Solved Virus "Win64/Patched.A" problem

ixChibita · Sep 14, 2012

I keep getting an alert from AVG that my file name: c:\Windows\System32\services.exe being infected by the virus Win64/Patched.A

I also ran MalwareBytes and it keeps detecting the file name: C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000CB.@
It won't go away! I've restart my computer a lot of times and it still pops up.

I was gonna follow the steps from this thread:
https://www.techspot.com/community/topics/win64-patched-a-gen-problem.183391/

But I read the notice about the "fixlist.txt" file. I'm pretty much stuck on that part..

I'm not really good with computers so I really need someone's help. Thanks in advance...

Broni · Sep 14, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================================

Never follow any advice from other topics!

What Windows version is it?

ixChibita · Sep 14, 2012

It's Windows 7 Home Premium

Broni · Sep 14, 2012

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt

ixChibita · Sep 14, 2012

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2012 01
Ran by SYSTEM at 14-09-2012 19:57:16
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11075176 2010-07-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [40448 2011-01-21] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe [3058304 2011-07-23] (ASUS)
HKLM-x32\...\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r [907776 2011-01-28] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [84464 2010-10-15] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-08-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)
HKU\Izzy\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1353080 2012-08-10] (Valve Corporation)
HKU\Izzy\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Services ====================

2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
3 Autodesk Network Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [1539224 2008-06-13] (Autodesk, Inc.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [2232504 2012-07-02] (Giraffic)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-08-29] (LogMeIn Inc.)
2 Kodak AiO Status Monitor Service; "C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe" [777728 2012-06-19] (Eastman Kodak Company)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)

==================== Drivers =================================

1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-26] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [50176 2011-01-21] (Fresco Logic)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()

==================== NetSvcs (Whitelisted) =================

==================== One Month Created Files and Folders ======================

2012-09-14 18:41 - 2012-09-14 18:41 - 01453821 ____A (Farbar) C:\Users\Izzy\Downloads\FRST64.exe
2012-09-14 16:39 - 2012-09-14 19:57 - 00000000 ____D C:\FRST
2012-09-14 16:39 - 2012-09-14 16:39 - 00903858 ____A (Farbar) C:\Users\Izzy\Downloads\FRST.exe
2012-09-14 16:17 - 2012-09-14 16:17 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
2012-09-14 16:17 - 2012-09-14 16:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG2012
2012-09-14 16:17 - 2012-09-14 16:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2012-09-14 16:17 - 2012-09-14 16:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2012-09-14 16:17 - 2012-09-14 16:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\Power2Go
2012-09-14 16:17 - 2012-09-14 16:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
2012-09-14 16:17 - 2012-09-14 16:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
2012-09-14 16:17 - 2012-09-14 16:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2012-09-14 16:15 - 2012-09-14 16:16 - 00000000 ____D C:\users\Administrator
2012-09-14 16:15 - 2012-09-14 16:15 - 00000020 __ASH C:\Users\Administrator\ntuser.ini
2012-09-14 16:15 - 2012-09-14 16:15 - 00000000 ____D C:\Users\Administrator\AppData\Local\Eastman Kodak Company
2012-09-14 16:15 - 2012-08-12 23:00 - 00000000 ____D C:\Users\Administrator\AppData\Local\Eastman_Kodak_Company
2012-09-14 16:15 - 2012-08-12 22:55 - 00800824 ____A (Microsoft Corporation) C:\Users\Administrator\AppData\Roaming\DPInst.exe
2012-09-14 16:15 - 2012-08-12 22:55 - 00106496 ____A (Microsoft Corporation) C:\Users\Administrator\AppData\Roaming\gacutil.exe
2012-09-14 16:15 - 2012-08-12 22:55 - 00036352 ____A (Microsoft Corporation) C:\Users\Administrator\AppData\Roaming\PnPutil.exe
2012-09-14 16:15 - 2012-08-12 22:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\KODAK AiO Home Center868939787
2012-09-14 16:15 - 2012-07-05 02:01 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2012-09-14 16:15 - 2011-10-27 04:18 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2012-09-14 04:07 - 2012-09-14 14:53 - 00000000 ____D C:\Users\Izzy\Desktop\DeLETE'
2012-09-13 19:58 - 2012-09-13 20:04 - 967133881 ____A C:\Users\Izzy\Desktop\Project Birthday.rar
2012-09-13 19:49 - 2012-09-13 19:50 - 253578414 ____A C:\Users\Izzy\Desktop\NEEDS RE-UPLOAD.rar
2012-09-13 19:39 - 2012-09-13 19:39 - 00000000 ____D C:\Users\Izzy\AppData\Local\{8E80C27D-D035-46C6-B5FC-C92B5515ECA3}
2012-09-13 13:42 - 2012-09-13 13:42 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-09-13 00:46 - 2012-09-13 00:46 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-13 00:46 - 2012-09-13 00:46 - 00000000 ____D C:\Users\Izzy\AppData\Roaming\Malwarebytes
2012-09-13 00:46 - 2012-09-13 00:46 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-13 00:46 - 2012-09-13 00:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-13 00:46 - 2012-09-07 16:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-13 00:45 - 2012-09-13 00:45 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Izzy\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-12 23:14 - 2012-09-12 23:14 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-09-10 13:28 - 2012-09-13 13:41 - 00014906 ____A C:\Windows\PFRO.log
2012-09-08 18:09 - 2012-09-14 16:28 - 00001400 ____A C:\Windows\setupact.log
2012-09-08 18:09 - 2012-09-08 18:09 - 00000000 ____A C:\Windows\setuperr.log
2012-09-05 23:50 - 2012-09-09 14:00 - 00496176 ____A C:\Users\Izzy\Desktop\terrain Up'd.psd
2012-09-02 20:07 - 2012-09-02 20:07 - 00001130 ____A C:\Users\Izzy\Desktop\bin - Shortcut.lnk
2012-08-29 15:43 - 2012-08-29 15:43 - 00000000 ____D C:\Users\Izzy\AppData\Local\{C39526D5-7015-4E56-AFCD-7F8F3A5BC4A7}
2012-08-24 14:43 - 2012-08-24 14:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-08-20 11:53 - 2012-08-20 11:53 - 00000000 ____A C:\Users\Izzy\angry guide.txt
2012-08-15 02:04 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-08-15 02:03 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 02:03 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 02:03 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 02:03 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 02:03 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 02:03 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 02:03 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 02:03 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 02:03 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 02:03 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 02:03 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 02:03 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 02:03 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 02:03 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-15 02:03 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-15 02:03 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-15 02:03 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-15 02:03 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-15 02:03 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-15 02:03 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-15 02:03 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-15 02:03 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-15 02:03 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-15 02:03 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-15 02:03 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-15 02:03 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-15 02:03 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-15 02:03 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

