Trojan.agent in svchost

[Zeronx]

I noticed some chugging and random shutdowns. MBAM reports two files, both trojan.agent. Attempts to remove them have failed. Please help.

[MrCharlie]

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[Zeronx]

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by John at 12:55:16 on 2012-07-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12265.8603 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\ASUS\FaceLogon\smartlogon.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files\ASUS\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files\Trend Micro\Titanium\TiMiniService.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\ExpressGateUtil\VAWinService.exe

C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe

C:\Program Files\FSP\FspUip.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

-netsvcs

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Users\John\AppData\Local\Akamai\netsession_win.exe

C:\Users\John\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Users\John\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Windows\AsScrPro.exe

C:\ExpressGateUtil\VAWinAgent.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\notepad.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://asus.msn.com

uDefault_Page_URL = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mWinlogon: Userinit=userinit.exe,

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Akamai NetSession Interface] "C:\Users\John\AppData\Local\Akamai\netsession_win.exe"

uRun: [spotify Web Helper] "C:\Users\John\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [spotify] "C:\Users\John\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart

mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [<NO NAME>]

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{13AC0A39-C39F-4B8B-95C8-8EB3FD1573BD} : DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{13AC0A39-C39F-4B8B-95C8-8EB3FD1573BD}\147475966696 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7EC17DD0-784D-4276-9985-B375A393F664} : DhcpNameServer = 192.168.1.1

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO-X64: Vuze Remote - No File

BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

BHO-X64: TmBpIeBHO - No File

BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO-X64: Google Dictionary Compression sdch - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [(Default)]

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1zqec442.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - www.rpgfan.com

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\John\AppData\Local\Fancy\npfancygame.dll

FF - plugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1zqec442.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 AsusUacSvc;Asus process privilege adjust service;C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2011-8-25 113840]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-28 44808]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-2 8704]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-28 655944]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-24 2458944]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-3-4 382272]

R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-26 241488]

R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-25 2655768]

R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2011-3-25 91464]

R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-1-30 17152]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]

R3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;C:\Windows\system32\DRIVERS\fspad_win764.sys --> C:\Windows\system32\DRIVERS\fspad_win764.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-2 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056]

S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-4-2 267480]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-25 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-25 79360]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-2 135664]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-26 113120]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]

S3 SaiU0CCB;SaiU0CCB;C:\Windows\system32\DRIVERS\SaiU0CCB.sys --> C:\Windows\system32\DRIVERS\SaiU0CCB.sys [?]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-28 16:31:45 20480 ------w- C:\Windows\svchost.exe

2012-07-28 16:00:12 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-07-28 16:00:11 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-07-28 16:00:11 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-07-28 15:59:59 41224 ----a-w- C:\Windows\avastSS.scr

2012-07-28 15:59:50 -------- d-----w- C:\ProgramData\AVAST Software

2012-07-28 15:59:50 -------- d-----w- C:\Program Files\AVAST Software

2012-07-28 15:40:57 8038208 ----a-w- C:\Windows\System32\nvcuda.dll

2012-07-28 15:40:57 5920064 ----a-w- C:\Windows\SysWow64\nvcuda.dll

2012-07-28 15:40:57 2873664 ----a-w- C:\Windows\System32\nvcuvenc.dll

2012-07-28 15:40:57 2673984 ----a-w- C:\Windows\System32\nvcuvid.dll

2012-07-28 15:40:57 25555776 ----a-w- C:\Windows\System32\nvoglv64.dll

2012-07-28 15:40:57 25222464 ----a-w- C:\Windows\System32\nvcompiler.dll

2012-07-28 15:40:57 2518336 ----a-w- C:\Windows\SysWow64\nvcuvid.dll

2012-07-28 15:40:57 2438464 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll

2012-07-28 15:40:57 19456320 ----a-w- C:\Windows\SysWow64\nvoglv32.dll

2012-07-28 15:40:57 17663296 ----a-w- C:\Windows\System32\nvd3dumx.dll

2012-07-28 15:40:57 17543488 ----a-w- C:\Windows\SysWow64\nvcompiler.dll

2012-07-28 15:40:57 14332224 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys

2012-07-28 15:30:35 -------- d-----w- C:\Users\John\AppData\Roaming\Malwarebytes

2012-07-28 15:30:33 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-28 15:30:33 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-28 15:30:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-21 14:57:37 7726912 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll

2012-07-21 14:57:37 68928 ----a-w- C:\Windows\System32\OpenCL.dll

2012-07-21 14:57:37 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-07-21 14:57:37 2316608 ----a-w- C:\Windows\SysWow64\nvapi.dll

2012-07-11 07:03:20 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 01:52:22 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-30 15:12:17 -------- d-----w- C:\Users\John\AppData\Roaming\NVIDIA

.

==================== Find3M ====================

.

2012-07-28 16:32:44 380 ----a-w- C:\Users\John\AppData\Roaming\sp_data.sys

2012-07-27 09:43:08 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-27 09:43:08 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-24 04:08:46 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 22:40:11 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

.

============= FINISH: 12:56:02.11 ===============

[Zeronx]

Attach:

Attach.zip

[Zeronx]

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: John [Admin rights]

Mode: Scan -- Date: 07/28/2012 13:04:25

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] ASUS Patch 10430001.job @ : C:\Windows\AsPatch10430001.exe -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD7500BPKT-80PK4T0 +++++

--- User ---

[MBR] c8d2ec0b5b59e1980388d829ccacdeea

[bSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] a840f862fa7f613f59d8e89c16f88260

[bSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7 MBR Code

Partition table:

1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 Mo

3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] a840f862fa7f613f59d8e89c16f88260

[bSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7 MBR Code

Partition table:

1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 Mo

3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 Mo

+++++ PhysicalDrive1: WDC WD7500BPKT-80PK4T0 +++++

--- User ---

[MBR] b17efdbde997cde13963cd71a27bec4c

[bSP] e6c2cebec9d5914c6fe029aa4b621d92 : Windows Vista/7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 357688 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 732547072 | Size: 357715 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[Zeronx]

TDSSKILLER log:

TDSSKiller.2.7.48.0_28.07.2012_13.33.14_log.txt

[MrCharlie]

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[Zeronx]

13:33:14.0841 9152 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

13:33:15.0523 9152 ============================================================

13:33:15.0523 9152 Current date / time: 2012/07/28 13:33:15.0523

13:33:15.0523 9152 SystemInfo:

13:33:15.0523 9152

13:33:15.0523 9152 OS Version: 6.1.7601 ServicePack: 1.0

13:33:15.0523 9152 Product type: Workstation

13:33:15.0523 9152 ComputerName: JOHN-PC

13:33:15.0523 9152 UserName: John

13:33:15.0523 9152 Windows directory: C:\Windows

13:33:15.0523 9152 System windows directory: C:\Windows

13:33:15.0523 9152 Running under WOW64

13:33:15.0523 9152 Processor architecture: Intel x64

13:33:15.0523 9152 Number of processors: 8

13:33:15.0523 9152 Page size: 0x1000

13:33:15.0523 9152 Boot type: Normal boot

13:33:15.0523 9152 ============================================================

13:33:15.0885 9152 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:33:15.0886 9152 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:33:15.0892 9152 ============================================================

13:33:15.0892 9152 \Device\Harddisk0\DR0:

