Inactive Win64\Patched.A virus

[greenmz]

Hi, im currently having the win64\patched.a virus.
Have searched but haven't found a way to get rid of it.
Any help would be much apreciated .

Michael

 

[greenmz]

Here is the malware log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.25.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michael :: MICHAEL-PC [limited]

25-10-2012 16:13:35
mbam-log-2012-10-25 (16-15-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226514
Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
C:\Windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U\000000cb.@ (Rootkit.0Access) -> No action taken.
C:\Windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U\80000000.@ (Rootkit.0Access.64) -> No action taken.

(end)

 

[greenmz]

And the GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-25 16:28:07
Windows 6.1.7601 Service Pack 1
Running: yyeygs44.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Michael\Downloads\Zoo Tycoon 2 \xae Ultimate Collection with save+Extras\Zoo Tycoon 2\Setup.Exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Michael\Downloads\Zoo Tycoon 2 \xae Ultimate Collection with save+Extras\Zoo Tycoon 2 - Dino Danger Pack\DDP_enu-setup.exe 1

---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\background_gradient[2] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ErrorPageTemplate[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\info_48[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\httpErrorPagesScripts[2] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\dnserrordiagoff_webOC[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\down[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\errorPageStrings[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\bullet[2] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1QLNHOOX.txt 396 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\T5N1WLBA.txt 2557 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Z2RRBPNZ.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GCXX3LR4.txt 0 bytes

---- EOF - GMER 1.0.15 ----

 

[greenmz]

DDS:

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Michael at 16:28:51 on 2012-10-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6126.3351 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\POWERISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\explorer.exe
svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\updatescripts\srvany.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gamersdl.com
uSearch Bar = Preserve
mStart Page = hxxp://home.sweetim.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: SweetIM Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
uRun: [EPSON Stylus DX4000 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Windows\TEMP\E_SFBDD.tmp" /EF "HKCU"
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [C:\Users\Michael\AppData\Roaming\Piranha\Piranha.exe] C:\Users\Michael\AppData\Roaming\Piranha\Piranha.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [C3] <no file>
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Phoenix] C:\ProgramData\Temp\hide.vbs
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uExplorerRun: [PowerISO] C:\Users\Michael\AppData\Roaming\8E668E.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableStartupSound = dword:1
mPolicies-System: DisableStatusMessages = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{62D71BE2-9D6B-4ED6-B6F2-EEADD29E9560} : DHCPNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-1-30 36448]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-11-24 279616]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2011-5-7 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2011-5-7 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-5-7 586880]
R2 ATPLupd;ATPL Digital v6 update service;C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\updatescripts\srvany.exe [2003-4-18 8192]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2011-5-7 203392]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-18 2253120]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-5-7 32544]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-7 2656280]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-2-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-5-7 56344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-11-18 174184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 BGS;BGS;"C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\bin\Apache.exe" -k runservice --> C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\bin\Apache.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-17 250808]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-22 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-5-7 48416]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-5-7 29472]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-5-7 48416]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-18 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-7-9 14544]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-10-25 14:08:09--------d-----w-C:\Users\Michael\AppData\Roaming\Malwarebytes
2012-10-25 14:07:58--------d-----w-C:\ProgramData\Malwarebytes
2012-10-25 14:07:5725928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-10-25 14:07:57--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-25 13:24:36--------d-----w-C:\Users\Michael\AppData\Roaming\TuneUp Software
2012-10-25 13:24:34--------d-----w-C:\Program Files (x86)\TuneUp Utilities 2013
2012-10-25 13:24:27--------d-----w-C:\ProgramData\TuneUp Software
2012-10-25 13:24:16--------d-sh--w-C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-10-25 12:46:29--------d-----w-C:\Program Files (x86)\Medal of Honor Warfighter
2012-10-24 23:42:26--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
2012-10-24 21:05:17184320----a-w-C:\Windows\System32\tbb.dll
2012-10-24 00:54:189291768----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{456011B1-31EB-43B3-8B55-EA414BA11724}\mpengine.dll
2012-10-23 20:22:48--------d-----w-C:\Program Files (x86)\Ontslagen
2012-10-22 20:53:06--------d-----w-C:\Program Files (x86)\THQ
2012-10-22 16:17:39--------d-----w-C:\Program Files (x86)\Lucius
2012-10-18 13:31:45--------d-----w-C:\Users\Michael\AppData\Local\DOSBox
2012-10-18 13:31:38--------d-----w-C:\Program Files (x86)\DOSBox-0.74
2012-10-17 12:19:06--------d-----w-C:\Program Files (x86)\Paradox Interactive
2012-10-15 22:30:06--------d-----w-C:\Users\Michael\AppData\Local\{F12008A1-9BD1-4632-B05C-4EC205E4D382}
2012-10-10 15:47:45--------d-----w-C:\Users\Michael\AppData\Local\FLT
2012-10-05 08:25:09--------d-----w-C:\Program Files (x86)\Seamless Entertainment
2012-10-04 11:39:01--------d-----w-C:\Program Files (x86)\Cortex Command
2012-10-03 20:43:34--------d-----w-C:\Program Files (x86)\Data Realms
2012-10-02 09:32:25--------d-----w-C:\Users\Michael\AppData\Local\FalloutNV
2012-10-02 09:00:58--------d-----w-C:\Users\Michael\AppData\Roaming\local
2012-09-30 18:19:168892----a-w-C:\Windows\SysWow64\ealregsnapshot1.reg
2012-09-30 14:08:18--------d-----w-C:\Users\Michael\AppData\Local\SoftGrid Client
2012-09-26 09:48:04--------d-----w-C:\Program Files (x86)\Transport Giant
2012-09-25 21:01:40--------d-----w-C:\MPS
2012-09-25 20:55:3424576------w-C:\Windows\UniFISH.exe
2012-09-25 20:55:33--------d-----w-C:\Program Files (x86)\TT
.
==================== Find3M ====================
.
2012-10-23 21:48:26111928----a-w-C:\Windows\SysWow64\PnkBstrB.exe
2012-10-23 21:48:16111928----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
2012-10-23 21:48:152793768----a-w-C:\Windows\SysWow64\pbsvc.exe
2012-10-08 21:45:1473656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 21:45:14696760----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-31 13:36:52281120----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
2012-08-24 13:43:16384352----a-w-C:\Windows\System32\drivers\avgtdia.sys
.
============= FINISH: 16:29:03,05 ===============

 

[greenmz]

Sorry, here is the correct attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 18-11-2011 15:09:06
System Uptime: 22-10-2012 14:52:09 (74 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | CM6630_CM6730_CM6830.
Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz | LGA1155 | 3001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 745 GiB total, 263,187 GiB free.
D: is FIXED (NTFS) - 1104 GiB total, 1092,947 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is CDROM (UDF)
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP184: 25-10-2012 16:06:23 - nu
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) MUI
AI Manager
AI Suite II
ARMA 2
ARMA 2: Operation Arrowhead
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
Assassin's Creed Brotherhood
ASUS Backup Wizard
AsusVibe2.0
ATP DIGITAL 6
AVG 2012
AVG PC Tuneup 2011 10.0.0.24
Battlefield 2(TM)
BattlEye for OA Uninstall
BattlEye Uninstall
BitTorrent
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Crusader Kings II
Crusader Kings II 106 RePack by SxSxL
Crusader Kings II version 1.06
Crysis® 2
D3DX10
DAEMON Tools Lite
DayZ Commander
Dragon Age Awakening Redesigned
Dragon Age Awakening Velanna Redesigned©
Dragon Age Redesigned © Morrigan
Dragon Age Redesigned Oghren©
Dragon Age Redesigned©
Dragon Age Redesigned© Leliana
Dragon Age Redesigned© Sten
Dragon Age: Origins
Dual-Core Optimizer
EPSON-printersoftware
Explorer Suite III
Fable III
Fallout New Vegas
Far Cry 2
ffdshow [rev 3154] [2009-12-09]
FTL version 1.01
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Game Booster 3
Google Chrome
Grand Theft Auto IV
Homefront
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 29 (64-bit)
Java(TM) 6 Update 31
Java(TM) 7 Update 3 (64-bit)
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Lucius 1.01.3173
Malwarebytes Anti-Malware versie 1.65.1.1000
MapleStory
Mass Effect
Mass Effect 2
Mass Effect 3 From Ashes 1.00
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Antimalware Service NL-NL Language Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office Klik-en-Klaar 2010
Microsoft Office Starter 2010 - Nederlands
Microsoft Security Client NL-NL Language Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual Basic PowerPacks 10.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
MSXML4 Parser
Nexon Game Manager
Nexus Mod Manager
NVIDIA-configuratiescherm 285.62
NVIDIA 3D Vision controllerstuurprogramma 285.62
NVIDIA 3D Vision stuurprogramma 285.62
NVIDIA Grafisch stuurprogramma 285.62
NVIDIA HD Audio-stuurprogramma 1.2.24.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX systeemsoftware 9.11.0621
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.5.20
NVIDIA Update Components
Oblivion mod manager 1.1.12
OpenAL
Origin
Pando Media Booster
PowerISO
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek Ethernet Diagnostic Utility
Realtek High Definition Audio Driver
Roll
Rome - Total War - Alexander
Rome - Total War(TM)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Six Updater
Sleeping Dogs version 1.4
Steam
SweetIM for Messenger 3.6
SweetIM Toolbar for Internet Explorer 4.2
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
Third Age - Total War 3.0 (Part 1of2)
Third Age - Total War 3.0 (Part 2of2)
Ubisoft Game Launcher
Unofficial Oblivion Patch v3.2.0
Unofficial Shivering Isles Patch v1.5.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Verwijder %1,Ontslagen
Visual Studio 2008 x64 Redistributables
Vizzed Retro Game Room
VLC media player 2.0.1
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 16.0
Xfire (remove only)
Xvid MPEG-4 Video Codec
.
==== End Of File ===========================

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

ComboFix scan

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
• When ComboFix finishes, it will produce a report for you.
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[greenmz]

I can get it to run but it doesnt seem to produce a report.
It is not in my C: drive and doesnt show up when I search for it.