==================== 3 Months Modified Files ================================

2012-09-14 18:47 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-14 18:47 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-14 18:41 - 2012-09-14 18:41 - 01453821 ____A (Farbar) C:\Users\Izzy\Downloads\FRST64.exe
2012-09-14 18:19 - 2011-11-19 11:14 - 00000956 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3981002906-2824195051-769039350-1003UA.job
2012-09-14 18:04 - 2012-04-18 20:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-14 17:42 - 2011-11-19 12:37 - 00000976 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3981002906-2824195051-769039350-1003UA.job
2012-09-14 16:42 - 2009-07-13 21:13 - 00896030 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-14 16:39 - 2012-09-14 16:39 - 00903858 ____A (Farbar) C:\Users\Izzy\Downloads\FRST.exe
2012-09-14 16:28 - 2012-09-08 18:09 - 00001400 ____A C:\Windows\setupact.log
2012-09-14 16:28 - 2011-10-27 06:40 - 00000292 ____A C:\Windows\Tasks\AutoKMS.job
2012-09-14 16:28 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-14 16:15 - 2012-09-14 16:15 - 00000020 __ASH C:\Users\Administrator\ntuser.ini
2012-09-14 12:38 - 2011-11-19 12:37 - 00000954 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3981002906-2824195051-769039350-1003Core.job
2012-09-14 12:38 - 2011-11-19 11:14 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3981002906-2824195051-769039350-1003Core.job
2012-09-13 20:04 - 2012-09-13 19:58 - 967133881 ____A C:\Users\Izzy\Desktop\Project Birthday.rar
2012-09-13 19:50 - 2012-09-13 19:49 - 253578414 ____A C:\Users\Izzy\Desktop\NEEDS RE-UPLOAD.rar
2012-09-13 13:44 - 2012-01-18 18:21 - 01469887 ____A C:\Windows\WindowsUpdate.log
2012-09-13 13:41 - 2012-09-10 13:28 - 00014906 ____A C:\Windows\PFRO.log
2012-09-13 00:46 - 2012-09-13 00:46 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-13 00:45 - 2012-09-13 00:45 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Izzy\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-10 13:36 - 2011-10-26 18:54 - 00000967 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-09-10 13:29 - 2011-10-27 06:36 - 00151552 ____A C:\Windows\KMSEmulator.exe
2012-09-09 14:01 - 2011-11-26 21:48 - 00000132 ____A C:\Users\Izzy\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-09-09 14:00 - 2012-09-05 23:50 - 00496176 ____A C:\Users\Izzy\Desktop\terrain Up'd.psd
2012-09-08 18:09 - 2012-09-08 18:09 - 00000000 ____A C:\Windows\setuperr.log
2012-09-07 16:04 - 2012-09-13 00:46 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-02 20:07 - 2012-09-02 20:07 - 00001130 ____A C:\Users\Izzy\Desktop\bin - Shortcut.lnk
2012-08-26 16:58 - 2012-04-18 20:35 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-26 16:58 - 2011-10-30 06:36 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-24 14:43 - 2012-08-24 14:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-08-20 11:53 - 2012-08-20 11:53 - 00000000 ____A C:\Users\Izzy\angry guide.txt
2012-08-19 12:31 - 2011-11-27 14:35 - 00001223 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
2012-08-19 12:27 - 2012-01-17 22:56 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-15 02:09 - 2009-07-13 20:45 - 05042296 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 02:00 - 2011-10-26 19:55 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-14 16:52 - 2012-08-14 16:52 - 00000045 ____A C:\Users\Izzy\cmref.txt
2012-08-12 22:59 - 2012-08-12 22:59 - 00002158 ____A C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
2012-08-12 22:55 - 2012-09-14 16:15 - 00800824 ____A (Microsoft Corporation) C:\Users\Administrator\AppData\Roaming\DPInst.exe
2012-08-12 22:55 - 2012-09-14 16:15 - 00106496 ____A (Microsoft Corporation) C:\Users\Administrator\AppData\Roaming\gacutil.exe
2012-08-12 22:55 - 2012-09-14 16:15 - 00036352 ____A (Microsoft Corporation) C:\Users\Administrator\AppData\Roaming\PnPutil.exe
2012-08-12 22:55 - 2012-08-12 22:55 - 00800824 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\DPInst.exe
2012-08-12 22:55 - 2012-08-12 22:55 - 00800824 ____A (Microsoft Corporation) C:\Users\Default User\AppData\Roaming\DPInst.exe
2012-08-12 22:55 - 2012-08-12 22:55 - 00106496 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\gacutil.exe
2012-08-12 22:55 - 2012-08-12 22:55 - 00106496 ____A (Microsoft Corporation) C:\Users\Default User\AppData\Roaming\gacutil.exe
2012-08-12 22:55 - 2012-08-12 22:55 - 00036352 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\PnPutil.exe
2012-08-12 22:55 - 2012-08-12 22:55 - 00036352 ____A (Microsoft Corporation) C:\Users\Default User\AppData\Roaming\PnPutil.exe
2012-08-05 20:26 - 2012-08-05 20:26 - 00002376 ____A C:\Users\Izzy\Documents\MumbleAutomaticCertificateBackup.p12
2012-08-05 20:12 - 2012-08-05 20:12 - 00001016 ____A C:\Users\Public\Desktop\Mumble.lnk
2012-08-03 20:27 - 2012-08-03 20:27 - 00000030 ____A C:\Users\Izzy\coords.txt
2012-07-29 05:46 - 2012-07-29 05:46 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2012-07-29 05:10 - 2012-07-29 05:10 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-26 02:21 - 2012-07-26 02:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-07-23 14:59 - 2011-11-27 14:47 - 00024960 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-07-18 10:15 - 2012-08-14 15:36 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 15:08 - 2009-07-13 21:08 - 00032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-06 12:07 - 2012-08-15 02:04 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-05 02:04 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-07-04 14:16 - 2012-08-14 15:36 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-14 15:36 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-14 15:36 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-14 15:36 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-14 15:36 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-30 15:06 - 2012-06-30 15:06 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-06-30 15:06 - 2012-06-30 15:06 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-30 15:06 - 2012-06-30 15:06 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-30 15:02 - 2012-06-30 15:02 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-30 15:02 - 2012-06-30 15:02 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-30 15:02 - 2012-06-30 15:02 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-30 15:01 - 2012-06-30 15:01 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-30 15:01 - 2012-06-30 15:01 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-30 15:01 - 2012-06-30 15:01 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-30 15:00 - 2012-06-30 15:00 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-30 15:00 - 2012-06-30 15:00 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-30 15:00 - 2012-06-30 15:00 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-30 15:00 - 2012-06-30 15:00 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-30 15:00 - 2012-06-30 15:00 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-30 15:00 - 2012-06-30 15:00 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-30 05:47 - 2012-06-30 05:46 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
2012-06-28 20:55 - 2012-08-15 02:03 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-15 02:03 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-15 02:03 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-15 02:03 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-15 02:03 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-15 02:03 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-15 02:03 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-15 02:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-15 02:03 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-15 02:03 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-15 02:03 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-15 02:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-15 02:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-15 02:03 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-15 02:03 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-15 02:03 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-15 02:03 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-15 02:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-15 02:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-15 02:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 02:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-15 02:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 02:03 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-15 02:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 02:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-15 02:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 02:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 02:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-22 10:05 - 2012-05-24 03:55 - 00001400 ____A C:\Users\Izzy\Desktop\Free YouTube to MP3 Converter.lnk
2012-06-22 10:05 - 2012-05-23 03:34 - 00001241 ____A C:\Users\Izzy\Desktop\DVDVideoSoft Free Studio.lnk
2012-06-22 09:23 - 2012-05-23 03:34 - 00001304 ____A C:\Users\Izzy\Desktop\Free YouTube Download.lnk
2012-06-18 22:00 - 2012-06-04 00:01 - 00000132 ____A C:\Users\Izzy\AppData\Roaming\Adobe Targa Format CS5 Prefs

ZeroAccess:
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L\00000004.@
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L\201d3dde
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000004.@
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000008.@
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.@
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000000.@
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000032.@
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-13 13:45:51

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8169.17 MB
Available physical RAM: 7373.02 MB
Total Pagefile: 8167.32 MB
Available Pagefile: 7368.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions ============================

1 Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:41.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:252.01 GB) NTFS
4 Drive f: (IZZY) (Removable) (Total:3.73 GB) (Free:0.72 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 186 GB 25 GB
Partition 0 Extended 254 GB 211 GB
Partition 3 Logical 254 GB 211 GB

==================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 186 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 254 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 564 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F IZZY FAT32 Removable 3823 MB Healthy

==================================================================================

Last Boot: 2012-09-13 12:14

==================== End Of Log =============================

ixChibita · Sep 14, 2012

Search.txt

Farbar Recovery Scan Tool (x64) Version: 14-09-2012 01
Ran by SYSTEM at 2012-09-14 19:59:26
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

Broni · Sep 14, 2012

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally....

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

===============================

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

ixChibita · Sep 14, 2012

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-09-2012 01
Ran by SYSTEM at 2012-09-14 20:44:14 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdReg Value deleted successfully.
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

ixChibita · Sep 15, 2012

RKreport

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Izzy [Admin rights]
Mode : Scan -- Date : 09/14/2012 20:53:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][BLACKLIST DLL] HKLM\[...]\Run : THXCfg64 (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 1adc24914383b501ac1193c37206dec8
[BSP] a6dfcef95bdca6f6c690eb797753f4a9 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 190776 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 443140096 | Size: 260562 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: UFD USB Flash Drive USB Device +++++
--- User ---
[MBR] a584f0680bd8820fcb30d0bb2367609e
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1128 | Size: 3823 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

ixChibita · Sep 15, 2012

By the way I have a question about the RogueKiller, when I clicked the close button it said "No items have been delete. Do you really want to quit?"

Do you want me to delete the items or leave it as is?