13:33:15.0892 9152 MBR partitions:

13:33:15.0892 9152 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x22EE8800

13:33:15.0915 9152 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x260E9800, BlocksNum 0x3145C000

13:33:15.0915 9152 \Device\Harddisk1\DR1:

13:33:15.0915 9152 MBR partitions:

13:33:15.0915 9152 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2BA9C000

13:33:15.0915 9152 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x2BA9C800, BlocksNum 0x2BAA9EF0

13:33:15.0915 9152 ============================================================

13:33:15.0957 9152 C: <-> \Device\Harddisk0\DR0\Partition0

13:33:15.0993 9152 D: <-> \Device\Harddisk0\DR0\Partition1

13:33:16.0326 9152 E: <-> \Device\Harddisk1\DR1\Partition0

13:33:16.0358 9152 F: <-> \Device\Harddisk1\DR1\Partition1

13:33:16.0358 9152 ============================================================

13:33:16.0358 9152 Initialize success

13:33:16.0358 9152 ============================================================

13:33:19.0724 7328 ============================================================

13:33:19.0724 7328 Scan started

13:33:19.0724 7328 Mode: Manual;

13:33:19.0724 7328 ============================================================

13:33:20.0218 7328 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

13:33:20.0225 7328 1394ohci - ok

13:33:20.0271 7328 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

13:33:20.0284 7328 ACPI - ok

13:33:20.0292 7328 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

13:33:20.0293 7328 AcpiPmi - ok

13:33:20.0386 7328 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

13:33:20.0387 7328 AdobeFlashPlayerUpdateSvc - ok

13:33:20.0426 7328 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

13:33:20.0442 7328 adp94xx - ok

13:33:20.0455 7328 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

13:33:20.0459 7328 adpahci - ok

13:33:20.0467 7328 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

13:33:20.0470 7328 adpu320 - ok

13:33:20.0492 7328 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

13:33:20.0493 7328 AeLookupSvc - ok

13:33:20.0534 7328 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

13:33:20.0542 7328 AFD - ok

13:33:20.0556 7328 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

13:33:20.0557 7328 agp440 - ok

13:33:20.0584 7328 AiCharger (16f6f6b7903b913ab41ab848c8bb5658) C:\Windows\system32\DRIVERS\AiCharger.sys

13:33:20.0585 7328 AiCharger - ok

13:33:20.0597 7328 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

13:33:20.0598 7328 ALG - ok

13:33:20.0616 7328 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

13:33:20.0617 7328 aliide - ok

13:33:20.0626 7328 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

13:33:20.0627 7328 amdide - ok

13:33:20.0643 7328 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

13:33:20.0644 7328 AmdK8 - ok

13:33:20.0648 7328 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

13:33:20.0650 7328 AmdPPM - ok

13:33:20.0701 7328 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

13:33:20.0702 7328 amdsata - ok

13:33:20.0718 7328 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

13:33:20.0720 7328 amdsbs - ok

13:33:20.0733 7328 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

13:33:20.0734 7328 amdxata - ok

13:33:20.0808 7328 Amsp (e8494519bcb9e3b1b72e5604993a76e3) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

13:33:20.0809 7328 Amsp - ok

13:33:20.0819 7328 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

13:33:20.0820 7328 AppID - ok

13:33:20.0839 7328 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

13:33:20.0840 7328 AppIDSvc - ok

13:33:20.0855 7328 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

13:33:20.0856 7328 Appinfo - ok

13:33:20.0862 7328 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

13:33:20.0863 7328 arc - ok

13:33:20.0868 7328 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

13:33:20.0870 7328 arcsas - ok

13:33:20.0929 7328 ASLDRService (a3626c6d3f2dc95497f3f61842d7fd89) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

13:33:20.0930 7328 ASLDRService - ok

13:33:20.0950 7328 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

13:33:20.0950 7328 ASMMAP64 - ok

13:33:20.0978 7328 AsusUacSvc (b6ef28ecee73b624d56df30ad562ae8d) C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe

13:33:20.0979 7328 AsusUacSvc - ok

13:33:21.0022 7328 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys

13:33:21.0023 7328 aswFsBlk - ok

13:33:21.0070 7328 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys

13:33:21.0071 7328 aswMonFlt - ok

13:33:21.0094 7328 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys

13:33:21.0094 7328 aswRdr - ok

13:33:21.0176 7328 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys

13:33:21.0181 7328 aswSnx - ok

13:33:21.0239 7328 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys

13:33:21.0241 7328 aswSP - ok

13:33:21.0280 7328 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys

13:33:21.0280 7328 aswTdi - ok

13:33:21.0306 7328 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:33:21.0307 7328 AsyncMac - ok

13:33:21.0320 7328 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

13:33:21.0320 7328 atapi - ok

13:33:21.0353 7328 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys

13:33:21.0354 7328 AthBTPort - ok

13:33:21.0410 7328 Atheros Bt&Wlan Coex Agent (4c4a576818ea028257c624ae36ff7a03) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

13:33:21.0411 7328 Atheros Bt&Wlan Coex Agent - ok

13:33:21.0419 7328 AtherosSvc (21753130331188c4b474e1d3b396e629) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

13:33:21.0420 7328 AtherosSvc - ok

13:33:21.0537 7328 athr (b4174564ad5834a1680610572477878c) C:\Windows\system32\DRIVERS\athrx.sys

13:33:21.0574 7328 athr - ok

13:33:21.0632 7328 ATKGFNEXSrv (dbc598e47e7a382e60e2a4745d41fef9) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

13:33:21.0633 7328 ATKGFNEXSrv - ok

13:33:21.0656 7328 ATKWMIACPIIO_ (41ceaffcf3550785e59e3ec9bee8d97a) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

13:33:21.0657 7328 ATKWMIACPIIO_ - ok

13:33:21.0792 7328 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:33:21.0810 7328 AudioEndpointBuilder - ok

13:33:21.0816 7328 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:33:21.0819 7328 AudioSrv - ok

13:33:21.0945 7328 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

13:33:21.0945 7328 avast! Antivirus - ok

13:33:21.0978 7328 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

13:33:21.0980 7328 AxInstSV - ok

13:33:22.0049 7328 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

13:33:22.0065 7328 b06bdrv - ok

13:33:22.0092 7328 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:33:22.0096 7328 b57nd60a - ok

13:33:22.0167 7328 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

13:33:22.0169 7328 BBSvc - ok

13:33:22.0181 7328 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

13:33:22.0183 7328 BDESVC - ok

13:33:22.0193 7328 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:33:22.0193 7328 Beep - ok

13:33:22.0246 7328 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

13:33:22.0264 7328 BFE - ok

13:33:22.0311 7328 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

13:33:22.0333 7328 BITS - ok

13:33:22.0360 7328 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:33:22.0361 7328 blbdrive - ok

13:33:22.0381 7328 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

13:33:22.0382 7328 bowser - ok

13:33:22.0397 7328 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

13:33:22.0398 7328 BrFiltLo - ok

13:33:22.0402 7328 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

13:33:22.0403 7328 BrFiltUp - ok

13:33:22.0420 7328 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

13:33:22.0422 7328 Browser - ok

13:33:22.0434 7328 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:33:22.0438 7328 Brserid - ok

13:33:22.0442 7328 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:33:22.0443 7328 BrSerWdm - ok