 

[Jay Pfoutz]

Run it once more and see what happens, please.

 

[greenmz]

It does produce a file with the following name in the C drive: 32788R22FWJFW

But I cant really do anything with that.
I dont get an error message or anything.
When I run combofix I get the black screen with the green letters and when it is done it just closes.

 

[Jay Pfoutz]

Okay, next steps...

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


RogueKiller Scan

• Download RogueKiller and save it on your desktop.
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

 

[greenmz]

Hmm, I cant seem te upload a file anymore. the button doesnt work. could this be because of the curing?

 

[Jay Pfoutz]

Try to post the log in multiple replies, please.

 

[greenmz]

17:59:04.0443 2856 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
17:59:05.0080 2856 ============================================================
17:59:05.0080 2856 Current date / time: 2012/10/25 17:59:05.0080
17:59:05.0080 2856 SystemInfo:
17:59:05.0080 2856
17:59:05.0080 2856 OS Version: 6.1.7601 ServicePack: 1.0
17:59:05.0080 2856 Product type: Workstation
17:59:05.0080 2856 ComputerName: MICHAEL-PC
17:59:05.0081 2856 UserName: Michael
17:59:05.0081 2856 Windows directory: C:\Windows
17:59:05.0081 2856 System windows directory: C:\Windows
17:59:05.0081 2856 Running under WOW64
17:59:05.0081 2856 Processor architecture: Intel x64
17:59:05.0081 2856 Number of processors: 4
17:59:05.0081 2856 Page size: 0x1000
17:59:05.0081 2856 Boot type: Normal boot
17:59:05.0081 2856 ============================================================
17:59:05.0856 2856 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:59:05.0866 2856 ============================================================
17:59:05.0866 2856 \Device\Harddisk0\DR0:
17:59:05.0866 2856 MBR partitions:
17:59:05.0866 2856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x5D269000
17:59:05.0866 2856 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5EEC7800, BlocksNum 0x89F40800
17:59:05.0866 2856 ============================================================
17:59:05.0909 2856 C: <-> \Device\Harddisk0\DR0\Partition1
17:59:05.0941 2856 D: <-> \Device\Harddisk0\DR0\Partition2
17:59:05.0941 2856 ============================================================
17:59:05.0941 2856 Initialize success
17:59:05.0941 2856 ============================================================
17:59:36.0713 1896 ============================================================
17:59:36.0713 1896 Scan started
17:59:36.0713 1896 Mode: Manual; SigCheck; TDLFS;
17:59:36.0713 1896 ============================================================
17:59:37.0136 1896 ================ Scan system memory ========================
17:59:37.0136 1896 System memory - ok
17:59:37.0137 1896 ================ Scan services =============================
17:59:37.0349 1896 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:59:37.0439 1896 1394ohci - ok
17:59:37.0451 1896 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:59:37.0463 1896 ACPI - ok
17:59:37.0471 1896 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:59:37.0534 1896 AcpiPmi - ok
17:59:37.0612 1896 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:59:37.0625 1896 AdobeARMservice - ok
17:59:37.0728 1896 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:59:37.0744 1896 AdobeFlashPlayerUpdateSvc - ok
17:59:37.0781 1896 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:59:37.0806 1896 adp94xx - ok
17:59:37.0822 1896 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:59:37.0835 1896 adpahci - ok
17:59:37.0844 1896 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:59:37.0855 1896 adpu320 - ok
17:59:37.0875 1896 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:59:37.0973 1896 AeLookupSvc - ok
17:59:38.0035 1896 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:59:38.0091 1896 AFD - ok
17:59:38.0108 1896 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:59:38.0123 1896 agp440 - ok
17:59:38.0133 1896 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:59:38.0167 1896 ALG - ok
17:59:38.0182 1896 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:59:38.0195 1896 aliide - ok
17:59:38.0199 1896 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:59:38.0212 1896 amdide - ok
17:59:38.0228 1896 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:59:38.0271 1896 AmdK8 - ok
17:59:38.0275 1896 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:59:38.0304 1896 AmdPPM - ok
17:59:38.0337 1896 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:59:38.0352 1896 amdsata - ok
17:59:38.0368 1896 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:59:38.0385 1896 amdsbs - ok
17:59:38.0399 1896 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:59:38.0406 1896 amdxata - ok
17:59:38.0430 1896 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
17:59:38.0472 1896 androidusb - ok
17:59:38.0484 1896 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:59:38.0508 1896 AppID - ok
17:59:38.0519 1896 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:59:38.0560 1896 AppIDSvc - ok
17:59:38.0578 1896 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:59:38.0613 1896 Appinfo - ok
17:59:38.0638 1896 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
17:59:38.0646 1896 arc - ok
17:59:38.0653 1896 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:59:38.0662 1896 arcsas - ok
17:59:38.0705 1896 [ C2E04941AE03F1203A064BCBB319965A ] asahci64 C:\Windows\system32\drivers\asahci64.sys
17:59:38.0717 1896 asahci64 - ok
17:59:38.0783 1896 [ FB03A917C1294D3E6D671F24722E1BA3 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
17:59:38.0811 1896 asComSvc - ok
17:59:38.0835 1896 [ A63173897EA1A73A75D0E65036DE5B15 ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
17:59:38.0850 1896 asHmComSvc - ok
17:59:38.0879 1896 [ EDAA17CE771C696655B6585F7CAD2100 ] ASInsHelp C:\Windows\SysWow64\drivers\AsInsHelp64.sys
17:59:38.0885 1896 ASInsHelp - ok
17:59:38.0898 1896 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
17:59:38.0904 1896 AsIO - ok
17:59:38.0926 1896 [ 954950D11ADA98AC1B7EE3C770E4622C ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
17:59:38.0976 1896 asmthub3 - ok
17:59:38.0997 1896 [ 01DBB05DB1DB95803E3C9F2B49AFE79C ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
17:59:39.0034 1896 asmtxhci - ok
17:59:39.0104 1896 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:59:39.0117 1896 aspnet_state - ok
17:59:39.0140 1896 [ 5C31DFB196CB3A488A041881634D86D2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
17:59:39.0161 1896 AsSysCtrlService - ok
17:59:39.0165 1896 [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
17:59:39.0174 1896 AsUpIO - ok
17:59:39.0200 1896 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:59:39.0238 1896 AsyncMac - ok
17:59:39.0241 1896 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:59:39.0248 1896 atapi - ok
17:59:39.0274 1896 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
17:59:39.0283 1896 atksgt - ok
17:59:39.0319 1896 [ 4635935FC972C582632BF45C26BFCB0E ] ATPLupd C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\updatescripts\srvany.exe
17:59:39.0321 1896 ATPLupd ( UnsignedFile.Multi.Generic ) - warning
17:59:39.0321 1896 ATPLupd - detected UnsignedFile.Multi.Generic (1)
17:59:39.0354 1896 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:59:39.0418 1896 AudioEndpointBuilder - ok
17:59:39.0436 1896 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:59:39.0463 1896 AudioSrv - ok
17:59:39.0564 1896 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
17:59:39.0624 1896 AVGIDSAgent - ok
17:59:39.0651 1896 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
17:59:39.0658 1896 AVGIDSDriver - ok
17:59:39.0680 1896 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
17:59:39.0686 1896 AVGIDSFilter - ok
17:59:39.0721 1896 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
17:59:39.0727 1896 AVGIDSHA - ok
17:59:39.0739 1896 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
17:59:39.0748 1896 Avgldx64 - ok
17:59:39.0758 1896 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
17:59:39.0764 1896 Avgmfx64 - ok
17:59:39.0768 1896 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
17:59:39.0773 1896 Avgrkx64 - ok
17:59:39.0793 1896 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
17:59:39.0803 1896 Avgtdia - ok
17:59:39.0824 1896 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:59:39.0831 1896 avgwd - ok
17:59:39.0943 1896 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:59:39.0975 1896 AxInstSV - ok
17:59:40.0006 1896 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:59:40.0062 1896 b06bdrv - ok
17:59:40.0090 1896 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:59:40.0124 1896 b57nd60a - ok
17:59:40.0156 1896 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:59:40.0196 1896 BDESVC - ok
17:59:40.0206 1896 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:59:40.0262 1896 Beep - ok
17:59:40.0305 1896 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:59:40.0348 1896 BFE - ok
17:59:40.0367 1896 BGS - ok
17:59:40.0528 1896 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:59:40.0648 1896 BITS - ok
17:59:40.0678 1896 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:59:40.0708 1896 blbdrive - ok
17:59:40.0729 1896 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:59:40.0768 1896 bowser - ok
17:59:40.0782 1896 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:59:40.0817 1896 BrFiltLo - ok
17:59:40.0833 1896 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:59:40.0871 1896 BrFiltUp - ok
17:59:40.0876 1896 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:59:40.0910 1896 BridgeMP - ok
17:59:40.0931 1896 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
17:59:40.0983 1896 Browser - ok
17:59:41.0007 1896 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:59:41.0055 1896 Brserid - ok
17:59:41.0057 1896 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:59:41.0079 1896 BrSerWdm - ok
17:59:41.0100 1896 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:59:41.0111 1896 BrUsbMdm - ok
17:59:41.0124 1896 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:59:41.0150 1896 BrUsbSer - ok
17:59:41.0152 1896 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:59:41.0163 1896 BTHMODEM - ok
17:59:41.0182 1896 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:59:41.0225 1896 bthserv - ok
17:59:41.0240 1896 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:59:41.0265 1896 cdfs - ok
17:59:41.0271 1896 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:59:41.0303 1896 cdrom - ok
17:59:41.0325 1896 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:59:41.0349 1896 CertPropSvc - ok
17:59:41.0364 1896 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
17:59:41.0375 1896 circlass - ok
17:59:41.0389 1896 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:59:41.0400 1896 CLFS - ok
17:59:41.0447 1896 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:59:41.0454 1896 clr_optimization_v2.0.50727_32 - ok
17:59:41.0500 1896 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:59:41.0513 1896 clr_optimization_v2.0.50727_64 - ok
17:59:41.0598 1896 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:59:41.0611 1896 clr_optimization_v4.0.30319_32 - ok
17:59:41.0621 1896 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:59:41.0651 1896 clr_optimization_v4.0.30319_64 - ok
17:59:41.0666 1896 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
17:59:41.0683 1896 CmBatt - ok
17:59:41.0699 1896 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:59:41.0713 1896 cmdide - ok
17:59:41.0756 1896 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys

 

[greenmz]

17:59:41.0786 1896 CNG - ok
17:59:41.0795 1896 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:59:41.0802 1896 Compbatt - ok
17:59:41.0827 1896 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:59:41.0853 1896 CompositeBus - ok
17:59:41.0857 1896 COMSysApp - ok
17:59:41.0873 1896 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:59:41.0887 1896 crcdisk - ok
17:59:41.0916 1896 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:59:41.0948 1896 CryptSvc - ok
17:59:42.0045 1896 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:59:42.0070 1896 cvhsvc - ok
17:59:42.0149 1896 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
17:59:42.0160 1896 DAUpdaterSvc - ok
17:59:42.0200 1896 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:59:42.0264 1896 DcomLaunch - ok
17:59:42.0316 1896 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:59:42.0376 1896 defragsvc - ok
17:59:42.0402 1896 [ 0A403702CB00432AC818523CD416BF67 ] Device Handle Service C:\Windows\SysWOW64\AsHookDevice.exe
17:59:42.0409 1896 Device Handle Service - ok
17:59:42.0436 1896 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:59:42.0485 1896 DfsC - ok
17:59:42.0516 1896 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:59:42.0550 1896 Dhcp - ok
17:59:42.0561 1896 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:59:42.0595 1896 discache - ok
17:59:42.0615 1896 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
17:59:42.0623 1896 Disk - ok
17:59:42.0631 1896 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:59:42.0645 1896 Dnscache - ok
17:59:42.0662 1896 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:59:42.0688 1896 dot3svc - ok
17:59:42.0708 1896 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:59:42.0758 1896 DPS - ok
17:59:42.0786 1896 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:59:42.0818 1896 drmkaud - ok
17:59:42.0872 1896 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:59:42.0888 1896 dtsoftbus01 - ok
17:59:42.0919 1896 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:59:42.0951 1896 DXGKrnl - ok
17:59:42.0969 1896 EagleX64 - ok
17:59:42.0983 1896 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:59:43.0018 1896 EapHost - ok
17:59:43.0075 1896 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:59:43.0173 1896 ebdrv - ok
17:59:43.0198 1896 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:59:43.0206 1896 EFS - ok
17:59:43.0274 1896 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:59:43.0354 1896 ehRecvr - ok
17:59:43.0369 1896 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:59:43.0404 1896 ehSched - ok
17:59:43.0423 1896 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:59:43.0448 1896 elxstor - ok
17:59:43.0514 1896 [ CDCA791AFA0483F44BBA576DBFAFD04D ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
17:59:43.0526 1896 EPSON_PM_RPCV4_01 - ok
17:59:43.0531 1896 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:59:43.0540 1896 ErrDev - ok
17:59:43.0552 1896 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:59:43.0587 1896 EventSystem - ok
17:59:43.0632 1896 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:59:43.0699 1896 exfat - ok
17:59:43.0717 1896 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:59:43.0743 1896 fastfat - ok
17:59:43.0769 1896 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:59:43.0815 1896 Fax - ok
17:59:43.0818 1896 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
17:59:43.0826 1896 fdc - ok
17:59:43.0849 1896 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:59:43.0873 1896 fdPHost - ok
17:59:43.0876 1896 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:59:43.0909 1896 FDResPub - ok
17:59:43.0920 1896 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:59:43.0927 1896 FileInfo - ok
17:59:43.0929 1896 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:59:43.0971 1896 Filetrace - ok
17:59:43.0974 1896 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:59:43.0983 1896 flpydisk - ok
17:59:44.0001 1896 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:59:44.0011 1896 FltMgr - ok
17:59:44.0030 1896 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:59:44.0056 1896 FontCache - ok
17:59:44.0089 1896 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:59:44.0098 1896 FontCache3.0.0.0 - ok
17:59:44.0108 1896 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:59:44.0122 1896 FsDepends - ok
17:59:44.0153 1896 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:59:44.0165 1896 fssfltr - ok
17:59:44.0237 1896 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:59:44.0299 1896 fsssvc - ok
17:59:44.0318 1896 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:59:44.0325 1896 Fs_Rec - ok
17:59:44.0354 1896 FTY1C1 - ok
17:59:44.0385 1896 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:59:44.0406 1896 fvevol - ok
17:59:44.0421 1896 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:59:44.0436 1896 gagp30kx - ok
17:59:44.0465 1896 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:59:44.0502 1896 gpsvc - ok
17:59:44.0516 1896 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:59:44.0555 1896 hcw85cir - ok
17:59:44.0590 1896 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:59:44.0628 1896 HdAudAddService - ok
17:59:44.0661 1896 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:59:44.0693 1896 HDAudBus - ok
17:59:44.0705 1896 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:59:44.0726 1896 HidBatt - ok
17:59:44.0745 1896 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:59:44.0764 1896 HidBth - ok
17:59:44.0785 1896 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:59:44.0795 1896 HidIr - ok
17:59:44.0797 1896 HidNt - ok
17:59:44.0804 1896 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:59:44.0839 1896 hidserv - ok
17:59:44.0918 1896 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:59:44.0953 1896 HidUsb - ok
17:59:44.0977 1896 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:59:45.0018 1896 hkmsvc - ok
17:59:45.0031 1896 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:59:45.0048 1896 HomeGroupListener - ok
17:59:45.0064 1896 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:59:45.0084 1896 HomeGroupProvider - ok
17:59:45.0096 1896 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:59:45.0104 1896 HpSAMD - ok
17:59:45.0125 1896 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:59:45.0164 1896 HTTP - ok
17:59:45.0180 1896 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:59:45.0187 1896 hwpolicy - ok
17:59:45.0201 1896 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:59:45.0211 1896 i8042prt - ok
17:59:45.0235 1896 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:59:45.0248 1896 iaStorV - ok
17:59:45.0313 1896 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:59:45.0320 1896 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:59:45.0320 1896 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:59:45.0410 1896 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:59:45.0440 1896 idsvc - ok
17:59:45.0456 1896 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:59:45.0471 1896 iirsp - ok
17:59:45.0504 1896 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:59:45.0569 1896 IKEEXT - ok
17:59:45.0679 1896 [ 5F6A3EA5BD7CA861863A3A06CECC115C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:59:45.0728 1896 IntcAzAudAddService - ok
17:59:45.0749 1896 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:59:45.0756 1896 intelide - ok
17:59:45.0764 1896 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:59:45.0783 1896 intelppm - ok
17:59:45.0800 1896 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:59:45.0824 1896 IPBusEnum - ok
17:59:45.0842 1896 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:59:45.0897 1896 IpFilterDriver - ok
17:59:45.0915 1896 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:59:45.0925 1896 IPMIDRV - ok
17:59:45.0928 1896 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:59:45.0965 1896 IPNAT - ok
17:59:45.0989 1896 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:59:46.0011 1896 IRENUM - ok
17:59:46.0031 1896 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:59:46.0038 1896 isapnp - ok
17:59:46.0047 1896 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:59:46.0058 1896 iScsiPrt - ok
17:59:46.0069 1896 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:59:46.0077 1896 kbdclass - ok
17:59:46.0105 1896 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:59:46.0129 1896 kbdhid - ok
17:59:46.0150 1896 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:59:46.0158 1896 KeyIso - ok
17:59:46.0173 1896 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:59:46.0187 1896 KSecDD - ok
17:59:46.0206 1896 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:59:46.0222 1896 KSecPkg - ok
17:59:46.0233 1896 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:59:46.0290 1896 ksthunk - ok
17:59:46.0324 1896 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:59:46.0366 1896 KtmRm - ok
17:59:46.0397 1896 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:59:46.0422 1896 LanmanServer - ok
17:59:46.0430 1896 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:59:46.0454 1896 LanmanWorkstation - ok
17:59:46.0482 1896 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
17:59:46.0488 1896 lirsgt - ok
17:59:46.0509 1896 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:59:46.0533 1896 lltdio - ok
17:59:46.0551 1896 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:59:46.0596 1896 lltdsvc - ok
17:59:46.0615 1896 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:59:46.0639 1896 lmhosts - ok
17:59:46.0682 1896 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:59:46.0699 1896 LMS - ok
17:59:46.0729 1896 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:59:46.0742 1896 LSI_FC - ok
17:59:46.0751 1896 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:59:46.0765 1896 LSI_SAS - ok
17:59:46.0780 1896 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:59:46.0788 1896 LSI_SAS2 - ok
17:59:46.0803 1896 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:59:46.0813 1896 LSI_SCSI - ok
17:59:46.0824 1896 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:59:46.0861 1896 luafv - ok
17:59:46.0884 1896 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:59:46.0910 1896 Mcx2Svc - ok
17:59:46.0929 1896 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
17:59:46.0936 1896 megasas - ok
17:59:46.0954 1896 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:59:46.0965 1896 MegaSR - ok
17:59:46.0987 1896 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
17:59:46.0993 1896 MEIx64 - ok
17:59:47.0010 1896 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:59:47.0068 1896 MMCSS - ok
17:59:47.0082 1896 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:59:47.0123 1896 Modem - ok
17:59:47.0141 1896 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:59:47.0165 1896 monitor - ok
17:59:47.0186 1896 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:59:47.0194 1896 mouclass - ok
17:59:47.0201 1896 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:59:47.0228 1896 mouhid - ok
17:59:47.0244 1896 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:59:47.0251 1896 mountmgr - ok
17:59:47.0269 1896 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:59:47.0278 1896 mpio - ok
17:59:47.0291 1896 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:59:47.0316 1896 mpsdrv - ok
17:59:47.0330 1896 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:59:47.0384 1896 MRxDAV - ok
17:59:47.0407 1896 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:59:47.0426 1896 mrxsmb - ok
17:59:47.0442 1896 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:59:47.0452 1896 mrxsmb10 - ok
17:59:47.0455 1896 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:59:47.0472 1896 mrxsmb20 - ok
17:59:47.0486 1896 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:59:47.0494 1896 msahci - ok
17:59:47.0511 1896 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:59:47.0520 1896 msdsm - ok
17:59:47.0531 1896 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:59:47.0542 1896 MSDTC - ok
17:59:47.0563 1896 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:59:47.0611 1896 Msfs - ok
17:59:47.0622 1896 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:59:47.0663 1896 mshidkmdf - ok
17:59:47.0674 1896 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:59:47.0681 1896 msisadrv - ok
17:59:47.0704 1896 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:59:47.0760 1896 MSiSCSI - ok