I'm currently running the aswMBR.

ixChibita · Sep 15, 2012

aswMBR

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 20:55:43
-----------------------------
20:55:43.372 OS Version: Windows x64 6.1.7601 Service Pack 1
20:55:43.372 Number of processors: 8 586 0x2A07
20:55:43.372 ComputerName: IZZY-PC UserName: Izzy
20:55:44.772 Initialize success
20:56:45.191 AVAST engine defs: 12091400
20:56:53.561 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:56:53.561 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
20:56:53.571 Disk 0 MBR read successfully
20:56:53.581 Disk 0 MBR scan
20:56:53.581 Disk 0 Windows 7 default MBR code
20:56:53.591 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
20:56:53.601 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 190776 MB offset 52430848
20:56:53.611 Disk 0 Partition - 00 0F Extended LBA 260562 MB offset 443140096
20:56:53.631 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 260561 MB offset 443142144
20:56:53.661 Disk 0 scanning C:\Windows\system32\drivers
20:57:03.701 Service scanning
20:57:23.184 Modules scanning
20:57:23.184 Disk 0 trace - called modules:
20:57:23.200 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:57:23.215 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077dd790]
20:57:23.215 3 CLASSPNP.SYS[fffff88001bb443f] -> nt!IofCallDriver -> [0xfffffa80072494c0]
20:57:23.215 5 ACPI.sys[fffff88000f617a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800724d050]
20:57:23.980 AVAST engine scan C:\Windows
20:57:25.793 AVAST engine scan C:\Windows\system32
21:00:35.733 AVAST engine scan C:\Windows\system32\drivers
21:00:47.024 AVAST engine scan C:\Users\Izzy
21:04:27.213 AVAST engine scan C:\ProgramData
21:06:41.429 Scan finished successfully
21:07:34.100 Disk 0 MBR has been saved successfully to "C:\Users\Izzy\Desktop\MBR.dat"
21:07:34.110 The log file has been saved successfully to "C:\Users\Izzy\Desktop\aswMBR.txt"

Broni · Sep 15, 2012

Do nothing more than instructed.
You missed TDSSKiller which you should have run first.

ixChibita · Sep 15, 2012

Ooops! I did run the TDSSKiller first, I just I forgot to post it! Sorry >_<

Here it is:
20:49:41.0151 5392 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:49:41.0561 5392 ============================================================
20:49:41.0561 5392 Current date / time: 2012/09/14 20:49:41.0561
20:49:41.0561 5392 SystemInfo:
20:49:41.0561 5392
20:49:41.0561 5392 OS Version: 6.1.7601 ServicePack: 1.0
20:49:41.0561 5392 Product type: Workstation
20:49:41.0561 5392 ComputerName: IZZY-PC
20:49:41.0561 5392 UserName: Izzy
20:49:41.0561 5392 Windows directory: C:\Windows
20:49:41.0561 5392 System windows directory: C:\Windows
20:49:41.0561 5392 Running under WOW64
20:49:41.0561 5392 Processor architecture: Intel x64
20:49:41.0561 5392 Number of processors: 8
20:49:41.0561 5392 Page size: 0x1000
20:49:41.0561 5392 Boot type: Normal boot
20:49:41.0561 5392 ============================================================
20:49:43.0341 5392 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:49:43.0351 5392 Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:49:43.0351 5392 ============================================================
20:49:43.0351 5392 \Device\Harddisk0\DR0:
20:49:43.0351 5392 MBR partitions:
20:49:43.0351 5392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
20:49:43.0371 5392 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
20:49:43.0371 5392 \Device\Harddisk1\DR1:
20:49:43.0371 5392 MBR partitions:
20:49:43.0371 5392 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x468, BlocksNum 0x777B98
20:49:43.0371 5392 ============================================================
20:49:43.0401 5392 C: <-> \Device\Harddisk0\DR0\Partition1
20:49:43.0451 5392 D: <-> \Device\Harddisk0\DR0\Partition2
20:49:43.0451 5392 ============================================================
20:49:43.0451 5392 Initialize success
20:49:43.0451 5392 ============================================================
20:49:45.0671 5916 ============================================================
20:49:45.0671 5916 Scan started
20:49:45.0671 5916 Mode: Manual;