13:33:22.0445 7328 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:33:22.0446 7328 BrUsbMdm - ok

13:33:22.0457 7328 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:33:22.0458 7328 BrUsbSer - ok

13:33:22.0499 7328 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys

13:33:22.0501 7328 BTATH_A2DP - ok

13:33:22.0534 7328 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys

13:33:22.0534 7328 BTATH_BUS - ok

13:33:22.0556 7328 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys

13:33:22.0558 7328 BTATH_HCRP - ok

13:33:22.0566 7328 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys

13:33:22.0567 7328 BTATH_LWFLT - ok

13:33:22.0587 7328 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys

13:33:22.0588 7328 BTATH_RCP - ok

13:33:22.0615 7328 BtFilter (aa0f5afcf077c5246589b32eceeae566) C:\Windows\system32\DRIVERS\btfilter.sys

13:33:22.0617 7328 BtFilter - ok

13:33:22.0658 7328 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

13:33:22.0659 7328 BthEnum - ok

13:33:22.0672 7328 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

13:33:22.0673 7328 BTHMODEM - ok

13:33:22.0687 7328 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

13:33:22.0688 7328 BthPan - ok

13:33:22.0713 7328 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

13:33:22.0738 7328 BTHPORT - ok

13:33:22.0766 7328 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

13:33:22.0767 7328 bthserv - ok

13:33:22.0781 7328 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

13:33:22.0783 7328 BTHUSB - ok

13:33:22.0810 7328 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:33:22.0811 7328 cdfs - ok

13:33:22.0836 7328 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

13:33:22.0838 7328 cdrom - ok

13:33:22.0856 7328 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:33:22.0858 7328 CertPropSvc - ok

13:33:22.0867 7328 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

13:33:22.0868 7328 circlass - ok

13:33:22.0896 7328 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:33:22.0901 7328 CLFS - ok

13:33:22.0947 7328 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:33:22.0948 7328 clr_optimization_v2.0.50727_32 - ok

13:33:22.0981 7328 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:33:22.0982 7328 clr_optimization_v2.0.50727_64 - ok

13:33:23.0016 7328 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:33:23.0017 7328 clr_optimization_v4.0.30319_32 - ok

13:33:23.0033 7328 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:33:23.0034 7328 clr_optimization_v4.0.30319_64 - ok

13:33:23.0053 7328 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:33:23.0054 7328 CmBatt - ok

13:33:23.0056 7328 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

13:33:23.0057 7328 cmdide - ok

13:33:23.0115 7328 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

13:33:23.0119 7328 CNG - ok

13:33:23.0242 7328 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

13:33:23.0243 7328 Compbatt - ok

13:33:23.0259 7328 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

13:33:23.0261 7328 CompositeBus - ok

13:33:23.0272 7328 COMSysApp - ok

13:33:23.0276 7328 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

13:33:23.0277 7328 crcdisk - ok

13:33:23.0321 7328 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

13:33:23.0322 7328 Creative ALchemy AL6 Licensing Service - ok

13:33:23.0346 7328 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

13:33:23.0347 7328 Creative Audio Engine Licensing Service - ok

13:33:23.0378 7328 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

13:33:23.0380 7328 CryptSvc - ok

13:33:23.0451 7328 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

13:33:23.0454 7328 cvhsvc - ok

13:33:23.0503 7328 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:33:23.0527 7328 DcomLaunch - ok

13:33:23.0566 7328 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

13:33:23.0569 7328 defragsvc - ok

13:33:23.0598 7328 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

13:33:23.0600 7328 DfsC - ok

13:33:23.0626 7328 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

13:33:23.0638 7328 Dhcp - ok

13:33:23.0654 7328 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:33:23.0655 7328 discache - ok

13:33:23.0674 7328 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

13:33:23.0675 7328 Disk - ok

13:33:23.0705 7328 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

13:33:23.0707 7328 Dnscache - ok

13:33:23.0727 7328 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

13:33:23.0759 7328 dot3svc - ok

13:33:23.0786 7328 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

13:33:23.0789 7328 DPS - ok

13:33:23.0808 7328 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:33:23.0809 7328 drmkaud - ok

13:33:23.0840 7328 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

13:33:23.0841 7328 dtsoftbus01 - ok

13:33:23.0886 7328 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

13:33:23.0891 7328 DXGKrnl - ok

13:33:23.0921 7328 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

13:33:23.0923 7328 EapHost - ok

13:33:24.0085 7328 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

13:33:24.0145 7328 ebdrv - ok

13:33:24.0231 7328 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

13:33:24.0233 7328 EFS - ok

13:33:24.0318 7328 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

13:33:24.0321 7328 ehRecvr - ok

13:33:24.0350 7328 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

13:33:24.0351 7328 ehSched - ok

13:33:24.0412 7328 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

13:33:24.0443 7328 elxstor - ok

13:33:24.0454 7328 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

13:33:24.0455 7328 ErrDev - ok

13:33:24.0501 7328 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

13:33:24.0510 7328 EventSystem - ok

13:33:24.0531 7328 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:33:24.0540 7328 exfat - ok

13:33:24.0559 7328 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:33:24.0561 7328 fastfat - ok

13:33:24.0604 7328 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

13:33:24.0648 7328 Fax - ok

13:33:24.0652 7328 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

13:33:24.0653 7328 fdc - ok

13:33:24.0681 7328 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

13:33:24.0682 7328 fdPHost - ok

13:33:24.0689 7328 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

13:33:24.0691 7328 FDResPub - ok

13:33:24.0701 7328 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:33:24.0702 7328 FileInfo - ok

13:33:24.0715 7328 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:33:24.0716 7328 Filetrace - ok

13:33:24.0719 7328 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

13:33:24.0720 7328 flpydisk - ok

13:33:24.0741 7328 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

13:33:24.0744 7328 FltMgr - ok

13:33:24.0824 7328 FLxHCIc (bfda4d45d7c3e278d46f5bb0e5348c56) C:\Windows\system32\DRIVERS\FLxHCIc.sys

13:33:24.0826 7328 FLxHCIc - ok

13:33:24.0850 7328 FLxHCIh (7dab83e54f868806d919384ac3def762) C:\Windows\system32\DRIVERS\FLxHCIh.sys

13:33:24.0850 7328 FLxHCIh - ok

13:33:24.0901 7328 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

13:33:24.0930 7328 FontCache - ok

13:33:25.0019 7328 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:33:25.0020 7328 FontCache3.0.0.0 - ok

13:33:25.0036 7328 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:33:25.0037 7328 FsDepends - ok

13:33:25.0056 7328 fspad_win764 (3dfa8d4e50d608f8f732014614c84dd2) C:\Windows\system32\DRIVERS\fspad_win764.sys

13:33:25.0057 7328 fspad_win764 - ok

13:33:25.0077 7328 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

13:33:25.0078 7328 fssfltr - ok

13:33:25.0214 7328 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

13:33:25.0221 7328 fsssvc - ok

13:33:25.0313 7328 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

13:33:25.0314 7328 Fs_Rec - ok

13:33:25.0340 7328 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:33:25.0342 7328 fvevol - ok

13:33:25.0365 7328 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

13:33:25.0366 7328 gagp30kx - ok

13:33:25.0421 7328 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

13:33:25.0459 7328 gpsvc - ok

13:33:25.0518 7328 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:33:25.0519 7328 gupdate - ok