 

[greenmz]

17:59:47.0762 1896 msiserver - ok
17:59:47.0780 1896 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:59:47.0815 1896 MSKSSRV - ok
17:59:47.0830 1896 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:59:47.0854 1896 MSPCLOCK - ok
17:59:47.0868 1896 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:59:47.0904 1896 MSPQM - ok
17:59:47.0926 1896 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:59:47.0937 1896 MsRPC - ok
17:59:47.0952 1896 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:59:47.0959 1896 mssmbios - ok
17:59:47.0961 1896 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:59:47.0996 1896 MSTEE - ok
17:59:48.0015 1896 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:59:48.0023 1896 MTConfig - ok
17:59:48.0026 1896 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:59:48.0033 1896 Mup - ok
17:59:48.0056 1896 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:59:48.0092 1896 napagent - ok
17:59:48.0124 1896 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:59:48.0166 1896 NativeWifiP - ok
17:59:48.0250 1896 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:59:48.0274 1896 NDIS - ok
17:59:48.0300 1896 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:59:48.0326 1896 NdisCap - ok
17:59:48.0336 1896 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:59:48.0369 1896 NdisTapi - ok
17:59:48.0390 1896 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:59:48.0422 1896 Ndisuio - ok
17:59:48.0437 1896 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:59:48.0478 1896 NdisWan - ok
17:59:48.0503 1896 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:59:48.0527 1896 NDProxy - ok
17:59:48.0566 1896 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:59:48.0572 1896 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:59:48.0572 1896 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:59:48.0580 1896 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:59:48.0624 1896 NetBIOS - ok
17:59:48.0638 1896 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:59:48.0662 1896 NetBT - ok
17:59:48.0669 1896 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:59:48.0678 1896 Netlogon - ok
17:59:48.0710 1896 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:59:48.0780 1896 Netman - ok
17:59:48.0827 1896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:59:48.0835 1896 NetMsmqActivator - ok
17:59:48.0848 1896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:59:48.0855 1896 NetPipeActivator - ok
17:59:48.0870 1896 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:59:48.0897 1896 netprofm - ok
17:59:48.0927 1896 [ B72BB9496A126FCFC7FC5945DED9B411 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
17:59:48.0976 1896 netr28x - ok
17:59:49.0002 1896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:59:49.0015 1896 NetTcpActivator - ok
17:59:49.0019 1896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:59:49.0031 1896 NetTcpPortSharing - ok
17:59:49.0057 1896 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:59:49.0066 1896 nfrd960 - ok
17:59:49.0079 1896 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:59:49.0118 1896 NlaSvc - ok
17:59:49.0120 1896 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:59:49.0144 1896 Npfs - ok
17:59:49.0169 1896 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:59:49.0194 1896 nsi - ok
17:59:49.0206 1896 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:59:49.0243 1896 nsiproxy - ok
17:59:49.0296 1896 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:59:49.0352 1896 Ntfs - ok
17:59:49.0358 1896 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:59:49.0390 1896 Null - ok
17:59:49.0451 1896 [ 10204955027011E08A9DC27737A48A54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
17:59:49.0465 1896 NVHDA - ok
17:59:49.0667 1896 [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:59:49.0808 1896 nvlddmkm - ok
17:59:49.0872 1896 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:59:49.0910 1896 nvraid - ok
17:59:49.0924 1896 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:59:49.0941 1896 nvstor - ok
17:59:49.0992 1896 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] NVSvc C:\Windows\system32\nvvsvc.exe
17:59:50.0019 1896 NVSvc - ok
17:59:50.0105 1896 [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:59:50.0164 1896 nvUpdatusService - ok
17:59:50.0188 1896 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:59:50.0196 1896 nv_agp - ok
17:59:50.0201 1896 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:59:50.0219 1896 ohci1394 - ok
17:59:50.0304 1896 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:59:50.0318 1896 ose - ok
17:59:50.0426 1896 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:59:50.0527 1896 osppsvc - ok
17:59:50.0549 1896 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:59:50.0590 1896 p2pimsvc - ok
17:59:50.0606 1896 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:59:50.0626 1896 p2psvc - ok
17:59:50.0657 1896 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
17:59:50.0711 1896 Parport - ok
17:59:50.0802 1896 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:59:50.0816 1896 partmgr - ok
17:59:50.0903 1896 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:59:50.0927 1896 PcaSvc - ok
17:59:50.0946 1896 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:59:50.0955 1896 pci - ok
17:59:50.0957 1896 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:59:50.0964 1896 pciide - ok
17:59:50.0971 1896 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:59:50.0981 1896 pcmcia - ok
17:59:50.0996 1896 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:59:51.0003 1896 pcw - ok
17:59:51.0018 1896 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:59:51.0057 1896 PEAUTH - ok
17:59:51.0123 1896 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:59:51.0140 1896 PerfHost - ok
17:59:51.0266 1896 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\32788R22FWJFW\pev.3XE
17:59:51.0273 1896 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
17:59:51.0273 1896 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
17:59:51.0312 1896 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:59:51.0364 1896 pla - ok
17:59:51.0429 1896 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:59:51.0485 1896 PlugPlay - ok
17:59:51.0518 1896 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:59:51.0532 1896 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:59:51.0533 1896 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:59:51.0588 1896 PnkBstrA - ok
17:59:51.0592 1896 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:59:51.0617 1896 PNRPAutoReg - ok
17:59:51.0623 1896 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:59:51.0636 1896 PNRPsvc - ok
17:59:51.0665 1896 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:59:51.0716 1896 PolicyAgent - ok
17:59:51.0746 1896 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:59:51.0780 1896 Power - ok
17:59:51.0804 1896 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:59:51.0839 1896 PptpMiniport - ok
17:59:51.0852 1896 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
17:59:51.0861 1896 Processor - ok
17:59:51.0878 1896 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
17:59:51.0902 1896 ProfSvc - ok
17:59:51.0909 1896 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:59:51.0917 1896 ProtectedStorage - ok
17:59:51.0931 1896 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:59:51.0955 1896 Psched - ok
17:59:52.0004 1896 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:59:52.0073 1896 ql2300 - ok
17:59:52.0086 1896 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:59:52.0095 1896 ql40xx - ok
