arts2012-04-14 12:22 . 2012-04-14 12:22 -------- d-----w- c:\windows\SysWow64\Wat2012-04-14 12:22 . 2012-04-14 12:22 -------- d-----w- c:\windows\system32\Wat2012-04-13 19:05 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe2012-04-13 19:05 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-04-13 19:05 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-04-13 19:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-04-13 19:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll2012-04-13 19:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll2012-04-13 19:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll2012-04-13 19:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-04-13 19:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll2012-04-13 19:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll2012-04-13 10:15 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll2012-04-13 10:15 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll2012-04-13 10:14 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll2012-04-13 10:14 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll2012-04-13 10:11 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll2012-04-13 10:11 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll2012-04-13 10:11 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-04-13 10:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll2012-04-13 10:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll2012-04-13 09:43 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll2012-04-13 09:43 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll2012-04-13 09:34 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys2012-04-13 09:33 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll2012-04-13 09:23 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl2012-04-13 09:23 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl2012-04-13 09:22 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll2012-04-13 09:22 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll2012-04-13 09:01 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys2012-04-13 08:19 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll2012-04-13 08:19 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll2012-04-13 08:19 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys2012-04-13 08:17 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll2012-04-13 08:17 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll2012-04-13 08:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll2012-04-13 08:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll2012-04-13 05:44 . 2010-10-26 21:42 749936 ------w- c:\windows\system32\Pen_Touch_Tablet.dll2012-04-13 05:44 . 2010-10-26 21:42 642928 ------w- c:\windows\SysWow64\Pen_Touch_Tablet.dll2012-04-13 05:44 . 2012-04-13 05:44 -------- d-----w- c:\program files (x86)\TabletPlugins2012-04-13 05:44 . 2010-10-11 19:19 18288 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys2012-04-13 05:44 . 2010-10-11 19:19 12848 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys2012-04-13 05:44 . 2010-10-11 19:19 16168 ----a-w- c:\windows\system32\drivers\wacomvhid.sys2012-04-13 05:44 . 2010-10-26 21:42 600432 ------w- c:\windows\system32\Wintab32.dll2012-04-13 05:44 . 2010-10-26 21:42 506736 ------w- c:\windows\SysWow64\Wintab32.dll2012-04-13 05:43 . 2010-10-26 21:42 756592 ------w- c:\windows\system32\Pen_Tablet.dll2012-04-13 05:43 . 2010-10-26 21:42 650096 ------w- c:\windows\SysWow64\Pen_Tablet.dll2012-04-13 05:43 . 2012-04-13 05:44 -------- d-----w- c:\program files\Tablet2012-04-12 13:31 . 2012-04-14 17:31 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2012-04-12 13:09 . 2012-04-12 13:09 -------- d-----w- c:\programdata\McAfee2012-04-12 13:09 . 2012-04-14 17:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-04-12 13:09 . 2012-04-14 17:31 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-04-12 13:08 . 2012-04-12 13:08 -------- d-----w- c:\windows\system32\Macromed2012-04-12 12:37 . 2012-04-30 13:01 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared2012-04-12 12:27 . 2012-04-12 12:27 -------- d-----w- c:\users\Public\msi2012-04-12 10:24 . 2012-04-12 10:24 -------- d-----w- c:\program files (x86)\My Company Name2012-04-12 10:24 . 2012-04-12 10:24 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared2012-04-12 10:24 . 2012-04-12 10:24 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine2012-04-12 10:24 . 2009-07-08 19:00 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys2012-04-12 10:24 . 2009-06-22 19:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys2012-04-12 10:24 . 2009-06-22 19:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys2012-04-12 10:09 . 2012-04-12 10:09 -------- d-----w- c:\program files\CCleaner2012-04-12 10:00 . 2012-04-12 10:00 -------- d-----w- c:\program files (x86)\Common Files\Skype2012-04-12 10:00 . 2012-04-12 10:00 -------- d-----r- c:\program files (x86)\Skype2012-04-12 10:00 . 2012-04-12 10:00 -------- d-----w- c:\programdata\Skype2012-04-12 09:31 . 2012-04-21 11:51 -------- d-----w- c:\program files (x86)\Common Files\Steam2012-04-12 09:29 . 2012-04-12 09:29 -------- d-----w- c:\programdata\Media Center Programs2012-04-12 09:21 . 2012-04-12 09:21 -------- d-sh--w- c:\windows\ftpcache2012-04-12 09:09 . 2012-04-12 09:18 -------- d-----w- c:\programdata\regid.1986-12.com.adobe2012-04-12 09:04 . 2012-04-12 10:27 -------- d-----w- c:\program files\Common Files\Adobe2012-04-12 09:03 . 2012-04-12 09:03 -------- d-----w- c:\program files (x86)\Adobe Media Player2012-04-12 09:02 . 2012-04-12 09:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR2012-04-12 09:00 . 2012-04-12 10:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe2012-04-12 08:27 . 2012-04-12 08:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys2012-04-12 08:26 . 2012-04-12 09:20 -------- d-----w- c:\programdata\DAEMON Tools Lite2012-04-12 08:13 . 2012-04-12 08:13 -------- d-----w- c:\program files (x86)\Ask.com2012-04-12 08:13 . 2012-04-12 08:13 -------- d-----w- c:\program files (x86)\Foxit Software2012-04-12 08:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll2012-04-12 08:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll2012-04-12 08:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe2012-04-12 08:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll2012-04-12 08:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll2012-04-12 08:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-04-12 08:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys2012-04-12 05:58 . 2012-04-12 05:58 -------- d-----w- c:\programdata\Nuance2012-04-12 05:58 . 2012-04-12 05:58 -------- d-----w- c:\programdata\ScanSoft2012-04-12 05:58 . 