Solved Svchost outbound blocked by MBAM

R

Ryan Sam

Posts: 48   +0
I just recently tried to solve this issue on the Malwarebytes forum and they tried and could not figure out what is causing svchost to constantly connect to 2 different Ip addresses.
here is the link for background info
http://forums.malwarebytes.org/index.php?showtopic=110580&hl=&fromsearch=1

But here is my DDS scan


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ryan at 20:06:14 on 2012-06-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5569 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\ExpressGateUtil\VAWinService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SmartTechnology\Software\SaiMfd.exe
C:\Program Files\SmartTechnology\Software\ProfilerU.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
E:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
E:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - Google Dictionary Compression sdch
BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java(tm) Plug-In 2 SSV Helper
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
mRun: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MBAMEX~1.LNK - E:\Malwarebytes' Anti-Malware\mbam.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\2456C6B696E6E253245383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\259716E67237 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\35A736A7560716E6F67737B696 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\54D6562716C646F416B6D27657563747 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{D6BE5DCB-C901-4BB2-8C87-2317C064D9A7}\8497164747023427F677E6023456E6475627 : DhcpNameServer = 4.2.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Google Dictionary Compression sdch
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - Java(tm) Plug-In 2 SSV Helper
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\system32\DRIVERS\vsflt61.sys --> C:\Windows\system32\DRIVERS\vsflt61.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 MBAMService;MBAMService;E:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-31 654408]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-11-30 1262400]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-3-16 531328]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-16 2655768]
R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SaiK0CCB;SaiK0CCB;C:\Windows\system32\DRIVERS\SaiK0CCB.sys --> C:\Windows\system32\DRIVERS\SaiK0CCB.sys [?]
R3 SaiU0CCB;SaiU0CCB;C:\Windows\system32\DRIVERS\SaiU0CCB.sys --> C:\Windows\system32\DRIVERS\SaiU0CCB.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-16 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 257224]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-4-16 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-16 79360]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-5-11 1432400]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-1-6 130976]
S3 iDispService;iDispService;C:\Windows\system32\DRIVERS\idisplayminiport.sys --> C:\Windows\system32\DRIVERS\idisplayminiport.sys [?]
S3 libusb0;libusb-win32 - Kernel Driver 02/04/2012 0.0.0.0;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-14 03:50:57927800----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-14 03:50:57927800----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D44A2B00-2FA0-4744-90F0-37D196CF6029}\gapaengine.dll
2012-06-14 03:50:338955792----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{010507AE-B481-45DA-B55E-E77D3B76C7C9}\mpengine.dll
2012-06-10 23:48:388955792----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-06 03:11:40--------d-----w-C:\Users\Ryan\AppData\Local\backburner
2012-06-04 23:02:06--------d-----w-C:\$RECYCLE.BIN
2012-06-03 02:04:56--------d-----w-C:\Program Files (x86)\ESET
2012-06-01 21:00:11--------d-----w-C:\Program Files (x86)\Microsoft Security Client
2012-06-01 21:00:09--------d-----w-C:\Program Files\Microsoft Security Client
2012-06-01 04:52:51--------d-----w-C:\TDSSKiller_Quarantine
2012-05-31 16:25:47--------d-----w-C:\Users\Ryan\AppData\Roaming\Malwarebytes
2012-05-31 16:25:40--------d-----w-C:\ProgramData\Malwarebytes
2012-05-31 16:25:3924904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-05-31 00:07:26--------d-----w-C:\Windows\System32\wbem\Logs
.
==================== Find3M ====================
.
2012-06-14 03:44:1170344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 03:44:11426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-04 23:05:4945056----a-w-C:\Windows\System32\acovcnt.exe
2012-05-18 02:06:482311680----a-w-C:\Windows\System32\jscript9.dll
2012-05-18 01:59:141392128----a-w-C:\Windows\System32\wininet.dll
2012-05-18 01:58:391494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:302382848----a-w-C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:371800192----a-w-C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:471129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:391427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-05-15 09:29:47889664----a-w-C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:4663296----a-w-C:\Windows\System32\nvshext.dll
2012-05-15 09:29:462561856----a-w-C:\Windows\System32\nvsvcr.dll
2012-05-15 09:29:46118080----a-w-C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:253149632----a-w-C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:426151488----a-w-C:\Windows\System32\nvcpl.dll
2012-05-15 07:21:50423744----a-w-C:\Windows\SysWow64\nvStreaming.exe
2012-05-15 01:32:333146752----a-w-C:\Windows\System32\win32k.sys
2012-05-05 02:53:198744608----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:225559664----a-w-C:\Windows\System32\ntoskrnl.exe
2012-05-04 11:00:43366592----a-w-C:\Windows\System32\qdvd.dll
2012-05-04 10:03:533968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:503913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54514560----a-w-C:\Windows\SysWow64\qdvd.dll
2012-05-01 05:40:20209920----a-w-C:\Windows\System32\profsvc.dll
2012-04-29 23:11:514608----a-w-C:\Windows\SysWow64\adesk_patcher64.exe
2012-04-28 03:55:21210944----a-w-C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:5677312----a-w-C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55149504----a-w-C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:279216----a-w-C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37184320----a-w-C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37140288----a-w-C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:361462272----a-w-C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:421158656----a-w-C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2012-04-18 17:08:0831040----a-w-C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03188736----a-w-C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:021451840----a-w-C:\Windows\System32\nvhdagenco6420103.dll
2012-04-16 00:22:24750488----a-w-C:\Windows\System32\npdeployJava1.dll
2012-04-16 00:22:24660368----a-w-C:\Windows\System32\deployJava1.dll
2012-04-07 12:31:403216384----a-w-C:\Windows\System32\msi.dll
2012-04-07 11:26:292342400----a-w-C:\Windows\SysWow64\msi.dll
2012-04-04 18:02:021285216----a-w-C:\Windows\System32\drivers\tdrpman.sys
2012-04-04 18:02:00986208----a-w-C:\Windows\System32\drivers\timntr.sys
2012-04-04 18:01:55211040----a-w-C:\Windows\System32\drivers\vididr.sys
2012-04-04 18:01:53142944----a-w-C:\Windows\System32\drivers\vsflt61.sys
2012-04-04 18:01:51310368----a-w-C:\Windows\System32\drivers\snapman.sys
2012-04-04 18:01:50133728----a-w-C:\Windows\System32\drivers\fltsrv.sys
2012-04-03 19:19:10224048----a-w-C:\Windows\System32\drivers\VBoxDrv.sys
2012-04-03 19:19:10166192----a-w-C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-04-03 19:19:10147248----a-w-C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-04-03 19:19:10130864----a-w-C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-04-03 19:19:08320816----a-w-C:\Windows\System32\VBoxNetFltNobj.dll
2012-03-30 11:35:471918320----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-03-26 05:36:371817088----a-w-C:\Windows\SysWow64\Mcx2Svc.dll
2012-03-23 03:19:22726016----a-w-C:\Windows\SysWow64\7z.dll
2012-03-21 01:44:1298688----a-w-C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12203888----a-w-C:\Windows\System32\drivers\MpFilter.sys
2012-03-17 07:58:5775120----a-w-C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 20:06:30.70 ===============
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Here is my MBAM log

techspMalwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.14.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ryan :: TERMINATOR [administrator]

Protection: Enabled

6/15/2012 11:32:13 AM
mbam-log-2012-06-15 (11-32-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227790
Time elapsed: 1 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
MY DDS post is in the first post so here is my Attach.txt.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/11/2011 7:30:23 AM
System Uptime: 6/15/2012 11:27:32 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | G73Sw
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 677 GiB total, 507.393 GiB free.
E: is FIXED (NTFS) - 699 GiB total, 495.338 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP360: 6/5/2012 9:44:56 PM - Removed Autodesk Maya 2011 64-bit
RP361: 6/5/2012 9:47:16 PM - Removed Autodesk Maya 2011 64-bit
RP362: 6/5/2012 9:55:07 PM - Removed Composite 2011 (64-bit)
RP363: 6/5/2012 10:08:33 PM - Removed Autodesk MatchMover 2012 64-bit.
RP364: 6/5/2012 10:09:29 PM - Removed Autodesk Maya 2011 English Documentation 64-bit
RP365: 6/5/2012 10:10:38 PM - Removed Autodesk MatchMover 2011 64-bit.
RP366: 6/5/2012 10:11:23 PM - Removed Autodesk Backburner 2012.0.0
RP367: 6/9/2012 12:41:21 PM - Windows Update
RP368: 6/13/2012 10:49:28 PM - Windows Update
RP369: 6/14/2012 8:03:07 PM - Removed Adobe Acrobat X Pro - English, Français, Deutsch.
.
==== Installed Programs ======================
.
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
ACER ICONIA TAB Driver Installation
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Media Player
Age of Empires II - the Conquerors WideScreen Patcher
Algodoo v2.0.0
Android SDK Tools
ASUS AI Recovery
ASUS Live Update
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
Asus_G73_Screensaver
ATK Package
Autodesk Material Library 2013
Autodesk Material Library Base Resolution Image Library 2013
Autodesk Material Library Medium Resolution Image Library 2013
Battlefield 3™
CodeBlocks
Combined Community Codec Pack 2011-07-30
Complemento Messenger
Complément Messenger
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink Power2Go
D3DX10
Dead Island
Diablo III
DirectX 9 Runtime
Dungeon Defenders
ESET Online Scanner v3
ExpressGate Cloud
Futuremark SystemInfo
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
GameRanger
Google Chrome
Google Update Helper
GTA San Andreas
Heroes of Newerth
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
ImgBurn
Infovox Desktop 2.2
inSSIDer
Intel(R) Control Center
Intel(R) Management Engine Components
Junk Mail filter update
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
Left 4 Dead 2 Authoring Tools
Left 4 Dead 2 Dedicated Server
Lernout & Hauspie TruVoice American English TTS Engine
LogMeIn Hamachi
Loquendo TTS 7 Elizabeth Multimedia High Quality
Loquendo TTS 7 Engine Full Distribution
Loquendo TTS 7 English
Loquendo TTS 7 SDK Distribution
Loquendo TTS 7 Simon Multimedia High Quality
Loquendo TTS 7 Steven Multimedia High Quality
Malwarebytes Anti-Malware version 1.61.0.1400
ManyCam 2.6.43 (remove only)
Mesh Runtime
Messenger ????
Messenger ?????
Messenger Companion
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSI Afterburner 2.1.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB973685)
Notepad++
Nuance PDF Reader
NVIDIA 3D Vision Controller Driver
NVIDIA OptiX 2.1.0
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Origin
PDF Settings CS5
PunkBuster Services
PxMergeModule
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
RIFT
Roxio AACS Certificate
Roxio Activation Module
Roxio CinePlayer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SixaxisPairTool 0.2.3
Sony RAW Driver
Splashtop Streamer
Steam
TeamSpeak 3 Client
Terraria v1.1.1
TextToWav 1.5 beta
The Elder Scrolls V: Skyrim
the Ultimate Apocalypse (UA) Complete Collection
THX TruStudio
Tyranid Mod 0.5b1 for Soulstorm
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VT-Julie-M16-SAPI5
VT-Kate-M16-SAPI5
VT-Paul-M16-SAPI5
Warhammer 40,000: Dawn of War Gold Edition
Warhammer 40,000: Dawn of War – Dark Crusade
Warhammer 40,000: Dawn of War – Soulstorm
Warhammer 40,000: Dawn of War – Winter Assault
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
World of Warcraft
Xilisoft Video Converter Ultimate
.
==== Event Viewer Messages From Past Week ========
.
6/9/2012 3:23:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
6/9/2012 3:23:06 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/9/2012 3:22:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/9/2012 3:19:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
6/9/2012 3:17:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
6/9/2012 3:14:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
6/9/2012 3:13:56 PM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
6/15/2012 11:38:37 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1941.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/15/2012 11:27:53 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
6/15/2012 11:27:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
6/15/2012 11:27:51 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/13/2012 11:00:49 PM, Error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/13/2012 10:41:21 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/13/2012 10:41:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/13/2012 10:41:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/13/2012 10:41:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/13/2012 10:41:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/13/2012 10:41:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/13/2012 10:41:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/13/2012 10:41:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ATKWMIACPIIO DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VBoxDrv VBoxUSBMon vwififlt Wanarpv6 WfpLwf ws2ifsl
6/13/2012 10:41:06 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/13/2012 10:41:06 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/13/2012 10:41:06 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/13/2012 10:41:06 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/13/2012 10:41:06 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/13/2012 10:41:06 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/13/2012 10:41:06 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/13/2012 10:41:06 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/13/2012 10:41:06 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/13/2012 10:41:06 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIOLegacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/13/2012 10:41:06 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================
When I opened the GMER it did its scan and I saved the log but nothing is in the log. Do I actually press scan when the program opens up?
 
Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

==============================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive1 at offset 0x00000005`5f500000

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive1 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
aswMBR is doing its scan right now and it did find 1 item so far the Sirefef-YG virus. Finally a program that found it. Ill post the log as soon as it is done. Thanks for the program!!!
 
Here is my aswMBR log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-15 12:02:34
-----------------------------
12:02:34.412 OS Version: Windows x64 6.1.7601 Service Pack 1
12:02:34.412 Number of processors: 8 586 0x2A07
12:02:34.412 ComputerName: TERMINATOR UserName: Ryan
12:02:36.282 Initialize success
12:13:44.965 AVAST engine defs: 12061500
12:15:15.997 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:15:15.999 Disk 0 Vendor: ST975042 0002 Size: 715404MB BusType: 3
12:15:16.001 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
12:15:16.003 Disk 1 Vendor: ST750LX0 SM12 Size: 715404MB BusType: 3
12:15:16.009 Disk 1 MBR read successfully
12:15:16.012 Disk 1 MBR scan
12:15:16.016 Disk 1 Windows 7 default MBR code
12:15:16.018 Disk 1 Partition 1 00 1B Hidd FAT32 MSDOS5.0 22004 MB offset 2048
12:15:16.023 Disk 1 Partition 2 80 (A) 07 HPFS/NTFS NTFS 693397 MB offset 45066240
12:15:16.067 Disk 1 scanning C:\Windows\system32\drivers
12:15:23.383 Service scanning
12:15:34.705 Service Mcx2Svc C:\Windows\SysWOW64\Mcx2Svc.dll **INFECTED** Win32:Sirefef-YG [Trj]
12:15:47.088 Modules scanning
12:15:47.095 Disk 1 trace - called modules:
12:15:47.101 ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt61.sys ACPI.sys iaStor.sys hal.dll
12:15:47.113 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007845060]
12:15:47.122 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80076fed10]
12:15:47.127 5 vsflt61.sys[fffff88000f550fd] -> nt!IofCallDriver -> [0xfffffa800721fac0]
12:15:47.143 7 ACPI.sys[fffff88000ed77a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800721c050]
12:15:48.914 AVAST engine scan C:\Windows
12:15:52.122 AVAST engine scan C:\Windows\system32
12:18:52.006 AVAST engine scan C:\Windows\system32\drivers
12:19:00.854 AVAST engine scan C:\Users\Ryan
12:21:57.961 AVAST engine scan C:\ProgramData
12:23:23.046 Scan finished successfully
12:30:10.216 Disk 1 MBR has been saved successfully to "C:\Users\Ryan\Desktop\MBR.dat"
12:30:10.220 The log file has been saved successfully to "C:\Users\Ryan\Desktop\aswMBR.txt"
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Here is the log from TDSSkiller.

Also do you want me to press fix on aswMBR or wait?