17:59:52.0107 1896 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:59:52.0121 1896 QWAVE - ok
17:59:52.0133 1896 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:59:52.0156 1896 QWAVEdrv - ok
17:59:52.0175 1896 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:59:52.0199 1896 RasAcd - ok
17:59:52.0219 1896 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:59:52.0243 1896 RasAgileVpn - ok
17:59:52.0252 1896 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:59:52.0289 1896 RasAuto - ok
17:59:52.0306 1896 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:59:52.0382 1896 Rasl2tp - ok
17:59:52.0410 1896 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:59:52.0435 1896 RasMan - ok
17:59:52.0442 1896 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:59:52.0485 1896 RasPppoe - ok
17:59:52.0499 1896 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:59:52.0541 1896 RasSstp - ok
17:59:52.0559 1896 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:59:52.0586 1896 rdbss - ok
17:59:52.0588 1896 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
17:59:52.0607 1896 rdpbus - ok
17:59:52.0609 1896 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:59:52.0637 1896 RDPCDD - ok
17:59:52.0674 1896 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:59:52.0711 1896 RDPENCDD - ok
17:59:52.0714 1896 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:59:52.0748 1896 RDPREFMP - ok
17:59:52.0784 1896 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:59:52.0825 1896 RDPWD - ok
17:59:52.0841 1896 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:59:52.0858 1896 rdyboost - ok
17:59:52.0871 1896 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:59:52.0921 1896 RemoteAccess - ok
17:59:52.0949 1896 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:59:52.0987 1896 RemoteRegistry - ok
17:59:52.0989 1896 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:59:53.0013 1896 RpcEptMapper - ok
17:59:53.0032 1896 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:59:53.0041 1896 RpcLocator - ok
17:59:53.0058 1896 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:59:53.0084 1896 RpcSs - ok
17:59:53.0096 1896 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:59:53.0140 1896 rspndr - ok
17:59:53.0166 1896 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:59:53.0177 1896 RTL8167 - ok
17:59:53.0197 1896 [ E16B7C030A05EF649B18FAB0A93D871F ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
17:59:53.0202 1896 RtNdPt60 - ok
17:59:53.0213 1896 [ 1DE78F5008120CD79B34C12394DCD493 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
17:59:53.0226 1896 RTTEAMPT - ok
17:59:53.0238 1896 [ B1018AA1B5735F5FA89FD4DADF4BEA7A ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys
17:59:53.0249 1896 RTVLANPT - ok
17:59:53.0251 1896 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:59:53.0259 1896 SamSs - ok
17:59:53.0266 1896 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:59:53.0274 1896 sbp2port - ok
17:59:53.0288 1896 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:59:53.0312 1896 SCardSvr - ok
17:59:53.0368 1896 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
17:59:53.0381 1896 SCDEmu - ok
17:59:53.0393 1896 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:59:53.0453 1896 scfilter - ok
17:59:53.0478 1896 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:59:53.0510 1896 Schedule - ok
17:59:53.0540 1896 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:59:53.0578 1896 SCPolicySvc - ok
17:59:53.0588 1896 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:59:53.0608 1896 SDRSVC - ok
17:59:53.0640 1896 [ 3EA8A16169C26AFBEB544E0E48421186 ] SecDrv C:\Windows\system32\drivers\SECDRV.SYS
17:59:53.0696 1896 SecDrv - ok
17:59:53.0723 1896 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:59:53.0769 1896 seclogon - ok
17:59:53.0788 1896 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:59:53.0832 1896 SENS - ok
17:59:53.0845 1896 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:59:53.0894 1896 SensrSvc - ok
17:59:53.0901 1896 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
17:59:53.0917 1896 Serenum - ok
17:59:53.0944 1896 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
17:59:53.0977 1896 Serial - ok
17:59:54.0014 1896 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:59:54.0049 1896 sermouse - ok
17:59:54.0068 1896 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:59:54.0104 1896 SessionEnv - ok
17:59:54.0118 1896 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:59:54.0128 1896 sffdisk - ok
17:59:54.0141 1896 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:59:54.0151 1896 sffp_mmc - ok
17:59:54.0154 1896 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:59:54.0173 1896 sffp_sd - ok
17:59:54.0175 1896 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:59:54.0183 1896 sfloppy - ok
17:59:54.0232 1896 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
17:59:54.0257 1896 Sftfs - ok
17:59:54.0298 1896 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:59:54.0318 1896 sftlist - ok
17:59:54.0331 1896 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:59:54.0339 1896 Sftplay - ok
17:59:54.0343 1896 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:59:54.0349 1896 Sftredir - ok
17:59:54.0356 1896 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
17:59:54.0363 1896 Sftvol - ok
17:59:54.0375 1896 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:59:54.0383 1896 sftvsa - ok
17:59:54.0409 1896 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:59:54.0434 1896 ShellHWDetection - ok
17:59:54.0444 1896 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:59:54.0452 1896 SiSRaid2 - ok
17:59:54.0469 1896 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:59:54.0478 1896 SiSRaid4 - ok
17:59:54.0492 1896 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:59:54.0536 1896 Smb - ok
17:59:54.0555 1896 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:59:54.0580 1896 SNMPTRAP - ok
17:59:54.0595 1896 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:59:54.0601 1896 spldr - ok
17:59:54.0612 1896 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
17:59:54.0638 1896 Spooler - ok
17:59:54.0704 1896 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:59:54.0775 1896 sppsvc - ok
17:59:54.0808 1896 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:59:54.0870 1896 sppuinotify - ok
17:59:54.0973 1896 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:59:55.0026 1896 srv - ok
17:59:55.0046 1896 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:59:55.0069 1896 srv2 - ok
17:59:55.0089 1896 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:59:55.0111 1896 srvnet - ok
17:59:55.0130 1896 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
17:59:55.0173 1896 ssadbus - ok
17:59:55.0195 1896 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
17:59:55.0214 1896 ssadmdfl - ok
17:59:55.0232 1896 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
17:59:55.0268 1896 ssadmdm - ok
17:59:55.0304 1896 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
17:59:55.0318 1896 ssadserd - ok
17:59:55.0338 1896 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:59:55.0378 1896 SSDPSRV - ok
17:59:55.0393 1896 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:59:55.0417 1896 SstpSvc - ok
17:59:55.0444 1896 Steam Client Service - ok
17:59:55.0511 1896 [ 9E1222C417291BC836210743624A8E5E ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:59:55.0530 1896 Stereo Service - ok
17:59:55.0538 1896 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:59:55.0552 1896 stexstor - ok
17:59:55.0586 1896 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:59:55.0636 1896 stisvc - ok

 

[greenmz]