ixChibita · Sep 15, 2012

45.0671 5916 ============================================================
20:49:46.0408 5916 ================ Scan system memory ========================
20:49:46.0408 5916 System memory - ok
20:49:46.0408 5916 ================ Scan services =============================
20:49:46.0642 5916 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:49:46.0658 5916 1394ohci - ok
20:49:46.0678 5916 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:49:46.0678 5916 ACPI - ok
20:49:46.0688 5916 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:49:46.0688 5916 AcpiPmi - ok
20:49:46.0798 5916 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:49:46.0798 5916 AdobeARMservice - ok
20:49:46.0888 5916 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:49:46.0888 5916 AdobeFlashPlayerUpdateSvc - ok
20:49:46.0908 5916 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:49:46.0918 5916 adp94xx - ok
20:49:46.0928 5916 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:49:46.0938 5916 adpahci - ok
20:49:46.0948 5916 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:49:46.0948 5916 adpu320 - ok
20:49:47.0008 5916 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
20:49:47.0008 5916 AdvancedSystemCareService5 - ok
20:49:47.0028 5916 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:49:47.0028 5916 AeLookupSvc - ok
20:49:47.0068 5916 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:49:47.0068 5916 AFD - ok
20:49:47.0088 5916 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:49:47.0088 5916 agp440 - ok
20:49:47.0098 5916 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:49:47.0108 5916 ALG - ok
20:49:47.0118 5916 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:49:47.0118 5916 aliide - ok
20:49:47.0118 5916 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:49:47.0118 5916 amdide - ok
20:49:47.0128 5916 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:49:47.0128 5916 AmdK8 - ok
20:49:47.0138 5916 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:49:47.0138 5916 AmdPPM - ok
20:49:47.0158 5916 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:49:47.0168 5916 amdsata - ok
20:49:47.0178 5916 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:49:47.0188 5916 amdsbs - ok
20:49:47.0198 5916 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:49:47.0198 5916 amdxata - ok
20:49:47.0238 5916 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
20:49:47.0238 5916 AppHostSvc - ok
20:49:47.0248 5916 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:49:47.0258 5916 AppID - ok
20:49:47.0268 5916 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:49:47.0268 5916 AppIDSvc - ok
20:49:47.0278 5916 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:49:47.0278 5916 Appinfo - ok
20:49:47.0298 5916 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
20:49:47.0298 5916 arc - ok
20:49:47.0308 5916 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:49:47.0318 5916 arcsas - ok
20:49:47.0358 5916 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
20:49:47.0358 5916 ASLDRService - ok
20:49:47.0378 5916 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
20:49:47.0378 5916 ASMMAP64 - ok
20:49:47.0458 5916 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:49:47.0488 5916 aspnet_state - ok
20:49:47.0498 5916 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:49:47.0498 5916 AsyncMac - ok
20:49:47.0508 5916 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:49:47.0508 5916 atapi - ok
20:49:47.0558 5916 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:49:47.0628 5916 athr - ok
20:49:47.0638 5916 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
20:49:47.0638 5916 ATKGFNEXSrv - ok
20:49:47.0658 5916 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
20:49:47.0658 5916 ATKWMIACPIIO - ok
20:49:47.0688 5916 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:49:47.0698 5916 AudioEndpointBuilder - ok
20:49:47.0718 5916 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:49:47.0728 5916 AudioSrv - ok
20:49:47.0788 5916 [ 916ADB4B96365A4374D0933468533049 ] Autodesk Network Licensing Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
20:49:47.0818 5916 Autodesk Network Licensing Service - ok
20:49:47.0948 5916 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
20:49:47.0968 5916 AVGIDSAgent - ok
20:49:48.0018 5916 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:49:48.0018 5916 AVGIDSDriver - ok
20:49:48.0038 5916 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
20:49:48.0038 5916 AVGIDSFilter - ok
20:49:48.0068 5916 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
20:49:48.0068 5916 AVGIDSHA - ok
20:49:48.0108 5916 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
20:49:48.0108 5916 Avgldx64 - ok
20:49:48.0118 5916 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
20:49:48.0118 5916 Avgmfx64 - ok
20:49:48.0158 5916 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
20:49:48.0158 5916 Avgrkx64 - ok
20:49:48.0168 5916 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
20:49:48.0178 5916 Avgtdia - ok
20:49:48.0208 5916 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:49:48.0208 5916 avgwd - ok
20:49:48.0228 5916 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:49:48.0228 5916 AxInstSV - ok
20:49:48.0258 5916 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:49:48.0268 5916 b06bdrv - ok
20:49:48.0288 5916 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:49:48.0288 5916 b57nd60a - ok
20:49:48.0308 5916 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:49:48.0308 5916 BDESVC - ok
20:49:48.0318 5916 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:49:48.0318 5916 Beep - ok
20:49:48.0338 5916 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:49:48.0338 5916 blbdrive - ok
20:49:48.0358 5916 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:49:48.0368 5916 bowser - ok
20:49:48.0378 5916 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:49:48.0378 5916 BrFiltLo - ok
20:49:48.0398 5916 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:49:48.0398 5916 BrFiltUp - ok
20:49:48.0428 5916 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:49:48.0438 5916 Browser - ok
20:49:48.0448 5916 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:49:48.0458 5916 Brserid - ok
20:49:48.0468 5916 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:49:48.0468 5916 BrSerWdm - ok
20:49:48.0488 5916 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:49:48.0488 5916 BrUsbMdm - ok
20:49:48.0488 5916 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:49:48.0488 5916 BrUsbSer - ok
20:49:48.0528 5916 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:49:48.0528 5916 BthEnum - ok
20:49:48.0548 5916 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:49:48.0548 5916 BTHMODEM - ok
20:49:48.0568 5916 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:49:48.0568 5916 BthPan - ok
20:49:48.0588 5916 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:49:48.0598 5916 BTHPORT - ok
20:49:48.0608 5916 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:49:48.0618 5916 bthserv - ok
20:49:48.0628 5916 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:49:48.0638 5916 BTHUSB - ok
20:49:48.0658 5916 [ D3466F77C2C49C6E393BA5FBA963A33E ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
20:49:48.0658 5916 btusbflt - ok
20:49:48.0688 5916 [ A72A9101F9730DB7332714E566614E4D ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
20:49:48.0688 5916 btwaudio - ok
20:49:48.0738 5916 [ 5CEEC634B617525F2B6AD29F871033F7 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
20:49:48.0738 5916 btwavdt - ok
20:49:48.0808 5916 [ 4E63C48E7328A11ED0E9075C18FCE782 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:49:48.0808 5916 btwdins - ok
20:49:48.0818 5916 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
20:49:48.0818 5916 btwl2cap - ok
20:49:48.0828 5916 [ 2AF5604D28BEF77B7CF4B9D232FE7CD3 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
20:49:48.0828 5916 btwrchid - ok
20:49:48.0848 5916 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:49:48.0848 5916 cdfs - ok
20:49:48.0878 5916 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:49:48.0878 5916 cdrom - ok
20:49:48.0898 5916 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:49:48.0898 5916 CertPropSvc - ok
20:49:48.0928 5916 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
20:49:48.0928 5916 circlass - ok
20:49:48.0948 5916 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:49:48.0948 5916 CLFS - ok
20:49:48.0998 5916 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:49:49.0008 5916 clr_optimization_v2.0.50727_32 - ok
20:49:49.0038 5916 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:49:49.0048 5916 clr_optimization_v2.0.50727_64 - ok
20:49:49.0088 5916 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:49:49.0148 5916 clr_optimization_v4.0.30319_32 - ok
20:49:49.0168 5916 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:49:49.0188 5916 clr_optimization_v4.0.30319_64 - ok
20:49:49.0228 5916 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:49:49.0228 5916 CmBatt - ok
20:49:49.0238 5916 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:49:49.0238 5916 cmdide - ok
20:49:49.0288 5916 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:49:49.0288 5916 CNG - ok
20:49:49.0298 5916 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:49:49.0298 5916 Compbatt - ok
20:49:49.0308 5916 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:49:49.0308 5916 CompositeBus - ok
20:49:49.0308 5916 COMSysApp - ok
20:49:49.0328 5916 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:49:49.0338 5916 crcdisk - ok
20:49:49.0358 5916 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
20:49:49.0368 5916 Creative ALchemy AL6 Licensing Service - ok
20:49:49.0368 5916 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
20:49:49.0378 5916 Creative Audio Engine Licensing Service - ok
20:49:49.0408 5916 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:49:49.0418 5916 CryptSvc - ok
20:49:49.0438 5916 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:49:49.0448 5916 DcomLaunch - ok
20:49:49.0468 5916 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:49:49.0478 5916 defragsvc - ok
20:49:49.0488 5916 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:49:49.0488 5916 DfsC - ok
20:49:49.0508 5916 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:49:49.0508 5916 Dhcp - ok
20:49:49.0518 5916 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:49:49.0518 5916 discache - ok
20:49:49.0528 5916 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
20:49:49.0528 5916 Disk - ok
20:49:49.0558 5916 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:49:49.0558 5916 Dnscache - ok
20:49:49.0568 5916 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:49:49.0578 5916 dot3svc - ok
20:49:49.0588 5916 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:49:49.0598 5916 DPS - ok
20:49:49.0608 5916 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:49:49.0608 5916 drmkaud - ok
20:49:49.0628 5916 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:49:49.0638 5916 DXGKrnl - ok
20:49:49.0648 5916 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:49:49.0648 5916 EapHost - ok
20:49:49.0718 5916 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:49:49.0788 5916 ebdrv - ok
20:49:49.0838 5916 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:49:49.0838 5916 EFS - ok
20:49:49.0908 5916 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:49:49.0928 5916 ehRecvr - ok
20:49:49.0938 5916 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:49:49.0938 5916 ehSched - ok
20:49:49.0958 5916 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:49:49.0968 5916 elxstor - ok
20:49:49.0978 5916 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:49:49.0988 5916 ErrDev - ok
20:49:50.0008 5916 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:49:50.0018 5916 EventSystem - ok
20:49:50.0028 5916 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:49:50.0038 5916 exfat - ok
20:49:50.0048 5916 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:49:50.0058 5916 fastfat - ok
20:49:50.0078 5916 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:49:50.0098 5916 Fax - ok
20:49:50.0108 5916 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
20:49:50.0118 5916 fdc - ok
20:49:50.0128 5916 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:49:50.0128 5916 fdPHost - ok
20:49:50.0138 5916 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:49:50.0138 5916 FDResPub - ok
20:49:50.0138 5916 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:49:50.0138 5916 FileInfo - ok
20:49:50.0148 5916 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:49:50.0148 5916 Filetrace - ok
20:49:50.0208 5916 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
20:49:50.0228 5916 FLEXnet Licensing Service 64 - ok
20:49:50.0248 5916 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:49:50.0248 5916 flpydisk - ok
20:49:50.0268 5916 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:49:50.0278 5916 FltMgr - ok
20:49:50.0298 5916 [ 72893DC6F72EABAEF5AA1013FD189050 ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys
20:49:50.0308 5916 FLxHCIc - ok
20:49:50.0318 5916 [ A2156628A86450D490A387B9B06FB17D ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys
20:49:50.0318 5916 FLxHCIh - ok
20:49:50.0348 5916 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:49:50.0368 5916 FontCache - ok
20:49:50.0418 5916 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:49:50.0418 5916 FontCache3.0.0.0 - ok