13:33:25.0526 7328 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:33:25.0527 7328 gupdatem - ok

13:33:25.0552 7328 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

13:33:25.0554 7328 gusvc - ok

13:33:25.0557 7328 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:33:25.0558 7328 hcw85cir - ok

13:33:25.0597 7328 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

13:33:25.0626 7328 HdAudAddService - ok

13:33:25.0665 7328 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:33:25.0666 7328 HDAudBus - ok

13:33:25.0686 7328 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

13:33:25.0687 7328 HidBatt - ok

13:33:25.0711 7328 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

13:33:25.0713 7328 HidBth - ok

13:33:25.0725 7328 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

13:33:25.0726 7328 HidIr - ok

13:33:25.0743 7328 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

13:33:25.0745 7328 hidserv - ok

13:33:25.0769 7328 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

13:33:25.0770 7328 HidUsb - ok

13:33:25.0843 7328 HiPatchService (8d1f00f4254c3ef428b715484940427c) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

13:33:25.0844 7328 HiPatchService - ok

13:33:25.0859 7328 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

13:33:25.0862 7328 hkmsvc - ok

13:33:25.0878 7328 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

13:33:25.0885 7328 HomeGroupListener - ok

13:33:25.0911 7328 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

13:33:25.0920 7328 HomeGroupProvider - ok

13:33:25.0935 7328 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

13:33:25.0937 7328 HpSAMD - ok

13:33:25.0984 7328 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

13:33:25.0992 7328 HTTP - ok

13:33:26.0039 7328 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

13:33:26.0039 7328 hwpolicy - ok

13:33:26.0064 7328 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

13:33:26.0066 7328 i8042prt - ok

13:33:26.0105 7328 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys

13:33:26.0108 7328 iaStor - ok

13:33:26.0179 7328 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

13:33:26.0189 7328 iaStorV - ok

13:33:26.0284 7328 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:33:26.0288 7328 idsvc - ok

13:33:26.0317 7328 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

13:33:26.0318 7328 iirsp - ok

13:33:26.0362 7328 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

13:33:26.0400 7328 IKEEXT - ok

13:33:26.0593 7328 IntcAzAudAddService (602788bf364d43e5878aa1b4f85c232b) C:\Windows\system32\drivers\RTKVHD64.sys

13:33:26.0615 7328 IntcAzAudAddService - ok

13:33:26.0682 7328 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

13:33:26.0684 7328 intelide - ok

13:33:26.0706 7328 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:33:26.0707 7328 intelppm - ok

13:33:26.0720 7328 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

13:33:26.0723 7328 IPBusEnum - ok

13:33:26.0735 7328 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:33:26.0737 7328 IpFilterDriver - ok

13:33:26.0765 7328 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

13:33:26.0772 7328 iphlpsvc - ok

13:33:26.0777 7328 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

13:33:26.0779 7328 IPMIDRV - ok

13:33:26.0786 7328 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:33:26.0788 7328 IPNAT - ok

13:33:26.0835 7328 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:33:26.0836 7328 IRENUM - ok

13:33:26.0839 7328 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

13:33:26.0840 7328 isapnp - ok

13:33:26.0870 7328 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

13:33:26.0873 7328 iScsiPrt - ok

13:33:26.0891 7328 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

13:33:26.0892 7328 kbdclass - ok

13:33:26.0920 7328 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

13:33:26.0921 7328 kbdhid - ok

13:33:26.0967 7328 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys

13:33:26.0968 7328 kbfiltr - ok

13:33:26.0981 7328 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:33:26.0983 7328 KeyIso - ok

13:33:27.0025 7328 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

13:33:27.0027 7328 KSecDD - ok

13:33:27.0077 7328 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

13:33:27.0079 7328 KSecPkg - ok

13:33:27.0090 7328 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:33:27.0090 7328 ksthunk - ok

13:33:27.0121 7328 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

13:33:27.0158 7328 KtmRm - ok

13:33:27.0179 7328 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys

13:33:27.0180 7328 L1C - ok

13:33:27.0213 7328 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

13:33:27.0220 7328 LanmanServer - ok

13:33:27.0235 7328 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

13:33:27.0239 7328 LanmanWorkstation - ok

13:33:27.0264 7328 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:33:27.0266 7328 lltdio - ok

13:33:27.0298 7328 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

13:33:27.0311 7328 lltdsvc - ok

13:33:27.0327 7328 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

13:33:27.0329 7328 lmhosts - ok

13:33:27.0392 7328 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

13:33:27.0393 7328 LMS - ok

13:33:27.0451 7328 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

13:33:27.0452 7328 LSI_FC - ok

13:33:27.0464 7328 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

13:33:27.0465 7328 LSI_SAS - ok

13:33:27.0481 7328 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

13:33:27.0482 7328 LSI_SAS2 - ok

13:33:27.0499 7328 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

13:33:27.0501 7328 LSI_SCSI - ok

13:33:27.0522 7328 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:33:27.0523 7328 luafv - ok

13:33:27.0577 7328 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

13:33:27.0578 7328 MBAMProtector - ok

13:33:27.0704 7328 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

13:33:27.0707 7328 MBAMService - ok

13:33:27.0752 7328 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys

13:33:27.0753 7328 MBfilt - ok

13:33:27.0779 7328 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

13:33:27.0782 7328 Mcx2Svc - ok

13:33:27.0785 7328 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

13:33:27.0786 7328 megasas - ok

13:33:27.0798 7328 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

13:33:27.0801 7328 MegaSR - ok

13:33:27.0869 7328 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys

13:33:27.0870 7328 MEIx64 - ok

13:33:27.0884 7328 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:33:27.0887 7328 MMCSS - ok

13:33:27.0890 7328 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:33:27.0892 7328 Modem - ok

13:33:27.0915 7328 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:33:27.0916 7328 monitor - ok

13:33:27.0937 7328 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

13:33:27.0937 7328 mouclass - ok

13:33:27.0962 7328 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:33:27.0963 7328 mouhid - ok

13:33:27.0972 7328 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

13:33:27.0974 7328 mountmgr - ok

13:33:28.0068 7328 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

13:33:28.0069 7328 MozillaMaintenance - ok

13:33:28.0077 7328 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

13:33:28.0080 7328 mpio - ok

13:33:28.0100 7328 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:33:28.0102 7328 mpsdrv - ok

13:33:28.0141 7328 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

13:33:28.0155 7328 MpsSvc - ok

13:33:28.0163 7328 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

13:33:28.0165 7328 MRxDAV - ok

13:33:28.0207 7328 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:33:28.0209 7328 mrxsmb - ok

13:33:28.0235 7328 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:33:28.0240 7328 mrxsmb10 - ok

13:33:28.0260 7328 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:33:28.0262 7328 mrxsmb20 - ok

13:33:28.0270 7328 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

13:33:28.0271 7328 msahci - ok

13:33:28.0288 7328 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

13:33:28.0290 7328 msdsm - ok

13:33:28.0310 7328 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

13:33:28.0314 7328 MSDTC - ok

13:33:28.0338 7328 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:33:28.0339 7328 Msfs - ok

13:33:28.0351 7328 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:33:28.0352 7328 mshidkmdf - ok