17:59:55.0657 1896 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:59:55.0665 1896 swenum - ok
17:59:55.0680 1896 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:59:55.0710 1896 swprv - ok
17:59:55.0738 1896 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:59:55.0779 1896 SysMain - ok
17:59:55.0802 1896 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:59:55.0815 1896 TabletInputService - ok
17:59:55.0822 1896 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:59:55.0865 1896 TapiSrv - ok
17:59:55.0875 1896 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:59:55.0900 1896 TBS - ok
17:59:55.0961 1896 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:59:56.0021 1896 Tcpip - ok
17:59:56.0044 1896 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:59:56.0071 1896 TCPIP6 - ok
17:59:56.0087 1896 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:59:56.0110 1896 tcpipreg - ok
17:59:56.0125 1896 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:59:56.0153 1896 TDPIPE - ok
17:59:56.0169 1896 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:59:56.0201 1896 TDTCP - ok
17:59:56.0224 1896 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:59:56.0277 1896 tdx - ok
17:59:56.0297 1896 [ 1DE78F5008120CD79B34C12394DCD493 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys
17:59:56.0303 1896 TEAM - ok
17:59:56.0311 1896 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:59:56.0319 1896 TermDD - ok
17:59:56.0337 1896 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:59:56.0377 1896 TermService - ok
17:59:56.0396 1896 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:59:56.0409 1896 Themes - ok
17:59:56.0417 1896 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:59:56.0441 1896 THREADORDER - ok
17:59:56.0453 1896 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:59:56.0478 1896 TrkWks - ok
17:59:56.0517 1896 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:59:56.0561 1896 TrustedInstaller - ok
17:59:56.0577 1896 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:59:56.0611 1896 tssecsrv - ok
17:59:56.0625 1896 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:59:56.0666 1896 TsUsbFlt - ok
17:59:56.0677 1896 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:59:56.0692 1896 TsUsbGD - ok
17:59:56.0718 1896 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:59:56.0742 1896 tunnel - ok
17:59:56.0772 1896 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:59:56.0780 1896 uagp35 - ok
17:59:56.0800 1896 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:59:56.0826 1896 udfs - ok
17:59:56.0841 1896 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:59:56.0863 1896 UI0Detect - ok
17:59:56.0885 1896 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:59:56.0893 1896 uliagpkx - ok
17:59:56.0899 1896 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:59:56.0922 1896 umbus - ok
17:59:56.0938 1896 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
17:59:56.0961 1896 UmPass - ok
17:59:57.0041 1896 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:59:57.0105 1896 UNS - ok
17:59:57.0125 1896 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:59:57.0162 1896 upnphost - ok
17:59:57.0192 1896 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:59:57.0204 1896 usbccgp - ok
17:59:57.0218 1896 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:59:57.0245 1896 usbcir - ok
17:59:57.0248 1896 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:59:57.0256 1896 usbehci - ok
17:59:57.0261 1896 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:59:57.0277 1896 usbhub - ok
17:59:57.0297 1896 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:59:57.0306 1896 usbohci - ok
17:59:57.0317 1896 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:59:57.0327 1896 usbprint - ok
17:59:57.0350 1896 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:59:57.0377 1896 usbscan - ok
17:59:57.0394 1896 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:59:57.0445 1896 USBSTOR - ok
17:59:57.0455 1896 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:59:57.0470 1896 usbuhci - ok
17:59:57.0483 1896 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:59:57.0512 1896 UxSms - ok
17:59:57.0525 1896 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:59:57.0532 1896 VaultSvc - ok
17:59:57.0543 1896 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:59:57.0550 1896 vdrvroot - ok
17:59:57.0563 1896 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:59:57.0590 1896 vds - ok
17:59:57.0600 1896 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:59:57.0611 1896 vga - ok
17:59:57.0618 1896 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:59:57.0659 1896 VgaSave - ok
17:59:57.0678 1896 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:59:57.0688 1896 vhdmp - ok
17:59:57.0709 1896 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:59:57.0717 1896 viaide - ok
17:59:57.0724 1896 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:59:57.0731 1896 volmgr - ok
17:59:57.0742 1896 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:59:57.0752 1896 volmgrx - ok
17:59:57.0771 1896 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:59:57.0782 1896 volsnap - ok
17:59:57.0790 1896 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:59:57.0800 1896 vsmraid - ok
17:59:57.0833 1896 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:59:57.0868 1896 VSS - ok
17:59:57.0889 1896 vtany - ok
17:59:57.0903 1896 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:59:57.0923 1896 vwifibus - ok
17:59:57.0957 1896 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:59:57.0991 1896 vwififlt - ok
17:59:58.0018 1896 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:59:58.0064 1896 W32Time - ok
17:59:58.0078 1896 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:59:58.0087 1896 WacomPen - ok
17:59:58.0116 1896 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:59:58.0140 1896 WANARP - ok
17:59:58.0142 1896 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:59:58.0166 1896 Wanarpv6 - ok
17:59:58.0240 1896 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:59:58.0285 1896 WatAdminSvc - ok
17:59:58.0313 1896 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:59:58.0361 1896 wbengine - ok
17:59:58.0375 1896 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:59:58.0406 1896 WbioSrvc - ok
17:59:58.0428 1896 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:59:58.0455 1896 wcncsvc - ok
17:59:58.0472 1896 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:59:58.0489 1896 WcsPlugInService - ok
17:59:58.0502 1896 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
17:59:58.0510 1896 Wd - ok
17:59:58.0535 1896 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:59:58.0550 1896 Wdf01000 - ok
17:59:58.0561 1896 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:59:58.0631 1896 WdiServiceHost - ok
17:59:58.0634 1896 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:59:58.0651 1896 WdiSystemHost - ok
17:59:58.0667 1896 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:59:58.0691 1896 WebClient - ok
17:59:58.0714 1896 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:59:58.0770 1896 Wecsvc - ok
17:59:58.0783 1896 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:59:58.0816 1896 wercplsupport - ok
17:59:58.0854 1896 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:59:58.0879 1896 WerSvc - ok
17:59:58.0889 1896 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:59:58.0913 1896 WfpLwf - ok
17:59:58.0920 1896 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:59:58.0928 1896 WIMMount - ok
17:59:58.0961 1896 WinDefend - ok
17:59:58.0964 1896 WinHttpAutoProxySvc - ok
17:59:59.0023 1896 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:59:59.0067 1896 Winmgmt - ok
17:59:59.0133 1896 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
17:59:59.0155 1896 WinRing0_1_2_0 - ok
17:59:59.0205 1896 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:59:59.0248 1896 WinRM - ok
17:59:59.0283 1896 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:59:59.0294 1896 WinUsb - ok
17:59:59.0324 1896 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:59:59.0352 1896 Wlansvc - ok
17:59:59.0394 1896 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:59:59.0406 1896 wlcrasvc - ok
17:59:59.0524 1896 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:59:59.0562 1896 wlidsvc - ok
17:59:59.0575 1896 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:59:59.0583 1896 WmiAcpi - ok
17:59:59.0596 1896 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:59:59.0620 1896 wmiApSrv - ok
17:59:59.0644 1896 WMPNetworkSvc - ok
17:59:59.0646 1896 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:59:59.0659 1896 WPCSvc - ok
17:59:59.0671 1896 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:59:59.0682 1896 WPDBusEnum - ok
17:59:59.0691 1896 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:59:59.0731 1896 ws2ifsl - ok
17:59:59.0748 1896 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:59:59.0777 1896 wscsvc - ok
17:59:59.0779 1896 WSearch - ok
17:59:59.0828 1896 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll
17:59:59.0968 1896 wuauserv - ok
17:59:59.0979 1896 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:00:00.0002 1896 WudfPf - ok
18:00:00.0020 1896 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:00:00.0045 1896 WUDFRd - ok
18:00:00.0053 1896 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:00:00.0076 1896 wudfsvc - ok
18:00:00.0089 1896 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:00:00.0118 1896 WwanSvc - ok
18:00:00.0121 1896 xsherlock - ok
18:00:00.0134 1896 ================ Scan global ===============================
18:00:00.0162 1896 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:00:00.0188 1896 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:00:00.0195 1896 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:00:00.0219 1896 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:00:00.0251 1896 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
18:00:00.0263 1896 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
18:00:00.0263 1896 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
18:00:00.0264 1896 ================ Scan MBR ==================================
18:00:00.0275 1896 [ 4976D4A7A40B83FC7F06EE4BDD84EB9B ] \Device\Harddisk0\DR0
18:00:00.0846 1896 \Device\Harddisk0\DR0 - ok
18:00:00.0846 1896 ================ Scan VBR ==================================
18:00:00.0848 1896 [ ABD662CED236BD1B6E6EA37BEF82E958 ] \Device\Harddisk0\DR0\Partition1
18:00:00.0849 1896 \Device\Harddisk0\DR0\Partition1 - ok
18:00:00.0870 1896 [ 73603CCF5FBFD07C140058922CE92FF9 ] \Device\Harddisk0\DR0\Partition2
18:00:00.0871 1896 \Device\Harddisk0\DR0\Partition2 - ok
18:00:00.0871 1896 ============================================================
18:00:00.0871 1896 Scan finished
18:00:00.0871 1896 ============================================================
18:00:00.0878 1872 Detected object count: 6
18:00:00.0878 1872 Actual detected object count: 6
18:01:00.0958 1872 ATPLupd ( UnsignedFile.Multi.Generic ) - skipped by user
18:01:00.0959 1872 ATPLupd ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:01:00.0960 1872 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:01:00.0960 1872 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:01:00.0961 1872 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:01:00.0961 1872 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:01:00.0962 1872 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
18:01:00.0962 1872 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:01:00.0963 1872 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:01:00.0963 1872 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:01:01.0007 1872 C:\Windows\system32\services.exe - copied to quarantine
18:01:24.0008 1872 Backup copy not found, trying to cure infected file..
18:01:24.0008 1872 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
18:01:24.0008 1872 C:\Windows\system32\services.exe - processing error
18:01:24.0008 1872 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure


thats it

 

[greenmz]

For some reaseon I only get 3 RK reports and no all report. So here they are:

RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Michael [Admin rights]
Mode : Scan -- Date : 10/25/2012 18:44:39

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : C:\Users\Michael\AppData\Roaming\Piranha\Piranha.exe (C:\Users\Michael\AppData\Roaming\Piranha\Piranha.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-695508312-3368058532-989502768-1000[...]\Run : C:\Users\Michael\AppData\Roaming\Piranha\Piranha.exe (C:\Users\Michael\AppData\Roaming\Piranha\Piranha.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-695508312-3368058532-989502768-1003[...]\Run : C:\Users\Michael\AppData\Roaming\Piranha\Piranha.exe (C:\Users\UpdatusUser\AppData\Roaming\Piranha\Piranha.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Phoenix (C:\ProgramData\Temp\hide.vbs) -> FOUND
[RUN][BLPATH] HKUS\S-1-5-21-695508312-3368058532-989502768-1003[...]\RunOnce : InetReg ("C:\Program Files (x86)\Creative\Productregistratie\Dutch\InetReg.exe" /PreProcess=RegFlash.exe /PortableDevice /Delay=6) -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD20EARX-22PASB0 ATA Device +++++
--- User ---
[MBR] d2716205458f24aa9a1397ad20eaac4f
[BSP] b7f1af624ca415852c3eb9ae77b37bea : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 14524 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29747200 | Size: 763090 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1592555520 | Size: 1130113 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Michael [Admin rights]
Mode : Remove -- Date : 10/25/2012 18:45:31