20:49:50.0428 5916 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:49:50.0428 5916 FsDepends - ok
20:49:50.0458 5916 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:49:50.0458 5916 Fs_Rec - ok
20:49:50.0478 5916 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:49:50.0488 5916 fvevol - ok
20:49:50.0508 5916 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:49:50.0508 5916 gagp30kx - ok
20:49:50.0538 5916 Giraffic - ok
20:49:50.0558 5916 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:49:50.0578 5916 gpsvc - ok
20:49:50.0618 5916 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
20:49:50.0618 5916 hamachi - ok
20:49:50.0758 5916 [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
20:49:50.0768 5916 Hamachi2Svc - ok
20:49:50.0788 5916 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:49:50.0788 5916 hcw85cir - ok
20:49:50.0818 5916 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:49:50.0818 5916 HdAudAddService - ok
20:49:50.0838 5916 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:49:50.0838 5916 HDAudBus - ok
20:49:50.0848 5916 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:49:50.0858 5916 HidBatt - ok
20:49:50.0868 5916 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:49:50.0868 5916 HidBth - ok
20:49:50.0878 5916 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:49:50.0888 5916 HidIr - ok
20:49:50.0908 5916 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:49:50.0908 5916 hidserv - ok
20:49:50.0918 5916 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:49:50.0918 5916 HidUsb - ok
20:49:50.0928 5916 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:49:50.0938 5916 hkmsvc - ok
20:49:50.0948 5916 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:49:50.0958 5916 HomeGroupListener - ok
20:49:50.0988 5916 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:49:50.0998 5916 HomeGroupProvider - ok
20:49:51.0008 5916 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:49:51.0018 5916 HpSAMD - ok
20:49:51.0038 5916 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:49:51.0058 5916 HTTP - ok
20:49:51.0078 5916 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:49:51.0078 5916 hwpolicy - ok
20:49:51.0088 5916 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:49:51.0098 5916 i8042prt - ok
20:49:51.0128 5916 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:49:51.0128 5916 iaStor - ok
20:49:51.0158 5916 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:49:51.0168 5916 iaStorV - ok
20:49:51.0218 5916 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:49:51.0238 5916 idsvc - ok
20:49:51.0258 5916 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:49:51.0258 5916 iirsp - ok
20:49:51.0298 5916 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:49:51.0318 5916 IKEEXT - ok
20:49:51.0368 5916 [ BD9D02F706FCAF28D89F5435F18A4A04 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:49:51.0378 5916 IntcAzAudAddService - ok
20:49:51.0408 5916 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:49:51.0408 5916 intelide - ok
20:49:51.0428 5916 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:49:51.0428 5916 intelppm - ok
20:49:51.0438 5916 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:49:51.0438 5916 IPBusEnum - ok
20:49:51.0458 5916 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:49:51.0458 5916 IpFilterDriver - ok
20:49:51.0478 5916 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:49:51.0478 5916 IPMIDRV - ok
20:49:51.0488 5916 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:49:51.0488 5916 IPNAT - ok
20:49:51.0508 5916 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:49:51.0508 5916 IRENUM - ok
20:49:51.0528 5916 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:49:51.0528 5916 isapnp - ok
20:49:51.0558 5916 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:49:51.0568 5916 iScsiPrt - ok
20:49:51.0578 5916 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:49:51.0588 5916 kbdclass - ok
20:49:51.0598 5916 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:49:51.0608 5916 kbdhid - ok
20:49:51.0618 5916 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
20:49:51.0618 5916 kbfiltr - ok
20:49:51.0628 5916 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:49:51.0628 5916 KeyIso - ok
20:49:51.0728 5916 [ 162A5E3A691B903111526147C8D29E6D ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
20:49:51.0728 5916 Kodak AiO Network Discovery Service - ok
20:49:51.0758 5916 [ B5E53FCA219A6491E9A1BA146A5D2452 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
20:49:51.0758 5916 Kodak AiO Status Monitor Service - ok
20:49:51.0798 5916 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:49:51.0798 5916 KSecDD - ok
20:49:51.0808 5916 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:49:51.0808 5916 KSecPkg - ok
20:49:51.0828 5916 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:49:51.0828 5916 ksthunk - ok
20:49:51.0858 5916 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:49:51.0868 5916 KtmRm - ok
20:49:51.0878 5916 [ 033B4AED2C5519072C0D81E00804D003 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
20:49:51.0878 5916 L1C - ok
20:49:51.0898 5916 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:49:51.0908 5916 LanmanServer - ok
20:49:51.0938 5916 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:49:51.0938 5916 LanmanWorkstation - ok
20:49:51.0958 5916 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:49:51.0958 5916 lltdio - ok
20:49:51.0968 5916 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:49:51.0978 5916 lltdsvc - ok
20:49:51.0978 5916 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:49:51.0988 5916 lmhosts - ok
20:49:52.0018 5916 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:49:52.0018 5916 LMS - ok
20:49:52.0048 5916 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:49:52.0048 5916 LSI_FC - ok
20:49:52.0058 5916 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:49:52.0058 5916 LSI_SAS - ok
20:49:52.0078 5916 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:49:52.0078 5916 LSI_SAS2 - ok
20:49:52.0098 5916 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:49:52.0098 5916 LSI_SCSI - ok
20:49:52.0118 5916 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:49:52.0118 5916 luafv - ok
20:49:52.0148 5916 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:49:52.0148 5916 MBAMProtector - ok
20:49:52.0208 5916 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:49:52.0218 5916 MBAMScheduler - ok
20:49:52.0258 5916 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:49:52.0258 5916 MBAMService - ok
20:49:52.0278 5916 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
20:49:52.0278 5916 MBfilt - ok
20:49:52.0298 5916 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:49:52.0298 5916 Mcx2Svc - ok
20:49:52.0318 5916 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
20:49:52.0318 5916 megasas - ok
20:49:52.0338 5916 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:49:52.0348 5916 MegaSR - ok
20:49:52.0378 5916 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:49:52.0378 5916 MEIx64 - ok
20:49:52.0438 5916 Microsoft SharePoint Workspace Audit Service - ok
20:49:52.0458 5916 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:49:52.0458 5916 MMCSS - ok
20:49:52.0468 5916 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:49:52.0478 5916 Modem - ok
20:49:52.0488 5916 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:49:52.0488 5916 monitor - ok
20:49:52.0498 5916 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:49:52.0498 5916 mouclass - ok
20:49:52.0508 5916 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:49:52.0508 5916 mouhid - ok
20:49:52.0528 5916 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:49:52.0528 5916 mountmgr - ok
20:49:52.0548 5916 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:49:52.0548 5916 mpio - ok
20:49:52.0568 5916 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:49:52.0568 5916 mpsdrv - ok
20:49:52.0588 5916 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:49:52.0588 5916 MRxDAV - ok
20:49:52.0608 5916 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:49:52.0618 5916 mrxsmb - ok
20:49:52.0628 5916 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:49:52.0638 5916 mrxsmb10 - ok
20:49:52.0648 5916 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:49:52.0648 5916 mrxsmb20 - ok
20:49:52.0648 5916 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:49:52.0648 5916 msahci - ok
20:49:52.0668 5916 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:49:52.0668 5916 msdsm - ok
20:49:52.0688 5916 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:49:52.0698 5916 MSDTC - ok
20:49:52.0698 5916 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:49:52.0698 5916 Msfs - ok
20:49:52.0718 5916 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:49:52.0728 5916 mshidkmdf - ok
20:49:52.0738 5916 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:49:52.0738 5916 msisadrv - ok
20:49:52.0758 5916 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:49:52.0768 5916 MSiSCSI - ok
20:49:52.0768 5916 msiserver - ok
20:49:52.0778 5916 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:49:52.0788 5916 MSKSSRV - ok
20:49:52.0788 5916 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:49:52.0788 5916 MSPCLOCK - ok
20:49:52.0798 5916 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:49:52.0798 5916 MSPQM - ok
20:49:52.0818 5916 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:49:52.0828 5916 MsRPC - ok
20:49:52.0828 5916 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:49:52.0828 5916 mssmbios - ok
20:49:52.0848 5916 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:49:52.0848 5916 MSTEE - ok
20:49:52.0968 5916 [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
20:49:53.0048 5916 msvsmon90 - ok
20:49:53.0088 5916 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:49:53.0088 5916 MTConfig - ok
20:49:53.0108 5916 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:49:53.0108 5916 Mup - ok
20:49:53.0128 5916 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:49:53.0138 5916 napagent - ok
20:49:53.0148 5916 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:49:53.0158 5916 NativeWifiP - ok
20:49:53.0198 5916 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:49:53.0218 5916 NDIS - ok
20:49:53.0228 5916 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:49:53.0238 5916 NdisCap - ok
20:49:53.0238 5916 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:49:53.0238 5916 NdisTapi - ok
20:49:53.0258 5916 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:49:53.0258 5916 Ndisuio - ok
20:49:53.0268 5916 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:49:53.0278 5916 NdisWan - ok
20:49:53.0288 5916 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:49:53.0288 5916 NDProxy - ok
20:49:53.0298 5916 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:49:53.0308 5916 NetBIOS - ok
20:49:53.0318 5916 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:49:53.0318 5916 NetBT - ok
20:49:53.0328 5916 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:49:53.0328 5916 Netlogon - ok
20:49:53.0358 5916 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:49:53.0358 5916 Netman - ok
20:49:53.0378 5916 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:49:53.0388 5916 NetMsmqActivator - ok
20:49:53.0398 5916 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:49:53.0398 5916 NetPipeActivator - ok
20:49:53.0418 5916 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:49:53.0428 5916 netprofm - ok
20:49:53.0428 5916 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:49:53.0428 5916 NetTcpActivator - ok
20:49:53.0438 5916 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:49:53.0438 5916 NetTcpPortSharing - ok
20:49:53.0458 5916 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:49:53.0458 5916 nfrd960 - ok
20:49:53.0478 5916 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:49:53.0478 5916 NlaSvc - ok
20:49:53.0498 5916 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:49:53.0498 5916 Npfs - ok
20:49:53.0518 5916 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:49:53.0518 5916 nsi - ok
20:49:53.0528 5916 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:49:53.0528 5916 nsiproxy - ok
20:49:53.0568 5916 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:49:53.0608 5916 Ntfs - ok
20:49:53.0618 5916 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:49:53.0618 5916 Null - ok
20:49:53.0638 5916 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
20:49:53.0648 5916 NVHDA - ok
20:49:53.0858 5916 [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:49:53.0918 5916 nvlddmkm - ok
20:49:53.0948 5916 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:49:53.0958 5916 nvraid - ok
20:49:53.0988 5916 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:49:53.0988 5916 nvstor - ok
20:49:54.0028 5916 [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] NVSvc C:\Windows\system32\nvvsvc.exe
20:49:54.0028 5916 NVSvc - ok
20:49:54.0118 5916 [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:49:54.0128 5916 nvUpdatusService - ok
20:49:54.0158 5916 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:49:54.0158 5916 nv_agp - ok
20:49:54.0168 5916 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:49:54.0168 5916 ohci1394 - ok
20:49:54.0208 5916 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:49:54.0208 5916 ose - ok
20:49:54.0318 5916 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:49:54.0418 5916 osppsvc - ok
20:49:54.0458 5916 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32

ixChibita · Sep 15, 2012

\pnrpsvc.dll
20:49:54.0468 5916 p2pimsvc - ok
20:49:54.0498 5916 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:49:54.0498 5916 p2psvc - ok
20:49:54.0528 5916 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
20:49:54.0528 5916 Parport - ok
20:49:54.0548 5916 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:49:54.0558 5916 partmgr - ok
20:49:54.0568 5916 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:49:54.0568 5916 PcaSvc - ok
20:49:54.0588 5916 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:49:54.0588 5916 pci - ok
20:49:54.0598 5916 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:49:54.0598 5916 pciide - ok
20:49:54.0618 5916 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:49:54.0618 5916 pcmcia - ok
20:49:54.0638 5916 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:49:54.0638 5916 pcw - ok
20:49:54.0658 5916 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:49:54.0658 5916 PEAUTH - ok
20:49:54.0748 5916 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:49:54.0748 5916 PerfHost - ok
20:49:54.0788 5916 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:49:54.0818 5916 pla - ok
20:49:54.0848 5916 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:49:54.0848 5916 PlugPlay - ok
20:49:54.0868 5916 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:49:54.0868 5916 PNRPAutoReg - ok
20:49:54.0878 5916 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:49:54.0878 5916 PNRPsvc - ok
20:49:54.0918 5916 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:49:54.0918 5916 PolicyAgent - ok
20:49:54.0948 5916 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:49:54.0948 5916 Power - ok
20:49:54.0978 5916 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:49:54.0978 5916 PptpMiniport - ok
20:49:54.0998 5916 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
20:49:55.0008 5916 Processor - ok
20:49:55.0038 5916 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:49:55.0048 5916 ProfSvc - ok
20:49:55.0058 5916 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:49:55.0058 5916 ProtectedStorage - ok
20:49:55.0068 5916 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:49:55.0068 5916 Psched - ok
20:49:55.0098 5916 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
20:49:55.0098 5916 PxHlpa64 - ok
20:49:55.0128 5916 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:49:55.0168 5916 ql2300 - ok
20:49:55.0188 5916 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:49:55.0188 5916 ql40xx - ok
20:49:55.0208 5916 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:49:55.0218 5916 QWAVE - ok
20:49:55.0228 5916 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:49:55.0228 5916 QWAVEdrv - ok
20:49:55.0238 5916 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:49:55.0238 5916 RasAcd - ok
20:49:55.0268 5916 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:49:55.0268 5916 RasAgileVpn - ok
20:49:55.0278 5916 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:49:55.0288 5916 RasAuto - ok
20:49:55.0298 5916 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:49:55.0298 5916 Rasl2tp - ok
20:49:55.0318 5916 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:49:55.0328 5916 RasMan - ok
20:49:55.0338 5916 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:49:55.0338 5916 RasPppoe - ok
20:49:55.0348 5916 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:49:55.0348 5916 RasSstp - ok
20:49:55.0368 5916 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:49:55.0378 5916 rdbss - ok
20:49:55.0388 5916 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
20:49:55.0398 5916 rdpbus - ok
20:49:55.0408 5916 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:49:55.0408 5916 RDPCDD - ok
20:49:55.0418 5916 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:49:55.0418 5916 RDPENCDD - ok
20:49:55.0438 5916 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:49:55.0438 5916 RDPREFMP - ok
20:49:55.0478 5916 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:49:55.0508 5916 RDPWD - ok
20:49:55.0528 5916 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:49:55.0528 5916 rdyboost - ok
20:49:55.0568 5916 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:49:55.0568 5916 RemoteAccess - ok
20:49:55.0588 5916 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:49:55.0588 5916 RemoteRegistry - ok
20:49:55.0608 5916 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:49:55.0608 5916 RFCOMM - ok
20:49:55.0628 5916 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:49:55.0628 5916 RpcEptMapper - ok
20:49:55.0638 5916 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:49:55.0638 5916 RpcLocator - ok
20:49:55.0648 5916 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:49:55.0658 5916 RpcSs - ok
20:49:55.0668 5916 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:49:55.0678 5916 rspndr - ok
20:49:55.0708 5916 [ E57FAC2CDB73F06586ED2ED310B80932 ] RSUSBVSTOR C:\Windows\system32\Drivers\RtsUVStor.sys
20:49:55.0708 5916 RSUSBVSTOR - ok
20:49:55.0728 5916 [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:49:55.0728 5916 RTL8167 - ok
20:49:55.0738 5916 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:49:55.0738 5916 SamSs - ok
20:49:55.0758 5916 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:49:55.0758 5916 sbp2port - ok
20:49:55.0778 5916 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:49:55.0788 5916 SCardSvr - ok
20:49:55.0788 5916 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:49:55.0798 5916 scfilter - ok
20:49:55.0818 5916 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:49:55.0848 5916 Schedule - ok
20:49:55.0868 5916 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:49:55.0868 5916 SCPolicySvc - ok
20:49:55.0878 5916 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:49:55.0888 5916 SDRSVC - ok
20:49:55.0908 5916 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:49:55.0908 5916 secdrv - ok
20:49:55.0918 5916 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:49:55.0918 5916 seclogon - ok
20:49:55.0938 5916 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:49:55.0938 5916 SENS - ok
20:49:55.0948 5916 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:49:55.0958 5916 SensrSvc - ok
20:49:55.0968 5916 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
20:49:55.0978 5916 Serenum - ok
20:49:55.0998 5916 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
20:49:55.0998 5916 Serial - ok
20:49:56.0008 5916 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:49:56.0018 5916 sermouse - ok
20:49:56.0038 5916 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:49:56.0038 5916 SessionEnv - ok
20:49:56.0058 5916 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:49:56.0058 5916 sffdisk - ok
20:49:56.0068 5916 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:49:56.0078 5916 sffp_mmc - ok
20:49:56.0088 5916 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:49:56.0088 5916 sffp_sd - ok
20:49:56.0098 5916 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:49:56.0098 5916 sfloppy - ok
20:49:56.0128 5916 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:49:56.0128 5916 ShellHWDetection - ok
20:49:56.0148 5916 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
20:49:56.0148 5916 SiSGbeLH - ok
20:49:56.0158 5916 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:49:56.0168 5916 SiSRaid2 - ok
20:49:56.0178 5916 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:49:56.0178 5916 SiSRaid4 - ok
20:49:56.0228 5916 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:49:56.0228 5916 SkypeUpdate - ok
20:49:56.0248 5916 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:49:56.0248 5916 Smb - ok
20:49:56.0308 5916 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:49:56.0318 5916 SNMPTRAP - ok
20:49:56.0328 5916 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:49:56.0328 5916 spldr - ok
20:49:56.0368 5916 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:49:56.0378 5916 Spooler - ok
20:49:56.0428 5916 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:49:56.0514 5916 sppsvc - ok
20:49:56.0529 5916 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:49:56.0529 5916 sppuinotify - ok
20:49:56.0545 5916 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:49:56.0560 5916 srv - ok
20:49:56.0576 5916 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:49:56.0576 5916 srv2 - ok
20:49:56.0592 5916 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:49:56.0592 5916 srvnet - ok
20:49:56.0607 5916 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:49:56.0607 5916 SSDPSRV - ok
20:49:56.0623 5916 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:49:56.0623 5916 SstpSvc - ok
20:49:56.0638 5916 Steam Client Service - ok
20:49:56.0716 5916 [ FC0A58529A02B1EED55DDC58696B7908 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:49:56.0716 5916 Stereo Service - ok
20:49:56.0732 5916 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:49:56.0732 5916 stexstor - ok
20:49:56.0779 5916 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:49:56.0779 5916 stisvc - ok
20:49:56.0794 5916 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:49:56.0794 5916 swenum - ok
20:49:56.0872 5916 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:49:56.0872 5916 SwitchBoard - ok
20:49:56.0888 5916 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:49:56.0888 5916 swprv - ok
20:49:56.0935 5916 [ BC642D540AEDF9A253C74D10C848EBD2 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:49:56.0935 5916 SynTP - ok
20:49:57.0013 5916 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:49:57.0044 5916 SysMain - ok
20:49:57.0060 5916 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:49:57.0060 5916 TabletInputService - ok
20:49:57.0075 5916 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:49:57.0091 5916 TapiSrv - ok
20:49:57.0091 5916 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:49:57.0091 5916 TBS - ok
20:49:57.0153 5916 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:49:57.0153 5916 Tcpip - ok
20:49:57.0216 5916 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:49:57.0231 5916 TCPIP6 - ok
20:49:57.0262 5916 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:49:57.0262 5916 tcpipreg - ok
20:49:57.0278 5916 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:49:57.0294 5916 TDPIPE - ok
20:49:57.0309 5916 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:49:57.0325 5916 TDTCP - ok
20:49:57.0340 5916 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:49:57.0340 5916 tdx - ok
20:49:57.0356 5916 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:49:57.0356 5916 TermDD - ok
20:49:57.0372 5916 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:49:57.0387 5916 TermService - ok
20:49:57.0403 5916 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:49:57.0403 5916 Themes - ok
20:49:57.0418 5916 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:49:57.0418 5916 THREADORDER - ok
20:49:57.0434 5916 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:49:57.0434 5916 TrkWks - ok
20:49:57.0465 5916 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:49:57.0481 5916 TrustedInstaller - ok
20:49:57.0481 5916 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:49:57.0481 5916 tssecsrv - ok
20:49:57.0496 5916 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:49:57.0496 5916 TsUsbFlt - ok
20:49:57.0512 5916 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:49:57.0512 5916 TsUsbGD - ok
20:49:57.0528 5916 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:49:57.0528 5916 tunnel - ok
20:49:57.0543 5916 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
20:49:57.0543 5916 TurboB - ok
20:49:57.0574 5916 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
20:49:57.0574 5916 TurboBoost - ok
20:49:57.0590 5916 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:49:57.0590 5916 uagp35 - ok
20:49:57.0606 5916 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:49:57.0606 5916 udfs - ok
20:49:57.0637 5916 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:49:57.0637 5916 UI0Detect - ok
20:49:57.0652 5916 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:49:57.0652 5916 uliagpkx - ok
20:49:57.0668 5916 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:49:57.0668 5916 umbus - ok
20:49:57.0684 5916 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
20:49:57.0684 5916 UmPass - ok
20:49:57.0777 5916 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:49:57.0777 5916 UNS - ok
20:49:57.0840 5916 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:49:57.0840 5916 upnphost - ok
20:49:57.0871 5916 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:49:57.0871 5916 usbccgp - ok
20:49:57.0886 5916 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:49:57.0886 5916 usbcir - ok
20:49:57.0902 5916 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:49:57.0902 5916 usbehci - ok
20:49:57.0918 5916 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:49:57.0933 5916 usbhub - ok
20:49:57.0949 5916 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:49:57.0949 5916 usbohci - ok
20:49:57.0964 5916 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:49:57.0964 5916 usbprint - ok
20:49:57.0996 5916 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:49:57.0996 5916 usbscan - ok
20:49:58.0011 5916 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:49:58.0011 5916 USBSTOR - ok
20:49:58.0027 5916 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:49:58.0027 5916 usbuhci - ok
20:49:58.0042 5916 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:49:58.0058 5916 usbvideo - ok
20:49:58.0074 5916 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:49:58.0074 5916 UxSms - ok
20:49:58.0074 5916 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:49:58.0074 5916 VaultSvc - ok
20:49:58.0105 5916 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
20:49:58.0105 5916 VClone - ok
20:49:58.0120 5916 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:49:58.0120 5916 vdrvroot - ok
20:49:58.0136 5916 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:49:58.0167 5916 vds - ok
20:49:58.0183 5916 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:49:58.0183 5916 vga - ok
20:49:58.0183 5916 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:49:58.0183 5916 VgaSave - ok
20:49:58.0230 5916 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:49:58.0230 5916 vhdmp - ok
20:49:58.0245 5916 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:49:58.0245 5916 viaide - ok
20:49:58.0276 5916 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:49:58.0276 5916 volmgr - ok
20:49:58.0292 5916 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:49:58.0292 5916 volmgrx - ok
20:49:58.0308 5916 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:49:58.0308 5916 volsnap - ok
20:49:58.0339 5916 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:49:58.0339 5916 vsmraid - ok
20:49:58.0370 5916 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:49:58.0401 5916 VSS - ok
20:49:58.0417 5916 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:49:58.0432 5916 vwifibus - ok
20:49:58.0432 5916 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:49:58.0448 5916 vwififlt - ok
20:49:58.0448 5916 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:49:58.0464 5916 vwifimp - ok
20:49:58.0479 5916 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:49:58.0479 5916 W32Time - ok
20:49:58.0526 5916 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
20:49:58.0526 5916 W3SVC - ok
20:49:58.0557 5916 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:49:58.0557 5916 WacomPen - ok
20:49:58.0573 5916 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:49:58.0573 5916 WANARP - ok
20:49:58.0573 5916 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:49:58.0573 5916 Wanarpv6 - ok
20:49:58.0588 5916 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
20:49:58.0588 5916 WAS - ok
20:49:58.0666 5916 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:49:58.0682 5916 WatAdminSvc - ok
20:49:58.0729 5916 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:49:58.0776 5916 wbengine - ok
20:49:58.0791 5916 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:49:58.0791 5916 WbioSrvc - ok
20:49:58.0807 5916 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:49:58.0822 5916 wcncsvc - ok
20:49:58.0822 5916 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:49:58.0838 5916 WcsPlugInService - ok
20:49:58.0854 5916 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
20:49:58.0854 5916 Wd - ok
20:49:58.0869 5916 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:49:58.0885 5916 Wdf01000 - ok
20:49:58.0900 5916 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:49:58.0900 5916 WdiServiceHost - ok
20:49:58.0900 5916 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:49:58.0900 5916 WdiSystemHost - ok
20:49:58.0932 5916 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:49:58.0932 5916 WebClient - ok
20:49:58.0947 5916 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:49:58.0947 5916 Wecsvc - ok
20:49:58.0963 5916 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:49:58.0978 5916 wercplsupport - ok
20:49:58.0978 5916 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:49:58.0978 5916 WerSvc - ok
20:49:58.0994 5916 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:49:58.0994 5916 WfpLwf - ok
20:49:59.0025 5916 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
20:49:59.0025 5916 WimFltr - ok
20:49:59.0041 5916 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:49:59.0056 5916 WIMMount - ok
20:49:59.0056 5916 WinHttpAutoProxySvc - ok
20:49:59.0119 5916 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:49:59.0119 5916 Winmgmt - ok
20:49:59.0166 5916 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:49:59.0197 5916 WinRM - ok
20:49:59.0228 5916 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:49:59.0244 5916 WinUsb - ok
20:49:59.0259 5916 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:49:59.0290 5916 Wlansvc - ok
20:49:59.0368 5916 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:49:59.0368 5916 wlidsvc - ok
20:49:59.0384 5916 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:49:59.0384 5916 WmiAcpi - ok
20:49:59.0400 5916 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:49:59.0400 5916 wmiApSrv - ok
20:49:59.0431 5916 WMPNetworkSvc - ok
20:49:59.0431 5916 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:49:59.0431 5916 WPCSvc - ok
20:49:59.0446 5916 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:49:59.0462 5916 WPDBusEnum - ok
20:49:59.0478 5916 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:49:59.0478 5916 ws2ifsl - ok
20:49:59.0478 5916 WSearch - ok
20:49:59.0493 5916 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:49:59.0509 5916 WudfPf - ok
20:49:59.0524 5916 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:49:59.0524 5916 WUDFRd - ok
20:49:59.0540 5916 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:49:59.0556 5916 wudfsvc - ok
20:49:59.0571 5916 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:49:59.0571 5916 WwanSvc - ok
20:49:59.0602 5916 ================ Scan global ===============================
20:49:59.0665 5916 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:49:59.0712 5916 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:49:59.0712 5916 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:49:59.0743 5916 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:49:59.0774 5916 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:49:59.0774 5916 [Global] - ok

ixChibita · Sep 15, 2012

20:49:59.0774 5916 ================ Scan MBR ==================================
20:49:59.0790 5916 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:50:00.0039 5916 \Device\Harddisk0\DR0 - ok
20:50:00.0039 5916 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
20:50:01.0755 5916 \Device\Harddisk1\DR1 - ok
20:50:01.0755 5916 ================ Scan VBR ==================================
20:50:01.0755 5916 [ B64A48BFD40272B21C9532B283E55DD8 ] \Device\Harddisk0\DR0\Partition1
20:50:01.0755 5916 \Device\Harddisk0\DR0\Partition1 - ok
20:50:01.0818 5916 [ 98572BFA485CDB6741A51A2A1937988C ] \Device\Harddisk0\DR0\Partition2
20:50:01.0818 5916 \Device\Harddisk0\DR0\Partition2 - ok
20:50:01.0833 5916 [ AC79F3656DFAD6896E9111B841A042E1 ] \Device\Harddisk1\DR1\Partition1
20:50:01.0833 5916 \Device\Harddisk1\DR1\Partition1 - ok
20:50:01.0833 5916 ============================================================
20:50:01.0833 5916 Scan finished
20:50:01.0833 5916 ============================================================
20:50:01.0833 3028 Detected object count: 0
20:50:01.0833 3028 Actual detected object count: 0
20:51:59.0429 3832 Deinitialize success

Broni · Sep 15, 2012

Very well

How is computer doing?

=============================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

ixChibita · Sep 15, 2012

So far AVG didn't pop up any threat. Same goes with Malwarebytes.

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.14.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Izzy :: IZZY-PC [administrator]

Protection: Enabled

9/14/2012 9:32:44 PM
mbam-log-2012-09-14 (21-32-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278020
Time elapsed: 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Broni · Sep 15, 2012

Create new restore point before proceeding with next step!

....................................................

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

ixChibita · Sep 15, 2012

I temporarily disabled my AVG Anti-Virus Free Edition 2012, I unchecked the "Enable filesystem protection" in Malwarebytes. When I ran the Combofix it said that my AVG is still active. I don't know how that's possible...

I also unchecked "Activate Identity Protection" in AVG.

Can I X out Combofix to start over again?

ixChibita · Sep 15, 2012

I had to close the Combofix by accident, but then re-ran it and it still assumes my antivirus and antispyware (AVG Anti-Virus Free Edition 2012)

I do not see any AVG Fee Edition 2012 on the list, so I'm not sure what I missed.

Broni · Sep 15, 2012

Disabling AVG won't do.
Read "Note 2" from my instructions.

ixChibita · Sep 15, 2012

Ah! I completely missed the note part.. Sorry about that.

I'm using a different laptop at the moment because the other one won't let me connect to the internet.

I have successfully ran ComboFix and finished it. But my internet won't reconnect even when I restarted it.

In the windows network diagnostics, it said the problem found was "Windows could not automatically detect this network's proxy settings"

I tried unplugging and plugging it back in after at least 10 seconds. After I did that, the troubleshooting found the problem "Wireless Network Connection" doesn't have a valid IP configuration.

Did I miss something?

Broni · Sep 15, 2012

Use restore point you created prior to running Combofix and see if you got your connection back.
If so post Combofix log.

ixChibita · Sep 15, 2012

Success! I got my internet back! Thank you.

Here is the ComboFix log

ComboFix 12-09-15.02 - Izzy 09/15/2012 14:20:11.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6570 [GMT -7:00]
Running from: c:\users\Izzy\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Roaming\DPInst.exe
c:\users\Administrator\AppData\Roaming\gacutil.exe
c:\users\Administrator\AppData\Roaming\PnPutil.exe
c:\users\Default\AppData\Roaming\DPInst.exe
c:\users\Default\AppData\Roaming\gacutil.exe
c:\users\Default\AppData\Roaming\PnPutil.exe
c:\users\Izzy\AppData\Roaming\Mozilla\Firefox\Profiles\r1ajq4u1.default\searchplugins\bing-zugo.xml
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KXESCORE
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 21:27 . 2012-09-15 21:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-15 21:27 . 2012-09-15 21:27 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-15 00:39 . 2012-09-15 03:57 -------- d-----w- C:\FRST
2012-09-15 00:15 . 2012-09-15 00:16 -------- d-----w- c:\users\Administrator
2012-09-13 21:42 . 2012-09-13 21:42 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-09-13 08:46 . 2012-09-15 21:11 -------- d-----w- c:\users\Izzy\AppData\Roaming\Malwarebytes
2012-09-13 07:14 . 2012-09-13 07:14 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-08 06:34 . 2012-09-08 06:34 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-27 01:05 . 2012-08-27 01:12 -------- d-----w- c:\users\Izzy\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-10 21:29 . 2011-10-27 14:36 151552 ----a-w- c:\windows\KMSEmulator.exe
2012-08-27 00:58 . 2012-04-19 04:35 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-27 00:58 . 2011-10-30 14:36 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 10:00 . 2011-10-27 03:55 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-23 22:59 . 2011-11-27 22:47 24960 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-18 18:15 . 2012-08-14 23:36 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-15 10:04 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-14 23:36 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-14 23:36 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-14 23:36 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-14 23:36 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-30 23:06 . 2012-06-30 23:06 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-30 23:06 . 2012-06-30 23:06 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-30 23:06 . 2012-06-30 23:06 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-30 23:02 . 2012-06-30 23:02 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-30 23:02 . 2012-06-30 23:02 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-30 23:02 . 2012-06-30 23:02 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-30 23:01 . 2012-06-30 23:01 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-30 23:01 . 2012-06-30 23:01 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-30 23:01 . 2012-06-30 23:01 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-30 23:00 . 2012-06-30 23:00 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-30 23:00 . 2012-06-30 23:00 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-30 23:00 . 2012-06-30 23:00 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-30 23:00 . 2012-06-30 23:00 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-30 23:00 . 2012-06-30 23:00 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-30 23:00 . 2012-06-30 23:00 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-29 04:55 . 2012-08-15 10:03 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 10:03 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 10:03 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 10:03 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 10:03 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 10:03 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 10:03 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 10:03 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 10:03 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 10:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 10:03 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 10:03 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 10:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 10:03 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 10:03 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 10:03 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 10:03 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 10:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 10:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-11 1353080]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-01-21 40448]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-07-23 3058304]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-01-28 907776]
"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-10-15 84464]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2011-06-17 2922496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-11 1083680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 250568]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-07-23 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-07-23 79360]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-27 1431888]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-27 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-14 53800]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-01-21 161280]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-01-21 50176]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 00:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-22 11075176]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-17 2922496]
"combofix"="c:\combofix\CF28757.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Izzy\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Izzy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Izzy\AppData\Roaming\Mozilla\Firefox\Profiles\r1ajq4u1.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3981002906-2824195051-769039350-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44455A8F-4B90-090F-C667-56CDBC4D475D}*]
"hafliacafdckifdk"=hex:6b,61,69,62,6a,65,6b,6d,6a,63,67,6d,6c,62,63,68,6f,63,
64,64,6d,62,00,00
"gamkbnemlckdfi"=hex:61,63,69,6d,6c,6b,68,62,6b,6d,69,62,61,62,66,62,6f,63,67,
66,6b,66,67,6c,68,70,6d,70,61,63,63,69,69,62,68,66,6d,6e,63,65,6c,61,66,6e,\
"ialjcbicmcjbfgchho"=hex:6b,61,69,62,6a,65,6b,6d,6a,63,67,6d,6c,62,63,68,6f,63,
64,64,6d,62,00,a6
.
[HKEY_USERS\S-1-5-21-3981002906-2824195051-769039350-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FA6F659E-C36F-B70A-DFCA-229E81472048}*]
@Allowed: (Read) (RestrictedCode)
"oakoicojadhhfbcifbcmfmhinnicoo"=hex:64,61,6e,69,6a,61,66,67,00,fc
"oaopilkgnnaohepeeppohcidfnmdpp"=hex:6b,61,6b,69,68,61,6e,6a,64,6c,6b,70,66,6c,
6d,66,61,6d,6d,6c,68,65,00,00
"naiocnfnicphgeobkkcgpfgkfhfb"=hex:6b,61,6b,69,68,61,6e,6a,64,6c,6b,70,66,6c,
6d,66,61,6d,6d,6c,68,65,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-09-15 14:34:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-15 21:34
.
Pre-Run: 45,885,530,112 bytes free
Post-Run: 45,454,376,960 bytes free
.
- - End Of File - - 3B5C6ACD6A35A42731A069A8E3A24F3A

Solved Virus "Win64/Patched.A" problem

Posts: 32 +0

Posts: 56,041 +516

Posts: 32 +0

Posts: 56,041 +516

Posts: 32 +0

Posts: 32 +0

Posts: 56,041 +516

Attachments

Posts: 32 +0

Posts: 32 +0

Posts: 32 +0

Posts: 32 +0

Posts: 56,041 +516

Posts: 32 +0

Posts: 32 +0

Posts: 32 +0

Posts: 32 +0

Posts: 56,041 +516

Posts: 32 +0

Posts: 56,041 +516

Posts: 32 +0

Posts: 32 +0

Posts: 56,041 +516

Posts: 32 +0

Posts: 56,041 +516

Posts: 32 +0

Similar threads