13:33:28.0359 7328 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

13:33:28.0360 7328 msisadrv - ok

13:33:28.0399 7328 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

13:33:28.0402 7328 MSiSCSI - ok

13:33:28.0404 7328 msiserver - ok

13:33:28.0426 7328 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:33:28.0427 7328 MSKSSRV - ok

13:33:28.0441 7328 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:33:28.0442 7328 MSPCLOCK - ok

13:33:28.0445 7328 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:33:28.0446 7328 MSPQM - ok

13:33:28.0478 7328 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

13:33:28.0482 7328 MsRPC - ok

13:33:28.0492 7328 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

13:33:28.0493 7328 mssmbios - ok

13:33:28.0505 7328 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:33:28.0506 7328 MSTEE - ok

13:33:28.0517 7328 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

13:33:28.0518 7328 MTConfig - ok

13:33:28.0532 7328 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:33:28.0533 7328 Mup - ok

13:33:28.0569 7328 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

13:33:28.0585 7328 napagent - ok

13:33:28.0623 7328 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:33:28.0628 7328 NativeWifiP - ok

13:33:28.0690 7328 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

13:33:28.0699 7328 NDIS - ok

13:33:28.0703 7328 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:33:28.0704 7328 NdisCap - ok

13:33:28.0718 7328 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:33:28.0719 7328 NdisTapi - ok

13:33:28.0733 7328 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

13:33:28.0734 7328 Ndisuio - ok

13:33:28.0754 7328 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

13:33:28.0756 7328 NdisWan - ok

13:33:28.0771 7328 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

13:33:28.0772 7328 NDProxy - ok

13:33:28.0785 7328 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:33:28.0786 7328 NetBIOS - ok

13:33:28.0808 7328 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

13:33:28.0814 7328 NetBT - ok

13:33:28.0831 7328 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:33:28.0832 7328 Netlogon - ok

13:33:28.0902 7328 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

13:33:28.0922 7328 Netman - ok

13:33:28.0953 7328 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

13:33:28.0978 7328 netprofm - ok

13:33:29.0036 7328 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:33:29.0037 7328 NetTcpPortSharing - ok

13:33:29.0047 7328 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

13:33:29.0048 7328 nfrd960 - ok

13:33:29.0071 7328 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

13:33:29.0092 7328 NlaSvc - ok

13:33:29.0106 7328 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:33:29.0107 7328 Npfs - ok

13:33:29.0125 7328 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

13:33:29.0128 7328 nsi - ok

13:33:29.0141 7328 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:33:29.0141 7328 nsiproxy - ok

13:33:29.0226 7328 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

13:33:29.0249 7328 Ntfs - ok

13:33:29.0349 7328 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:33:29.0350 7328 Null - ok

13:33:29.0390 7328 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys

13:33:29.0391 7328 NVHDA - ok

13:33:29.0843 7328 nvlddmkm (01502a328ae7cf595698a3fd954d18f0) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:33:29.0906 7328 nvlddmkm - ok

13:33:29.0971 7328 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

13:33:29.0973 7328 nvraid - ok

13:33:29.0991 7328 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

13:33:29.0994 7328 nvstor - ok

13:33:30.0086 7328 nvsvc (9196496e4edc48ba7c7162d29698bcaa) C:\Windows\system32\nvvsvc.exe

13:33:30.0096 7328 nvsvc - ok

13:33:30.0251 7328 nvUpdatusService (ab56c9bf8b0b830833c2cb6a63947d2f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

13:33:30.0262 7328 nvUpdatusService - ok

13:33:30.0315 7328 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

13:33:30.0317 7328 nv_agp - ok

13:33:30.0321 7328 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

13:33:30.0323 7328 ohci1394 - ok

13:33:30.0372 7328 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:33:30.0373 7328 ose - ok

13:33:30.0570 7328 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

13:33:30.0592 7328 osppsvc - ok

13:33:30.0651 7328 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:33:30.0656 7328 p2pimsvc - ok

13:33:30.0704 7328 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

13:33:30.0710 7328 p2psvc - ok

13:33:30.0718 7328 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

13:33:30.0719 7328 Parport - ok

13:33:30.0763 7328 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

13:33:30.0764 7328 partmgr - ok

13:33:30.0773 7328 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

13:33:30.0778 7328 PcaSvc - ok

13:33:30.0814 7328 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

13:33:30.0816 7328 pci - ok

13:33:30.0826 7328 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

13:33:30.0827 7328 pciide - ok

13:33:30.0838 7328 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

13:33:30.0840 7328 pcmcia - ok

13:33:30.0877 7328 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:33:30.0878 7328 pcw - ok

13:33:30.0913 7328 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:33:30.0934 7328 PEAUTH - ok

13:33:30.0999 7328 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

13:33:31.0001 7328 PerfHost - ok

13:33:31.0068 7328 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

13:33:31.0082 7328 pla - ok

13:33:31.0117 7328 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

13:33:31.0127 7328 PlugPlay - ok

13:33:31.0145 7328 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

13:33:31.0148 7328 PNRPAutoReg - ok

13:33:31.0176 7328 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:33:31.0179 7328 PNRPsvc - ok

13:33:31.0231 7328 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

13:33:31.0264 7328 PolicyAgent - ok

13:33:31.0359 7328 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

13:33:31.0363 7328 Power - ok

13:33:31.0398 7328 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

13:33:31.0400 7328 PptpMiniport - ok

13:33:31.0415 7328 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

13:33:31.0417 7328 Processor - ok

13:33:31.0472 7328 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

13:33:31.0480 7328 ProfSvc - ok

13:33:31.0497 7328 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:33:31.0499 7328 ProtectedStorage - ok

13:33:31.0518 7328 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

13:33:31.0520 7328 Psched - ok

13:33:31.0535 7328 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

13:33:31.0536 7328 PxHlpa64 - ok

13:33:31.0591 7328 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

13:33:31.0615 7328 ql2300 - ok

13:33:31.0702 7328 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

13:33:31.0704 7328 ql40xx - ok

13:33:31.0739 7328 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

13:33:31.0746 7328 QWAVE - ok

13:33:31.0755 7328 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:33:31.0756 7328 QWAVEdrv - ok

13:33:31.0759 7328 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:33:31.0760 7328 RasAcd - ok

13:33:31.0777 7328 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:33:31.0778 7328 RasAgileVpn - ok

13:33:31.0818 7328 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

13:33:31.0821 7328 RasAuto - ok

13:33:31.0838 7328 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:33:31.0840 7328 Rasl2tp - ok

13:33:31.0861 7328 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

13:33:31.0889 7328 RasMan - ok

13:33:31.0905 7328 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:33:31.0907 7328 RasPppoe - ok

13:33:31.0919 7328 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:33:31.0921 7328 RasSstp - ok

13:33:31.0961 7328 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

13:33:31.0966 7328 rdbss - ok

13:33:31.0969 7328 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

13:33:31.0972 7328 rdpbus - ok

13:33:31.0998 7328 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:33:31.0998 7328 RDPCDD - ok

13:33:32.0052 7328 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:33:32.0053 7328 RDPENCDD - ok

13:33:32.0062 7328 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:33:32.0062 7328 RDPREFMP - ok