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : C:\Users\Michael\AppData\Roaming\Piranha\Piranha.exe (C:\Users\Michael\AppData\Roaming\Piranha\Piranha.exe) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-695508312-3368058532-989502768-1003[...]\Run : C:\Users\Michael\AppData\Roaming\Piranha\Piranha.exe (C:\Users\UpdatusUser\AppData\Roaming\Piranha\Piranha.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Phoenix (C:\ProgramData\Temp\hide.vbs) -> DELETED
[RUN][BLPATH] HKUS\S-1-5-21-695508312-3368058532-989502768-1003[...]\RunOnce : InetReg ("C:\Program Files (x86)\Creative\Productregistratie\Dutch\InetReg.exe" /PreProcess=RegFlash.exe /PortableDevice /Delay=6) -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U\80000032.@ --> REMOVED
[Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U\80000064.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD20EARX-22PASB0 ATA Device +++++
--- User ---
[MBR] d2716205458f24aa9a1397ad20eaac4f
[BSP] b7f1af624ca415852c3eb9ae77b37bea : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 14524 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29747200 | Size: 763090 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1592555520 | Size: 1130113 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Michael [Admin rights]
Mode : Shortcuts HJfix -- Date : 10/25/2012 18:46:59

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 9 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 179 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 404 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\CdRom1 -- 0x5 --> Skipped
[H:] \Device\SCDEmu\SCDEmuCd0 -- 0x5 --> Skipped
[Q:] \Device\SftVol -- 0x3 --> Restored

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

 

[Jay Pfoutz]

Try ComboFix again, please.

 

[greenmz]

Here is the first part:

ComboFix 12-10-25.02 - Michael 26-10-2012 11:29:09.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6126.4635 [GMT 2:00]
Gestart vanuit: c:\users\Michael\Desktop\ixplorer.exe.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Michael\AppData\Roaming\Local
c:\users\Michael\AppData\Roaming\Local\FalloutNV\Fallout.ini
c:\users\Michael\AppData\Roaming\Local\FalloutNV\FalloutPrefs.ini
c:\users\Michael\AppData\Roaming\Local\FalloutNV\NVDLCList.txt
c:\users\Michael\AppData\Roaming\Local\FalloutNV\plugins.txt
c:\users\Michael\AppData\Roaming\Local\FalloutNV\RendererInfo.txt
c:\users\Michael\WINDOWS
c:\users\Michael\WINDOWS\crc32.crc
c:\windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\@
c:\windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\L\00000004.@
c:\windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\L\201d3dde
c:\windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U\00000004.@
c:\windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U\00000008.@
c:\windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U\000000cb.@
c:\windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U\80000000.@
c:\windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U\80000032.@
c:\windows\Installer\{9d1be9ae-2711-2adb-9eb4-f3e12c449407}\U\80000064.@
c:\windows\logboot_26.10.2012.tureg.log
c:\windows\system\DPLAY.DLL
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NVSvc
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-09-26 to 2012-10-26 ))))))))))))))))))))))))))))))
.
.
2012-10-26 07:23 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-10-26 07:23 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-10-26 07:23 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-10-26 07:23 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-10-26 07:22 . 2012-06-02 13:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-10-26 07:22 . 2012-06-02 13:1536864----a-w-c:\windows\system32\wuapp.exe
2012-10-25 16:17 . 2012-09-17 09:5634656----a-w-c:\windows\system32\TURegOpt.exe
2012-10-25 16:17 . 2012-09-17 09:5625952----a-w-c:\windows\system32\authuitu.dll
2012-10-25 16:17 . 2012-09-17 09:5621344----a-w-c:\windows\SysWow64\authuitu.dll
2012-10-25 16:01 . 2012-10-25 16:17--------d-----w-C:\TDSSKiller_Quarantine
2012-10-25 14:08 . 2012-10-25 14:08--------d-----w-c:\users\Michael\AppData\Roaming\Malwarebytes
2012-10-25 14:07 . 2012-10-25 14:07--------d-----w-c:\programdata\Malwarebytes
2012-10-25 14:07 . 2012-10-25 14:08--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-25 14:07 . 2012-09-29 17:5425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-10-25 13:24 . 2012-10-25 17:19--------d-----w-c:\users\Michael\AppData\Roaming\TuneUp Software
2012-10-25 13:24 . 2012-10-25 16:17--------d-----w-c:\program files (x86)\TuneUp Utilities 2013
2012-10-25 13:24 . 2012-10-25 13:24--------d-----w-c:\programdata\TuneUp Software
2012-10-25 13:24 . 2012-10-25 17:16--------d-s---w-c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-10-25 12:46 . 2012-10-25 13:02--------d-----w-c:\program files (x86)\Medal of Honor Warfighter
2012-10-24 23:42 . 2012-10-24 23:42--------d-sh--w-c:\windows\SysWow64\%APPDATA%
2012-10-24 21:05 . 2012-10-24 21:05184320----a-w-c:\windows\system32\tbb.dll
2012-10-24 00:54 . 2012-10-12 07:199291768----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{456011B1-31EB-43B3-8B55-EA414BA11724}\mpengine.dll
2012-10-23 20:22 . 2012-10-23 21:14--------d-----w-c:\program files (x86)\Ontslagen
2012-10-22 20:53 . 2012-10-22 20:53--------d-----w-c:\program files (x86)\THQ
2012-10-22 16:17 . 2012-10-22 16:23--------d-----w-c:\program files (x86)\Lucius
2012-10-18 13:31 . 2012-10-18 13:31--------d-----w-c:\users\Michael\AppData\Local\DOSBox
2012-10-18 13:31 . 2012-10-19 11:25--------d-----w-c:\program files (x86)\DOSBox-0.74
2012-10-17 12:19 . 2012-10-17 12:19--------d-----w-c:\program files (x86)\Paradox Interactive
2012-10-10 15:47 . 2012-10-10 15:47--------d-----w-c:\users\Michael\AppData\Local\FLT
2012-10-05 08:25 . 2012-10-05 08:25--------d-----w-c:\program files (x86)\Seamless Entertainment
2012-10-04 11:39 . 2012-10-25 13:31--------d-----w-c:\program files (x86)\Cortex Command
2012-10-03 20:43 . 2012-10-04 11:06--------d-----w-c:\program files (x86)\Data Realms
2012-10-02 09:32 . 2012-10-02 09:32--------d-----w-c:\users\Michael\AppData\Local\FalloutNV
2012-09-30 18:19 . 2012-09-30 18:198892----a-w-c:\windows\SysWow64\ealregsnapshot1.reg
2012-09-30 14:08 . 2012-09-30 14:08--------d-----w-c:\users\Michael\AppData\Local\SoftGrid Client
2012-09-26 09:48 . 2012-10-05 14:50--------d-----w-c:\program files (x86)\Transport Giant
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 21:48 . 2011-12-02 17:35111928----a-w-c:\windows\SysWow64\PnkBstrB.exe
2012-10-23 21:48 . 2011-12-02 17:35111928----a-w-c:\windows\SysWow64\PnkBstrB.ex0
2012-10-23 21:48 . 2012-06-21 08:372793768----a-w-c:\windows\SysWow64\pbsvc.exe
2012-10-08 21:45 . 2012-09-17 10:23696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 21:45 . 2012-01-10 21:5473656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-08 12:35 . 2012-09-08 12:3548648----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-09-08 12:35 . 2012-09-08 12:35856712----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-31 13:36 . 2011-12-02 17:34281120----a-w-c:\windows\SysWow64\PnkBstrB.xtr
2012-08-24 13:43 . 2012-08-24 13:43384352----a-w-c:\windows\system32\drivers\avgtdia.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 17:211299248----a-w-c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"RunAIShell"=c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe

 

[greenmz]

.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FTY1C1;FTY1C1 Filter;c:\windows\system32\DRIVERS\FTY1C1.sys [x]
R3 HidNt;FTY1C2 Hidmini Driver;c:\windows\system32\DRIVERS\HidNt.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-14 29472]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-18 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R4 ATPLupd;ATPL Digital v6 update service;c:\program files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\updatescripts\srvany.exe [2003-04-18 8192]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 asahci64;asahci64;c:\windows\system32\drivers\asahci64.sys [2011-01-30 36448]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-24 279616]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-14 32544]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-17 2365792]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-20 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-08-29 11880]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
HpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2012-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-17 21:45]
.
2012-10-26 c:\windows\Tasks\BBIRBDRHJ.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-695508312-3368058532-989502768-1000Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 11:39]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-695508312-3368058532-989502768-1000UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 11:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-20 6468712]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.gamersdl.com
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:45,4b,0c,86,9e,5f,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,1a,47,a5,d4,7e,1e,4a,be,d1,10,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,1a,47,a5,d4,7e,1e,4a,be,d1,10,\
.
[HKEY_USERS\S-1-5-21-695508312-3368058532-989502768-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:74,fc,d5,e4,d1,03,13,2a,7e,50,a5,0a,40,37,83,01,86,c0,9f,50,4f,27,0d,
63,4d,83,fc,ea,04,80,8d,14,53,0b,83,97,77,35,cc,8a,a6,5c,6e,21,3c,e1,a7,41,\
"??"=hex:bc,0a,90,5a,da,f3,4a,0d,60,c2,fc,da,89,d5,5b,38
.
[HKEY_USERS\S-1-5-21-695508312-3368058532-989502768-1000\Software\SecuROM\License information*]
"datasecu"=hex:b0,62,51,28,af,12,c6,e8,66,a3,3f,f1,cc,c0,96,30,73,9a,e9,b8,39,
69,3f,85,7c,1f,6e,b8,d5,59,e6,bd,25,06,01,73,04,48,8e,d2,6f,1a,82,b8,b2,8a,\
"rkeysecu"=hex:d5,8e,07,9d,08,b0,ae,c7,6d,17,f9,a6,d2,27,4d,5c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Voltooingstijd: 2012-10-26 11:40:11 - machine werd herstart
ComboFix-quarantined-files.txt 2012-10-26 09:40
.
Pre-Run: 311.546.155.008 bytes beschikbaar
Post-Run: 311.330.525.184 bytes beschikbaar
.
- - End Of File - - 611DEA0779FE98487C0CF27AB9ACA444

 

[Jay Pfoutz]

Great job!