2012-04-12 05:58 -------- d-----w- c:\programdata\FLEXnet2012-04-12 05:58 . 2012-04-12 05:58 -------- d-----w- c:\program files (x86)\Nuance2012-04-12 05:57 . 2012-04-12 05:57 6 ----a-w- c:\windows\silentOnce.tmp2012-04-12 05:54 . 2012-04-13 05:45 -------- d-----w- c:\users\user2012-04-12 05:53 . 2012-04-12 05:53 -------- d-----w- C:\Recovery...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-04-12 07:55 . 2011-03-29 02:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr2012-03-20 12:44 . 2012-03-20 12:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2012-03-20 12:44 . 2012-03-20 12:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152].[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288]"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-18 1351680]"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-06 1112920]"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]"Malwarebytes' Anti-Malware"="d:\programs\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408].c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-10-8 198656].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 29361461*Deregistered* - 29361461*Deregistered* - BHDrvx64*Deregistered* - NAVENG*Deregistered* - NAVEX15.Contents of the 'Scheduled Tasks' folder.2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:31].2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067800367-404388841-926343989-1001Core.job- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 11:37].2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067800367-404388841-926343989-1001UA.job- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 11:37]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-04 11780712]"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\windows\System32\nvinitx.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.ask.com/?l=dis&o=101702mStart Page = hxxp://msi.msn.commLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = 192.168.1.1;<local>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\g88fwusm.default\FF - prefs.js: browser.startup.homepage - www.google.com.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-05-01 17:43:27ComboFix-quarantined-files.txt 2012-05-01 09:43ComboFix2.txt 2012-05-01 08:49.Pre-Run: 26,347,622,400 bytes freePost-Run: 26,294,251,520 bytes free.- - End Of File - - 7513C0D0C60BCFC3A3E91F8F10912E0E Link to post Share on other sites More sharing options...
Elise Posted May 1, 2012 ID:547775 Share Posted May 1, 2012 Combofix resets quite some settings, which most likely caused the increase, as real malware wan't found except for those two files.P2P WARNING-------------------Going over your logs I noticed that you have uTorrent installed. Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.It is pretty much certain that if you continue to use P2P programs, you will get infected again.I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.If you wish to keep it, please do not use it until your computer is cleaned.Please launch MBAM, update it and run a full scan. Post me the resulting log. Link to post Share on other sites More sharing options...
Mike12345 Posted May 1, 2012 Author ID:547806 Share Posted May 1, 2012 Here, I think the Combofix fixed the problem some how ( my guess). Thank you for your help, much appreciented.Log:Malwarebytes Anti-Malware (Trial) 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.05.01.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421user :: USER-MSI [administrator]Protection: Disabled1/5/2012 7:28:38 PMmbam-log-2012-05-01 (19-28-38).txtScan type: Full scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 358598Time elapsed: 38 minute(s), 18 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Elise Posted May 1, 2012 ID:547814 Share Posted May 1, 2012 Its good to hear that! Lets run one last scan to double check.ESET ONLINE SCANNER----------------------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technology[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.[*]When the scan completes, click List Threats[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.[*]Click the Back button.[*]Click the Finish button. Link to post Share on other sites More sharing options...
Mike12345 Posted May 1, 2012 Author ID:547860 Share Posted May 1, 2012 Hello agian,It found 3 threats and removed them ( a B.keygen something) but after finishing it throwed me to a 'download trial or buy the product 'screen, and i couldn't save the logs. Link to post Share on other sites More sharing options...
Elise Posted May 1, 2012 ID:547866 Share Posted May 1, 2012 No problem. ALL CLEAN--------------Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean Please do the following to remove the remaining programs from your PC:Delete the tools used during the disinfection:Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.Please read these advices, in order to prevent reinfecting your PC:Install and update the following programs regularly:an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.A comprehensive tutorial and a list of possible firewalls can be found here.an AntiVirus SoftwareIt is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.an Anti-Spyware programMalware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.SUPERAntiSpyware is another good scanner with high detection and removal rates.Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.Spyware BlasterA tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.[*]Keep Windows (and your other Microsoft software) up to date!I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!![*]Keep your other software up to date as wellSoftware does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.[*]Stay up to date!The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.Some more links you might find of interest:Miekies' prevention suggestionsSo How did I get infected?Microsoft - 'Security at home'Calendar of Updates: See which updates have been released.How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.osalt: Find (free) open source alternatives to known commercial software.Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards. Link to post Share on other sites More sharing options...
Mike12345 Posted May 1, 2012 Author ID:547869 Share Posted May 1, 2012 Thank you Elise,I really appreciate your help . Have a good day.Sincerly,Mike Link to post Share on other sites More sharing options...
Elise Posted May 1, 2012 ID:547881 Share Posted May 1, 2012 You are most welcome Mike! I will request this topic to be closed. Link to post Share on other sites More sharing options...
LDTate Posted May 1, 2012 ID:547896 Share Posted May 1, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts