TechSpot

Security Essentials detected items on your PC that it doesn't recognize

Solved
By paymahn17
Nov 2, 2012
  1. Sorry, I'm new to this. One start up of Win 7 I get this notice (see capture). It looks like a service that I'm not supposed to get rid of. How do I fix this?
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,973   +271

    Welcome aboard [​IMG]

    This is surely very suspicious location for svchost.exe file.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. paymahn17

    paymahn17 TS Rookie Topic Starter

    Thank you for the instructions. Here's the log from step 2

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.04.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Edward :: NASTYMAGNUS [administrator]

    03/11/2012 6:25:44 PM
    mbam-log-2012-11-03 (18-25-44).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 220628
    Time elapsed: 36 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Defender (Trojan.MSIL) -> Data: C:\Users\Edward\AppData\Roaming\WinDefender\windefender.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Users\Edward\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.
    C:\Users\Edward\AppData\Roaming\WinDefender (Rogue.WinDefender) -> Quarantined and deleted successfully.

    Files Detected: 7
    C:\Users\Edward\AppData\Roaming\WinDefender\windefender.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
    C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windefender.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
    C:\Users\Edward\AppData\Roaming\dclogs\2012-10-22-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
    C:\Users\Edward\AppData\Roaming\dclogs\2012-10-24-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
    C:\Users\Edward\AppData\Roaming\dclogs\2012-10-30-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
    C:\Users\Edward\AppData\Roaming\dclogs\2012-11-03-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
    C:\Users\Edward\AppData\Local\Temp\svchost.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

    (end)
     
  4. paymahn17

    paymahn17 TS Rookie Topic Starter

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.04.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Edward :: NASTYMAGNUS [administrator]

    03/11/2012 6:25:44 PM
    mbam-log-2012-11-03 (18-25-44).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 220628
    Time elapsed: 36 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Defender (Trojan.MSIL) -> Data: C:\Users\Edward\AppData\Roaming\WinDefender\windefender.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Users\Edward\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.
    C:\Users\Edward\AppData\Roaming\WinDefender (Rogue.WinDefender) -> Quarantined and deleted successfully.

    Files Detected: 7
    C:\Users\Edward\AppData\Roaming\WinDefender\windefender.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
    C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windefender.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
    C:\Users\Edward\AppData\Roaming\dclogs\2012-10-22-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
    C:\Users\Edward\AppData\Roaming\dclogs\2012-10-24-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
    C:\Users\Edward\AppData\Roaming\dclogs\2012-10-30-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
    C:\Users\Edward\AppData\Roaming\dclogs\2012-11-03-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
    C:\Users\Edward\AppData\Local\Temp\svchost.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

    (end)

    GMER.log is empty?

    DDS (Ver_2012-10-19.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2
    Run by Edward at 18:51:44 on 2012-11-03
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.8173.6482 [GMT -6:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    C:\Windows\system32\taskeng.exe
    E:\Program Files\MSI Afterburner\MSIAfterburner.exe
    C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft LifeChat\LifeChat.exe
    C:\Users\Edward\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\V0420Mon.exe
    E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    E:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Users\Edward\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Edward\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Edward\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Edward\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Edward\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Edward\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Edward\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Edward\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Edward\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Edward\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Edward\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Edward\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://home.mytelus.com
    mWinlogon: Userinit = userinit.exe,
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\Edward\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [V0420Mon.exe] C:\Windows\V0420Mon.exe
    mRun: [CLMLServer] "E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
    mRun: [P2Go_Menu] "E:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "E:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
    mRun: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Edward\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Edward\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    TCP: NameServer = 192.168.1.254 75.153.176.1
    TCP: Interfaces\{2DBE888D-F696-4460-9899-53121035148B} : DHCPNameServer = 192.168.42.129
    TCP: Interfaces\{635E6794-6207-43A0-A0BE-1283B169AC8A} : DHCPNameServer = 192.168.1.254 75.153.176.1
    TCP: Interfaces\{78D336D9-DDAA-4A75-9F35-52FE2D7010BE} : DHCPNameServer = 192.168.1.254 75.153.176.1
    TCP: Interfaces\{78D336D9-DDAA-4A75-9F35-52FE2D7010BE}\4554C4553503031323 : DHCPNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-BHO: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - <orphaned>
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - <orphaned>
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>
    x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
    x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-6-13 922240]
    R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-5-26 586880]
    R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-7-12 517632]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2012-5-10 32544]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2010-10-19 56344]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-5-24 188736]
    R3 RTCore64;RTCore64;E:\Program Files\MSI Afterburner\RTCore64.sys [2012-5-14 10568]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 V0420VID;Live! Cam Vista IM (VF0420);C:\Windows\System32\drivers\V0420Vid.sys [2012-5-10 107072]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-10 1262400]
    S2 SkypeUpdate;Skype Updater;E:\Program Files\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-11 250808]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-5-26 99384]
    S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-5-24 135584]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-5-10 20992]
    S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\System32\drivers\RTL85n64.sys [2010-3-23 2061856]
    S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2012-5-10 48416]
    S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2012-5-10 29472]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-5-26 203320]
    S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudserd.sys [2012-5-26 203320]
    S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2012-5-10 48416]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-5-11 59392]
    S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2012-5-10 29472]
    .
    =============== Created Last 30 ================
    .
    2012-11-04 00:50:539291768----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5B93C55-2246-4E0E-89CA-6029B262B36E}\mpengine.dll
    2012-11-04 00:25:22--------d-----w-C:\Users\Edward\AppData\Roaming\Malwarebytes
    2012-11-04 00:24:4825928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-11-04 00:24:48--------d-----w-C:\ProgramData\Malwarebytes
    2012-11-03 08:22:24--------d-----w-C:\ProgramData\Ask
    2012-11-02 01:14:449291768----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-11-01 00:20:51--------d-----w-C:\Program Files (x86)\Common Files\Steam
    2012-10-24 02:23:42--------d-----w-C:\Users\Edward\AppData\Local\LogMeIn Rescue Applet
    2012-10-20 01:19:30972192------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{49B0A113-CD9A-4636-8AA6-CB8161783D98}\gapaengine.dll
    2012-10-10 00:32:595559664----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-10-10 00:32:593968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-10-10 00:32:593914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-10-10 00:32:52220160----a-w-C:\Windows\System32\wintrust.dll
    2012-10-10 00:32:52172544----a-w-C:\Windows\SysWow64\wintrust.dll
    2012-10-10 00:32:51715776----a-w-C:\Windows\System32\kerberos.dll
    2012-10-10 00:32:51542208----a-w-C:\Windows\SysWow64\kerberos.dll
    .
    ==================== Find3M ====================
    .
    2012-10-10 00:31:1973656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-10 00:31:19696760----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-25 05:16:3395208----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
    2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
    2012-08-31 13:14:14821736----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2012-08-31 13:14:14746984----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-08-31 04:03:48228768----a-w-C:\Windows\System32\drivers\MpFilter.sys
    2012-08-31 04:03:48128456----a-w-C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-08-24 10:31:322312704----a-w-C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:181392128----a-w-C:\Windows\System32\wininet.dll
    2012-08-24 10:20:111494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29599040----a-w-C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:422382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:171800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:271129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:021427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:582382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:501913200----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40950128----a-w-C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40376688----a-w-C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01:00245760----a-w-C:\Windows\System32\OxpsConverter.exe
    2012-08-20 18:48:44362496----a-w-C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44243200----a-w-C:\Windows\System32\wow64.dll
    2012-08-20 18:48:4413312----a-w-C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43215040----a-w-C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:3716384----a-w-C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35424448----a-w-C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22338432----a-w-C:\Windows\System32\conhost.exe
    2012-08-20 17:40:2114336----a-w-C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:4444032----a-w-C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:2625600----a-w-C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:195120----a-w-C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18274944----a-w-C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:217680----a-w-C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:202048----a-w-C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:286144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:284608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:283584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:283072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 18:51:50.50 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/05/2012 2:50:07 PM
    System Uptime: 03/11/2012 6:48:43 PM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P8Z68-V LX
    Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 59.728 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 932 GiB total, 569.304 GiB free.
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek 8185 Extensible 802.11b/g Wireless Device
    Device ID: PCI\VEN_10EC&DEV_8185&SUBSYS_822510EC&REV_20\5&9C286&0&0800E7
    Manufacturer: Realtek Semiconductor Corp
    Name: Realtek 8185 Extensible 802.11b/g Wireless Device
    PNP Device ID: PCI\VEN_10EC&DEV_8185&SUBSYS_822510EC&REV_20\5&9C286&0&0800E7
    Service: RTL85n64
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    3DMark 11
    3DMark Vantage
    64 Bit HP CIO Components Installer
    Adobe Flash Player 11 ActiveX
    Asmedia ASM104x USB 3.0 Host Controller Driver
    BitTorrent
    CCleaner
    Creative Live! Cam Vista IM Driver (1.00.03.0000)
    Creative Software AutoUpdate
    CyberLink LabelPrint
    CyberLink Power2Go
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Diablo III
    Dropbox
    Foxit Reader
    Futuremark SystemInfo
    Google Chrome
    Google Talk Plugin
    Hewlett-Packard ACLM.NET v1.1.0.0
    Java 7 Update 9
    Java Auto Updater
    JavaFX 2.1.0
    Left 4 Dead 2
    LightScribe System Software 1.14.17.1
    Malwarebytes Anti-Malware version 1.65.1.1000
    MediaMonkey 4.0
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft LifeChat
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mp3tag v2.52
    MSI Afterburner 2.2.1
    MSI Kombustor 2.3.0
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyFreeCodec
    NVIDIA Control Panel 301.42
    NVIDIA Graphics Driver 301.42
    NVIDIA HD Audio Driver 1.3.16.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Update 1.8.15
    NVIDIA Update Components
    Picasa 3
    QuickTime
    Realtek Ethernet Diagnostic Utility
    Realtek High Definition Audio Driver
    RPS CADR
    RPS CRT
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
    Skype™ 5.10
    StarCraft II
    Steam
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VLC media player 2.0.2
    WinRAR 4.20 beta 1 (64-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31/10/2012 6:22:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    31/10/2012 6:22:56 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    03/11/2012 6:50:59 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    03/11/2012 6:50:59 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    03/11/2012 6:49:29 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
    03/11/2012 6:49:29 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    03/11/2012 6:49:29 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.72, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 47,973   +271

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  6. paymahn17

    paymahn17 TS Rookie Topic Starter

    19:17:32.0686 3420 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    19:17:33.0107 3420 ============================================================
    19:17:33.0107 3420 Current date / time: 2012/11/05 19:17:33.0107
    19:17:33.0107 3420 SystemInfo:
    19:17:33.0107 3420
    19:17:33.0107 3420 OS Version: 6.1.7601 ServicePack: 1.0
    19:17:33.0107 3420 Product type: Workstation
    19:17:33.0107 3420 ComputerName: NASTYMAGNUS
    19:17:33.0107 3420 UserName: Edward
    19:17:33.0107 3420 Windows directory: C:\Windows
    19:17:33.0107 3420 System windows directory: C:\Windows
    19:17:33.0107 3420 Running under WOW64
    19:17:33.0107 3420 Processor architecture: Intel x64
    19:17:33.0107 3420 Number of processors: 4
    19:17:33.0107 3420 Page size: 0x1000
    19:17:33.0107 3420 Boot type: Normal boot
    19:17:33.0107 3420 ============================================================
    19:17:33.0353 3420 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:17:33.0361 3420 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:17:33.0431 3420 ============================================================
    19:17:33.0431 3420 \Device\Harddisk0\DR0:
    19:17:33.0432 3420 MBR partitions:
    19:17:33.0432 3420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    19:17:33.0432 3420 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
    19:17:33.0432 3420 \Device\Harddisk1\DR1:
    19:17:33.0432 3420 MBR partitions:
    19:17:33.0432 3420 ============================================================
    19:17:33.0433 3420 C: <-> \Device\Harddisk0\DR0\Partition2
    19:17:33.0433 3420 ============================================================
    19:17:33.0433 3420 Initialize success
    19:17:33.0433 3420 ============================================================
    19:17:34.0967 3348 ============================================================
    19:17:34.0967 3348 Scan started
    19:17:34.0967 3348 Mode: Manual;
    19:17:34.0967 3348 ============================================================
    19:17:34.0998 3348 ================ Scan system memory ========================
    19:17:34.0998 3348 System memory - ok
    19:17:34.0999 3348 ================ Scan services =============================
    19:17:35.0028 3348 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    19:17:35.0030 3348 1394ohci - ok
    19:17:35.0035 3348 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    19:17:35.0037 3348 ACPI - ok
    19:17:35.0039 3348 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    19:17:35.0040 3348 AcpiPmi - ok
    19:17:35.0065 3348 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    19:17:35.0067 3348 AdobeFlashPlayerUpdateSvc - ok
    19:17:35.0073 3348 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    19:17:35.0076 3348 adp94xx - ok
    19:17:35.0081 3348 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    19:17:35.0084 3348 adpahci - ok
    19:17:35.0087 3348 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    19:17:35.0089 3348 adpu320 - ok
    19:17:35.0091 3348 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    19:17:35.0092 3348 AeLookupSvc - ok
    19:17:35.0098 3348 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    19:17:35.0101 3348 AFD - ok
    19:17:35.0103 3348 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    19:17:35.0104 3348 agp440 - ok
    19:17:35.0106 3348 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    19:17:35.0107 3348 ALG - ok
    19:17:35.0109 3348 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    19:17:35.0110 3348 aliide - ok
    19:17:35.0111 3348 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    19:17:35.0112 3348 amdide - ok
    19:17:35.0114 3348 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    19:17:35.0115 3348 AmdK8 - ok
    19:17:35.0116 3348 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    19:17:35.0117 3348 AmdPPM - ok
    19:17:35.0120 3348 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    19:17:35.0121 3348 amdsata - ok
    19:17:35.0124 3348 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    19:17:35.0126 3348 amdsbs - ok
    19:17:35.0128 3348 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    19:17:35.0128 3348 amdxata - ok
    19:17:35.0130 3348 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    19:17:35.0131 3348 AppID - ok
    19:17:35.0133 3348 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    19:17:35.0133 3348 AppIDSvc - ok
    19:17:35.0136 3348 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    19:17:35.0137 3348 Appinfo - ok
    19:17:35.0140 3348 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    19:17:35.0142 3348 AppMgmt - ok
    19:17:35.0144 3348 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    19:17:35.0145 3348 arc - ok
    19:17:35.0147 3348 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    19:17:35.0148 3348 arcsas - ok
    19:17:35.0158 3348 [ 6E3F4538B33BC19259E99BE1826286A3 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    19:17:35.0164 3348 asComSvc - ok
    19:17:35.0173 3348 [ A63173897EA1A73A75D0E65036DE5B15 ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    19:17:35.0179 3348 asHmComSvc - ok
    19:17:35.0182 3348 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
    19:17:35.0182 3348 AsIO - ok
    19:17:35.0184 3348 [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
    19:17:35.0185 3348 asmthub3 - ok
    19:17:35.0190 3348 [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
    19:17:35.0191 3348 asmtxhci - ok
    19:17:35.0197 3348 [ 5C31DFB196CB3A488A041881634D86D2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    19:17:35.0200 3348 AsSysCtrlService - ok
    19:17:35.0202 3348 [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
    19:17:35.0202 3348 AsUpIO - ok
    19:17:35.0204 3348 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    19:17:35.0205 3348 AsyncMac - ok
    19:17:35.0207 3348 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    19:17:35.0207 3348 atapi - ok
    19:17:35.0214 3348 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    19:17:35.0218 3348 AudioEndpointBuilder - ok
    19:17:35.0224 3348 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    19:17:35.0226 3348 AudioSrv - ok
    19:17:35.0229 3348 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    19:17:35.0230 3348 AxInstSV - ok
    19:17:35.0235 3348 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    19:17:35.0239 3348 b06bdrv - ok
    19:17:35.0243 3348 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    19:17:35.0245 3348 b57nd60a - ok
    19:17:35.0249 3348 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    19:17:35.0250 3348 BDESVC - ok
    19:17:35.0252 3348 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    19:17:35.0252 3348 Beep - ok
    19:17:35.0259 3348 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    19:17:35.0264 3348 BFE - ok
    19:17:35.0272 3348 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    19:17:35.0278 3348 BITS - ok
    19:17:35.0282 3348 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    19:17:35.0282 3348 blbdrive - ok
    19:17:35.0285 3348 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    19:17:35.0286 3348 bowser - ok
    19:17:35.0287 3348 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    19:17:35.0288 3348 BrFiltLo - ok
    19:17:35.0289 3348 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    19:17:35.0290 3348 BrFiltUp - ok
    19:17:35.0293 3348 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    19:17:35.0294 3348 Browser - ok
    19:17:35.0298 3348 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    19:17:35.0300 3348 Brserid - ok
    19:17:35.0302 3348 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    19:17:35.0303 3348 BrSerWdm - ok
    19:17:35.0304 3348 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:17:35.0305 3348 BrUsbMdm - ok
    19:17:35.0306 3348 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    19:17:35.0307 3348 BrUsbSer - ok
    19:17:35.0309 3348 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    19:17:35.0310 3348 BTHMODEM - ok
    19:17:35.0313 3348 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    19:17:35.0314 3348 bthserv - ok
    19:17:35.0316 3348 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    19:17:35.0317 3348 cdfs - ok
    19:17:35.0320 3348 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    19:17:35.0321 3348 cdrom - ok
    19:17:35.0324 3348 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    19:17:35.0325 3348 CertPropSvc - ok
    19:17:35.0326 3348 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    19:17:35.0327 3348 circlass - ok
    19:17:35.0332 3348 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    19:17:35.0334 3348 CLFS - ok
    19:17:35.0340 3348 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:17:35.0342 3348 clr_optimization_v2.0.50727_32 - ok
    19:17:35.0348 3348 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    19:17:35.0350 3348 clr_optimization_v2.0.50727_64 - ok
    19:17:35.0359 3348 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:17:35.0364 3348 clr_optimization_v4.0.30319_32 - ok
    19:17:35.0371 3348 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    19:17:35.0373 3348 clr_optimization_v4.0.30319_64 - ok
    19:17:35.0375 3348 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    19:17:35.0376 3348 CmBatt - ok
    19:17:35.0378 3348 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    19:17:35.0378 3348 cmdide - ok
    19:17:35.0383 3348 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    19:17:35.0387 3348 CNG - ok
    19:17:35.0389 3348 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    19:17:35.0389 3348 Compbatt - ok
    19:17:35.0391 3348 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    19:17:35.0392 3348 CompositeBus - ok
    19:17:35.0393 3348 COMSysApp - ok
    19:17:35.0395 3348 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    19:17:35.0396 3348 crcdisk - ok
    19:17:35.0400 3348 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    19:17:35.0402 3348 CryptSvc - ok
    19:17:35.0407 3348 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    19:17:35.0411 3348 CSC - ok
    19:17:35.0418 3348 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    19:17:35.0422 3348 CscService - ok
    19:17:35.0425 3348 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
    19:17:35.0426 3348 dc3d - ok
    19:17:35.0433 3348 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    19:17:35.0436 3348 DcomLaunch - ok
    19:17:35.0441 3348 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    19:17:35.0443 3348 defragsvc - ok
    19:17:35.0446 3348 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    19:17:35.0447 3348 DfsC - ok
    19:17:35.0449 3348 [ 113212D25D0C9BB8901A9833774DA97F ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
    19:17:35.0450 3348 dg_ssudbus - ok
    19:17:35.0455 3348 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    19:17:35.0457 3348 Dhcp - ok
    19:17:35.0459 3348 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    19:17:35.0460 3348 discache - ok
    19:17:35.0462 3348 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    19:17:35.0462 3348 Disk - ok
    19:17:35.0465 3348 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    19:17:35.0467 3348 Dnscache - ok
    19:17:35.0471 3348 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    19:17:35.0473 3348 dot3svc - ok
    19:17:35.0476 3348 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    19:17:35.0477 3348 Dot4 - ok
    19:17:35.0479 3348 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
    19:17:35.0480 3348 Dot4Print - ok
    19:17:35.0481 3348 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    19:17:35.0482 3348 dot4usb - ok
    19:17:35.0485 3348 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    19:17:35.0486 3348 DPS - ok
    19:17:35.0488 3348 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    19:17:35.0489 3348 drmkaud - ok
    19:17:35.0498 3348 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    19:17:35.0500 3348 DXGKrnl - ok
    19:17:35.0503 3348 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    19:17:35.0504 3348 EapHost - ok
    19:17:35.0528 3348 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    19:17:35.0545 3348 ebdrv - ok
    19:17:35.0548 3348 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    19:17:35.0549 3348 EFS - ok
    19:17:35.0554 3348 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    19:17:35.0558 3348 elxstor - ok
    19:17:35.0560 3348 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    19:17:35.0560 3348 ErrDev - ok
    19:17:35.0566 3348 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    19:17:35.0569 3348 EventSystem - ok
    19:17:35.0572 3348 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    19:17:35.0574 3348 exfat - ok
    19:17:35.0577 3348 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    19:17:35.0579 3348 fastfat - ok
    19:17:35.0580 3348 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    19:17:35.0581 3348 fdc - ok
    19:17:35.0583 3348 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    19:17:35.0583 3348 fdPHost - ok
    19:17:35.0585 3348 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    19:17:35.0586 3348 FDResPub - ok
    19:17:35.0588 3348 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    19:17:35.0588 3348 FileInfo - ok
    19:17:35.0590 3348 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    19:17:35.0591 3348 Filetrace - ok
    19:17:35.0592 3348 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    19:17:35.0593 3348 flpydisk - ok
    19:17:35.0597 3348 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    19:17:35.0599 3348 FltMgr - ok
    19:17:35.0609 3348 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    19:17:35.0616 3348 FontCache - ok
    19:17:35.0619 3348 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    19:17:35.0619 3348 FontCache3.0.0.0 - ok
    19:17:35.0621 3348 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    19:17:35.0622 3348 FsDepends - ok
    19:17:35.0624 3348 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    19:17:35.0624 3348 Fs_Rec - ok
    19:17:35.0628 3348 [ 0D015D3584704EC814A58276232F143B ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
    19:17:35.0644 3348 Futuremark SystemInfo Service - ok
    19:17:35.0648 3348 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    19:17:35.0649 3348 fvevol - ok
    19:17:35.0651 3348 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    19:17:35.0652 3348 gagp30kx - ok
    19:17:35.0659 3348 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    19:17:35.0665 3348 gpsvc - ok
    19:17:35.0668 3348 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    19:17:35.0669 3348 gusvc - ok
    19:17:35.0671 3348 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    19:17:35.0672 3348 hcw85cir - ok
    19:17:35.0676 3348 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    19:17:35.0679 3348 HdAudAddService - ok
    19:17:35.0682 3348 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    19:17:35.0683 3348 HDAudBus - ok
    19:17:35.0684 3348 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    19:17:35.0685 3348 HidBatt - ok
    19:17:35.0687 3348 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    19:17:35.0688 3348 HidBth - ok
    19:17:35.0690 3348 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    19:17:35.0691 3348 HidIr - ok
    19:17:35.0693 3348 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    19:17:35.0694 3348 hidserv - ok
    19:17:35.0696 3348 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    19:17:35.0697 3348 HidUsb - ok
    19:17:35.0699 3348 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    19:17:35.0701 3348 hkmsvc - ok
    19:17:35.0704 3348 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    19:17:35.0706 3348 HomeGroupListener - ok
    19:17:35.0709 3348 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    19:17:35.0711 3348 HomeGroupProvider - ok
    19:17:35.0714 3348 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    19:17:35.0715 3348 HpSAMD - ok
    19:17:35.0721 3348 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    19:17:35.0727 3348 HTTP - ok
    19:17:35.0729 3348 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    19:17:35.0729 3348 hwpolicy - ok
    19:17:35.0731 3348 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    19:17:35.0733 3348 i8042prt - ok
    19:17:35.0737 3348 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    19:17:35.0741 3348 iaStorV - ok
    19:17:35.0749 3348 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    19:17:35.0754 3348 idsvc - ok
    19:17:35.0757 3348 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    19:17:35.0757 3348 iirsp - ok
    19:17:35.0765 3348 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    19:17:35.0771 3348 IKEEXT - ok
    19:17:35.0795 3348 [ EB5FA493A4B6EA290200AE39EBA2FBC6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    19:17:35.0804 3348 IntcAzAudAddService - ok
    19:17:35.0806 3348 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    19:17:35.0807 3348 intelide - ok
    19:17:35.0809 3348 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    19:17:35.0809 3348 intelppm - ok
    19:17:35.0811 3348 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    19:17:35.0812 3348 IPBusEnum - ok
    19:17:35.0815 3348 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:17:35.0816 3348 IpFilterDriver - ok
    19:17:35.0821 3348 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    19:17:35.0825 3348 iphlpsvc - ok
    19:17:35.0827 3348 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    19:17:35.0828 3348 IPMIDRV - ok
    19:17:35.0831 3348 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    19:17:35.0832 3348 IPNAT - ok
    19:17:35.0833 3348 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    19:17:35.0834 3348 IRENUM - ok
    19:17:35.0836 3348 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    19:17:35.0836 3348 isapnp - ok
    19:17:35.0840 3348 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    19:17:35.0842 3348 iScsiPrt - ok
    19:17:35.0844 3348 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    19:17:35.0845 3348 kbdclass - ok
    19:17:35.0846 3348 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    19:17:35.0847 3348 kbdhid - ok
    19:17:35.0849 3348 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    19:17:35.0849 3348 KeyIso - ok
    19:17:35.0852 3348 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    19:17:35.0861 3348 KSecDD - ok
    19:17:35.0864 3348 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    19:17:35.0865 3348 KSecPkg - ok
    19:17:35.0867 3348 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    19:17:35.0867 3348 ksthunk - ok
    19:17:35.0872 3348 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    19:17:35.0875 3348 KtmRm - ok
    19:17:35.0879 3348 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    19:17:35.0881 3348 LanmanServer - ok
    19:17:35.0884 3348 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    19:17:35.0886 3348 LanmanWorkstation - ok
    19:17:35.0889 3348 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    19:17:35.0890 3348 LightScribeService - ok
    19:17:35.0892 3348 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    19:17:35.0893 3348 lltdio - ok
    19:17:35.0897 3348 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    19:17:35.0900 3348 lltdsvc - ok
    19:17:35.0901 3348 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    19:17:35.0902 3348 lmhosts - ok
    19:17:35.0905 3348 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    19:17:35.0906 3348 LSI_FC - ok
    19:17:35.0909 3348 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    19:17:35.0910 3348 LSI_SAS - ok
    19:17:35.0912 3348 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    19:17:35.0913 3348 LSI_SAS2 - ok
    19:17:35.0915 3348 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    19:17:35.0916 3348 LSI_SCSI - ok
    19:17:35.0918 3348 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    19:17:35.0919 3348 luafv - ok
    19:17:35.0926 3348 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    19:17:35.0929 3348 McciCMService - ok
    19:17:35.0936 3348 [ BE3D584D7C021EB7D89166EECB83C341 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe
    19:17:35.0940 3348 McciCMService64 - ok
    19:17:35.0942 3348 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    19:17:35.0943 3348 megasas - ok
    19:17:35.0946 3348 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    19:17:35.0949 3348 MegaSR - ok
    19:17:35.0951 3348 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    19:17:35.0951 3348 MEIx64 - ok
    19:17:35.0957 3348 Microsoft SharePoint Workspace Audit Service - ok
    19:17:35.0959 3348 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    19:17:35.0960 3348 MMCSS - ok
    19:17:35.0962 3348 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    19:17:35.0963 3348 Modem - ok
    19:17:35.0965 3348 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    19:17:35.0965 3348 monitor - ok
    19:17:35.0968 3348 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    19:17:35.0968 3348 mouclass - ok
    19:17:35.0970 3348 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    19:17:35.0971 3348 mouhid - ok
    19:17:35.0973 3348 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    19:17:35.0974 3348 mountmgr - ok
    19:17:35.0978 3348 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    19:17:35.0979 3348 MpFilter - ok
    19:17:35.0982 3348 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    19:17:35.0984 3348 mpio - ok
    19:17:35.0986 3348 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    19:17:35.0987 3348 mpsdrv - ok
    19:17:35.0995 3348 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    19:17:36.0000 3348 MpsSvc - ok
    19:17:36.0003 3348 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
    19:17:36.0004 3348 MREMP50 - ok
    19:17:36.0008 3348 MREMP50a64 - ok
    19:17:36.0010 3348 MREMPR5 - ok
    19:17:36.0013 3348 MRENDIS5 - ok
    19:17:36.0015 3348 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
    19:17:36.0016 3348 MRESP50 - ok
    19:17:36.0018 3348 MRESP50a64 - ok
    19:17:36.0021 3348 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    19:17:36.0022 3348 MRxDAV - ok
    19:17:36.0026 3348 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:17:36.0028 3348 mrxsmb - ok
    19:17:36.0032 3348 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:17:36.0035 3348 mrxsmb10 - ok
    19:17:36.0037 3348 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:17:36.0039 3348 mrxsmb20 - ok
    19:17:36.0040 3348 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    19:17:36.0041 3348 msahci - ok
    19:17:36.0044 3348 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    19:17:36.0045 3348 msdsm - ok
    19:17:36.0047 3348 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    19:17:36.0049 3348 MSDTC - ok
    19:17:36.0052 3348 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    19:17:36.0053 3348 Msfs - ok
    19:17:36.0054 3348 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    19:17:36.0055 3348 mshidkmdf - ok
    19:17:36.0056 3348 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    19:17:36.0057 3348 msisadrv - ok
    19:17:36.0060 3348 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    19:17:36.0061 3348 MSiSCSI - ok
    19:17:36.0063 3348 msiserver - ok
    19:17:36.0065 3348 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    19:17:36.0065 3348 MSKSSRV - ok
    19:17:36.0068 3348 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
    19:17:36.0068 3348 MsMpSvc - ok
    19:17:36.0070 3348 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    19:17:36.0070 3348 MSPCLOCK - ok
    19:17:36.0072 3348 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    19:17:36.0072 3348 MSPQM - ok
    19:17:36.0076 3348 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    19:17:36.0079 3348 MsRPC - ok
    19:17:36.0082 3348 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    19:17:36.0082 3348 mssmbios - ok
    19:17:36.0083 3348 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    19:17:36.0084 3348 MSTEE - ok
    19:17:36.0085 3348 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    19:17:36.0086 3348 MTConfig - ok
    19:17:36.0088 3348 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    19:17:36.0088 3348 Mup - ok
    19:17:36.0093 3348 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    19:17:36.0097 3348 napagent - ok
    19:17:36.0101 3348 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    19:17:36.0104 3348 NativeWifiP - ok
    19:17:36.0113 3348 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    19:17:36.0119 3348 NDIS - ok
    19:17:36.0121 3348 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    19:17:36.0122 3348 NdisCap - ok
    19:17:36.0124 3348 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    19:17:36.0124 3348 NdisTapi - ok
    19:17:36.0126 3348 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    19:17:36.0127 3348 Ndisuio - ok
    19:17:36.0130 3348 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    19:17:36.0131 3348 NdisWan - ok
    19:17:36.0133 3348 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    19:17:36.0134 3348 NDProxy - ok
    19:17:36.0137 3348 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    19:17:36.0138 3348 Net Driver HPZ12 - ok
    19:17:36.0140 3348 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    19:17:36.0140 3348 NetBIOS - ok
    19:17:36.0144 3348 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    19:17:36.0146 3348 NetBT - ok
    19:17:36.0148 3348 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    19:17:36.0149 3348 Netlogon - ok
    19:17:36.0153 3348 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    19:17:36.0156 3348 Netman - ok
    19:17:36.0162 3348 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    19:17:36.0166 3348 netprofm - ok
    19:17:36.0168 3348 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:17:36.0169 3348 NetTcpPortSharing - ok
    19:17:36.0171 3348 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    19:17:36.0172 3348 nfrd960 - ok
    19:17:36.0174 3348 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    19:17:36.0175 3348 NisDrv - ok
    19:17:36.0179 3348 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
    19:17:36.0182 3348 NisSrv - ok
    19:17:36.0186 3348 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    19:17:36.0189 3348 NlaSvc - ok
    19:17:36.0191 3348 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    19:17:36.0191 3348 Npfs - ok
    19:17:36.0193 3348 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    19:17:36.0194 3348 nsi - ok
    19:17:36.0196 3348 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    19:17:36.0197 3348 nsiproxy - ok
    19:17:36.0212 3348 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    19:17:36.0222 3348 Ntfs - ok
    19:17:36.0224 3348 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    19:17:36.0225 3348 Null - ok
    19:17:36.0228 3348 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    19:17:36.0229 3348 NVHDA - ok
    19:17:36.0338 3348 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    19:17:36.0378 3348 nvlddmkm - ok
    19:17:36.0384 3348 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    19:17:36.0385 3348 nvraid - ok
    19:17:36.0388 3348 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    19:17:36.0389 3348 nvstor - ok
    19:17:36.0397 3348 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
    19:17:36.0402 3348 nvsvc - ok
    19:17:36.0412 3348 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    19:17:36.0419 3348 nvUpdatusService - ok
    19:17:36.0422 3348 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    19:17:36.0423 3348 nv_agp - ok
    19:17:36.0426 3348 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    19:17:36.0427 3348 ohci1394 - ok
    19:17:36.0429 3348 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:17:36.0430 3348 ose - ok
    19:17:36.0468 3348 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
     
  7. paymahn17

    paymahn17 TS Rookie Topic Starter

    19:17:36.0500 3348 osppsvc - ok
    19:17:36.0505 3348 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    19:17:36.0507 3348 p2pimsvc - ok
    19:17:36.0512 3348 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    19:17:36.0516 3348 p2psvc - ok
    19:17:36.0518 3348 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    19:17:36.0519 3348 Parport - ok
    19:17:36.0521 3348 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    19:17:36.0522 3348 partmgr - ok
    19:17:36.0524 3348 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    19:17:36.0526 3348 PcaSvc - ok
    19:17:36.0529 3348 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    19:17:36.0530 3348 pci - ok
    19:17:36.0532 3348 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    19:17:36.0532 3348 pciide - ok
    19:17:36.0535 3348 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    19:17:36.0537 3348 pcmcia - ok
    19:17:36.0539 3348 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    19:17:36.0539 3348 pcw - ok
    19:17:36.0545 3348 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    19:17:36.0549 3348 PEAUTH - ok
    19:17:36.0559 3348 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    19:17:36.0568 3348 PeerDistSvc - ok
    19:17:36.0585 3348 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    19:17:36.0586 3348 PerfHost - ok
    19:17:36.0600 3348 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    19:17:36.0608 3348 pla - ok
    19:17:36.0613 3348 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    19:17:36.0617 3348 PlugPlay - ok
    19:17:36.0620 3348 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    19:17:36.0621 3348 Pml Driver HPZ12 - ok
    19:17:36.0623 3348 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    19:17:36.0624 3348 PNRPAutoReg - ok
    19:17:36.0628 3348 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    19:17:36.0630 3348 PNRPsvc - ok
    19:17:36.0632 3348 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    19:17:36.0633 3348 Point64 - ok
    19:17:36.0638 3348 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    19:17:36.0642 3348 PolicyAgent - ok
    19:17:36.0646 3348 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    19:17:36.0647 3348 Power - ok
    19:17:36.0650 3348 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    19:17:36.0651 3348 PptpMiniport - ok
    19:17:36.0653 3348 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    19:17:36.0654 3348 Processor - ok
    19:17:36.0657 3348 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    19:17:36.0659 3348 ProfSvc - ok
    19:17:36.0661 3348 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    19:17:36.0661 3348 ProtectedStorage - ok
    19:17:36.0664 3348 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    19:17:36.0665 3348 Psched - ok
    19:17:36.0678 3348 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    19:17:36.0687 3348 ql2300 - ok
    19:17:36.0690 3348 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    19:17:36.0691 3348 ql40xx - ok
    19:17:36.0695 3348 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    19:17:36.0697 3348 QWAVE - ok
    19:17:36.0699 3348 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    19:17:36.0700 3348 QWAVEdrv - ok
    19:17:36.0701 3348 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    19:17:36.0702 3348 RasAcd - ok
    19:17:36.0704 3348 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:17:36.0705 3348 RasAgileVpn - ok
    19:17:36.0707 3348 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    19:17:36.0708 3348 RasAuto - ok
    19:17:36.0711 3348 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:17:36.0712 3348 Rasl2tp - ok
    19:17:36.0716 3348 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    19:17:36.0719 3348 RasMan - ok
    19:17:36.0722 3348 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    19:17:36.0723 3348 RasPppoe - ok
    19:17:36.0725 3348 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    19:17:36.0726 3348 RasSstp - ok
    19:17:36.0730 3348 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    19:17:36.0732 3348 rdbss - ok
    19:17:36.0734 3348 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    19:17:36.0735 3348 rdpbus - ok
    19:17:36.0736 3348 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:17:36.0737 3348 RDPCDD - ok
    19:17:36.0740 3348 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    19:17:36.0742 3348 RDPDR - ok
    19:17:36.0744 3348 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    19:17:36.0744 3348 RDPENCDD - ok
    19:17:36.0746 3348 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    19:17:36.0747 3348 RDPREFMP - ok
    19:17:36.0749 3348 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    19:17:36.0750 3348 RdpVideoMiniport - ok
    19:17:36.0754 3348 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    19:17:36.0756 3348 RDPWD - ok
    19:17:36.0759 3348 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    19:17:36.0761 3348 rdyboost - ok
    19:17:36.0763 3348 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    19:17:36.0765 3348 RemoteAccess - ok
    19:17:36.0768 3348 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    19:17:36.0770 3348 RemoteRegistry - ok
    19:17:36.0772 3348 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    19:17:36.0773 3348 RpcEptMapper - ok
    19:17:36.0775 3348 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    19:17:36.0776 3348 RpcLocator - ok
    19:17:36.0781 3348 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    19:17:36.0783 3348 RpcSs - ok
    19:17:36.0786 3348 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    19:17:36.0786 3348 rspndr - ok
    19:17:36.0789 3348 RTCore64 - ok
    19:17:36.0795 3348 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    19:17:36.0797 3348 RTL8167 - ok
    19:17:36.0813 3348 [ CFBABCC8E8B72F9D1693FF583A09C79B ] RTL85n64 C:\Windows\system32\DRIVERS\RTL85n64.sys
    19:17:36.0825 3348 RTL85n64 - ok
    19:17:36.0828 3348 [ E16B7C030A05EF649B18FAB0A93D871F ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
    19:17:36.0828 3348 RtNdPt60 - ok
    19:17:36.0831 3348 [ 1DE78F5008120CD79B34C12394DCD493 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
    19:17:36.0831 3348 RTTEAMPT - ok
    19:17:36.0833 3348 [ B1018AA1B5735F5FA89FD4DADF4BEA7A ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys
    19:17:36.0834 3348 RTVLANPT - ok
    19:17:36.0835 3348 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    19:17:36.0836 3348 s3cap - ok
    19:17:36.0837 3348 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    19:17:36.0838 3348 SamSs - ok
    19:17:36.0840 3348 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    19:17:36.0841 3348 sbp2port - ok
    19:17:36.0845 3348 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    19:17:36.0847 3348 SCardSvr - ok
    19:17:36.0849 3348 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    19:17:36.0849 3348 scfilter - ok
    19:17:36.0858 3348 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    19:17:36.0865 3348 Schedule - ok
    19:17:36.0868 3348 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    19:17:36.0868 3348 SCPolicySvc - ok
    19:17:36.0871 3348 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    19:17:36.0873 3348 SDRSVC - ok
    19:17:36.0875 3348 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    19:17:36.0876 3348 secdrv - ok
    19:17:36.0878 3348 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    19:17:36.0879 3348 seclogon - ok
    19:17:36.0881 3348 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    19:17:36.0882 3348 SENS - ok
    19:17:36.0884 3348 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    19:17:36.0885 3348 SensrSvc - ok
    19:17:36.0886 3348 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    19:17:36.0887 3348 Serenum - ok
    19:17:36.0889 3348 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    19:17:36.0890 3348 Serial - ok
    19:17:36.0892 3348 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    19:17:36.0893 3348 sermouse - ok
    19:17:36.0897 3348 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    19:17:36.0899 3348 SessionEnv - ok
    19:17:36.0901 3348 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    19:17:36.0901 3348 sffdisk - ok
    19:17:36.0903 3348 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    19:17:36.0903 3348 sffp_mmc - ok
    19:17:36.0905 3348 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    19:17:36.0905 3348 sffp_sd - ok
    19:17:36.0907 3348 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    19:17:36.0908 3348 sfloppy - ok
    19:17:36.0912 3348 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    19:17:36.0915 3348 SharedAccess - ok
    19:17:36.0919 3348 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    19:17:36.0922 3348 ShellHWDetection - ok
    19:17:36.0924 3348 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    19:17:36.0925 3348 SiSRaid2 - ok
    19:17:36.0927 3348 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    19:17:36.0928 3348 SiSRaid4 - ok
    19:17:36.0929 3348 SkypeUpdate - ok
    19:17:36.0932 3348 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    19:17:36.0933 3348 Smb - ok
    19:17:36.0936 3348 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    19:17:36.0937 3348 SNMPTRAP - ok
    19:17:36.0938 3348 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    19:17:36.0939 3348 spldr - ok
    19:17:36.0944 3348 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    19:17:36.0948 3348 Spooler - ok
    19:17:36.0978 3348 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    19:17:37.0001 3348 sppsvc - ok
    19:17:37.0003 3348 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    19:17:37.0005 3348 sppuinotify - ok
    19:17:37.0010 3348 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    19:17:37.0013 3348 srv - ok
    19:17:37.0018 3348 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    19:17:37.0021 3348 srv2 - ok
    19:17:37.0025 3348 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    19:17:37.0026 3348 srvnet - ok
    19:17:37.0029 3348 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    19:17:37.0031 3348 SSDPSRV - ok
    19:17:37.0033 3348 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    19:17:37.0035 3348 SstpSvc - ok
    19:17:37.0038 3348 [ 78CD64791F8634CF7B582FD085E57C4B ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
    19:17:37.0040 3348 ssudmdm - ok
    19:17:37.0044 3348 [ DFB8E60FCAD331662A25C1133E6902BB ] ssudserd C:\Windows\system32\DRIVERS\ssudserd.sys
    19:17:37.0046 3348 ssudserd - ok
    19:17:37.0048 3348 Steam Client Service - ok
    19:17:37.0050 3348 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    19:17:37.0051 3348 stexstor - ok
    19:17:37.0057 3348 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    19:17:37.0061 3348 stisvc - ok
    19:17:37.0063 3348 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    19:17:37.0064 3348 storflt - ok
    19:17:37.0066 3348 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    19:17:37.0066 3348 storvsc - ok
    19:17:37.0068 3348 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    19:17:37.0068 3348 swenum - ok
    19:17:37.0073 3348 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    19:17:37.0077 3348 swprv - ok
    19:17:37.0079 3348 Synth3dVsc - ok
    19:17:37.0094 3348 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    19:17:37.0106 3348 SysMain - ok
    19:17:37.0108 3348 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    19:17:37.0110 3348 TabletInputService - ok
    19:17:37.0114 3348 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    19:17:37.0117 3348 TapiSrv - ok
    19:17:37.0119 3348 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    19:17:37.0120 3348 TBS - ok
    19:17:37.0136 3348 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    19:17:37.0147 3348 Tcpip - ok
    19:17:37.0163 3348 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    19:17:37.0168 3348 TCPIP6 - ok
    19:17:37.0172 3348 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    19:17:37.0172 3348 tcpipreg - ok
    19:17:37.0175 3348 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    19:17:37.0175 3348 TDPIPE - ok
    19:17:37.0177 3348 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    19:17:37.0178 3348 TDTCP - ok
    19:17:37.0180 3348 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    19:17:37.0181 3348 tdx - ok
    19:17:37.0183 3348 [ 1DE78F5008120CD79B34C12394DCD493 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys
    19:17:37.0183 3348 TEAM - ok
    19:17:37.0185 3348 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    19:17:37.0186 3348 TermDD - ok
    19:17:37.0192 3348 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    19:17:37.0197 3348 TermService - ok
    19:17:37.0200 3348 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    19:17:37.0201 3348 Themes - ok
    19:17:37.0203 3348 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    19:17:37.0203 3348 THREADORDER - ok
    19:17:37.0206 3348 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    19:17:37.0207 3348 TrkWks - ok
    19:17:37.0211 3348 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    19:17:37.0212 3348 TrustedInstaller - ok
    19:17:37.0215 3348 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:17:37.0215 3348 tssecsrv - ok
    19:17:37.0217 3348 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    19:17:37.0218 3348 TsUsbFlt - ok
    19:17:37.0220 3348 tsusbhub - ok
    19:17:37.0223 3348 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    19:17:37.0224 3348 tunnel - ok
    19:17:37.0226 3348 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    19:17:37.0227 3348 uagp35 - ok
    19:17:37.0231 3348 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    19:17:37.0234 3348 udfs - ok
    19:17:37.0237 3348 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    19:17:37.0238 3348 UI0Detect - ok
    19:17:37.0241 3348 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    19:17:37.0241 3348 uliagpkx - ok
    19:17:37.0244 3348 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    19:17:37.0244 3348 umbus - ok
    19:17:37.0246 3348 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    19:17:37.0247 3348 UmPass - ok
    19:17:37.0250 3348 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    19:17:37.0252 3348 UmRdpService - ok
    19:17:37.0257 3348 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    19:17:37.0260 3348 upnphost - ok
    19:17:37.0262 3348 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    19:17:37.0263 3348 usbaudio - ok
    19:17:37.0266 3348 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    19:17:37.0267 3348 usbccgp - ok
    19:17:37.0269 3348 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    19:17:37.0270 3348 usbcir - ok
    19:17:37.0273 3348 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    19:17:37.0273 3348 usbehci - ok
    19:17:37.0277 3348 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    19:17:37.0280 3348 usbhub - ok
    19:17:37.0282 3348 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    19:17:37.0282 3348 usbohci - ok
    19:17:37.0284 3348 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    19:17:37.0285 3348 usbprint - ok
    19:17:37.0287 3348 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    19:17:37.0288 3348 usbscan - ok
    19:17:37.0290 3348 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:17:37.0291 3348 USBSTOR - ok
    19:17:37.0293 3348 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    19:17:37.0293 3348 usbuhci - ok
    19:17:37.0296 3348 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
    19:17:37.0297 3348 usb_rndisx - ok
    19:17:37.0299 3348 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    19:17:37.0300 3348 UxSms - ok
    19:17:37.0302 3348 [ 5662A7DA81CE13313D2E2A7929CAFEC4 ] V0420VID C:\Windows\system32\DRIVERS\V0420Vid.sys

    19:17:37.0303 3348 V0420VID - ok
    19:17:37.0305 3348 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    19:17:37.0305 3348 VaultSvc - ok
    19:17:37.0307 3348 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    19:17:37.0308 3348 vdrvroot - ok
    19:17:37.0313 3348 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    19:17:37.0317 3348 vds - ok
    19:17:37.0319 3348 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    19:17:37.0320 3348 vga - ok
    19:17:37.0322 3348 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    19:17:37.0322 3348 VgaSave - ok
    19:17:37.0324 3348 VGPU - ok
    19:17:37.0327 3348 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    19:17:37.0329 3348 vhdmp - ok
    19:17:37.0331 3348 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    19:17:37.0332 3348 viaide - ok
    19:17:37.0333 3348 [ B1018AA1B5735F5FA89FD4DADF4BEA7A ] VLAN C:\Windows\system32\DRIVERS\RtVLAN60.sys
    19:17:37.0334 3348 VLAN - ok
    19:17:37.0337 3348 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    19:17:37.0338 3348 vmbus - ok
    19:17:37.0340 3348 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    19:17:37.0340 3348 VMBusHID - ok
    19:17:37.0342 3348 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    19:17:37.0343 3348 volmgr - ok
    19:17:37.0348 3348 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    19:17:37.0350 3348 volmgrx - ok
    19:17:37.0354 3348 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    19:17:37.0356 3348 volsnap - ok
    19:17:37.0359 3348 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    19:17:37.0361 3348 vsmraid - ok
    19:17:37.0374 3348 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    19:17:37.0384 3348 VSS - ok
    19:17:37.0386 3348 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    19:17:37.0386 3348 vwifibus - ok
    19:17:37.0391 3348 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    19:17:37.0394 3348 W32Time - ok
    19:17:37.0397 3348 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    19:17:37.0397 3348 WacomPen - ok
    19:17:37.0400 3348 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    19:17:37.0401 3348 WANARP - ok
    19:17:37.0403 3348 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    19:17:37.0403 3348 Wanarpv6 - ok
    19:17:37.0416 3348 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    19:17:37.0426 3348 wbengine - ok
    19:17:37.0430 3348 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    19:17:37.0432 3348 WbioSrvc - ok
    19:17:37.0436 3348 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    19:17:37.0440 3348 wcncsvc - ok
    19:17:37.0441 3348 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    19:17:37.0443 3348 WcsPlugInService - ok
    19:17:37.0445 3348 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    19:17:37.0445 3348 Wd - ok
    19:17:37.0452 3348 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    19:17:37.0456 3348 Wdf01000 - ok
    19:17:37.0458 3348 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    19:17:37.0460 3348 WdiServiceHost - ok
    19:17:37.0461 3348 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    19:17:37.0462 3348 WdiSystemHost - ok
    19:17:37.0466 3348 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    19:17:37.0469 3348 WebClient - ok
    19:17:37.0472 3348 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    19:17:37.0475 3348 Wecsvc - ok
    19:17:37.0477 3348 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    19:17:37.0479 3348 wercplsupport - ok
    19:17:37.0481 3348 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    19:17:37.0482 3348 WerSvc - ok
    19:17:37.0484 3348 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    19:17:37.0485 3348 WfpLwf - ok
    19:17:37.0487 3348 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    19:17:37.0487 3348 WIMMount - ok
    19:17:37.0488 3348 WinDefend - ok
    19:17:37.0490 3348 WinHttpAutoProxySvc - ok
    19:17:37.0498 3348 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    19:17:37.0500 3348 Winmgmt - ok
    19:17:37.0517 3348 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    19:17:37.0529 3348 WinRM - ok
    19:17:37.0540 3348 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    19:17:37.0546 3348 Wlansvc - ok
    19:17:37.0548 3348 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    19:17:37.0549 3348 WmiAcpi - ok
    19:17:37.0552 3348 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    19:17:37.0554 3348 wmiApSrv - ok
    19:17:37.0555 3348 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    19:17:37.0557 3348 WPCSvc - ok
    19:17:37.0559 3348 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    19:17:37.0561 3348 WPDBusEnum - ok
    19:17:37.0563 3348 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    19:17:37.0563 3348 ws2ifsl - ok
    19:17:37.0566 3348 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    19:17:37.0567 3348 wscsvc - ok
    19:17:37.0568 3348 WSearch - ok
    19:17:37.0589 3348 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    19:17:37.0604 3348 wuauserv - ok
    19:17:37.0607 3348 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    19:17:37.0608 3348 WudfPf - ok
    19:17:37.0611 3348 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:17:37.0613 3348 WUDFRd - ok
    19:17:37.0615 3348 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    19:17:37.0617 3348 wudfsvc - ok
    19:17:37.0620 3348 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    19:17:37.0623 3348 WwanSvc - ok
    19:17:37.0626 3348 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
    19:17:37.0626 3348 xusb21 - ok
    19:17:37.0629 3348 ================ Scan global ===============================
    19:17:37.0630 3348 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    19:17:37.0634 3348 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    19:17:37.0638 3348 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    19:17:37.0641 3348 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    19:17:37.0646 3348 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    19:17:37.0649 3348 [Global] - ok
    19:17:37.0649 3348 ================ Scan MBR ==================================
    19:17:37.0650 3348 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    19:17:37.0691 3348 \Device\Harddisk0\DR0 - ok
    19:17:37.0703 3348 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    19:17:37.0705 3348 \Device\Harddisk1\DR1 - ok
    19:17:37.0705 3348 ================ Scan VBR ==================================
    19:17:37.0706 3348 [ 923070FB489650E9E566F9839819BE5B ] \Device\Harddisk0\DR0\Partition1
    19:17:37.0707 3348 \Device\Harddisk0\DR0\Partition1 - ok
    19:17:37.0708 3348 [ 77C298E4640C4661DC3C0D260CA32CCC ] \Device\Harddisk0\DR0\Partition2
    19:17:37.0709 3348 \Device\Harddisk0\DR0\Partition2 - ok
    19:17:37.0709 3348 ============================================================
    19:17:37.0709 3348 Scan finished
    19:17:37.0709 3348 ============================================================
    19:17:37.0713 1996 Detected object count: 0
    19:17:37.0713 1996 Actual detected object count: 0
     
  8. Broni

    Broni Malware Annihilator Posts: 47,973   +271

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  9. paymahn17

    paymahn17 TS Rookie Topic Starter

    RogueKiller V8.2.2 [11/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Edward [Admin rights]
    Mode : Remove -- Date : 11/05/2012 19:42:54

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] V0420Mon.exe -- C:\Windows\V0420Mon.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : V0420Mon.exe (C:\Windows\V0420Mon.exe) -> DELETED
    [TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Edward\AppData\Local\Temp\IHU56E5.tmp.exe -> DELETED
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: MKNSSDCR120GB ATA Device +++++
    --- User ---
    [MBR] 2d89dd964f4ba4f1fef87d638285ef6b
    [BSP] 567633864e16bebe9983a1f9f6a7edf7 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WDC WD10EALX-009BA0 ATA Device +++++
    --- User ---
    [MBR] 1971bea6bf58d089edd524674f48c713
    [BSP] 951862f177726a8a0f56e5fd6477ffd6 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_11052012_02d1942.txt >>
    RKreport[1]_S_11052012_02d1942.txt ; RKreport[2]_D_11052012_02d1942.txt








    RogueKiller V8.2.2 [11/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Edward [Admin rights]
    Mode : Remove -- Date : 11/05/2012 19:42:54

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] V0420Mon.exe -- C:\Windows\V0420Mon.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : V0420Mon.exe (C:\Windows\V0420Mon.exe) -> DELETED
    [TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Edward\AppData\Local\Temp\IHU56E5.tmp.exe -> DELETED
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: MKNSSDCR120GB ATA Device +++++
    --- User ---
    [MBR] 2d89dd964f4ba4f1fef87d638285ef6b
    [BSP] 567633864e16bebe9983a1f9f6a7edf7 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WDC WD10EALX-009BA0 ATA Device +++++
    --- User ---
    [MBR] 1971bea6bf58d089edd524674f48c713
    [BSP] 951862f177726a8a0f56e5fd6477ffd6 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_11052012_02d1942.txt >>
    RKreport[1]_S_11052012_02d1942.txt ; RKreport[2]_D_11052012_02d1942.txt







    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-05 19:44:16
    -----------------------------
    19:44:16.019 OS Version: Windows x64 6.1.7601 Service Pack 1
    19:44:16.019 Number of processors: 4 586 0x2A07
    19:44:16.019 ComputerName: NASTYMAGNUS UserName: Edward
    19:44:16.164 Initialize success
    19:44:22.694 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    19:44:22.694 Disk 0 Vendor: MKNSSDCR120GB 502ABBF0 Size: 114473MB BusType: 11
    19:44:22.694 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
    19:44:22.694 Disk 1 Vendor: WDC_WD10EALX-009BA0 15.01H15 Size: 953869MB BusType: 11
    19:44:22.699 Disk 0 MBR read successfully
    19:44:22.699 Disk 0 MBR scan
    19:44:22.699 Disk 0 Windows 7 default MBR code
    19:44:22.704 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    19:44:22.704 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
    19:44:22.704 Disk 0 scanning C:\Windows\system32\drivers
    19:44:23.719 Service scanning
    19:44:25.900 Modules scanning
    19:44:25.903 Disk 0 trace - called modules:
    19:44:25.907 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    19:44:26.232 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007724060]
    19:44:26.235 3 CLASSPNP.SYS[fffff8800193943f] -> nt!IofCallDriver -> [0xfffffa800751ae40]
    19:44:26.236 5 ACPI.sys[fffff88000f2d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007517060]
    19:44:26.238 Scan finished successfully
    19:44:37.770 Disk 0 MBR has been saved successfully to "E:\Desktop\MBR.dat"
    19:44:37.772 The log file has been saved successfully to "E:\Desktop\aswMBR.txt"
     
  10. Broni

    Broni Malware Annihilator Posts: 47,973   +271

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  11. paymahn17

    paymahn17 TS Rookie Topic Starter

    ComboFix 12-11-05.03 - Edward 05/11/2012 20:55:06.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.8173.6832 [GMT -7:00]
    Running from: e:\desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Edward\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A6FF1265-E633-4436-BFEE-3FDEB7114F4E}.xps
    c:\windows\SysWow64\muzapp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-06 01:10 . 2012-10-12 07:199291768----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44FBAE6E-6AE4-4F0D-9637-FE3FAF4E9AD9}\mpengine.dll
    2012-11-04 23:37 . 2012-11-04 23:37--------d-----w-c:\users\Edward\AppData\Roaming\fltk.org
    2012-11-04 23:37 . 2012-11-04 23:37--------d-----w-c:\programdata\fltk.org
    2012-11-04 18:56 . 2012-10-12 07:199291768----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-11-04 00:25 . 2012-11-04 00:25--------d-----w-c:\users\Edward\AppData\Roaming\Malwarebytes
    2012-11-04 00:24 . 2012-11-04 00:24--------d-----w-c:\programdata\Malwarebytes
    2012-11-04 00:24 . 2012-09-30 01:5425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-11-03 08:22 . 2012-11-03 08:22--------d-----w-c:\programdata\Ask
    2012-11-01 00:20 . 2012-11-01 00:32--------d-----w-c:\program files (x86)\Common Files\Steam
    2012-10-24 02:23 . 2012-10-24 13:06--------d-----w-c:\users\Edward\AppData\Local\LogMeIn Rescue Applet
    2012-10-20 01:19 . 2012-09-27 03:03972192------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49B0A113-CD9A-4636-8AA6-CB8161783D98}\gapaengine.dll
    2012-10-10 00:32 . 2012-08-30 18:035559664----a-w-c:\windows\system32\ntoskrnl.exe
    2012-10-10 00:32 . 2012-08-30 17:123968880----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-10-10 00:32 . 2012-08-30 17:123914096----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-10-10 00:32 . 2012-08-24 18:05220160----a-w-c:\windows\system32\wintrust.dll
    2012-10-10 00:32 . 2012-08-24 16:57172544----a-w-c:\windows\SysWow64\wintrust.dll
    2012-10-10 00:32 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
    2012-10-10 00:32 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-10 00:31 . 2012-06-11 08:4973656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-10 00:31 . 2012-06-11 08:49696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-28 06:18 . 2012-05-10 23:5865309168----a-w-c:\windows\system32\MRT.exe
    2012-09-27 03:03 . 2012-06-12 15:42972192------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-09-25 05:16 . 2012-08-31 13:1495208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-08-31 13:14 . 2012-05-24 19:18746984----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-08-31 13:14 . 2012-05-24 19:18821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-08-31 04:03 . 2012-08-31 04:03228768----a-w-c:\windows\system32\drivers\MpFilter.sys
    2012-08-31 04:03 . 2012-03-21 02:44128456----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-24 11:15 . 2012-09-21 23:2817810944----a-w-c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-09-21 23:2810925568----a-w-c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-09-21 23:282312704----a-w-c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-09-21 23:281346048----a-w-c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-09-21 23:281392128----a-w-c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-09-21 23:281494528----a-w-c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-09-21 23:28237056----a-w-c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-09-21 23:2885504----a-w-c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-09-21 23:28173056----a-w-c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-09-21 23:28816640----a-w-c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-09-21 23:28599040----a-w-c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-09-21 23:282144768----a-w-c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-09-21 23:28729088----a-w-c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-09-21 23:2896768----a-w-c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-09-21 23:282382848----a-w-c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-09-21 23:28248320----a-w-c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-09-21 23:281800704----a-w-c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-09-21 23:281129472----a-w-c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-09-21 23:281427968----a-w-c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-09-21 23:28142848----a-w-c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-09-21 23:28420864----a-w-c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-09-21 23:282382848----a-w-c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-09-12 05:251913200----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 05:25376688----a-w-c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 05:25950128----a-w-c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 05:25288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01 . 2012-09-25 23:29245760----a-w-c:\windows\system32\OxpsConverter.exe
    2012-08-20 17:38 . 2012-10-10 00:3344032----a-w-c:\windows\apppatch\acwow64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Edward\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Edward\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Edward\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "CLMLServer"="e:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
    "P2Go_Menu"="e:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    "HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Edward\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;e:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2010-03-23 2061856]
    R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
    R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-14 29472]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
    R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2012-02-24 203320]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [2010-01-14 29472]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
    S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
    S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-03-16 517632]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-14 32544]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
    S3 RTCore64;RTCore64;e:\program files\MSI Afterburner\RTCore64.sys [2012-05-14 10568]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\DRIVERS\V0420Vid.sys [2007-05-31 107072]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 56734170
    *NewlyCreated* - ASWMBR
    *Deregistered* - 56734170
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 16:14451872----a-w-c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 00:31]
    .
    2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-520746939-1807251607-1607737609-1000Core.job
    - c:\users\Edward\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 22:56]
    .
    2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-520746939-1807251607-1607737609-1000UA.job
    - c:\users\Edward\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 22:56]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Edward\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Edward\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Edward\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Edward\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
    "LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://home.mytelus.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
    TCP: Interfaces\{635E6794-6207-43A0-A0BE-1283B169AC8A}: DhcpNameServer = 192.168.1.254 75.153.176.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-05 20:58:03
    ComboFix-quarantined-files.txt 2012-11-06 03:58
    .
    Pre-Run: 64,027,369,472 bytes free
    Post-Run: 63,953,350,656 bytes free
    .
    - - End Of File - - C78CB75F707CFE3DB15F05B40A7D3585
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,973   +271

    Looks good.

    Any current issues?

    ===============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. paymahn17

    paymahn17 TS Rookie Topic Starter

    No issues that I've noticed. Microsoft Security Essentials doesn't warn of anything on start up.


    OTL logfile created on: 05/11/2012 11:08:04 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads\Chrome
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    7.98 Gb Total Physical Memory | 6.35 Gb Available Physical Memory | 79.62% Memory free
    15.96 Gb Paging File | 14.25 Gb Available in Paging File | 89.25% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.69 Gb Total Space | 59.66 Gb Free Space | 53.42% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 576.86 Gb Free Space | 61.93% Space Free | Partition Type: NTFS

    Computer Name: NASTYMAGNUS | User Name: Edward | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/05 23:05:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Downloads\Chrome\OTL.exe
    PRC - [2012/10/26 12:17:52 | 000,079,384 | ---- | M] (Google) -- C:\Users\Edward\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Edward\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/05/14 02:28:36 | 000,405,832 | ---- | M] () -- E:\Program Files\MSI Afterburner\MSIAfterburner.exe
    PRC - [2011/06/13 01:36:54 | 000,922,240 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    PRC - [2010/12/01 19:15:14 | 000,915,584 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    PRC - [2010/11/20 05:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2010/10/21 02:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    PRC - [2008/07/18 18:52:16 | 000,104,936 | ---- | M] (CyberLink) -- E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/10/10 03:06:15 | 000,460,312 | ---- | M] () -- C:\Users\Edward\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
    MOD - [2012/10/10 03:06:13 | 012,435,992 | ---- | M] () -- C:\Users\Edward\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
    MOD - [2012/10/10 03:06:12 | 004,005,912 | ---- | M] () -- C:\Users\Edward\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
    MOD - [2012/10/10 03:04:57 | 000,578,072 | ---- | M] () -- C:\Users\Edward\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
    MOD - [2012/10/10 03:04:55 | 000,123,928 | ---- | M] () -- C:\Users\Edward\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
    MOD - [2012/10/10 03:04:44 | 000,156,712 | ---- | M] () -- C:\Users\Edward\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
    MOD - [2012/10/10 03:04:43 | 000,275,496 | ---- | M] () -- C:\Users\Edward\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
    MOD - [2012/10/10 03:04:42 | 002,168,360 | ---- | M] () -- C:\Users\Edward\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
    MOD - [2012/05/14 02:28:36 | 000,405,832 | ---- | M] () -- E:\Program Files\MSI Afterburner\MSIAfterburner.exe
    MOD - [2012/05/01 07:06:16 | 000,061,440 | ---- | M] () -- E:\Program Files\MSI Afterburner\RTMUI.dll
    MOD - [2012/05/01 07:06:10 | 000,335,872 | ---- | M] () -- E:\Program Files\MSI Afterburner\RTHAL.dll
    MOD - [2012/05/01 07:05:54 | 000,225,280 | ---- | M] () -- E:\Program Files\MSI Afterburner\RTCore.dll
    MOD - [2012/05/01 07:05:44 | 000,147,456 | ---- | M] () -- E:\Program Files\MSI Afterburner\RTUI.dll
    MOD - [2012/05/01 07:05:36 | 000,061,440 | ---- | M] () -- E:\Program Files\MSI Afterburner\RTFC.dll
    MOD - [2011/04/30 08:04:54 | 000,013,312 | ---- | M] () -- E:\Program Files\MSI Afterburner\RTTSH.dll
    MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2008/07/18 18:52:08 | 000,649,704 | ---- | M] () -- E:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
    MOD - [2008/06/09 08:55:08 | 000,013,096 | ---- | M] () -- E:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/10/31 17:22:53 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/10/09 17:31:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/05/15 03:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/12/09 13:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
    SRV - [2011/06/13 01:36:54 | 000,922,240 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe -- (asComSvc)
    SRV - [2010/12/01 19:15:14 | 000,915,584 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
    SRV - [2010/10/21 02:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/04/18 10:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/24 02:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd)
    DRV:64bit: - [2012/02/24 02:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
    DRV:64bit: - [2012/02/24 02:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/06/02 09:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2011/06/02 09:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/03/23 01:17:06 | 002,061,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
    DRV:64bit: - [2010/01/14 05:27:46 | 000,032,544 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
    DRV:64bit: - [2010/01/14 05:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
    DRV:64bit: - [2010/01/14 05:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
    DRV:64bit: - [2010/01/14 05:27:18 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN)
    DRV:64bit: - [2010/01/14 05:27:18 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
    DRV:64bit: - [2009/08/21 00:45:22 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2007/05/30 18:33:32 | 000,107,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\V0420Vid.sys -- (V0420VID)
    DRV - [2012/06/11 12:12:08 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2012/06/11 12:12:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2012/05/14 02:28:36 | 000,010,568 | ---- | M] () [Kernel | On_Demand | Running] -- E:\Program Files\MSI Afterburner\RTCore64.sys -- (RTCore64)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-520746939-1807251607-1607737609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mytelus.com
    IE - HKU\S-1-5-21-520746939-1807251607-1607737609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
    IE - HKU\S-1-5-21-520746939-1807251607-1607737609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 1A 83 E2 FF 2E CD 01 [binary data]
    IE - HKU\S-1-5-21-520746939-1807251607-1607737609-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-520746939-1807251607-1607737609-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-520746939-1807251607-1607737609-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...ae738fa46&lang=en&ds=st011&pr=sa&d=2012-05-12 16:12:20&v=11.0.0.9&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-520746939-1807251607-1607737609-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: E:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\\Program Files\\Trend Micro\\Titanium\\UIFramework\\Toolbar\\firefoxextension\\components\\npToolbarChrome.dll File not found
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Edward\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Edward\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Edward\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Edward\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\firefoxextension\


    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Edward\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Edward\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Edward\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Edward\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Edward\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    CHR - Extension: YouTube = C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Adblock Plus = C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3_0\
    CHR - Extension: Google Search = C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/11/05 20:57:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
    O2:64bit: - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [CLMLServer] E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [P2Go_Menu] E:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - Startup: C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Edward\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-520746939-1807251607-1607737609-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-520746939-1807251607-1607737609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DBE888D-F696-4460-9899-53121035148B}: DhcpNameServer = 192.168.42.129
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{635E6794-6207-43A0-A0BE-1283B169AC8A}: DhcpNameServer = 192.168.1.254 75.153.176.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78D336D9-DDAA-4A75-9F35-52FE2D7010BE}: DhcpNameServer = 192.168.1.254 75.153.176.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\tmbp - No CLSID value found
    O18:64bit: - Protocol\Handler\tmpx - No CLSID value found
    O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\tmbp - No CLSID value found
    O18 - Protocol\Handler\tmpx - No CLSID value found
    O18 - Protocol\Handler\tmtbim - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/05 23:04:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/05 20:58:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/11/05 20:58:04 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\temp
    [2012/11/05 20:54:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/05 20:54:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/05 20:54:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/05 20:54:32 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/05 20:54:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/05 20:52:53 | 004,997,488 | R--- | C] (Swearware) -- E:\Desktop\ComboFix.exe
    [2012/11/05 19:42:28 | 000,000,000 | ---D | C] -- E:\Desktop\RK_Quarantine
    [2012/11/05 19:17:27 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- E:\Desktop\TDSSKiller.exe
    [2012/11/04 16:37:22 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\fltk.org
    [2012/11/04 16:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
    [2012/11/04 16:37:21 | 000,000,000 | ---D | C] -- E:\My Documents\Amnesia
    [2012/11/03 17:25:22 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\Malwarebytes
    [2012/11/03 17:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/11/03 17:24:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/11/03 17:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/11/03 01:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
    [2012/11/03 01:12:12 | 000,000,000 | ---D | C] -- E:\Desktop\Blues on Whyte Concert
    [2012/11/01 23:11:00 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\Mozilla
    [2012/10/31 17:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    [2012/10/31 17:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
    [2012/10/23 19:23:42 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\LogMeIn Rescue Applet
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/05 23:09:23 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/05 23:09:23 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/05 23:04:21 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2012/11/05 23:04:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/05 22:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/11/05 22:11:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-520746939-1807251607-1607737609-1000UA.job
    [2012/11/05 21:11:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-520746939-1807251607-1607737609-1000Core.job
    [2012/11/05 20:57:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/05 20:53:06 | 004,997,488 | R--- | M] (Swearware) -- E:\Desktop\ComboFix.exe
    [2012/11/05 19:44:37 | 000,000,512 | ---- | M] () -- E:\Desktop\MBR.dat
    [2012/11/05 19:41:29 | 000,430,592 | ---- | M] () -- E:\Desktop\RogueKiller.exe
    [2012/11/05 18:03:43 | 000,741,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/11/05 18:03:43 | 000,639,436 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/11/05 18:03:43 | 000,113,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/11/04 16:08:35 | 000,000,215 | ---- | M] () -- E:\Desktop\Amnesia The Dark Descent.url
    [2012/11/03 17:24:50 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/02 17:07:12 | 000,000,213 | ---- | M] () -- E:\Desktop\Left 4 Dead 2.url
    [2012/11/02 16:48:33 | 000,035,566 | ---- | M] () -- E:\Desktop\Capture.PNG
    [2012/10/31 21:49:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- E:\Desktop\TDSSKiller.exe
    [2012/10/23 19:20:33 | 000,000,000 | -H-- | M] () -- E:\My Documents\Default.rdp
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/05 20:54:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/05 20:54:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/05 20:54:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/05 20:54:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/05 20:54:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/05 19:44:37 | 000,000,512 | ---- | C] () -- E:\Desktop\MBR.dat
    [2012/11/05 19:41:35 | 000,430,592 | ---- | C] () -- E:\Desktop\RogueKiller.exe
    [2012/11/04 16:08:35 | 000,000,215 | ---- | C] () -- E:\Desktop\Amnesia The Dark Descent.url
    [2012/11/03 17:24:50 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/02 17:07:12 | 000,000,213 | ---- | C] () -- E:\Desktop\Left 4 Dead 2.url
    [2012/11/02 16:48:33 | 000,035,566 | ---- | C] () -- E:\Desktop\Capture.PNG
    [2012/10/23 19:20:33 | 000,000,000 | -H-- | C] () -- E:\My Documents\Default.rdp
    [2012/07/12 16:46:30 | 000,000,179 | ---- | C] () -- C:\Users\Edward\Webmail.URL
    [2012/05/26 08:46:56 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2012/05/26 08:46:55 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2012/05/10 17:29:51 | 000,036,804 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2012/05/10 17:17:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/05/10 17:17:07 | 000,028,640 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2012/05/10 16:38:19 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/09/19 06:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
    [2011/03/02 06:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2011/03/02 06:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2011/03/02 06:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2011/03/02 06:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

    ========== ZeroAccess Check ==========

    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/09/28 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\Audacity
    [2012/10/28 21:16:52 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\BitTorrent
    [2012/11/05 23:04:24 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\Dropbox
    [2012/11/04 16:37:22 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\fltk.org
    [2012/05/22 13:49:59 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\Foxit Software
    [2012/11/04 18:43:01 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\MediaMonkey
    [2012/09/30 21:10:32 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\Mp3tag
    [2012/05/12 15:13:08 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\PowerISO
    [2012/07/12 16:45:17 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\Radialpoint
    [2012/05/21 19:30:39 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\Samsung
    [2012/07/12 16:45:39 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\TELUS
    [2012/05/26 11:22:47 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\Temp

    ========== Purity Check ==========



    < End of report >
     
  14. paymahn17

    paymahn17 TS Rookie Topic Starter

    OTL Extras logfile created on: 05/11/2012 11:08:04 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads\Chrome
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    7.98 Gb Total Physical Memory | 6.35 Gb Available Physical Memory | 79.62% Memory free
    15.96 Gb Paging File | 14.25 Gb Available in Paging File | 89.25% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.69 Gb Total Space | 59.66 Gb Free Space | 53.42% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 576.86 Gb Free Space | 61.93% Space Free | Partition Type: NTFS

    Computer Name: NASTYMAGNUS | User Name: Edward | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{228A9E1B-4187-424D-9E4A-40D6C0F7BA23}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{46EB10BA-DC07-4346-A51A-373CE5BB7A39}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{4B7913A7-3952-4EAA-B671-1E9DA7CA8B38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6D9E46D0-C942-4E25-89FB-9B80E580D77E}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{833F341B-727F-4098-9E84-472BAE63FBC5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8AA6F927-7F1D-45DD-9266-D0516B4CDEF7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{9A7AD0F0-E1AF-48B6-81EE-7B398FDABE3B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{B1CFB0DE-52B6-4880-8AB4-EC9A8D8CD38E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BEB21B1E-AF5C-4E10-AFC5-386010E3759B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{D7AB8091-1A84-4829-B084-B3DCBC5CCCD3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F6022F85-0483-41D0-8BDA-89EDF895758D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{10E08FAB-3EA8-493B-B22D-54D4ED38F09C}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
    "{1984474F-4FA4-4613-A811-D9BBE595B1F1}" = dir=in | app=e:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{224E246E-3181-4AB4-BE10-0BE4ADF8FCD2}" = protocol=17 | dir=in | app=e:\program files\steam\steam.exe |
    "{28C04C28-0C0C-486A-9470-F324AAEF2EBB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{29B00038-0E5D-42B8-83D3-00733079D628}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
    "{2D15D6D3-58DA-48E1-9EC5-B365063B91C5}" = protocol=6 | dir=in | app=c:\users\edward\appdata\roaming\dropbox\bin\dropbox.exe |
    "{30E3BCE7-ED8C-408A-930E-FDE9C12E3882}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
    "{33843A65-17C3-45C6-81D4-A4BD10DF4EAB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
    "{361ED33C-C4C9-4D3D-9735-D1E5317AFE9E}" = dir=in | app=e:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{36389547-2E30-4644-8CBC-973C7D500C35}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{384E9F1E-14EA-4B3E-AB0C-83DAD640BA62}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
    "{3AF8113F-18F1-4407-A356-C9163ECD761D}" = dir=in | app=e:\program files\hp\hp software update\hpwucli.exe |
    "{3FF70A06-D9E2-49C6-956E-7F8173134B00}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{42F97588-2BFE-4CEC-BB72-569FFF663BDC}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe |
    "{49BB839A-FBDE-4695-AE72-07B8815A23F3}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{4C00028B-DCFE-4A9C-8633-137B7D15C957}" = dir=in | app=e:\program files\hp\digital imaging\bin\hpqcopy2.exe |
    "{55D2EDE9-6C50-492F-9A8F-41A211A18A2F}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{5B85D996-76AC-4766-ACA6-4B4EF978C2C8}" = dir=in | app=e:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{5FA9BB26-709D-48D0-A10F-C8DF9E070F0D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
    "{60A65968-F27E-416D-B68B-98AEA3E37691}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
    "{60D574EA-C34C-4069-B884-1EB603AD5F36}" = dir=in | app=e:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{61156618-9883-4DA2-ADD7-F52A14A6D408}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{63A17992-0B85-4FE9-9621-45BC5CA84BA5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{704BAA5B-9AE7-4F66-A49A-E81D2AE009B3}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe |
    "{7E51F6A2-9ED0-4EAF-A18A-2BE96DF1AFD6}" = dir=in | app=e:\program files\skype\phone\skype.exe |
    "{7F2EF88F-6919-448B-A2AF-06DF8D53CAEA}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
    "{8B98C90B-4C4A-4A32-8E19-C6C1127205E8}" = protocol=17 | dir=in | app=e:\program files\bittorrent\bittorrent.exe |
    "{8BA5FAF4-4A23-46BA-8D9A-6CB384E77C57}" = protocol=6 | dir=in | app=e:\program files\steam\steam.exe |
    "{8FD44305-D6F7-4ABA-AC2C-95D5362A26D5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{96184FC4-3D99-475F-9FEE-6E2EADCBAA8B}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{9E0F920C-88A8-4BED-AE51-A5E43C5955B6}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
    "{A1F1DF37-EDD9-4702-819D-FAEEEE30BC95}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{B12A8A92-62E7-41EC-A03C-F542F133E354}" = dir=in | app=e:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{BA392751-65B3-417B-883D-5645757DB82F}" = protocol=17 | dir=in | app=c:\users\edward\appdata\roaming\dropbox\bin\dropbox.exe |
    "{C0FC9FA4-4BA8-4CB5-977C-C1787DA526B6}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{D317DFB6-2676-48A5-B112-8AB3B6D9B04B}" = dir=in | app=e:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{E457BB9E-2B33-422D-A9C2-7C626FD6CC49}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{E8A50E5C-1458-4B47-8C4F-87D9B7003574}" = protocol=6 | dir=in | app=e:\program files\bittorrent\bittorrent.exe |
    "{EFA8D45F-E239-40F1-8828-0C6CEF2AF011}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{EFDC1063-5F05-45CB-B32A-FE4B31B799AC}" = dir=in | app=e:\program files\hp\digital imaging\bin\hposid01.exe |
    "{F27936EF-5131-4E49-A8F8-E70BB7AA915D}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{FD061B82-8FEB-4999-BD16-C6F006E7A73E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{FD972986-B2AF-4414-AB15-3B6E1B207AFF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
    "{FE2F4C1B-DB83-4826-ABCF-357120516E64}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
    "TCP Query User{14D1C161-10F7-41A5-BCF4-C58D685D9F37}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
    "TCP Query User{15665406-D4D1-4783-A0FA-052B6512845A}E:\downloads\chrome\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=e:\downloads\chrome\starcraft_2_na_en-us.exe |
    "TCP Query User{20B6FC6E-D25C-4BEC-A33B-914A077D7048}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
    "TCP Query User{2848775C-CD4F-44F3-8520-34A228E54A18}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
    "TCP Query User{4AD7F715-258E-40EC-BD62-0C115E2C04BE}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
    "TCP Query User{53606A8C-369F-4F04-A641-F1166C26DC46}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "TCP Query User{6A6578AB-44B0-42F0-8C40-9EF74E5B0B52}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |
    "TCP Query User{77B160F9-D76A-4A2C-BBC5-5F6C6BD5FAF6}E:\downloads\chrome\diablo-iii-8370-engb-installer-downloader.exe" = protocol=6 | dir=in | app=e:\downloads\chrome\diablo-iii-8370-engb-installer-downloader.exe |
    "TCP Query User{857F38A4-A03E-40F9-9DB8-37668B572F2E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "TCP Query User{A1EE67B7-C84A-499C-9935-C1FBA295F24E}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
    "TCP Query User{DEBBDBB8-74E4-4DAA-8DDC-E2DCFB6215F9}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
    "TCP Query User{EB51D97E-CE6E-4E6E-84BF-71F61B7135C0}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "TCP Query User{EF831B1B-B48C-4985-9AAF-FE24361D7C48}C:\users\edward\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\edward\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{F8DB59EB-89BA-476E-8195-3BF140FD22A0}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "UDP Query User{081FB24E-8EFC-40D6-9DCF-B44D7B96C59C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "UDP Query User{0E6BC4C4-A716-4545-8987-9DF9C2553B50}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
    "UDP Query User{3F77D3FE-CF01-4FD3-9356-5D7376CB2E66}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "UDP Query User{60E5D1B7-B87F-4F4C-B918-3906120B0F7D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "UDP Query User{72C79CDE-C6FE-4FCE-A133-A6B7DC2F226E}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
    "UDP Query User{73168D1E-E1E1-4CC9-ACF3-7432F136280A}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
    "UDP Query User{77054561-1B77-45F7-B4FB-15559390B506}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
    "UDP Query User{808AFF9B-8F0E-4ACF-AC40-4D7014C2E6D3}C:\users\edward\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\edward\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{9A4A5792-5F9D-4D14-94CA-29ECB280F595}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
    "UDP Query User{C27CE965-F4FC-4F55-8EA1-48EB411B632C}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |
    "UDP Query User{D0B77933-E32C-4DF7-88FC-E4C4A48DDE4F}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "UDP Query User{E1BE53C8-5156-481B-9565-35AC0799DCD2}E:\downloads\chrome\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=e:\downloads\chrome\starcraft_2_na_en-us.exe |
    "UDP Query User{E253065C-12D0-4A17-BC92-25EE971E3DDA}E:\downloads\chrome\diablo-iii-8370-engb-installer-downloader.exe" = protocol=17 | dir=in | app=e:\downloads\chrome\diablo-iii-8370-engb-installer-downloader.exe |
    "UDP Query User{E3DDA202-4A94-49B1-A3B0-2DF54160CCD1}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}" = Microsoft LifeChat
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "CCleaner" = CCleaner
    "Creative VF0420" = Creative Live! Cam Vista IM Driver (1.00.03.0000)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "WinRAR archiver" = WinRAR 4.20 beta 1 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0029483A-811E-490D-8669-B0DDED74584B}" = RPS CRT
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.3.0
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
    "{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{D09626A1-E4AA-415B-87AA-3C0F300B32EA}" = RPS CADR
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
    "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Afterburner" = MSI Afterburner 2.2.1
    "BitTorrent" = BitTorrent
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Diablo III" = Diablo III
    "Foxit Reader_is1" = Foxit Reader
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "MediaMonkey_is1" = MediaMonkey 4.0
    "Mp3tag" = Mp3tag v2.52
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Picasa 3" = Picasa 3
    "StarCraft II" = StarCraft II
    "Steam App 550" = Left 4 Dead 2
    "Steam App 57300" = Amnesia: The Dark Descent
    "VLC media player" = VLC media player 2.0.2