Part 1
12:55:54.0693 6636TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
12:55:54.0992 6636============================================================
12:55:54.0992 6636Current date / time: 2012/06/15 12:55:54.0992
12:55:54.0992 6636SystemInfo:
12:55:54.0992 6636
12:55:54.0992 6636OS Version: 6.1.7601 ServicePack: 1.0
12:55:54.0992 6636Product type: Workstation
12:55:54.0992 6636ComputerName: TERMINATOR
12:55:54.0992 6636UserName: Ryan
12:55:54.0992 6636Windows directory: C:\Windows
12:55:54.0992 6636System windows directory: C:\Windows
12:55:54.0992 6636Running under WOW64
12:55:54.0992 6636Processor architecture: Intel x64
12:55:54.0992 6636Number of processors: 8
12:55:54.0992 6636Page size: 0x1000
12:55:54.0992 6636Boot type: Normal boot
12:55:54.0992 6636============================================================
12:55:55.0602 6636Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:55:55.0607 6636Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:55:55.0646 6636============================================================
12:55:55.0647 6636\Device\Harddisk0\DR0:
12:55:55.0647 6636MBR partitions:
12:55:55.0647 6636\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
12:55:55.0647 6636\Device\Harddisk1\DR1:
12:55:55.0648 6636MBR partitions:
12:55:55.0648 6636\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x2AFA800, BlocksNum 0x54A4A800
12:55:55.0648 6636============================================================
12:55:55.0672 6636C: <-> \Device\Harddisk1\DR1\Partition0
12:55:55.0729 6636E: <-> \Device\Harddisk0\DR0\Partition0
12:55:55.0729 6636============================================================
12:55:55.0729 6636Initialize success
12:55:55.0729 6636============================================================
12:56:15.0039 6872============================================================
12:56:15.0039 6872Scan started
12:56:15.0039 6872Mode: Manual; TDLFS;
12:56:15.0039 6872============================================================
12:56:15.0508 68721394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:56:15.0511 68721394ohci - ok
12:56:15.0539 6872ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:56:15.0541 6872ACPI - ok
12:56:15.0544 6872AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:56:15.0544 6872AcpiPmi - ok
12:56:15.0623 6872AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:56:15.0625 6872AdobeFlashPlayerUpdateSvc - ok
12:56:15.0668 6872adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:56:15.0674 6872adp94xx - ok
12:56:15.0699 6872adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:56:15.0714 6872adpahci - ok
12:56:15.0728 6872adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:56:15.0730 6872adpu320 - ok
12:56:15.0738 6872AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:56:15.0739 6872AeLookupSvc - ok
12:56:15.0775 6872AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:56:15.0777 6872AFD - ok
12:56:15.0785 6872agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:56:15.0786 6872agp440 - ok
12:56:15.0795 6872ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:56:15.0796 6872ALG - ok
12:56:15.0799 6872aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:56:15.0799 6872aliide - ok
12:56:15.0831 6872ALSysIO - ok
12:56:15.0835 6872amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:56:15.0835 6872amdide - ok
12:56:15.0842 6872AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:56:15.0843 6872AmdK8 - ok
12:56:15.0849 6872AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:56:15.0849 6872AmdPPM - ok
12:56:15.0865 6872amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:56:15.0866 6872amdsata - ok
12:56:15.0884 6872amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:56:15.0886 6872amdsbs - ok
12:56:15.0890 6872amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:56:15.0890 6872amdxata - ok
12:56:15.0895 6872androidusb (9c59bf508c5d408bb348254e0ba2ee30) C:\Windows\system32\Drivers\androidusb.sys
12:56:15.0895 6872androidusb - ok
12:56:15.0903 6872AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:56:15.0903 6872AppID - ok
12:56:15.0908 6872AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:56:15.0908 6872AppIDSvc - ok
12:56:15.0917 6872Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:56:15.0918 6872Appinfo - ok
12:56:15.0930 6872arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:56:15.0931 6872arc - ok
12:56:15.0941 6872arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:56:15.0942 6872arcsas - ok
12:56:15.0956 6872ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
12:56:15.0957 6872ASLDRService - ok
12:56:15.0961 6872ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
12:56:15.0961 6872ASMMAP64 - ok
12:56:15.0981 6872aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:56:15.0982 6872aspnet_state - ok
12:56:15.0986 6872AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:56:15.0986 6872AsyncMac - ok
12:56:15.0990 6872atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:56:15.0990 6872atapi - ok
12:56:16.0223 6872athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
12:56:16.0235 6872athr - ok
12:56:16.0251 6872ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
12:56:16.0252 6872ATKGFNEXSrv - ok
12:56:16.0256 6872ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
12:56:16.0256 6872ATKWMIACPIIO - ok
12:56:16.0364 6872AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:56:16.0367 6872AudioEndpointBuilder - ok
12:56:16.0372 6872AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:56:16.0375 6872AudioSrv - ok
12:56:16.0391 6872AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:56:16.0393 6872AxInstSV - ok
12:56:16.0427 6872b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:56:16.0438 6872b06bdrv - ok
12:56:16.0462 6872b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:56:16.0466 6872b57nd60a - ok
12:56:16.0476 6872BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:56:16.0477 6872BDESVC - ok
12:56:16.0480 6872Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:56:16.0481 6872Beep - ok
12:56:16.0540 6872BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:56:16.0544 6872BFE - ok
12:56:16.0613 6872BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:56:16.0618 6872BITS - ok
12:56:16.0631 6872blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:56:16.0631 6872blbdrive - ok
12:56:16.0641 6872bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:56:16.0641 6872bowser - ok
12:56:16.0644 6872BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:56:16.0645 6872BrFiltLo - ok
12:56:16.0647 6872BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:56:16.0648 6872BrFiltUp - ok
12:56:16.0659 6872BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:56:16.0660 6872BridgeMP - ok
12:56:16.0672 6872Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:56:16.0673 6872Browser - ok
12:56:16.0690 6872Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:56:16.0699 6872Brserid - ok
12:56:16.0704 6872BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:56:16.0706 6872BrSerWdm - ok
12:56:16.0709 6872BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:56:16.0710 6872BrUsbMdm - ok
12:56:16.0713 6872BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:56:16.0713 6872BrUsbSer - ok
12:56:16.0719 6872BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:56:16.0720 6872BthEnum - ok
12:56:16.0728 6872BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:56:16.0730 6872BTHMODEM - ok
12:56:16.0740 6872BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:56:16.0742 6872BthPan - ok
12:56:16.0771 6872BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:56:16.0783 6872BTHPORT - ok
12:56:16.0793 6872bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:56:16.0794 6872bthserv - ok
12:56:16.0803 6872BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:56:16.0803 6872BTHUSB - ok
12:56:16.0810 6872btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
12:56:16.0811 6872btusbflt - ok
12:56:16.0822 6872btwaudio (a72a9101f9730db7332714e566614e4d) C:\Windows\system32\drivers\btwaudio.sys
12:56:16.0824 6872btwaudio - ok
12:56:16.0837 6872btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\Windows\system32\DRIVERS\btwavdt.sys
12:56:16.0839 6872btwavdt - ok
12:56:16.0943 6872btwdins (4e63c48e7328a11ed0e9075c18fce782) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:56:16.0947 6872btwdins - ok
12:56:16.0953 6872btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
12:56:16.0954 6872btwl2cap - ok
12:56:16.0958 6872btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\Windows\system32\DRIVERS\btwrchid.sys
12:56:16.0959 6872btwrchid - ok
12:56:16.0972 6872catchme - ok
12:56:16.0984 6872cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:56:16.0985 6872cdfs - ok
12:56:16.0999 6872cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:56:17.0000 6872cdrom - ok
12:56:17.0011 6872CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:56:17.0011 6872CertPropSvc - ok
12:56:17.0018 6872circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:56:17.0018 6872circlass - ok
12:56:17.0051 6872CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:56:17.0053 6872CLFS - ok
12:56:17.0067 6872clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:56:17.0068 6872clr_optimization_v2.0.50727_32 - ok
12:56:17.0082 6872clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:56:17.0083 6872clr_optimization_v2.0.50727_64 - ok
12:56:17.0106 6872clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:56:17.0107 6872clr_optimization_v4.0.30319_32 - ok
12:56:17.0130 6872clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:56:17.0131 6872clr_optimization_v4.0.30319_64 - ok
12:56:17.0136 6872CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:56:17.0137 6872CmBatt - ok
12:56:17.0140 6872cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:56:17.0140 6872cmdide - ok
12:56:17.0184 6872CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:56:17.0187 6872CNG - ok
12:56:17.0192 6872Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:56:17.0192 6872Compbatt - ok
12:56:17.0199 6872CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:56:17.0199 6872CompositeBus - ok
12:56:17.0201 6872COMSysApp - ok
12:56:17.0206 6872cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
12:56:17.0206 6872cpuz135 - ok
12:56:17.0210 6872crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:56:17.0210 6872crcdisk - ok
12:56:17.0223 6872Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
12:56:17.0224 6872Creative ALchemy AL6 Licensing Service - ok
12:56:17.0232 6872Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
12:56:17.0232 6872Creative Audio Engine Licensing Service - ok
12:56:17.0264 6872CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:56:17.0265 6872CryptSvc - ok
12:56:17.0272 6872dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
12:56:17.0273 6872dc3d - ok
12:56:17.0319 6872DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:56:17.0323 6872DcomLaunch - ok
12:56:17.0352 6872defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:56:17.0353 6872defragsvc - ok
12:56:17.0365 6872DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:56:17.0366 6872DfsC - ok
12:56:17.0394 6872Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:56:17.0396 6872Dhcp - ok
12:56:17.0403 6872discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:56:17.0404 6872discache - ok
12:56:17.0412 6872Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:56:17.0413 6872Disk - ok
12:56:17.0429 6872Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:56:17.0430 6872Dnscache - ok
12:56:17.0455 6872dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:56:17.0458 6872dot3svc - ok
12:56:17.0474 6872DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:56:17.0475 6872DPS - ok
12:56:17.0478 6872drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:56:17.0478 6872drmkaud - ok
12:56:17.0555 6872DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:56:17.0559 6872DXGKrnl - ok
12:56:17.0565 6872DxkgFilter - ok
12:56:17.0578 6872EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:56:17.0579 6872EapHost - ok
12:56:17.0581 6872easytether - ok
12:56:17.0745 6872ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:56:17.0789 6872ebdrv - ok
12:56:17.0842 6872EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:56:17.0843 6872EFS - ok
12:56:17.0899 6872ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:56:17.0902 6872ehRecvr - ok
12:56:17.0913 6872ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:56:17.0914 6872ehSched - ok
12:56:17.0947 6872elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:56:17.0959 6872elxstor - ok
12:56:17.0962 6872ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:56:17.0963 6872ErrDev - ok
12:56:17.0998 6872EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:56:18.0001 6872EventSystem - ok
12:56:18.0015 6872exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:56:18.0018 6872exfat - ok
12:56:18.0036 6872fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:56:18.0037 6872fastfat - ok
12:56:18.0100 6872Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:56:18.0104 6872Fax - ok
12:56:18.0109 6872fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:56:18.0110 6872fdc - ok
12:56:18.0113 6872fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:56:18.0114 6872fdPHost - ok
12:56:18.0118 6872FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:56:18.0119 6872FDResPub - ok
12:56:18.0127 6872FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:56:18.0128 6872FileInfo - ok
12:56:18.0132 6872Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:56:18.0132 6872Filetrace - ok
12:56:18.0220 6872FLEXnet Licensing Service 64 (64ab6f28047744b9b19c97459c2ab31b) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
12:56:18.0226 6872FLEXnet Licensing Service 64 - ok
12:56:18.0290 6872flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:56:18.0291 6872flpydisk - ok
12:56:18.0316 6872FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:56:18.0317 6872FltMgr - ok
12:56:18.0331 6872fltsrv (e94e042bc24bb301767a8125d529b705) C:\Windows\system32\DRIVERS\fltsrv.sys
12:56:18.0332 6872fltsrv - ok
12:56:18.0350 6872FLxHCIc (d0adbcf2a5316d23ef67dfaa02d5d544) C:\Windows\system32\DRIVERS\FLxHCIc.sys
12:56:18.0351 6872FLxHCIc - ok
12:56:18.0358 6872FLxHCIh (f9b6db9727ad2f14ecf84e43eb5279f7) C:\Windows\system32\DRIVERS\FLxHCIh.sys
12:56:18.0359 6872FLxHCIh - ok
12:56:18.0461 6872FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:56:18.0466 6872FontCache - ok
12:56:18.0474 6872FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:56:18.0475 6872FontCache3.0.0.0 - ok
12:56:18.0481 6872FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:56:18.0482 6872FsDepends - ok
12:56:18.0488 6872fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
12:56:18.0488 6872fssfltr - ok
12:56:18.0568 6872fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:56:18.0575 6872fsssvc - ok
12:56:18.0638 6872Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:56:18.0639 6872Fs_Rec - ok
12:56:18.0659 6872Futuremark SystemInfo Service (79b4cde2b69ed8ba4011859780a66a4d) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
12:56:18.0660 6872Futuremark SystemInfo Service - ok
12:56:18.0680 6872fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:56:18.0682 6872fvevol - ok
12:56:18.0690 6872gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:56:18.0690 6872gagp30kx - ok
12:56:18.0755 6872gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:56:18.0759 6872gpsvc - ok
12:56:18.0772 6872gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:56:18.0773 6872gupdate - ok
12:56:18.0788 6872gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:56:18.0789 6872gusvc - ok
12:56:18.0794 6872hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
12:56:18.0795 6872hamachi - ok
12:56:18.0958 6872Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
12:56:18.0969 6872Hamachi2Svc - ok
12:56:19.0025 6872hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:56:19.0026 6872hcw85cir - ok
12:56:19.0057 6872HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:56:19.0062 6872HdAudAddService - ok
12:56:19.0075 6872HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:56:19.0076 6872HDAudBus - ok
12:56:19.0080 6872HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:56:19.0081 6872HidBatt - ok
12:56:19.0090 6872HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:56:19.0091 6872HidBth - ok
12:56:19.0096 6872HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:56:19.0097 6872HidIr - ok
12:56:19.0103 6872hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:56:19.0103 6872hidserv - ok
12:56:19.0108 6872HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:56:19.0109 6872HidUsb - ok
12:56:19.0118 6872hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:56:19.0119 6872hkmsvc - ok
12:56:19.0139 6872HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:56:19.0141 6872HomeGroupListener - ok
12:56:19.0158 6872HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:56:19.0160 6872HomeGroupProvider - ok
12:56:19.0169 6872HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:56:19.0171 6872HpSAMD - ok
12:56:19.0235 6872HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:56:19.0238 6872HTTP - ok
12:56:19.0242 6872hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:56:19.0242 6872hwpolicy - ok
12:56:19.0253 6872i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:56:19.0253 6872i8042prt - ok
12:56:19.0290 6872iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
12:56:19.0292 6872iaStor - ok
12:56:19.0324 6872iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:56:19.0337 6872iaStorV - ok
12:56:19.0343 6872iDispService (cc95fc792884986fb5655066ed259cdf) C:\Windows\system32\DRIVERS\idisplayminiport.sys
12:56:19.0343 6872iDispService - ok
12:56:19.0387 6872idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:56:19.0391 6872idsvc - ok
12:56:19.0398 6872iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:56:19.0399 6872iirsp - ok
12:56:19.0470 6872IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:56:19.0475 6872IKEEXT - ok
12:56:19.0683 6872IntcAzAudAddService (bd9d02f706fcaf28d89f5435f18a4a04) C:\Windows\system32\drivers\RTKVHD64.sys
12:56:19.0695 6872IntcAzAudAddService - ok
12:56:19.0758 6872intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:56:19.0758 6872intelide - ok
12:56:19.0766 6872intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:56:19.0766 6872intelppm - ok
12:56:19.0777 6872IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:56:19.0779 6872IPBusEnum - ok
12:56:19.0786 6872IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:56:19.0787 6872IpFilterDriver - ok
12:56:19.0825 6872iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:56:19.0828 6872iphlpsvc - ok
12:56:19.0838 6872IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:56:19.0838 6872IPMIDRV - ok
12:56:19.0854 6872IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:56:19.0855 6872IPNAT - ok
12:56:19.0858 6872IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:56:19.0859 6872IRENUM - ok
12:56:19.0863 6872isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:56:19.0864 6872isapnp - ok
12:56:19.0890 6872iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:56:19.0906 6872iScsiPrt - ok
12:56:19.0913 6872kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:56:19.0913 6872kbdclass - ok
12:56:19.0919 6872kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:56:19.0919 6872kbdhid - ok
12:56:19.0923 6872kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
12:56:19.0923 6872kbfiltr - ok
12:56:19.0928 6872KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:56:19.0929 6872KeyIso - ok
12:56:19.0938 6872KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:56:19.0939 6872KSecDD - ok
12:56:19.0952 6872KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:56:19.0953 6872KSecPkg - ok
12:56:19.0957 6872ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:56:19.0958 6872ksthunk - ok
12:56:19.0981 6872KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:56:19.0991 6872KtmRm - ok
12:56:20.0013 6872LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:56:20.0015 6872LanmanServer - ok
12:56:20.0027 6872LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:56:20.0029 6872LanmanWorkstation - ok
12:56:20.0037 6872libusb0 (c7d21310ea0a644aa6394de1e46e3d31) C:\Windows\system32\DRIVERS\libusb0.sys
12:56:20.0038 6872libusb0 - ok
12:56:20.0045 6872lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:56:20.0046 6872lltdio - ok
12:56:20.0063 6872lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:56:20.0075 6872lltdsvc - ok
12:56:20.0079 6872lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:56:20.0080 6872lmhosts - ok
12:56:20.0110 6872LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:56:20.0112 6872LMS - ok
12:56:20.0126 6872LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:56:20.0128 6872LSI_FC - ok
12:56:20.0138 6872LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:56:20.0140 6872LSI_SAS - ok
12:56:20.0147 6872LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:56:20.0149 6872LSI_SAS2 - ok
12:56:20.0160 6872LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:56:20.0161 6872LSI_SCSI - ok
12:56:20.0173 6872luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:56:20.0173 6872luafv - ok
12:56:20.0179 6872MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
12:56:20.0179 6872MBAMProtector - ok
12:56:20.0305 6872MBAMService (ba400ed640bca1eae5c727ae17c10207) E:\Malwarebytes' Anti-Malware\mbamservice.exe
12:56:20.0369 6872MBAMService - ok
12:56:20.0376 6872MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
12:56:20.0377 6872MBfilt - ok
12:56:20.0434 6872Mcx2Svc - ok
12:56:20.0440 6872megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:56:20.0440 6872megasas - ok
12:56:20.0469 6872MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:56:20.0470 6872MegaSR - ok
12:56:20.0478 6872MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
12:56:20.0478 6872MEIx64 - ok
12:56:20.0486 6872MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:56:20.0487 6872MMCSS - ok
12:56:20.0492 6872Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:56:20.0493 6872Modem - ok
12:56:20.0499 6872monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:56:20.0499 6872monitor - ok
12:56:20.0513 6872MotioninJoyXFilter (eb03d4164e7f10b601d280413655ade4) C:\Windows\system32\DRIVERS\MijXfilt.sys
12:56:20.0513 6872MotioninJoyXFilter - ok
12:56:20.0521 6872mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:56:20.0522 6872mouclass - ok
12:56:20.0529 6872mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:56:20.0529 6872mouhid - ok
12:56:20.0541 6872mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:56:20.0542 6872mountmgr - ok
12:56:20.0561 6872MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
12:56:20.0564 6872MpFilter - ok
12:56:20.0590 6872mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:56:20.0591 6872mpio - ok
12:56:20.0599 6872mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:56:20.0599 6872mpsdrv - ok
12:56:20.0668 6872MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:56:20.0672 6872MpsSvc - ok
12:56:20.0687 6872MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:56:20.0689 6872MRxDAV - ok
12:56:20.0721 6872mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:56:20.0722 6872mrxsmb - ok
12:56:20.0779 6872mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:56:20.0781 6872mrxsmb10 - ok
12:56:20.0808 6872mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:56:20.0809 6872mrxsmb20 - ok
12:56:20.0817 6872msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:56:20.0817 6872msahci - ok
12:56:20.0847 6872msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:56:20.0849 6872msdsm - ok
12:56:20.0875 6872MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:56:20.0877 6872MSDTC - ok
12:56:20.0886 6872Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:56:20.0886 6872Msfs - ok
12:56:20.0889 6872mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:56:20.0890 6872mshidkmdf - ok
12:56:20.0894 6872msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:56:20.0895 6872msisadrv - ok
12:56:20.0929 6872MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:56:20.0932 6872MSiSCSI - ok
12:56:20.0934 6872msiserver - ok
12:56:20.0940 6872MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:56:20.0940 6872MSKSSRV - ok
12:56:20.0954 6872MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:56:20.0954 6872MsMpSvc - ok
12:56:20.0957 6872MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:56:20.0958 6872MSPCLOCK - ok
12:56:20.0964 6872MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:56:20.0965 6872MSPQM - ok
12:56:21.0036 6872MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:56:21.0039 6872MsRPC - ok
12:56:21.0048 6872mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:56:21.0049 6872mssmbios - ok
12:56:21.0052 6872MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:56:21.0053 6872MSTEE - ok
12:56:21.0058 6872MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:56:21.0059 6872MTConfig - ok
12:56:21.0070 6872Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:56:21.0071 6872Mup - ok
12:56:21.0111 6872napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:56:21.0114 6872napagent - ok
12:56:21.0144 6872NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:56:21.0146 6872NativeWifiP - ok
12:56:21.0226 6872NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:56:21.0231 6872NDIS - ok
12:56:21.0237 6872NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:56:21.0237 6872NdisCap - ok
12:56:21.0241 6872NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:56:21.0241 6872NdisTapi - ok
12:56:21.0248 6872Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:56:21.0248 6872Ndisuio - ok
12:56:21.0264 6872NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:56:21.0265 6872NdisWan - ok
12:56:21.0272 6872NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:56:21.0273 6872NDProxy - ok
12:56:21.0279 6872NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:56:21.0279 6872NetBIOS - ok
12:56:21.0299 6872NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:56:21.0301 6872NetBT - ok
12:56:21.0306 6872Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:56:21.0307 6872Netlogon - ok
12:56:21.0341 6872Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:56:21.0343 6872Netman - ok
12:56:21.0368 6872NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:56:21.0369 6872NetMsmqActivator - ok
12:56:21.0372 6872NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:56:21.0373 6872NetPipeActivator - ok
12:56:21.0408 6872netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:56:21.0412 6872netprofm - ok
12:56:21.0415 6872NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:56:21.0416 6872NetTcpActivator - ok
12:56:21.0418 6872NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:56:21.0419 6872NetTcpPortSharing - ok
12:56:21.0433 6872nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:56:21.0435 6872nfrd960 - ok
12:56:21.0444 6872NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:56:21.0446 6872NisDrv - ok
12:56:21.0473 6872NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
12:56:21.0475 6872NisSrv - ok
12:56:21.0503 6872NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:56:21.0507 6872NlaSvc - ok
12:56:21.0512 6872Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:56:21.0514 6872Npfs - ok
12:56:21.0518 6872nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:56:21.0519 6872nsi - ok
12:56:21.0523 6872nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:56:21.0524 6872nsiproxy - ok
12:56:21.0662 6872Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:56:21.0683 6872Ntfs - ok
12:56:21.0744 6872Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:56:21.0744 6872Null - ok
12:56:21.0763 6872NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
12:56:21.0766 6872NVHDA - ok
12:56:22.0475 6872nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:56:22.0681 6872nvlddmkm - ok
12:56:22.0860 6872nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:56:22.0862 6872nvraid - ok
12:56:22.0897 6872nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:56:22.0900 6872nvstor - ok
12:56:23.0014 6872nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
12:56:23.0026 6872nvsvc - ok
12:56:23.0148 6872nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:56:23.0154 6872nvUpdatusService - ok
12:56:23.0319 6872nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:56:23.0320 6872nv_agp - ok
12:56:23.0336 6872ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:56:23.0338 6872ohci1394 - ok
12:56:23.0403 6872p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:56:23.0408 6872p2pimsvc - ok
12:56:23.0448 6872p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:56:23.0462 6872p2psvc - ok
12:56:23.0484 6872Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:56:23.0484 6872Parport - ok
12:56:23.0501 6872partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:56:23.0502 6872partmgr - ok
12:56:23.0540 6872PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:56:23.0544 6872PcaSvc - ok
12:56:23.0582 6872pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:56:23.0585 6872pci - ok
12:56:23.0592 6872pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:56:23.0593 6872pciide - ok
12:56:23.0628 6872pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:56:23.0631 6872pcmcia - ok
12:56:23.0644 6872pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:56:23.0646 6872pcw - ok
12:56:23.0725 6872PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:56:23.0730 6872PEAUTH - ok
12:56:23.0842 6872PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:56:23.0843 6872PerfHost - ok
12:56:24.0043 6872pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:56:24.0064 6872pla - ok
12:56:24.0099 6872PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:56:24.0105 6872PlugPlay - ok
12:56:24.0108 6872PnkBstrA - ok
12:56:24.0114 6872PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:56:24.0115 6872PNRPAutoReg - ok
12:56:24.0143 6872PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:56:24.0146 6872PNRPsvc - ok
12:56:24.0159 6872Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
12:56:24.0160 6872Point64 - ok
12:56:24.0202 6872PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:56:24.0209 6872PolicyAgent - ok
12:56:24.0225 6872Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:56:24.0228 6872Power - ok
12:56:24.0239 6872PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:56:24.0241 6872PptpMiniport - ok
12:56:24.0248 6872Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:56:24.0249 6872Processor - ok
12:56:24.0268 6872ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:56:24.0271 6872ProfSvc - ok
12:56:24.0276 6872ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:56:24.0277 6872ProtectedStorage - ok
12:56:24.0290 6872Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:56:24.0292 6872Psched - ok
12:56:24.0298 6872PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:56:24.0299 6872PxHlpa64 - ok
12:56:24.0358 6872ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:56:24.0385 6872ql2300 - ok
12:56:24.0451 6872ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:56:24.0453 6872ql40xx - ok
12:56:24.0469 6872QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:56:24.0480 6872QWAVE - ok
12:56:24.0486 6872QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:56:24.0488 6872QWAVEdrv - ok
12:56:24.0491 6872RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:56:24.0492 6872RasAcd - ok
12:56:24.0499 6872RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:56:24.0500 6872RasAgileVpn - ok
12:56:24.0510 6872RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:56:24.0512 6872RasAuto - ok
12:56:24.0524 6872Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:56:24.0526 6872Rasl2tp - ok
12:56:24.0552 6872RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:56:24.0558 6872RasMan - ok
12:56:24.0568 6872RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:56:24.0569 6872RasPppoe - ok
12:56:24.0579 6872RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:56:24.0579 6872RasSstp - ok
12:56:24.0606 6872rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:56:24.0611 6872rdbss - ok
12:56:24.0615 6872rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:56:24.0615 6872rdpbus - ok
12:56:24.0618 6872RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:56:24.0618 6872RDPCDD - ok
12:56:24.0622 6872RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:56:24.0623 6872RDPENCDD - ok
12:56:24.0626 6872RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:56:24.0627 6872RDPREFMP - ok
12:56:24.0646 6872RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:56:24.0649 6872RDPWD - ok
12:56:24.0666 6872rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:56:24.0668 6872rdyboost - ok
12:56:24.0720 6872RemoteAccess - ok
12:56:24.0735 6872RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:56:24.0746 6872RemoteRegistry - ok
12:56:24.0762 6872RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:56:24.0765 6872RFCOMM - ok
12:56:24.0773 6872RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:56:24.0775 6872RpcEptMapper - ok
12:56:24.0779 6872RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:56:24.0780 6872RpcLocator - ok
12:56:24.0820 6872RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:56:24.0823 6872RpcSs - ok
12:56:24.0833 6872rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:56:24.0834 6872rspndr - ok
12:56:24.0858 6872RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
12:56:24.0862 6872RSUSBVSTOR - ok
12:56:24.0868 6872RTCore64 (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI
 