13:33:32.0115 7328 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

13:33:32.0123 7328 RDPWD - ok

13:33:32.0153 7328 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

13:33:32.0156 7328 rdyboost - ok

13:33:32.0173 7328 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

13:33:32.0175 7328 RemoteAccess - ok

13:33:32.0191 7328 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

13:33:32.0195 7328 RemoteRegistry - ok

13:33:32.0220 7328 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

13:33:32.0222 7328 RFCOMM - ok

13:33:32.0247 7328 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

13:33:32.0250 7328 RpcEptMapper - ok

13:33:32.0274 7328 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

13:33:32.0276 7328 RpcLocator - ok

13:33:32.0311 7328 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:33:32.0315 7328 RpcSs - ok

13:33:32.0348 7328 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:33:32.0350 7328 rspndr - ok

13:33:32.0393 7328 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys

13:33:32.0395 7328 RSUSBVSTOR - ok

13:33:32.0463 7328 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys

13:33:32.0465 7328 RTL8167 - ok

13:33:32.0508 7328 SaiU0CCB (ff2d7435c79b273752f0912feab839c0) C:\Windows\system32\DRIVERS\SaiU0CCB.sys

13:33:32.0509 7328 SaiU0CCB - ok

13:33:32.0522 7328 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:33:32.0524 7328 SamSs - ok

13:33:32.0539 7328 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

13:33:32.0541 7328 sbp2port - ok

13:33:32.0563 7328 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

13:33:32.0571 7328 SCardSvr - ok

13:33:32.0585 7328 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

13:33:32.0587 7328 scfilter - ok

13:33:32.0639 7328 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

13:33:32.0684 7328 Schedule - ok

13:33:32.0722 7328 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:33:32.0723 7328 SCPolicySvc - ok

13:33:32.0742 7328 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

13:33:32.0751 7328 SDRSVC - ok

13:33:32.0834 7328 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

13:33:32.0835 7328 SeaPort - ok

13:33:32.0863 7328 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:33:32.0864 7328 secdrv - ok

13:33:32.0871 7328 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

13:33:32.0874 7328 seclogon - ok

13:33:32.0887 7328 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

13:33:32.0890 7328 SENS - ok

13:33:32.0911 7328 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

13:33:32.0914 7328 SensrSvc - ok

13:33:32.0927 7328 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

13:33:32.0928 7328 Serenum - ok

13:33:32.0943 7328 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

13:33:32.0945 7328 Serial - ok

13:33:32.0948 7328 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

13:33:32.0949 7328 sermouse - ok

13:33:32.0974 7328 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

13:33:32.0978 7328 SessionEnv - ok

13:33:32.0981 7328 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

13:33:32.0982 7328 sffdisk - ok

13:33:32.0986 7328 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

13:33:32.0987 7328 sffp_mmc - ok

13:33:32.0990 7328 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

13:33:32.0991 7328 sffp_sd - ok

13:33:33.0013 7328 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

13:33:33.0014 7328 sfloppy - ok

13:33:33.0064 7328 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

13:33:33.0068 7328 Sftfs - ok

13:33:33.0135 7328 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

13:33:33.0138 7328 sftlist - ok

13:33:33.0186 7328 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

13:33:33.0188 7328 Sftplay - ok

13:33:33.0226 7328 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

13:33:33.0226 7328 Sftredir - ok

13:33:33.0230 7328 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

13:33:33.0231 7328 Sftvol - ok

13:33:33.0258 7328 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

13:33:33.0260 7328 sftvsa - ok

13:33:33.0297 7328 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

13:33:33.0334 7328 SharedAccess - ok

13:33:33.0366 7328 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

13:33:33.0402 7328 ShellHWDetection - ok

13:33:33.0425 7328 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys

13:33:33.0426 7328 SiSGbeLH - ok

13:33:33.0445 7328 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

13:33:33.0446 7328 SiSRaid2 - ok

13:33:33.0457 7328 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

13:33:33.0458 7328 SiSRaid4 - ok

13:33:33.0465 7328 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:33:33.0466 7328 Smb - ok

13:33:33.0510 7328 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

13:33:33.0513 7328 SNMPTRAP - ok

13:33:33.0520 7328 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:33:33.0521 7328 spldr - ok

13:33:33.0556 7328 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

13:33:33.0570 7328 Spooler - ok

13:33:33.0721 7328 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

13:33:33.0774 7328 sppsvc - ok

13:33:33.0858 7328 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

13:33:33.0861 7328 sppuinotify - ok

13:33:33.0938 7328 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

13:33:33.0947 7328 srv - ok

13:33:34.0071 7328 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

13:33:34.0099 7328 srv2 - ok

13:33:34.0138 7328 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

13:33:34.0141 7328 srvnet - ok

13:33:34.0161 7328 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

13:33:34.0171 7328 SSDPSRV - ok

13:33:34.0180 7328 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

13:33:34.0183 7328 SstpSvc - ok

13:33:34.0229 7328 Steam Client Service - ok

13:33:34.0367 7328 Stereo Service (3d3816d395e92f7a3663c76a93157564) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

13:33:34.0369 7328 Stereo Service - ok

13:33:34.0396 7328 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

13:33:34.0397 7328 stexstor - ok

13:33:34.0444 7328 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

13:33:34.0474 7328 stisvc - ok

13:33:34.0506 7328 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

13:33:34.0506 7328 swenum - ok

13:33:34.0536 7328 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

13:33:34.0585 7328 swprv - ok

13:33:34.0680 7328 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

13:33:34.0708 7328 SysMain - ok

13:33:34.0818 7328 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

13:33:34.0822 7328 TabletInputService - ok

13:33:34.0845 7328 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

13:33:34.0875 7328 TapiSrv - ok

13:33:34.0882 7328 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

13:33:34.0885 7328 TBS - ok

13:33:35.0043 7328 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

13:33:35.0083 7328 Tcpip - ok

13:33:35.0219 7328 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

13:33:35.0227 7328 TCPIP6 - ok

13:33:35.0291 7328 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

13:33:35.0292 7328 tcpipreg - ok

13:33:35.0301 7328 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:33:35.0302 7328 TDPIPE - ok

13:33:35.0327 7328 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

13:33:35.0328 7328 TDTCP - ok

13:33:35.0351 7328 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

13:33:35.0353 7328 tdx - ok

13:33:35.0362 7328 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

13:33:35.0363 7328 TermDD - ok

13:33:35.0401 7328 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

13:33:35.0444 7328 TermService - ok

13:33:35.0449 7328 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

13:33:35.0452 7328 Themes - ok

13:33:35.0492 7328 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:33:35.0493 7328 THREADORDER - ok

13:33:35.0557 7328 TiMiniService (69d76ce06bb629b69165c81d83a4b03e) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe

13:33:35.0559 7328 TiMiniService - ok

13:33:35.0615 7328 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys

13:33:35.0616 7328 tmactmon - ok

13:33:35.0632 7328 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys

13:33:35.0633 7328 tmcomm - ok

13:33:35.0648 7328 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys

13:33:35.0649 7328 tmevtmgr - ok

13:33:35.0662 7328 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys

13:33:35.0663 7328 tmtdi - ok

13:33:35.0681 7328 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

13:33:35.0685 7328 TrkWks - ok

13:33:35.0725 7328 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

13:33:35.0727 7328 TrustedInstaller - ok

13:33:35.0742 7328 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:33:35.0743 7328 tssecsrv - ok