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-520746939-1807251607-1607737609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "MyFreeCodec" = MyFreeCodec

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 02/09/2012 10:40:30 PM | Computer Name = NastyMagnus | Source = Application Hang | ID = 1002
    Description = The program BitTorrent.exe version 7.6.1.27208 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: fc8 Start
    Time: 01cd897ce7f30760 Termination Time: 3 Application Path: E:\Program Files\BitTorrent\BitTorrent.exe
    Report
    Id: b816c20f-f570-11e1-90ad-c860006ca0a1

    Error - 02/09/2012 10:50:07 PM | Computer Name = NastyMagnus | Source = Application Hang | ID = 1002
    Description = The program BitTorrent.exe version 7.6.1.27208 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 102c Start
    Time: 01cd897d7dda54e8 Termination Time: 3 Application Path: E:\Program Files\BitTorrent\BitTorrent.exe
    Report
    Id: 0d057656-f572-11e1-90ad-c860006ca0a1

    Error - 28/09/2012 10:22:13 PM | Computer Name = NastyMagnus | Source = Application Hang | ID = 1002
    Description = The program MediaMonkey.exe version 4.0.6.1501 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 710 Start
    Time: 01cd9dd09305a3ba Termination Time: 7 Application Path: C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
    Report
    Id: 791daa56-09dc-11e2-afae-c860006ca0a1

    Error - 01/10/2012 9:48:33 PM | Computer Name = NastyMagnus | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "E:\Downloads\Chrome\SoftonicDownloader_for_shape-collage.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error - 11/10/2012 10:52:42 PM | Computer Name = NastyMagnus | Source = Application Hang | ID = 1002
    Description = The program BitTorrent.exe version 7.6.1.27208 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: ddc Start
    Time: 01cda8209a0dbd80 Termination Time: 3 Application Path: E:\Program Files\BitTorrent\BitTorrent.exe
    Report
    Id: e2e1057f-1417-11e2-ab91-c860006ca0a1

    Error - 24/10/2012 9:59:22 PM | Computer Name = NastyMagnus | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "E:\$RECYCLE.BIN\S-1-5-21-520746939-1807251607-1607737609-1000\$R7H22MO.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error - 01/11/2012 2:22:09 AM | Computer Name = NastyMagnus | Source = Application Error | ID = 1000
    Description = Faulting application name: Steam.exe, version: 1.0.1446.623, time
    stamp: 0x5004ae1a Faulting module name: Steam.dll_unloaded, version: 0.0.0.0, time
    stamp: 0x5032c95c Exception code: 0xc0000005 Fault offset: 0x30204396 Faulting process
    id: 0xca4 Faulting application start time: 0x01cdb7f935629195 Faulting application
    path: E:\Program Files\Steam\Steam.exe Faulting module path: Steam.dll Report Id:
    76d9fdf5-23ec-11e2-abf1-c860006ca0a1

    Error - 01/11/2012 2:22:12 AM | Computer Name = NastyMagnus | Source = Application Error | ID = 1000
    Description = Faulting application name: Steam.exe, version: 1.0.1446.623, time
    stamp: 0x5004ae1a Faulting module name: Steam.dll_unloaded, version: 0.0.0.0, time
    stamp: 0x5032c95c Exception code: 0xc0000005 Fault offset: 0x300c33ce Faulting process
    id: 0xca4 Faulting application start time: 0x01cdb7f935629195 Faulting application
    path: E:\Program Files\Steam\Steam.exe Faulting module path: Steam.dll Report Id:
    78b2203f-23ec-11e2-abf1-c860006ca0a1

    Error - 05/11/2012 3:59:11 PM | Computer Name = NastyMagnus | Source = Application Error | ID = 1000
    Description = Faulting application name: Amnesia.exe, version: 0.0.0.0, time stamp:
    0x4db7bc06 Faulting module name: wrap_oal.dll, version: 2.2.0.5, time stamp: 0x4a25c811
    Exception
    code: 0x40000015 Fault offset: 0x000483a1 Faulting process id: 0xc78 Faulting application
    start time: 0x01cdbb7fed7e05aa Faulting application path: E:\Program Files\Steam\steamapps\common\Amnesia
    The Dark Descent\Amnesia.exe Faulting module path: E:\Program Files\Steam\steamapps\common\Amnesia
    The Dark Descent\wrap_oal.dll Report Id: 43e489e4-2783-11e2-ac22-c860006ca0a1

    Error - 05/11/2012 3:59:26 PM | Computer Name = NastyMagnus | Source = Application Error | ID = 1000
    Description = Faulting application name: Amnesia.exe, version: 0.0.0.0, time stamp:
    0x4db7bc06 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x000222b2 Faulting process id:
    0xc78 Faulting application start time: 0x01cdbb7fed7e05aa Faulting application path:
    E:\Program Files\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe Faulting
    module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 4ccf3b41-2783-11e2-ac22-c860006ca0a1

    [ System Events ]
    Error - 26/08/2012 2:48:54 AM | Computer Name = NastyMagnus | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 26/08/2012 9:44:14 AM | Computer Name = NastyMagnus | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 26/08/2012 9:44:14 AM | Computer Name = NastyMagnus | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 26/08/2012 12:31:14 PM | Computer Name = NastyMagnus | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 26/08/2012 12:31:14 PM | Computer Name = NastyMagnus | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 26/08/2012 12:37:58 PM | Computer Name = NastyMagnus | Source = ipnathlp | ID = 30013
    Description =

    Error - 26/08/2012 12:38:01 PM | Computer Name = NastyMagnus | Source = ipnathlp | ID = 34001
    Description =

    Error - 26/08/2012 12:38:25 PM | Computer Name = NastyMagnus | Source = ipnathlp | ID = 31004
    Description =

    Error - 26/08/2012 12:38:25 PM | Computer Name = NastyMagnus | Source = ipnathlp | ID = 34001
    Description =

    Error - 26/08/2012 12:38:25 PM | Computer Name = NastyMagnus | Source = ipnathlp | ID = 30013
    Description =


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 47,973   +271

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
      O2:64bit: - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      [2012/11/03 01:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. paymahn17

    paymahn17 TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    C:\ProgramData\Ask\APN-Stub\FF folder moved successfully.
    C:\ProgramData\Ask\APN-Stub folder moved successfully.
    C:\ProgramData\Ask folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Edward
    ->Temp folder emptied: 3398 bytes
    ->Temporary Internet Files folder emptied: 36284260 bytes
    ->Java cache emptied: 948521 bytes
    ->Google Chrome cache emptied: 437421082 bytes
    ->Flash cache emptied: 5085 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 200704 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5758 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 453.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Edward
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Edward
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11062012_184330

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...




    Results of screen317's Security Check version 0.99.54
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    JavaFX 2.1.0
    Java 7 Update 9
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````





    Farbar Service Scanner Version: 07-11-2012
    Ran by Edward (administrator) on 06-11-2012 at 18:48:21
    Running from "E:\Downloads\Chrome"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    Other Services:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    **** End of log ****
     
  17. paymahn17

    paymahn17 TS Rookie Topic Starter

    # AdwCleaner v2.007 - Logfile created 11/06/2012 at 18:49:22
    # Updated 06/11/2012 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : Edward - NASTYMAGNUS
    # Boot Mode : Normal
    # Running from : E:\Downloads\Chrome\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : E:\My Documents\Software

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\PIP
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Google Chrome v22.0.1229.94

    File : C:\Users\Edward\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [1602 octets] - [06/11/2012 18:49:22]

    ########## EOF - C:\AdwCleaner[S1].txt - [1662 octets] ##########
     
  18. paymahn17

    paymahn17 TS Rookie Topic Starter

    E:\Desktop\Old Downloads\Windows 7 Ultimate Fully Activated Genuine x86 x64 - Team ! M-J-R !\Windows 7 Loader.zipa variant of Win32/HackKMS.A applicationdeleted - quarantined
     
  19. Broni

    Broni Malware Annihilator Posts: 47,973   +271

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
     
  20. paymahn17

    paymahn17 TS Rookie Topic Starter

    Woah great job! I accidentally cleaned up with OTL before posting the log from removing restore points. it went smoothly though. Is it worth going back and repeating? Thanks for the advice as well. I definitely don't give computer maintenance the attention that I used to. You've been a big help!
     
  21. Broni

    Broni Malware Annihilator Posts: 47,973   +271

    You did just fine.

    Way to go!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.