Part 2

Afterburner\RTCore64.sys
12:56:24.0868 6872RTCore64 - ok
12:56:24.0893 6872RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:56:24.0898 6872RTL8167 - ok
12:56:24.0916 6872SaiK0CCB (37fe3f97ac8ecab53df56bf275f8d2d5) C:\Windows\system32\DRIVERS\SaiK0CCB.sys
12:56:24.0918 6872SaiK0CCB - ok
12:56:24.0933 6872SaiMini (356dc2b0f2b413c6ad2c191ecf2734be) C:\Windows\system32\DRIVERS\SaiMini.sys
12:56:24.0934 6872SaiMini - ok
12:56:24.0941 6872SaiNtBus (e47b4067f2c489fbe4c2ae29ef96054e) C:\Windows\system32\drivers\SaiBus.sys
12:56:24.0942 6872SaiNtBus - ok
12:56:24.0948 6872SaiU0CCB (950dca50af39563d96eec57ac614366c) C:\Windows\system32\DRIVERS\SaiU0CCB.sys
12:56:24.0949 6872SaiU0CCB - ok
12:56:24.0954 6872SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:56:24.0955 6872SamSs - ok
12:56:24.0966 6872sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:56:24.0968 6872sbp2port - ok
12:56:24.0986 6872SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:56:24.0988 6872SCardSvr - ok
12:56:24.0993 6872scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:56:24.0994 6872scfilter - ok
12:56:25.0056 6872Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:56:25.0080 6872Schedule - ok
12:56:25.0090 6872SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:56:25.0091 6872SCPolicySvc - ok
12:56:25.0105 6872SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:56:25.0109 6872SDRSVC - ok
12:56:25.0118 6872secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:56:25.0118 6872secdrv - ok
12:56:25.0123 6872seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:56:25.0124 6872seclogon - ok
12:56:25.0131 6872SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:56:25.0133 6872SENS - ok
12:56:25.0144 6872SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:56:25.0146 6872SensrSvc - ok
12:56:25.0150 6872Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:56:25.0150 6872Serenum - ok
12:56:25.0160 6872Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:56:25.0162 6872Serial - ok
12:56:25.0166 6872sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:56:25.0167 6872sermouse - ok
12:56:25.0185 6872SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:56:25.0198 6872SessionEnv - ok
12:56:25.0201 6872sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:56:25.0202 6872sffdisk - ok
12:56:25.0205 6872sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:56:25.0206 6872sffp_mmc - ok
12:56:25.0210 6872sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:56:25.0211 6872sffp_sd - ok
12:56:25.0214 6872sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:56:25.0215 6872sfloppy - ok
12:56:25.0248 6872SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:56:25.0254 6872SharedAccess - ok
12:56:25.0287 6872ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:56:25.0293 6872ShellHWDetection - ok
12:56:25.0300 6872SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
12:56:25.0301 6872SiSGbeLH - ok
12:56:25.0306 6872SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:56:25.0308 6872SiSRaid2 - ok
12:56:25.0315 6872SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:56:25.0317 6872SiSRaid4 - ok
12:56:25.0326 6872Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:56:25.0328 6872Smb - ok
12:56:25.0334 6872SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:56:25.0336 6872SNMPTRAP - ok
12:56:25.0372 6872SplashtopRemoteService (a23c5c4144605d6b726682a45e10b21b) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
12:56:25.0374 6872SplashtopRemoteService - ok
12:56:25.0379 6872spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:56:25.0380 6872spldr - ok
12:56:25.0427 6872Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:56:25.0435 6872Spooler - ok
12:56:25.0569 6872sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:56:25.0621 6872sppsvc - ok
12:56:25.0680 6872sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:56:25.0682 6872sppuinotify - ok
12:56:25.0730 6872srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:56:25.0736 6872srv - ok
12:56:25.0772 6872srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:56:25.0776 6872srv2 - ok
12:56:25.0792 6872srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:56:25.0794 6872srvnet - ok
12:56:25.0811 6872SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:56:25.0815 6872SSDPSRV - ok
12:56:25.0823 6872SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:56:25.0825 6872SstpSvc - ok
12:56:25.0859 6872SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
12:56:25.0861 6872SSUService - ok
12:56:25.0881 6872StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
12:56:25.0883 6872StarWindServiceAE - ok
12:56:25.0886 6872Steam Client Service - ok
12:56:25.0915 6872Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:56:25.0917 6872Stereo Service - ok
12:56:25.0929 6872stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:56:25.0929 6872stexstor - ok
12:56:25.0979 6872stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:56:25.0987 6872stisvc - ok
12:56:25.0991 6872swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:56:25.0992 6872swenum - ok
12:56:26.0031 6872SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:56:26.0143 6872SwitchBoard - ok
12:56:26.0197 6872swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:56:26.0208 6872swprv - ok
12:56:26.0309 6872SynTP (bc642d540aedf9a253c74d10c848ebd2) C:\Windows\system32\DRIVERS\SynTP.sys
12:56:26.0334 6872SynTP - ok
12:56:26.0491 6872SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:56:26.0517 6872SysMain - ok
12:56:26.0580 6872TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:56:26.0582 6872TabletInputService - ok
12:56:26.0609 6872TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:56:26.0615 6872TapiSrv - ok
12:56:26.0623 6872TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:56:26.0624 6872TBS - ok
12:56:26.0785 6872Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:56:26.0807 6872Tcpip - ok
12:56:27.0014 6872TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:56:27.0022 6872TCPIP6 - ok
12:56:27.0090 6872tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:56:27.0091 6872tcpipreg - ok
12:56:27.0096 6872TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:56:27.0097 6872TDPIPE - ok
12:56:27.0101 6872TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:56:27.0102 6872TDTCP - ok
12:56:27.0113 6872tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:56:27.0114 6872tdx - ok
12:56:27.0121 6872TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:56:27.0122 6872TermDD - ok
12:56:27.0181 6872TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:56:27.0190 6872TermService - ok
12:56:27.0197 6872Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:56:27.0199 6872Themes - ok
12:56:27.0207 6872THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:56:27.0208 6872THREADORDER - ok
12:56:27.0219 6872TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:56:27.0222 6872TrkWks - ok
12:56:27.0240 6872TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:56:27.0241 6872TrustedInstaller - ok
12:56:27.0248 6872tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:56:27.0248 6872tssecsrv - ok
12:56:27.0256 6872TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:56:27.0257 6872TsUsbFlt - ok
12:56:27.0271 6872tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:56:27.0273 6872tunnel - ok
12:56:27.0277 6872TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
12:56:27.0278 6872TurboB - ok
12:56:27.0291 6872TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
12:56:27.0304 6872TurboBoost - ok
12:56:27.0312 6872uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:56:27.0313 6872uagp35 - ok
12:56:27.0336 6872udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:56:27.0342 6872udfs - ok
12:56:27.0350 6872UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:56:27.0351 6872UI0Detect - ok
12:56:27.0359 6872uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:56:27.0360 6872uliagpkx - ok
12:56:27.0366 6872umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:56:27.0367 6872umbus - ok
12:56:27.0370 6872UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:56:27.0371 6872UmPass - ok
12:56:27.0489 6872UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:56:27.0501 6872UNS - ok
12:56:27.0584 6872upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:56:27.0590 6872upnphost - ok
12:56:27.0609 6872usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:56:27.0611 6872usbccgp - ok
12:56:27.0622 6872usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:56:27.0624 6872usbcir - ok
12:56:27.0631 6872usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:56:27.0631 6872usbehci - ok
12:56:27.0662 6872usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:56:27.0665 6872usbhub - ok
12:56:27.0670 6872usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:56:27.0671 6872usbohci - ok
12:56:27.0676 6872usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:56:27.0676 6872usbprint - ok
12:56:27.0685 6872USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:56:27.0686 6872USBSTOR - ok
12:56:27.0691 6872usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:56:27.0691 6872usbuhci - ok
12:56:27.0709 6872usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:56:27.0712 6872usbvideo - ok
12:56:27.0718 6872UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:56:27.0720 6872UxSms - ok
12:56:27.0725 6872VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:56:27.0726 6872VaultSvc - ok
12:56:27.0756 6872VBoxDrv (03837b80ad5d8a00996148ad57c09791) C:\Windows\system32\DRIVERS\VBoxDrv.sys
12:56:27.0759 6872VBoxDrv - ok
12:56:27.0776 6872VBoxNetAdp (51cee8e2b356fdc351db20c87f25f5a8) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
12:56:27.0778 6872VBoxNetAdp - ok
12:56:27.0794 6872VBoxNetFlt (ce7e80c7367b2adaa023d9004c9f4691) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
12:56:27.0797 6872VBoxNetFlt - ok
12:56:27.0828 6872VBoxUSBMon (27c9a9f2fa94140ddcf7b9131e13e1b4) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
12:56:27.0830 6872VBoxUSBMon - ok
12:56:27.0835 6872vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:56:27.0836 6872vdrvroot - ok
12:56:27.0865 6872vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:56:27.0880 6872vds - ok
12:56:27.0886 6872vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:56:27.0887 6872vga - ok
12:56:27.0891 6872VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:56:27.0892 6872VgaSave - ok
12:56:27.0907 6872vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:56:27.0910 6872vhdmp - ok
12:56:27.0915 6872viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:56:27.0916 6872viaide - ok
12:56:27.0933 6872VideAceWindowsService (0adf410187b71c9b855721c8d59cec7a) C:\ExpressGateUtil\VAWinService.exe
12:56:27.0978 6872VideAceWindowsService - ok
12:56:27.0993 6872vidsflt61 (2dfd1eb9de564460003de1605a275e8d) C:\Windows\system32\DRIVERS\vsflt61.sys
12:56:27.0995 6872vidsflt61 - ok
12:56:28.0003 6872volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:56:28.0004 6872volmgr - ok
12:56:28.0036 6872volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:56:28.0043 6872volmgrx - ok
12:56:28.0073 6872volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:56:28.0077 6872volsnap - ok
12:56:28.0093 6872vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:56:28.0096 6872vsmraid - ok
12:56:28.0180 6872VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:56:28.0202 6872VSS - ok
12:56:28.0266 6872vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:56:28.0267 6872vwifibus - ok
12:56:28.0274 6872vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:56:28.0275 6872vwififlt - ok
12:56:28.0280 6872vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:56:28.0281 6872vwifimp - ok
12:56:28.0303 6872W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:56:28.0320 6872W32Time - ok
12:56:28.0326 6872WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:56:28.0326 6872WacomPen - ok
12:56:28.0337 6872WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:56:28.0339 6872WANARP - ok
12:56:28.0341 6872Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:56:28.0341 6872Wanarpv6 - ok
12:56:28.0407 6872WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:56:28.0426 6872WatAdminSvc - ok
12:56:28.0511 6872wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:56:28.0534 6872wbengine - ok
12:56:28.0604 6872WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:56:28.0607 6872WbioSrvc - ok
12:56:28.0630 6872wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:56:28.0638 6872wcncsvc - ok
12:56:28.0644 6872WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:56:28.0646 6872WcsPlugInService - ok
12:56:28.0657 6872Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:56:28.0658 6872Wd - ok
12:56:28.0714 6872Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:56:28.0722 6872Wdf01000 - ok
12:56:28.0732 6872WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:56:28.0735 6872WdiServiceHost - ok
12:56:28.0737 6872WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:56:28.0739 6872WdiSystemHost - ok
12:56:28.0761 6872WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:56:28.0766 6872WebClient - ok
12:56:28.0788 6872Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:56:28.0791 6872Wecsvc - ok
12:56:28.0801 6872wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:56:28.0803 6872wercplsupport - ok
12:56:28.0812 6872WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:56:28.0814 6872WerSvc - ok
12:56:28.0826 6872WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:56:28.0827 6872WfpLwf - ok
12:56:28.0842 6872WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
12:56:28.0845 6872WimFltr - ok
12:56:28.0849 6872WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:56:28.0850 6872WIMMount - ok
12:56:28.0854 6872WinDefend - ok
12:56:28.0859 6872WinHttpAutoProxySvc - ok
12:56:28.0886 6872Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:56:28.0890 6872Winmgmt - ok
12:56:28.0973 6872WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:56:29.0001 6872WinRM - ok
12:56:29.0063 6872WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
12:56:29.0064 6872WinUSB - ok
12:56:29.0109 6872Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:56:29.0124 6872Wlansvc - ok
12:56:29.0134 6872wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:56:29.0135 6872wlcrasvc - ok
12:56:29.0300 6872wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:56:29.0311 6872wlidsvc - ok
12:56:29.0375 6872WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:56:29.0376 6872WmiAcpi - ok
12:56:29.0401 6872wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:56:29.0405 6872wmiApSrv - ok
12:56:29.0410 6872WMPNetworkSvc - ok
12:56:29.0414 6872WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:56:29.0416 6872WPCSvc - ok
12:56:29.0427 6872WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:56:29.0430 6872WPDBusEnum - ok
12:56:29.0434 6872ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:56:29.0435 6872ws2ifsl - ok
12:56:29.0445 6872wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:56:29.0448 6872wscsvc - ok
12:56:29.0450 6872WSearch - ok
12:56:29.0573 6872wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:56:29.0606 6872wuauserv - ok
12:56:29.0679 6872WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:56:29.0681 6872WudfPf - ok
12:56:29.0697 6872WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:56:29.0700 6872WUDFRd - ok
12:56:29.0709 6872wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:56:29.0712 6872wudfsvc - ok
12:56:29.0733 6872WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:56:29.0736 6872WwanSvc - ok
12:56:29.0747 6872xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
12:56:29.0747 6872xusb21 - ok
12:56:30.0100 6872MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:56:30.0268 6872\Device\Harddisk0\DR0 - ok
12:56:30.0271 6872MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
12:56:30.0880 6872\Device\Harddisk1\DR1 - ok
12:56:30.0940 6872Boot (0x1200) (2aa86d3d9eeb6cb2ff3007e85c3446b3) \Device\Harddisk0\DR0\Partition0
12:56:30.0942 6872\Device\Harddisk0\DR0\Partition0 - ok
12:56:30.0944 6872Boot (0x1200) (4aa19da1e3ccd839008e9e0642887ea7) \Device\Harddisk1\DR1\Partition0
12:56:30.0946 6872\Device\Harddisk1\DR1\Partition0 - ok
12:56:30.0947 6872============================================================
12:56:30.0947 6872Scan finished
12:56:30.0947 6872============================================================
12:56:30.0953 6864Detected object count: 0
12:56:30.0953 6864Actual detected object count: 0
12:56:34.0694 6332Deinitialize success
 
Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Here is the combofix log

ComboFix 12-06-15.03 - Ryan 06/15/2012 13:22:59.6.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6037 [GMT -5:00]
Running from: e:\downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 17:11 . 2012-05-08 15:028955792----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F520F3E-9E71-4D8C-935D-D611F20187C1}\mpengine.dll
2012-06-14 03:50 . 2012-06-01 21:00927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-14 03:50 . 2012-06-01 21:00927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D44A2B00-2FA0-4744-90F0-37D196CF6029}\gapaengine.dll
2012-06-14 03:50 . 2012-05-08 15:028955792----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-06 03:11 . 2012-06-06 03:11--------d-----w-c:\users\Ryan\AppData\Local\backburner
2012-06-05 00:31 . 2012-06-05 00:31--------d-----w-c:\program files\Microsoft Silverlight
2012-06-05 00:31 . 2012-06-05 00:31--------d-----w-c:\program files (x86)\Microsoft Silverlight
2012-06-03 02:04 . 2012-06-03 02:04--------d-----w-c:\program files (x86)\ESET
2012-06-01 21:00 . 2012-06-01 21:00--------d-----w-c:\program files (x86)\Microsoft Security Client
2012-06-01 21:00 . 2012-06-01 21:00--------d-----w-c:\program files\Microsoft Security Client
2012-06-01 04:52 . 2012-06-01 04:52--------d-----w-C:\TDSSKiller_Quarantine
2012-05-31 16:25 . 2012-05-31 16:25--------d-----w-c:\users\Ryan\AppData\Roaming\Malwarebytes
2012-05-31 16:25 . 2012-05-31 16:25--------d-----w-c:\programdata\Malwarebytes
2012-05-31 16:25 . 2012-04-04 20:5624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-05-31 00:07 . 2012-05-31 00:07--------d-----w-c:\windows\system32\wbem\Logs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 18:05 . 2011-04-17 03:3545056----a-w-c:\windows\system32\acovcnt.exe
2012-06-14 03:44 . 2012-04-09 04:36426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 03:44 . 2011-06-08 21:3370344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 10:48 . 2012-03-15 19:0668928----a-w-c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-03-15 19:0661248----a-w-c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-10-26 19:3415322432----a-w-c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-09-23 06:031738048----a-w-c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-09-23 06:031468224----a-w-c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2010-10-29 07:542741568----a-w-c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2010-10-29 07:5410194752----a-w-c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2010-10-29 11:38889664----a-w-c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-10-29 11:3863296----a-w-c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-10-29 11:382561856----a-w-c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2010-10-29 11:38118080----a-w-c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-10-29 11:383149632----a-w-c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-10-29 11:386151488----a-w-c:\windows\system32\nvcpl.dll
2012-05-15 07:21 . 2012-05-15 07:21423744----a-w-c:\windows\SysWow64\nvStreaming.exe
2012-05-05 02:53 . 2012-04-10 23:538744608----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-29 23:11 . 2012-04-29 23:114608----a-w-c:\windows\SysWow64\adesk_patcher64.exe
2012-04-18 17:08 . 2011-11-30 04:571451840----a-w-c:\windows\system32\nvhdagenco6420103.dll
2012-04-16 00:22 . 2012-04-16 00:22750488----a-w-c:\windows\system32\npdeployJava1.dll
2012-04-16 00:22 . 2011-07-04 22:22660368----a-w-c:\windows\system32\deployJava1.dll
2012-04-04 18:02 . 2012-04-04 18:021285216----a-w-c:\windows\system32\drivers\tdrpman.sys
2012-04-04 18:02 . 2012-04-04 18:02986208----a-w-c:\windows\system32\drivers\timntr.sys
2012-04-04 18:01 . 2012-04-04 18:01211040----a-w-c:\windows\system32\drivers\vididr.sys
2012-04-04 18:01 . 2012-04-04 18:01142944----a-w-c:\windows\system32\drivers\vsflt61.sys
2012-04-04 18:01 . 2012-04-04 18:01310368----a-w-c:\windows\system32\drivers\snapman.sys
2012-04-04 18:01 . 2012-04-04 18:01133728----a-w-c:\windows\system32\drivers\fltsrv.sys
2012-04-03 19:19 . 2012-04-08 20:16224048----a-w-c:\windows\system32\drivers\VBoxDrv.sys
2012-04-03 19:19 . 2012-04-08 20:16130864----a-w-c:\windows\system32\drivers\VBoxUSBMon.sys
2012-04-03 19:19 . 2012-04-03 19:19166192----a-w-c:\windows\system32\drivers\VBoxNetFlt.sys
2012-04-03 19:19 . 2012-04-03 19:19147248----a-w-c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-03 19:19 . 2012-04-03 19:19320816----a-w-c:\windows\system32\VBoxNetFltNobj.dll
2012-03-30 11:35 . 2012-05-08 21:561918320----a-w-c:\windows\system32\drivers\tcpip.sys
2012-03-26 05:36 . 2012-03-26 05:361817088----a-w-c:\windows\SysWow64\Mcx2Svc.dll
2012-03-23 03:19 . 2012-03-23 03:18726016----a-w-c:\windows\SysWow64\7z.dll
2012-03-21 01:44 . 2012-03-21 01:4498688----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2012-03-21 01:44203888----a-w-c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="e:\malwarebytes' anti-malware\mbamgui.exe" [2012-04-04 462408]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-04-17 3058304]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-09-08 905216]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-10-15 84464]
.
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
mbam.exe - Shortcut.lnk - e:\malwarebytes' anti-malware\mbam.exe [2012-5-31 981672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 135664]
R2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257224]
R3 ALSysIO;ALSysIO;c:\users\Ryan\AppData\Local\Temp\ALSysIO64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-04-17 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-17 79360]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 DxkgFilter;Filtering Dxkg;c:\program files (x86)\iDisplay\idisplay.sys [x]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-29 1432400]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
R3 iDispService;iDispService;c:\windows\system32\DRIVERS\idisplayminiport.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver 02/04/2012 0.0.0.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-03-16 531328]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x]
S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 03:44]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 02:39]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 02:39]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001Core.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 23:57]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001UA.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 23:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-22 11075176]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-15 13:30:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 18:30
ComboFix2.txt 2012-06-04 23:04
.
Pre-Run: 544,493,281,280 bytes free
Post-Run: 544,234,995,712 bytes free
.
- - End Of File - - 9E6A80DAC59CDC3215612A111F50DB84
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool Version: 15-06-2012 01
Ran by SYSTEM at 15-06-2012 15:24:54
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2011-11-09] (Saitek)
HKLM\...\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe [310272 2011-11-09] (Saitek)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11075176 2010-07-22] (Realtek Semiconductor)
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [x]
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe [3058304 2011-04-16] (ASUS)
HKLM-x32\...\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [37888 2010-11-19] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r [905216 2010-09-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [84464 2010-10-15] ()
HKU\Ryan\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
Startup: C:\Users\Ryan\Start Menu\Programs\Startup\mbam.exe - Shortcut.lnk
ShortcutTarget: mbam.exe - Shortcut.lnk -> C:\Malwarebytes' Anti-Malware\mbam.exe (No File)