ComboFix Script

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
• Please post the contents of the log in your next reply.

Next TDSSKiller Scan

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

 

[greenmz]

ComboFix 12-10-25.02 - Michael 28-10-2012 14:00:18.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6126.4336 [GMT 1:00]
Gestart vanuit: c:\users\Michael\Desktop\ixplorer.exe.exe
gebruikte Opdracht switches :: c:\users\Michael\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-09-28 to 2012-10-28 ))))))))))))))))))))))))))))))
.
.
2012-10-28 13:04 . 2012-10-28 13:04--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-10-28 13:04 . 2012-10-28 13:04--------d-----w-c:\users\Default\AppData\Local\temp
2012-10-27 09:39 . 2012-10-27 09:39--------d-----w-c:\users\Michael\AppData\Roaming\Depth Hunter
2012-10-27 09:37 . 2012-10-27 09:37--------d-----w-c:\program files (x86)\Biart
2012-10-26 09:48 . 2012-10-26 09:49--------d-----w-c:\program files (x86)\Google
2012-10-26 07:23 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-10-26 07:23 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-10-26 07:23 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-10-26 07:23 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-10-26 07:22 . 2012-06-02 13:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-10-26 07:22 . 2012-06-02 13:1536864----a-w-c:\windows\system32\wuapp.exe
2012-10-25 16:17 . 2012-09-17 09:5634656----a-w-c:\windows\system32\TURegOpt.exe
2012-10-25 16:17 . 2012-09-17 09:5625952----a-w-c:\windows\system32\authuitu.dll
2012-10-25 16:17 . 2012-09-17 09:5621344----a-w-c:\windows\SysWow64\authuitu.dll
2012-10-25 16:01 . 2012-10-25 16:17--------d-----w-C:\TDSSKiller_Quarantine
2012-10-25 14:08 . 2012-10-25 14:08--------d-----w-c:\users\Michael\AppData\Roaming\Malwarebytes
2012-10-25 14:07 . 2012-10-25 14:07--------d-----w-c:\programdata\Malwarebytes
2012-10-25 14:07 . 2012-10-25 14:08--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-25 14:07 . 2012-09-29 17:5425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-10-25 13:24 . 2012-10-25 17:19--------d-----w-c:\users\Michael\AppData\Roaming\TuneUp Software
2012-10-25 13:24 . 2012-10-25 16:17--------d-----w-c:\program files (x86)\TuneUp Utilities 2013
2012-10-25 13:24 . 2012-10-25 13:24--------d-----w-c:\programdata\TuneUp Software
2012-10-25 13:24 . 2012-10-25 17:16--------d-s---w-c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-10-25 12:46 . 2012-10-25 13:02--------d-----w-c:\program files (x86)\Medal of Honor Warfighter
2012-10-24 23:42 . 2012-10-24 23:42--------d-sh--w-c:\windows\SysWow64\%APPDATA%
2012-10-24 21:05 . 2012-10-24 21:05184320----a-w-c:\windows\system32\tbb.dll
2012-10-24 00:54 . 2012-10-12 07:199291768----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{456011B1-31EB-43B3-8B55-EA414BA11724}\mpengine.dll
2012-10-23 20:22 . 2012-10-23 21:14--------d-----w-c:\program files (x86)\Ontslagen
2012-10-22 20:53 . 2012-10-22 20:53--------d-----w-c:\program files (x86)\THQ
2012-10-22 16:17 . 2012-10-22 16:23--------d-----w-c:\program files (x86)\Lucius
2012-10-18 13:31 . 2012-10-18 13:31--------d-----w-c:\users\Michael\AppData\Local\DOSBox
2012-10-18 13:31 . 2012-10-19 11:25--------d-----w-c:\program files (x86)\DOSBox-0.74
2012-10-17 12:19 . 2012-10-17 12:19--------d-----w-c:\program files (x86)\Paradox Interactive
2012-10-10 15:47 . 2012-10-10 15:47--------d-----w-c:\users\Michael\AppData\Local\FLT
2012-10-05 08:25 . 2012-10-05 08:25--------d-----w-c:\program files (x86)\Seamless Entertainment
2012-10-04 11:39 . 2012-10-25 13:31--------d-----w-c:\program files (x86)\Cortex Command
2012-10-03 20:43 . 2012-10-04 11:06--------d-----w-c:\program files (x86)\Data Realms
2012-10-02 09:32 . 2012-10-02 09:32--------d-----w-c:\users\Michael\AppData\Local\FalloutNV
2012-09-30 18:19 . 2012-09-30 18:198892----a-w-c:\windows\SysWow64\ealregsnapshot1.reg
2012-09-30 14:08 . 2012-09-30 14:08--------d-----w-c:\users\Michael\AppData\Local\SoftGrid Client
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 21:48 . 2011-12-02 17:35111928----a-w-c:\windows\SysWow64\PnkBstrB.exe
2012-10-23 21:48 . 2011-12-02 17:35111928----a-w-c:\windows\SysWow64\PnkBstrB.ex0
2012-10-23 21:48 . 2012-06-21 08:372793768----a-w-c:\windows\SysWow64\pbsvc.exe
2012-10-08 21:45 . 2012-09-17 10:23696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 21:45 . 2012-01-10 21:5473656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-08 12:35 . 2012-09-08 12:3548648----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-09-08 12:35 . 2012-09-08 12:35856712----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-31 13:36 . 2011-12-02 17:34281120----a-w-c:\windows\SysWow64\PnkBstrB.xtr
2012-08-24 13:43 . 2012-08-24 13:43384352----a-w-c:\windows\system32\drivers\avgtdia.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 17:211299248----a-w-c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"RunAIShell"=c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FTY1C1;FTY1C1 Filter;c:\windows\system32\DRIVERS\FTY1C1.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26 116648]
R3 HidNt;FTY1C2 Hidmini Driver;c:\windows\system32\DRIVERS\HidNt.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-14 29472]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-18 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R4 ATPLupd;ATPL Digital v6 update service;c:\program files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\updatescripts\srvany.exe [2003-04-18 8192]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 asahci64;asahci64;c:\windows\system32\drivers\asahci64.sys [2011-01-30 36448]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-24 279616]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-14 32544]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-17 2365792]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-20 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-08-29 11880]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
HpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2012-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-17 21:45]
.
2012-10-27 c:\windows\Tasks\BBIRBDRHJ.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26 09:48]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26 09:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-20 6468712]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.gamersdl.com
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:45,4b,0c,86,9e,5f,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,1a,47,a5,d4,7e,1e,4a,be,d1,10,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,1a,47,a5,d4,7e,1e,4a,be,d1,10,\
.
[HKEY_USERS\S-1-5-21-695508312-3368058532-989502768-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:74,fc,d5,e4,d1,03,13,2a,7e,50,a5,0a,40,37,83,01,86,c0,9f,50,4f,27,0d,
63,4d,83,fc,ea,04,80,8d,14,53,0b,83,97,77,35,cc,8a,a6,5c,6e,21,3c,e1,a7,41,\
"??"=hex:bc,0a,90,5a,da,f3,4a,0d,60,c2,fc,da,89,d5,5b,38
.
[HKEY_USERS\S-1-5-21-695508312-3368058532-989502768-1000\Software\SecuROM\License information*]
"datasecu"=hex:b0,62,51,28,af,12,c6,e8,66,a3,3f,f1,cc,c0,96,30,73,9a,e9,b8,39,
69,3f,85,7c,1f,6e,b8,d5,59,e6,bd,25,06,01,73,04,48,8e,d2,6f,1a,82,b8,b2,8a,\
"rkeysecu"=hex:d5,8e,07,9d,08,b0,ae,c7,6d,17,f9,a6,d2,27,4d,5c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-10-28 14:06:18
ComboFix-quarantined-files.txt 2012-10-28 13:06
ComboFix2.txt 2012-10-26 09:40
.
Pre-Run: 291.727.826.944 bytes beschikbaar
Post-Run: 291.523.088.384 bytes beschikbaar
.
- - End Of File - - 0FEB3C48BF8478B6490DAB6899746406

 

[Jay Pfoutz]

Did TDSSKiller work?

 

[greenmz]

Here it is

 

[Jay Pfoutz]

Good

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death