13:33:35.0755 7328 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

13:33:35.0757 7328 TsUsbFlt - ok

13:33:35.0769 7328 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

13:33:35.0770 7328 TsUsbGD - ok

13:33:35.0792 7328 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

13:33:35.0794 7328 tunnel - ok

13:33:35.0810 7328 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

13:33:35.0812 7328 uagp35 - ok

13:33:35.0836 7328 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

13:33:35.0873 7328 udfs - ok

13:33:35.0931 7328 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

13:33:35.0934 7328 UI0Detect - ok

13:33:35.0949 7328 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

13:33:35.0950 7328 uliagpkx - ok

13:33:35.0966 7328 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

13:33:35.0968 7328 umbus - ok

13:33:35.0978 7328 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

13:33:35.0979 7328 UmPass - ok

13:33:36.0221 7328 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

13:33:36.0233 7328 UNS - ok

13:33:36.0316 7328 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

13:33:36.0321 7328 upnphost - ok

13:33:36.0370 7328 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

13:33:36.0372 7328 usbaudio - ok

13:33:36.0390 7328 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

13:33:36.0392 7328 usbccgp - ok

13:33:36.0416 7328 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

13:33:36.0418 7328 usbcir - ok

13:33:36.0427 7328 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

13:33:36.0429 7328 usbehci - ok

13:33:36.0463 7328 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

13:33:36.0475 7328 usbhub - ok

13:33:36.0497 7328 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

13:33:36.0498 7328 usbohci - ok

13:33:36.0525 7328 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:33:36.0527 7328 usbprint - ok

13:33:36.0543 7328 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

13:33:36.0544 7328 usbscan - ok

13:33:36.0563 7328 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:33:36.0565 7328 USBSTOR - ok

13:33:36.0581 7328 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

13:33:36.0583 7328 usbuhci - ok

13:33:36.0611 7328 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

13:33:36.0614 7328 usbvideo - ok

13:33:36.0624 7328 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

13:33:36.0627 7328 UxSms - ok

13:33:36.0646 7328 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:33:36.0648 7328 VaultSvc - ok

13:33:36.0666 7328 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

13:33:36.0666 7328 vdrvroot - ok

13:33:36.0695 7328 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

13:33:36.0718 7328 vds - ok

13:33:36.0738 7328 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:33:36.0740 7328 vga - ok

13:33:36.0751 7328 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:33:36.0753 7328 VgaSave - ok

13:33:36.0780 7328 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

13:33:36.0788 7328 vhdmp - ok

13:33:36.0809 7328 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

13:33:36.0810 7328 viaide - ok

13:33:36.0851 7328 VideAceWindowsService (c37ce43fb54066ffb540729c6e6e194e) C:\ExpressGateUtil\VAWinService.exe

13:33:36.0852 7328 VideAceWindowsService - ok

13:33:36.0866 7328 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

13:33:36.0867 7328 volmgr - ok

13:33:36.0890 7328 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

13:33:36.0893 7328 volmgrx - ok

13:33:36.0934 7328 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

13:33:36.0937 7328 volsnap - ok

13:33:36.0989 7328 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

13:33:36.0991 7328 vsmraid - ok

13:33:37.0077 7328 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

13:33:37.0101 7328 VSS - ok

13:33:37.0215 7328 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

13:33:37.0216 7328 vwifibus - ok

13:33:37.0227 7328 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

13:33:37.0228 7328 vwififlt - ok

13:33:37.0245 7328 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

13:33:37.0282 7328 W32Time - ok

13:33:37.0315 7328 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

13:33:37.0317 7328 WacomPen - ok

13:33:37.0344 7328 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:33:37.0346 7328 WANARP - ok

13:33:37.0348 7328 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:33:37.0350 7328 Wanarpv6 - ok

13:33:37.0443 7328 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

13:33:37.0477 7328 WatAdminSvc - ok

13:33:37.0545 7328 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

13:33:37.0571 7328 wbengine - ok

13:33:37.0632 7328 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

13:33:37.0637 7328 WbioSrvc - ok

13:33:37.0655 7328 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

13:33:37.0661 7328 wcncsvc - ok

13:33:37.0686 7328 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

13:33:37.0689 7328 WcsPlugInService - ok

13:33:37.0701 7328 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

13:33:37.0703 7328 Wd - ok

13:33:37.0745 7328 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:33:37.0751 7328 Wdf01000 - ok

13:33:37.0761 7328 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:33:37.0765 7328 WdiServiceHost - ok

13:33:37.0767 7328 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:33:37.0770 7328 WdiSystemHost - ok

13:33:37.0789 7328 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

13:33:37.0795 7328 WebClient - ok

13:33:37.0820 7328 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

13:33:37.0827 7328 Wecsvc - ok

13:33:37.0844 7328 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

13:33:37.0847 7328 wercplsupport - ok

13:33:37.0874 7328 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

13:33:37.0877 7328 WerSvc - ok

13:33:37.0897 7328 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:33:37.0898 7328 WfpLwf - ok

13:33:37.0945 7328 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

13:33:37.0947 7328 WimFltr - ok

13:33:37.0963 7328 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:33:37.0964 7328 WIMMount - ok

13:33:38.0010 7328 WinDefend - ok

13:33:38.0014 7328 WinHttpAutoProxySvc - ok

13:33:38.0070 7328 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

13:33:38.0077 7328 Winmgmt - ok

13:33:38.0184 7328 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

13:33:38.0217 7328 WinRM - ok

13:33:38.0338 7328 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

13:33:38.0339 7328 WinUsb - ok

13:33:38.0396 7328 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

13:33:38.0441 7328 Wlansvc - ok

13:33:38.0503 7328 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

13:33:38.0504 7328 wlcrasvc - ok

13:33:38.0628 7328 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:33:38.0639 7328 wlidsvc - ok

13:33:38.0692 7328 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

13:33:38.0693 7328 WmiAcpi - ok

13:33:38.0746 7328 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

13:33:38.0749 7328 wmiApSrv - ok

13:33:38.0788 7328 WMPNetworkSvc - ok

13:33:38.0806 7328 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

13:33:38.0809 7328 WPCSvc - ok

13:33:38.0822 7328 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

13:33:38.0826 7328 WPDBusEnum - ok

13:33:38.0838 7328 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:33:38.0840 7328 ws2ifsl - ok

13:33:38.0855 7328 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

13:33:38.0859 7328 wscsvc - ok

13:33:38.0862 7328 WSearch - ok

13:33:39.0004 7328 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

13:33:39.0040 7328 wuauserv - ok

13:33:39.0088 7328 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

13:33:39.0090 7328 WudfPf - ok

13:33:39.0106 7328 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:33:39.0109 7328 WUDFRd - ok

13:33:39.0125 7328 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

13:33:39.0129 7328 wudfsvc - ok

13:33:39.0154 7328 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

13:33:39.0185 7328 WwanSvc - ok

13:33:39.0234 7328 X6va006 - ok

13:33:39.0257 7328 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

13:33:39.0258 7328 xusb21 - ok

13:33:39.0293 7328 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:33:39.0357 7328 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

13:33:39.0357 7328 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

13:33:39.0360 7328 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk1\DR1

13:33:39.0363 7328 \Device\Harddisk1\DR1 - ok

13:33:39.0366 7328 Boot (0x1200) (134af79d956c7368b5c0828774a56b1c) \Device\Harddisk0\DR0\Partition0

13:33:39.0366 7328 \Device\Harddisk0\DR0\Partition0 - ok

13:33:39.0415 7328 Boot (0x1200) (0cf19adf27009efa43498f04701d411a) \Device\Harddisk0\DR0\Partition1

13:33:39.0432 7328 \Device\Harddisk0\DR0\Partition1 - ok

13:33:39.0434 7328 Boot (0x1200) (0f575f966c9c24d4f8a7013cba2172bd) \Device\Harddisk1\DR1\Partition0

13:33:39.0436 7328 \Device\Harddisk1\DR1\Partition0 - ok

13:33:39.0437 7328 Boot (0x1200) (1c05bdfb0ce1ca53b0a82a8a70ed29f0) \Device\Harddisk1\DR1\Partition1

13:33:39.0438 7328 \Device\Harddisk1\DR1\Partition1 - ok

13:33:39.0439 7328 ============================================================

13:33:39.0439 7328 Scan finished

13:33:39.0439 7328 ============================================================

13:33:39.0445 7176 Detected object count: 1

13:33:39.0446 7176 Actual detected object count: 1

13:33:45.0469 7176 \Device\Harddisk0\DR0\# - copied to quarantine

13:33:45.0470 7176 \Device\Harddisk0\DR0 - copied to quarantine

13:33:45.0498 7176 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

13:33:45.0504 7176 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

13:33:45.0510 7176 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

13:33:49.0345 7176 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

13:33:49.0429 7176 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

13:33:49.0440 7176 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

13:33:49.0453 7176 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

13:33:49.0454 7176 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

13:33:49.0456 7176 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

13:33:49.0458 7176 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

13:33:49.0481 7176 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

13:33:49.0534 7176 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

13:33:49.0536 7176 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

13:33:49.0537 7176 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

13:33:49.0572 7176 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

13:33:49.0573 7176 \Device\Harddisk0\DR0 - ok

13:33:49.0578 7176 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

13:33:59.0414 7184 Deinitialize success

[MrCharlie]

I need you to run ComboFix:

http://forums.malwarebytes.org/index.php?showtopic=113277&view=findpost&p=577891

MrC

[Zeronx]

Sorry wrong log:

ComboFix 12-07-27.03 - John 07/28/2012 13:48:47.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12265.9351 [GMT -4:00]

Running from: c:\users\John\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\users\John\AppData\Roaming\Love

c:\users\John\AppData\Roaming\Love\mari0\options.txt

c:\windows\AsPatch10430001.exe

D:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))

.

.

2012-07-28 17:33 . 2012-07-28 17:33 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-28 16:00 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-28 16:00 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-28 16:00 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-07-28 16:00 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-28 16:00 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-28 16:00 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-28 16:00 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-07-28 15:59 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr

2012-07-28 15:59 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-07-28 15:59 . 2012-07-28 15:59 -------- d-----w- c:\programdata\AVAST Software

2012-07-28 15:59 . 2012-07-28 15:59 -------- d-----w- c:\program files\AVAST Software

2012-07-28 15:40 . 2012-03-05 08:22 8038208 ----a-w- c:\windows\system32\nvcuda.dll

2012-07-28 15:40 . 2012-03-05 08:22 5920064 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-07-28 15:40 . 2012-03-05 08:22 2873664 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-07-28 15:40 . 2012-03-05 08:22 2673984 ----a-w- c:\windows\system32\nvcuvid.dll

2012-07-28 15:40 . 2012-03-05 08:22 25555776 ----a-w- c:\windows\system32\nvoglv64.dll

2012-07-28 15:40 . 2012-03-05 08:22 25222464 ----a-w- c:\windows\system32\nvcompiler.dll

2012-07-28 15:40 . 2012-03-05 08:22 2518336 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-07-28 15:40 . 2012-03-05 08:22 2438464 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-07-28 15:40 . 2012-03-05 08:22 19456320 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-07-28 15:40 . 2012-03-05 08:22 17663296 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-07-28 15:40 . 2012-03-05 08:22 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-07-28 15:40 . 2012-03-05 08:22 14332224 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-07-28 15:30 . 2012-07-28 15:30 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes

2012-07-28 15:30 . 2012-07-28 15:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-28 15:30 . 2012-07-28 15:30 -------- d-----w- c:\programdata\Malwarebytes

2012-07-28 15:30 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-21 14:57 . 2012-03-05 08:22 7726912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-07-21 14:57 . 2012-03-05 08:22 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-07-21 14:57 . 2012-03-05 08:22 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-07-21 14:57 . 2012-03-05 08:22 2316608 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-07-11 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 01:52 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-30 15:12 . 2012-06-30 15:12 -------- d-----w- c:\users\John\AppData\Roaming\NVIDIA

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-28 17:35 . 2012-04-05 15:34 380 ----a-w- c:\users\John\AppData\Roaming\sp_data.sys

2012-07-27 09:43 . 2012-04-05 02:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-27 09:43 . 2012-01-31 03:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 07:01 . 2012-05-30 03:17 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-02 22:19 . 2012-06-22 00:13 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 00:13 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 00:13 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 00:13 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 00:13 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 00:13 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 00:13 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-22 00:13 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-22 00:13 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-24 04:08 . 2012-01-28 15:58 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe

2012-05-04 11:06 . 2012-06-14 03:12 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-14 03:12 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-14 03:12 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-01 22:40 . 2012-05-01 22:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-05-01 05:40 . 2012-06-14 03:12 209920 ----a-w- c:\windows\system32\profsvc.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-03 20:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-01-11 28201096]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-29 1242448]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]

"Akamai NetSession Interface"="c:\users\John\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]

"Spotify Web Helper"="c:\users\John\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-27 932528]

"Spotify"="c:\users\John\AppData\Roaming\Spotify\spotify.exe" [2012-06-27 9478320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-08-25 3058304]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-04-08 45448]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-06 102568]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]

"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2012-01-15 48128]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]

"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2011-05-23 84464]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-2 549040]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-08-25 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-25 79360]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]

R3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2010-04-22 41096]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-29 1255736]

R3 X6va006;X6va006;c:\users\John\AppData\Local\Temp\0068E56.tmp [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-09 283200]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2010-07-27 113840]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-05 2458944]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-03-04 382272]

S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-03-26 91464]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-01-30 17152]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2012-01-10 219648]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2012-01-10 65024]

S3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys [2011-06-19 53760]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 09:43]

.

2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]

.

2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1zqec442.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - www.rpgfan.com

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe

HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

AddRemove-Merge Downloader - c:\program files (x86)\Merge Downloader\uninstall.exe/u

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]

"ImagePath"="\??\c:\users\John\AppData\Local\Temp\0068E56.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\02\00\05\10:'?"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-28 13:58:17

ComboFix-quarantined-files.txt 2012-07-28 17:58

.

Pre-Run: 71,219,499,008 bytes free

Post-Run: 71,959,830,528 bytes free

.

- - End Of File - - C90844FC87562DB6E0993CF172B5E903

[MrCharlie]

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[Zeronx]

Computer seems to be running fine; Here is the report:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.28.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

John :: JOHN-PC [administrator]

Protection: Enabled

7/28/2012 2:11:39 PM

mbam-log-2012-07-28 (14-11-39).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 214625

Time elapsed: 1 minute(s), 8 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!