==================== Services (Whitelisted) ======

2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [130976 2011-03-01] (Futuremark Corporation)
4 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-28] (LogMeIn Inc.)
2 Mcx2Svc; C:\Windows\SysWOW64\Mcx2Svc.dll [1817088 2012-03-25] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-01-22] ()
2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [531328 2012-03-16] (Splashtop Inc.)
2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-14] (Splashtop Inc.)
2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2655768 2010-10-05] (Intel Corporation)
2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] ()
2 MBAMService; "C:\Malwarebytes' Anti-Malware\mbamservice.exe" [x]
4 RemoteAccess; C:\Windows\SysWOW64\nprdim.dll [x]

========================== Drivers (Whitelisted) =============

3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2011-01-04] (Google Inc)
2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
0 fltsrv; C:\Windows\System32\Drivers\fltsrv.sys [133728 2012-04-04] (Acronis)
3 FLxHCIc; C:\Windows\System32\Drivers\FLxHCIc.sys [210944 2010-11-19] (Fresco Logic)
3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [49664 2010-11-19] (Fresco Logic)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 iDispService; C:\Windows\System32\DRIVERS\idisplayminiport.sys [15568 2011-07-22] (SHAPE Services)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [52320 2011-11-08] (http://libusb-win32.sourceforge.net)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 MBfilt; C:\Windows\System32\drivers\MBfilt64.sys [32344 2009-11-17] (Creative Technology Ltd.)
3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [290920 2010-08-03] (Realtek Semiconductor Corp.)
3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-26] ()
3 SaiK0CCB; C:\Windows\System32\Drivers\SaiK0CCB.sys [183104 2011-09-20] (Saitek)
3 SaiMini; C:\Windows\System32\Drivers\SaiMini.sys [24640 2011-11-10] (Saitek)
3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52160 2011-11-10] (Saitek)
3 SaiU0CCB; C:\Windows\System32\Drivers\SaiU0CCB.sys [47168 2011-09-20] (Saitek)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()
0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-04-04] (Acronis)
3 ALSysIO; \??\C:\Users\Ryan\AppData\Local\Temp\ALSysIO64.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 DxkgFilter; \??\C:\Program Files (x86)\iDisplay\idisplay.sys [x]
3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [x]

========================== NetSvcs (Whitelisted) ===========

NETSVCx32: Mcx2Svc -> C:\Windows\SysWOW64\Mcx2Svc.dll ()

============ One Month Created Files and Folders ==============

2012-06-15 10:30 - 2012-06-15 10:30 - 00022568 ____A C:\ComboFix.txt
2012-06-15 10:22 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-15 10:22 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-15 10:22 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-15 10:22 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-15 10:22 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-15 10:22 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-15 10:22 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-15 10:22 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-15 10:21 - 2012-06-15 10:21 - 00000881 ____A C:\Users\Ryan\Desktop\ComboFix.exe - Shortcut.lnk
2012-06-15 10:19 - 2012-06-15 10:30 - 00000000 ____D C:\Qoobox
2012-06-15 10:03 - 2012-06-15 10:03 - 01932256 ____A (Symantec Corporation) C:\Users\Ryan\Desktop\FixTDSS.exe
2012-06-15 09:55 - 2012-06-15 09:56 - 00138432 ____A C:\TDSSKiller.2.7.40.0_15.06.2012_12.55.54_log.txt
2012-06-15 09:55 - 2012-06-15 09:55 - 00000348 ____A C:\TDSSKiller.2.7.39.0_15.06.2012_12.55.26_log.txt
2012-06-15 09:30 - 2012-06-15 09:30 - 00002264 ____A C:\Users\Ryan\Desktop\aswMBR.txt
2012-06-15 09:30 - 2012-06-15 09:30 - 00000512 ____A C:\Users\Ryan\Desktop\MBR.dat
2012-06-15 09:00 - 2012-06-15 09:00 - 00063686 ____A C:\Users\Ryan\Desktop\bootkit_remover_debug_log.txt
2012-06-15 09:00 - 2011-09-20 00:02 - 00083968 ____A (Esage Lab) C:\Users\Ryan\Desktop\boot_cleaner.exe
2012-06-15 08:37 - 2012-06-15 08:37 - 00000000 ____A C:\Users\Ryan\Desktop\gmer.log
2012-06-14 15:55 - 2012-06-15 12:15 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Ryan\Desktop\TDSSKiller.exe
2012-06-14 15:55 - 2012-06-14 15:55 - 00138418 ____A C:\TDSSKiller.2.7.39.0_14.06.2012_18.55.29_log.txt
2012-06-14 15:54 - 2012-06-14 15:54 - 00000348 ____A C:\TDSSKiller.2.7.36.0_14.06.2012_18.54.50_log.txt
2012-06-13 19:49 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 19:49 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 19:49 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 19:49 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 19:49 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 19:49 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 19:49 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 19:49 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 19:49 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 19:49 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 19:49 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 19:49 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 19:49 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 19:49 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 19:49 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 19:49 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 19:49 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 19:49 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 19:49 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 19:49 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 19:49 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 19:49 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 19:49 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 19:49 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 19:49 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 19:49 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 19:49 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 19:49 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 19:49 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 19:49 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 19:49 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-13 19:49 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 19:49 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 19:49 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-06-13 19:49 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 19:49 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 19:49 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 19:49 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 19:49 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 19:49 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 19:49 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 19:49 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 19:49 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 19:49 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 19:49 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 19:49 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 19:49 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-06 09:37 - 2012-06-06 09:39 - 00141698 ____A C:\Users\Ryan\Desktop\TDSSKiller.2.7.36.0_06.06.2012_12.30.10_log.txt
2012-06-06 09:30 - 2012-06-06 09:32 - 00142744 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_12.30.10_log.txt
2012-06-05 19:11 - 2012-06-05 19:11 - 00000000 ____D C:\Users\Ryan\AppData\Local\backburner
2012-06-04 16:31 - 2012-06-04 16:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-06-04 16:31 - 2012-06-04 16:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-06-04 15:04 - 2012-06-15 10:30 - 00022568 ____A C:\Users\Ryan\Desktop\Combofix.txt
2012-06-02 19:59 - 2012-06-15 10:27 - 00003462 ____A C:\Windows\PFRO.log
2012-06-02 18:04 - 2012-06-02 18:04 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-02 09:11 - 2012-06-15 10:31 - 00001568 ____A C:\Windows\setupact.log
2012-06-02 09:11 - 2012-06-02 09:11 - 00000000 ____A C:\Windows\setuperr.log
2012-06-02 03:06 - 2012-06-02 03:06 - 00000829 ____A C:\Users\Ryan\Desktop\eset.txt
2012-06-01 16:17 - 2012-06-01 16:17 - 00070320 ____A C:\Users\Ryan\Desktop\TDSS.txt
2012-06-01 15:43 - 2012-06-15 08:42 - 00016089 ____A C:\Users\Ryan\Desktop\Attach.txt
2012-06-01 15:42 - 2012-06-01 15:42 - 00029091 ____A C:\Users\Ryan\Desktop\DDS.txt
2012-06-01 15:28 - 2012-06-01 15:28 - 00002724 ____A C:\Users\Ryan\Desktop\mbam-log-2012-06-01 (18-28-08).txt
2012-06-01 13:12 - 2012-06-15 10:27 - 00000000 ____D C:\Windows\ERDNT
2012-06-01 13:00 - 2012-06-01 13:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-01 13:00 - 2012-06-01 13:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-05-31 20:52 - 2012-05-31 20:52 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-05-31 08:25 - 2012-05-31 08:25 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Malwarebytes
2012-05-31 08:25 - 2012-05-31 08:25 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-05-31 08:25 - 2012-04-04 12:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-05-22 19:26 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-22 19:26 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-22 19:26 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-22 19:26 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-22 19:26 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-22 19:26 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-22 19:26 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-22 19:26 - 2012-05-15 02:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-22 19:26 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-22 19:26 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-22 19:26 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-22 19:26 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-22 19:26 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-22 19:26 - 2012-05-15 02:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-22 19:26 - 2012-04-18 09:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-05-22 19:26 - 2012-04-18 09:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll


============ 3 Months Modified Files and Folders =============

2012-06-15 15:25 - 2012-06-15 15:24 - 00000000 ____D C:\FRST
2012-06-15 12:21 - 2011-04-16 18:09 - 01243742 ____A C:\Windows\WindowsUpdate.log
2012-06-15 12:15 - 2012-06-14 15:55 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Ryan\Desktop\TDSSKiller.exe
2012-06-15 11:53 - 2012-04-08 20:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-15 11:44 - 2011-04-16 18:39 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-15 11:33 - 2011-05-10 15:57 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001UA.job
2012-06-15 10:38 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-15 10:38 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-15 10:33 - 2011-05-10 15:57 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001Core.job
2012-06-15 10:31 - 2012-06-02 09:11 - 00001568 ____A C:\Windows\setupact.log
2012-06-15 10:31 - 2011-04-16 19:18 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-15 10:31 - 2011-04-16 18:39 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-15 10:31 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-15 10:30 - 2012-06-15 10:30 - 00022568 ____A C:\ComboFix.txt
2012-06-15 10:30 - 2012-06-15 10:19 - 00000000 ____D C:\Qoobox
2012-06-15 10:30 - 2012-06-04 15:04 - 00022568 ____A C:\Users\Ryan\Desktop\Combofix.txt
2012-06-15 10:27 - 2012-06-02 19:59 - 00003462 ____A C:\Windows\PFRO.log
2012-06-15 10:27 - 2012-06-01 13:12 - 00000000 ____D C:\Windows\ERDNT
2012-06-15 10:27 - 2012-03-22 19:22 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-15 10:27 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-15 10:21 - 2012-06-15 10:21 - 00000881 ____A C:\Users\Ryan\Desktop\ComboFix.exe - Shortcut.lnk
2012-06-15 10:05 - 2011-04-16 19:35 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-06-15 10:03 - 2012-06-15 10:03 - 01932256 ____A (Symantec Corporation) C:\Users\Ryan\Desktop\FixTDSS.exe
2012-06-15 09:56 - 2012-06-15 09:55 - 00138432 ____A C:\TDSSKiller.2.7.40.0_15.06.2012_12.55.54_log.txt
2012-06-15 09:55 - 2012-06-15 09:55 - 00000348 ____A C:\TDSSKiller.2.7.39.0_15.06.2012_12.55.26_log.txt
2012-06-15 09:30 - 2012-06-15 09:30 - 00002264 ____A C:\Users\Ryan\Desktop\aswMBR.txt
2012-06-15 09:30 - 2012-06-15 09:30 - 00000512 ____A C:\Users\Ryan\Desktop\MBR.dat
2012-06-15 09:00 - 2012-06-15 09:00 - 00063686 ____A C:\Users\Ryan\Desktop\bootkit_remover_debug_log.txt
2012-06-15 08:42 - 2012-06-01 15:43 - 00016089 ____A C:\Users\Ryan\Desktop\Attach.txt
2012-06-15 08:37 - 2012-06-15 08:37 - 00000000 ____A C:\Users\Ryan\Desktop\gmer.log
2012-06-14 16:44 - 2011-05-10 15:43 - 00007632 ____A C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
2012-06-14 15:55 - 2012-06-14 15:55 - 00138418 ____A C:\TDSSKiller.2.7.39.0_14.06.2012_18.55.29_log.txt
2012-06-14 15:55 - 2012-05-14 09:48 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-06-14 15:54 - 2012-06-14 15:54 - 00000348 ____A C:\TDSSKiller.2.7.36.0_14.06.2012_18.54.50_log.txt
2012-06-14 01:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-13 20:01 - 2009-07-13 20:45 - 04968552 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 19:57 - 2009-07-13 21:13 - 00797284 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-13 19:54 - 2011-05-10 17:11 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 19:44 - 2012-04-08 20:36 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-13 19:44 - 2011-06-08 13:33 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-13 19:41 - 2012-04-04 13:54 - 01780614 ____A C:\Windows\ntbtlog.txt
2012-06-09 13:55 - 2011-05-10 16:21 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\BitTorrent
2012-06-09 12:34 - 2011-11-29 21:02 - 00000000 ____D C:\users\UpdatusUser
2012-06-08 06:30 - 2011-12-20 18:22 - 00000000 ____D C:\Windows\pss
2012-06-06 11:46 - 2011-05-10 21:58 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2012-06-06 11:45 - 2011-05-10 17:34 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-06 09:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-06 09:39 - 2012-06-06 09:37 - 00141698 ____A C:\Users\Ryan\Desktop\TDSSKiller.2.7.36.0_06.06.2012_12.30.10_log.txt
2012-06-06 09:32 - 2012-06-06 09:30 - 00142744 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_12.30.10_log.txt
2012-06-05 19:11 - 2012-06-05 19:11 - 00000000 ____D C:\Users\Ryan\AppData\Local\backburner
2012-06-05 19:11 - 2011-05-10 21:54 - 00000000 ____D C:\Program Files\Autodesk
2012-06-05 19:03 - 2011-12-07 15:12 - 00000000 ____D C:\Users\Ryan\AppData\Local\Autodesk
2012-06-04 16:43 - 2011-05-10 15:32 - 00110056 ____A C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-04 16:41 - 2011-05-10 16:53 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-04 16:40 - 2011-04-16 18:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-06-04 16:40 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2012-06-04 16:40 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-06-04 16:39 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ShellNew
2012-06-04 16:39 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-06-04 16:39 - 2009-07-13 18:34 - 00000387 ____A C:\Windows\win.ini
2012-06-04 16:31 - 2012-06-04 16:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-06-04 16:31 - 2012-06-04 16:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-06-02 20:02 - 2011-05-10 17:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-06-02 18:04 - 2012-06-02 18:04 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-02 18:04 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-06-02 09:11 - 2012-06-02 09:11 - 00000000 ____A C:\Windows\setuperr.log
2012-06-02 03:06 - 2012-06-02 03:06 - 00000829 ____A C:\Users\Ryan\Desktop\eset.txt
2012-06-01 20:01 - 2011-10-07 20:31 - 00000000 ____D C:\Users\All Users\Tarma Installer
2012-06-01 19:57 - 2011-12-05 22:34 - 00000219 ____A C:\0
2012-06-01 17:16 - 2011-05-10 18:00 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-06-01 16:17 - 2012-06-01 16:17 - 00070320 ____A C:\Users\Ryan\Desktop\TDSS.txt
2012-06-01 15:42 - 2012-06-01 15:42 - 00029091 ____A C:\Users\Ryan\Desktop\DDS.txt
2012-06-01 15:28 - 2012-06-01 15:28 - 00002724 ____A C:\Users\Ryan\Desktop\mbam-log-2012-06-01 (18-28-08).txt
2012-06-01 13:24 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-06-01 13:10 - 2011-07-04 14:21 - 00000000 ____D C:\Program Files\Java
2012-06-01 13:00 - 2012-06-01 13:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-01 13:00 - 2012-06-01 13:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-01 13:00 - 2011-05-10 18:34 - 00797064 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-01 13:00 - 2011-05-10 18:34 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-01 12:54 - 2011-04-16 19:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-06-01 12:54 - 2011-04-16 19:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-06-01 12:53 - 2011-09-28 15:03 - 00000000 ____D C:\Program Files\Next Limit
2012-06-01 10:03 - 2011-10-02 13:22 - 00000000 ____D C:\Program Files\Common Files\Softimage
2012-06-01 09:51 - 2011-05-10 21:49 - 00000000 ____D C:\Users\All Users\Autodesk
2012-06-01 09:50 - 2011-12-07 15:09 - 00000000 ____D C:\Users\Ryan\Documents\3dsMax
2012-05-31 21:20 - 2011-06-18 18:38 - 00000000 ____D C:\Windows\AutoKMS
2012-05-31 21:20 - 2011-05-11 19:04 - 00000000 ____D C:\Windows\Minidump
2012-05-31 21:20 - 2009-07-28 21:20 - 00000000 ____D C:\Windows\Log
2012-05-31 20:52 - 2012-05-31 20:52 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-05-31 19:35 - 2011-06-22 12:01 - 00000412 ____A C:\Users\Ryan\AppData\Roaming\All CPU Meter_Settings.ini
2012-05-31 08:25 - 2012-05-31 08:25 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Malwarebytes
2012-05-31 08:25 - 2012-05-31 08:25 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-05-30 21:01 - 2012-05-15 14:08 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Ventrilo
2012-05-30 21:01 - 2012-01-10 18:56 - 00000000 ____D C:\Users\Ryan\AppData\Local\LogMeIn Hamachi
2012-05-30 21:01 - 2011-09-25 17:50 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\TS3Client
2012-05-30 21:01 - 2011-04-16 19:32 - 00000000 ____D C:\ExpressGateUtil
2012-05-30 21:01 - 2011-04-16 19:25 - 00000000 ____D C:\Users\All Users\P4G
2012-05-30 21:01 - 2011-04-16 18:38 - 00000000 ____D C:\Users\All Users\FLEXnet
2012-05-30 21:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-05-30 21:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-05-30 21:00 - 2012-01-03 13:52 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\.minecraft
2012-05-30 21:00 - 2011-05-10 15:33 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Macromedia
2012-05-30 18:14 - 2011-09-22 20:36 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\SHAPE Services
2012-05-30 18:02 - 2011-05-11 04:30 - 00000000 ____D C:\users\Ryan
2012-05-30 18:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-05-30 16:08 - 2012-01-10 10:06 - 00000000 __SHD C:\Users\Ryan\AppData\Local\{acbe5be1-a3ce-caa3-a332-9bffe4c697e7}
2012-05-30 15:01 - 2011-05-13 20:36 - 00000000 ____D C:\Users\Ryan\AppData\Local\ManyCam
2012-05-30 15:01 - 2011-04-16 18:39 - 00000000 ____D C:\Users\All Users\Partner
2012-05-30 15:01 - 2009-07-28 22:03 - 00000000 ____D C:\Windows\Panther
2012-05-30 14:44 - 2011-09-10 17:03 - 00000000 ____D C:\Users\All Users\RegCure
2012-05-22 19:58 - 2011-05-10 21:36 - 00000000 ____D C:\Program Files (x86)\Sony
2012-05-22 19:57 - 2012-04-12 17:49 - 00000000 ____D C:\Users\Ryan\AppData\Local\Windows Live
2012-05-22 19:57 - 2011-06-30 19:00 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Primal Pictures
2012-05-22 19:57 - 2011-06-30 18:56 - 00000000 ____D C:\Program Files (x86)\Primal Pictures
2012-05-22 19:56 - 2012-04-10 19:15 - 00000000 ____D C:\Program Files (x86)\NextUp-Acapela
2012-05-17 18:47 - 2012-06-13 19:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 19:49 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 19:49 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 19:49 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 19:49 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 19:49 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 19:49 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 19:49 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 19:49 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 19:49 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 19:49 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 19:49 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 19:49 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 19:49 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 19:49 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 19:49 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 19:49 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 19:49 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 19:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 19:49 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 19:49 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 19:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 19:49 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 19:49 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 19:49 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 19:49 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 02:48 - 2012-05-22 19:26 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-05-22 19:26 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-05-22 19:26 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-05-22 19:26 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-05-22 19:26 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-05-22 19:26 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-05-22 19:26 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-05-22 19:26 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-05-22 19:26 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-05-22 19:26 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-22 19:26 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-05-22 19:26 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-05-22 19:26 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-22 19:26 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2012-03-15 11:06 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2012-03-15 11:06 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2011-10-26 11:34 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2011-09-22 22:03 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2011-09-22 22:03 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2010-10-28 23:54 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2010-10-28 23:54 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2010-10-28 23:54 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 01:29 - 2010-10-29 03:38 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2010-10-29 03:38 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-05-15 01:29 - 2010-10-29 03:38 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2010-10-29 03:38 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2010-10-29 03:38 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2010-10-29 03:38 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-14 23:21 - 2012-05-14 23:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-14 17:32 - 2012-06-13 19:49 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 10:25 - 2012-05-14 10:25 - 00000000 ____D C:\Users\Ryan\Documents\Diablo III
2012-05-12 02:02 - 2012-05-11 12:33 - 00000000 ____D C:\Users\Ryan\Diablo-III-8370-enUS-Installer
2012-05-10 15:15 - 2011-09-25 17:13 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2012-05-08 15:28 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-07 19:12 - 2012-05-07 19:12 - 00000000 ____D C:\Users\Ryan\Documents\DeadIsland
2012-05-04 18:53 - 2012-04-10 15:53 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 03:06 - 2012-06-13 19:49 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-13 19:49 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-13 19:49 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 19:49 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-13 19:49 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-02 18:31 - 2012-01-21 13:28 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\codeblocks
2012-05-01 18:32 - 2011-10-02 13:39 - 00000000 ____D C:\Users\Ryan\Autodesk
2012-05-01 18:32 - 2011-10-02 13:35 - 00000000 ____D C:\Users\Ryan\Documents\Mudbox
2012-05-01 18:32 - 2011-05-10 21:49 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Autodesk
2012-05-01 18:27 - 2012-05-01 18:27 - 00000000 ____D C:\Users\Ryan\Documents\Inventor Server x64 3dsMax
2012-05-01 18:14 - 2009-07-13 18:34 - 00017717 ____A C:\Windows\System32\Drivers\etc\services
2012-05-01 12:07 - 2012-05-01 12:07 - 00000000 ____D C:\Users\Ryan\AppData\Local\{0F9E2902-4A0B-4941-8FE3-6EC24F0054A6}
2012-04-30 21:40 - 2012-06-13 19:49 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-29 15:11 - 2012-04-29 15:11 - 00004608 ____A C:\Windows\SysWOW64\adesk_patcher64.exe
2012-04-29 14:23 - 2011-05-10 22:16 - 00000000 ____D C:\Users\Ryan\Documents\maya
2012-04-29 14:14 - 2012-04-29 14:14 - 00000000 ____D C:\Users\Ryan\Documents\Inventor Server x64 Direct Connect
2012-04-27 19:55 - 2012-06-13 19:49 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 19:49 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 19:49 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 19:49 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 19:49 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 19:49 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 19:49 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 19:49 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 19:49 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 19:49 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-20 15:07 - 2012-04-20 15:07 - 00000000 ____D C:\Users\All Users\Battle.net
2012-04-18 09:08 - 2012-05-22 19:26 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-04-18 09:08 - 2012-05-22 19:26 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-04-18 09:08 - 2011-11-29 20:57 - 01451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2012-04-15 16:25 - 2012-04-15 16:17 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Notepad++
2012-04-15 16:22 - 2012-04-15 16:22 - 00750488 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-04-15 16:22 - 2011-07-04 14:22 - 00660368 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-04-15 16:22 - 2011-07-04 14:22 - 00264584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-04-15 16:22 - 2011-07-04 14:22 - 00188808 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-04-15 16:22 - 2011-07-04 14:22 - 00188808 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-04-15 16:17 - 2012-04-15 16:17 - 00000000 ____D C:\Program Files (x86)\Notepad++
2012-04-15 15:07 - 2012-04-15 11:00 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\.Nitrous
2012-04-12 17:54 - 2012-04-12 17:49 - 00000000 ____D C:\Users\Ryan\AppData\Local\{323FD260-B43E-462A-8625-5637C01D5FCA}
2012-04-12 17:49 - 2012-04-12 17:49 - 00000000 ____D C:\Users\Ryan\AppData\Local\{F402E7AB-C43D-404F-BBD7-E4EFFA4ABA20}
2012-04-10 18:42 - 2011-07-29 15:21 - 00010752 ____A C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-10 16:40 - 2012-03-12 20:12 - 00000000 ____D C:\Users\Ryan\.VirtualBox
2012-04-10 16:00 - 2011-05-11 04:31 - 00000000 ____D C:\Users\Ryan\AppData\Local\VirtualStore
2012-04-07 04:31 - 2012-06-13 19:49 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-13 19:49 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-04 13:37 - 2012-04-04 13:37 - 00000000 ____D C:\Users\All Users\Acronis
2012-04-04 13:37 - 2012-04-04 13:34 - 04058942 ____A C:\Windows\System32\AcronisTrueImage.msi.txt
2012-04-04 13:37 - 2012-04-04 13:34 - 00263664 ____A C:\Windows\SysWOW64\AcronisTrueImage.msi.txt
2012-04-04 13:25 - 2012-04-04 13:17 - 00000000 ____D C:\Games
2012-04-04 12:56 - 2012-05-31 08:25 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 11:32 - 2009-07-13 21:08 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-04 10:12 - 2012-04-04 09:59 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Acronis
2012-04-04 10:02 - 2012-04-04 10:02 - 01285216 ____A (Acronis) C:\Windows\System32\Drivers\tdrpman.sys
2012-04-04 10:02 - 2012-04-04 10:02 - 00986208 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-04-04 10:01 - 2012-04-04 10:01 - 00310368 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
2012-04-04 10:01 - 2012-04-04 10:01 - 00211040 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys
2012-04-04 10:01 - 2012-04-04 10:01 - 00142944 ____A (Acronis) C:\Windows\System32\Drivers\vsflt61.sys
2012-04-04 10:01 - 2012-04-04 10:01 - 00133728 ____A (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
2012-04-03 11:19 - 2012-04-08 12:16 - 00224048 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2012-04-03 11:19 - 2012-04-08 12:16 - 00130864 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2012-04-03 11:19 - 2012-04-03 11:19 - 00320816 ____A (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
2012-04-03 11:19 - 2012-04-03 11:19 - 00166192 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys
2012-04-03 11:19 - 2012-04-03 11:19 - 00147248 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2012-03-30 03:35 - 2012-05-08 13:56 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-25 21:36 - 2012-03-25 21:36 - 01817088 ____A C:\Windows\SysWOW64\Mcx2Svc.dll
2012-03-25 21:36 - 2012-03-25 21:36 - 00000395 ____A C:\Windows\SysWOW64\Mcx2Svc.ocx
2012-03-23 09:27 - 2011-11-08 13:32 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-03-22 19:22 - 2011-05-10 21:20 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Xilisoft
2012-03-22 19:19 - 2012-03-22 19:18 - 00726016 ____A (Igor Pavlov) C:\Windows\SysWOW64\7z.dll
2012-03-22 19:18 - 2012-03-22 19:18 - 00000000 ____D C:\Users\All Users\Xilisoft
2012-03-22 19:17 - 2012-03-22 19:17 - 00000000 ____D C:\Program Files (x86)\Xilisoft
2012-03-20 17:44 - 2012-03-20 17:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 17:44 - 2012-03-20 17:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys

ZeroAccess:
C:\Windows\Installer\{acbe5be1-a3ce-caa3-a332-9bffe4c697e7}
C:\Windows\Installer\{acbe5be1-a3ce-caa3-a332-9bffe4c697e7}\L

ZeroAccess:
C:\Users\Ryan\AppData\Local\{acbe5be1-a3ce-caa3-a332-9bffe4c697e7}
C:\Users\Ryan\AppData\Local\{acbe5be1-a3ce-caa3-a332-9bffe4c697e7}\@
C:\Users\Ryan\AppData\Local\{acbe5be1-a3ce-caa3-a332-9bffe4c697e7}\L
C:\Users\Ryan\AppData\Local\{acbe5be1-a3ce-caa3-a332-9bffe4c697e7}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8169.17 MB
Available physical RAM: 7298.84 MB
Total Pagefile: 8167.32 MB
Available Pagefile: 7286.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:677.15 GB) (Free:506.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (RYAN'S) (Removable) (Total:14.91 GB) (Free:7.81 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (Downloads) (Fixed) (Total:698.63 GB) (Free:495.33 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 698 GB 1024 KB
Disk 2 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 698 GB 1024 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y Downloads NTFS Partition 698 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 21 GB 1024 KB
Partition 2 Primary 677 GB 21 GB

======================================================================================================

Disk: 1
Partition 1
Type : 1B
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 677 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F RYAN'S FAT32 Removable 14 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-08 07:59

======================= End Of Log ==========================
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 

Attachments

  • fixlist.txt
    197 bytes · Views: 3
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-06-2012 01
Ran by SYSTEM at 2012-06-15 16:25:48 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{acbe5be1-a3ce-caa3-a332-9bffe4c697e7} moved successfully.
C:\Users\Ryan\AppData\Local\{acbe5be1-a3ce-caa3-a332-9bffe4c697e7} moved successfully.

==== End of Fixlog ====
 
There ya go


ComboFix 12-06-15.06 - Ryan 06/15/2012 22:18:43.7.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6146 [GMT -5:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))
.
.
2012-06-16 03:23 . 2012-06-16 03:23--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-06-16 03:23 . 2012-06-16 03:23--------d-----w-c:\users\Default\AppData\Local\temp
2012-06-15 23:24 . 2012-06-15 23:25--------d-----w-C:\FRST
2012-06-15 18:31 . 2012-05-08 15:028955792----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E5A2635-FFD7-4A6E-9FDF-2A900856AAEF}\mpengine.dll
2012-06-14 03:50 . 2012-06-01 21:00927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-14 03:50 . 2012-06-01 21:00927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D44A2B00-2FA0-4744-90F0-37D196CF6029}\gapaengine.dll
2012-06-14 03:50 . 2012-05-08 15:028955792----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-06 03:11 . 2012-06-06 03:11--------d-----w-c:\users\Ryan\AppData\Local\backburner
2012-06-05 00:31 . 2012-06-05 00:31--------d-----w-c:\program files\Microsoft Silverlight
2012-06-05 00:31 . 2012-06-05 00:31--------d-----w-c:\program files (x86)\Microsoft Silverlight
2012-06-03 02:04 . 2012-06-03 02:04--------d-----w-c:\program files (x86)\ESET
2012-06-01 21:00 . 2012-06-01 21:00--------d-----w-c:\program files (x86)\Microsoft Security Client
2012-06-01 21:00 . 2012-06-01 21:00--------d-----w-c:\program files\Microsoft Security Client
2012-06-01 04:52 . 2012-06-01 04:52--------d-----w-C:\TDSSKiller_Quarantine
2012-05-31 16:25 . 2012-05-31 16:25--------d-----w-c:\users\Ryan\AppData\Roaming\Malwarebytes
2012-05-31 16:25 . 2012-05-31 16:25--------d-----w-c:\programdata\Malwarebytes
2012-05-31 16:25 . 2012-04-04 20:5624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-05-31 00:07 . 2012-05-31 00:07--------d-----w-c:\windows\system32\wbem\Logs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 03:23 . 2011-04-17 03:3545056----a-w-c:\windows\system32\acovcnt.exe
2012-06-14 03:44 . 2012-04-09 04:36426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 03:44 . 2011-06-08 21:3370344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 10:48 . 2012-03-15 19:0668928----a-w-c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-03-15 19:0661248----a-w-c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-10-26 19:3415322432----a-w-c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-09-23 06:031738048----a-w-c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-09-23 06:031468224----a-w-c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2010-10-29 07:542741568----a-w-c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2010-10-29 07:5410194752----a-w-c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2010-10-29 11:38889664----a-w-c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-10-29 11:3863296----a-w-c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-10-29 11:382561856----a-w-c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2010-10-29 11:38118080----a-w-c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-10-29 11:383149632----a-w-c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-10-29 11:386151488----a-w-c:\windows\system32\nvcpl.dll
2012-05-15 07:21 . 2012-05-15 07:21423744----a-w-c:\windows\SysWow64\nvStreaming.exe
2012-05-05 02:53 . 2012-04-10 23:538744608----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-29 23:11 . 2012-04-29 23:114608----a-w-c:\windows\SysWow64\adesk_patcher64.exe
2012-04-18 17:08 . 2011-11-30 04:571451840----a-w-c:\windows\system32\nvhdagenco6420103.dll
2012-04-16 00:22 . 2012-04-16 00:22750488----a-w-c:\windows\system32\npdeployJava1.dll
2012-04-16 00:22 . 2011-07-04 22:22660368----a-w-c:\windows\system32\deployJava1.dll
2012-04-04 18:02 . 2012-04-04 18:021285216----a-w-c:\windows\system32\drivers\tdrpman.sys
2012-04-04 18:02 . 2012-04-04 18:02986208----a-w-c:\windows\system32\drivers\timntr.sys
2012-04-04 18:01 . 2012-04-04 18:01211040----a-w-c:\windows\system32\drivers\vididr.sys
2012-04-04 18:01 . 2012-04-04 18:01142944----a-w-c:\windows\system32\drivers\vsflt61.sys
2012-04-04 18:01 . 2012-04-04 18:01310368----a-w-c:\windows\system32\drivers\snapman.sys
2012-04-04 18:01 . 2012-04-04 18:01133728----a-w-c:\windows\system32\drivers\fltsrv.sys
2012-04-03 19:19 . 2012-04-08 20:16224048----a-w-c:\windows\system32\drivers\VBoxDrv.sys
2012-04-03 19:19 . 2012-04-08 20:16130864----a-w-c:\windows\system32\drivers\VBoxUSBMon.sys
2012-04-03 19:19 . 2012-04-03 19:19166192----a-w-c:\windows\system32\drivers\VBoxNetFlt.sys
2012-04-03 19:19 . 2012-04-03 19:19147248----a-w-c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-03 19:19 . 2012-04-03 19:19320816----a-w-c:\windows\system32\VBoxNetFltNobj.dll
2012-03-30 11:35 . 2012-05-08 21:561918320----a-w-c:\windows\system32\drivers\tcpip.sys
2012-03-26 05:36 . 2012-03-26 05:361817088----a-w-c:\windows\SysWow64\Mcx2Svc.dll
2012-03-23 03:19 . 2012-03-23 03:18726016----a-w-c:\windows\SysWow64\7z.dll
2012-03-21 01:44 . 2012-03-21 01:4498688----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2012-03-21 01:44203888----a-w-c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-15_18.27.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-17 03:17 . 2012-06-15 18:3395548 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-16 03:1638630 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-11 12:32 . 2012-06-16 03:1624586 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2388485762-2462165164-2089254216-1001_UserData.bin
+ 2011-05-24 05:00 . 2012-06-15 21:244778 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-06-16 03:23 . 2012-06-16 03:232048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-15 18:27 . 2012-06-15 18:272048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-11 21:57 . 2012-06-16 00:37412590 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-06-15 18:27472428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-16 03:23472428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-17 03:33 . 2012-06-15 18:273085920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-17 03:33 . 2012-06-16 03:233085920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-05-11 02:47 . 2012-06-15 18:2711774564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2388485762-2462165164-2089254216-1001-8192.dat
+ 2011-05-11 02:47 . 2012-06-16 03:2311774564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2388485762-2462165164-2089254216-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="e:\malwarebytes' anti-malware\mbamgui.exe" [2012-04-04 462408]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-04-17 3058304]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-09-08 905216]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-10-15 84464]
.
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
mbam.exe - Shortcut.lnk - e:\malwarebytes' anti-malware\mbam.exe [2012-5-31 981672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 135664]
R2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257224]
R3 ALSysIO;ALSysIO;c:\users\Ryan\AppData\Local\Temp\ALSysIO64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-04-17 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-17 79360]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 DxkgFilter;Filtering Dxkg;c:\program files (x86)\iDisplay\idisplay.sys [x]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-29 1432400]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
R3 iDispService;iDispService;c:\windows\system32\DRIVERS\idisplayminiport.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver 02/04/2012 0.0.0.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-03-16 531328]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x]
S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 03:44]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 02:39]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 02:39]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001Core.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 23:57]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388485762-2462165164-2089254216-1001UA.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 23:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-22 11075176]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-15 22:26:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-16 03:26
ComboFix2.txt 2012-06-15 18:30
ComboFix3.txt 2012-06-04 23:04
.
Pre-Run: 543,988,060,160 bytes free
Post-Run: 543,966,355,456 bytes free
.
- - End Of File - - 73EB520D17B71D35DE43BE0A4B2E77F8
 
You're definitely infected with ZeroAccess rootkit but that's gone by now.

What EXACTLY is MBAM reporting?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
This is what MBAM is popping up with. It basically alternates between the 2 every 3 mins

2012/06/15 21:46:54 -0500TERMINATORRyanIP-BLOCK93.170.52.20 (Type: outgoing, Port: 49427, Process: svchost.exe)
2012/06/15 21:49:58 -0500TERMINATORRyanIP-BLOCK112.175.243.24 (Type: outgoing, Port: 49428, Process: svchost.exe)
2012/06/15 21:52:54 -0500TERMINATORRyanIP-BLOCK95.215.1.248 (Type: outgoing, Port: 49430, Process: svchost.exe)
2012/06/15 21:55:58 -0500TERMINATORRyanIP-BLOCK112.175.243.21 (Type: outgoing, Port: 49431, Process: svchost.exe)
2012/06/15 22:01:58 -0500TERMINATORRyanIP-BLOCK112.175.243.21 (Type: outgoing, Port: 49437, Process: svchost.exe)
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back